diff --git a/packages/google-cloud-security-privateca/protos/google/cloud/security/privateca/v1/resources.proto b/packages/google-cloud-security-privateca/protos/google/cloud/security/privateca/v1/resources.proto index 15ed965e42ce..ba54ee133ad0 100644 --- a/packages/google-cloud-security-privateca/protos/google/cloud/security/privateca/v1/resources.proto +++ b/packages/google-cloud-security-privateca/protos/google/cloud/security/privateca/v1/resources.proto @@ -1,4 +1,4 @@ -// Copyright 2025 Google LLC +// Copyright 2026 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -505,16 +505,33 @@ message CaPool { repeated AllowedKeyType allowed_key_types = 1 [(google.api.field_behavior) = OPTIONAL]; - // Optional. The duration to backdate all certificates issued from this - // [CaPool][google.cloud.security.privateca.v1.CaPool]. If not set, the - // certificates will be issued with a not_before_time of the issuance time - // (i.e. the current time). If set, the certificates will be issued with a - // not_before_time of the issuance time minus the backdate_duration. The - // not_after_time will be adjusted to preserve the requested lifetime. The - // backdate_duration must be less than or equal to 48 hours. + // Optional. If set, all certificates issued from this + // [CaPool][google.cloud.security.privateca.v1.CaPool] will be backdated by + // this duration. The 'not_before_time' will be the issuance time minus this + // [backdate_duration][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.backdate_duration], + // and the 'not_after_time' will be adjusted to preserve the requested + // lifetime. The maximum duration that a certificate can be backdated with + // these options is 48 hours in the past. + // This option cannot be set if + // [allow_requester_specified_not_before_time][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.allow_requester_specified_not_before_time] + // is set. google.protobuf.Duration backdate_duration = 7 [(google.api.field_behavior) = OPTIONAL]; + // Optional. If set to true, allows requesters to specify the + // [requested_not_before_time][google.cloud.security.privateca.v1.Certificate.requested_not_before_time] + // field when creating a + // [Certificate][google.cloud.security.privateca.v1.Certificate]. + // Certificates requested with this option enabled will have a + // 'not_before_time' equal to the value specified in the request. The + // 'not_after_time' will be adjusted to preserve the requested lifetime. The + // maximum time that a certificate can be backdated with these options is 48 + // hours in the past. This option cannot be set if + // [backdate_duration][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.backdate_duration] + // is set. + bool allow_requester_specified_not_before_time = 8 + [(google.api.field_behavior) = OPTIONAL]; + // Optional. The maximum lifetime allowed for issued // [Certificates][google.cloud.security.privateca.v1.Certificate]. Note that // if the issuing @@ -601,10 +618,24 @@ message CaPool { PublishingOptions publishing_options = 4 [(google.api.field_behavior) = OPTIONAL]; + // Optional. When + // [EncryptionSpec][google.cloud.security.privateca.v1.EncryptionSpec] is + // provided, the [Subject][google.cloud.security.privateca.v1.Subject], + // [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames], and + // the PEM-encoded certificate fields will be encrypted at rest. + EncryptionSpec encryption_spec = 8 [(google.api.field_behavior) = OPTIONAL]; + // Optional. Labels with user-defined metadata. map labels = 5 [(google.api.field_behavior) = OPTIONAL]; } +// The configuration used for encrypting data at rest. +message EncryptionSpec { + // The resource name for a Cloud KMS key in the format + // `projects/*/locations/*/keyRings/*/cryptoKeys/*`. + string cloud_kms_key = 1; +} + // A // [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] // corresponds to a signed X.509 certificate Revocation List (CRL). A CRL @@ -809,6 +840,23 @@ message Certificate { // Optional. Labels with user-defined metadata. map labels = 14 [(google.api.field_behavior) = OPTIONAL]; + + // Optional. The requested + // [not_before_time][google.cloud.security.privateca.v1.CertificateDescription.SubjectDescription.not_before_time] + // of this [Certificate][google.cloud.security.privateca.v1.Certificate]. This + // field may only be set if the + // [CaPool.IssuancePolicy.allow_requester_specified_not_before_time][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.allow_requester_specified_not_before_time] + // field is set to true for the issuing + // [CaPool][google.cloud.security.privateca.v1.CaPool]. + // + // If this field is specified, the certificate will be issued with this + // 'not_before_time'. If this is not specified, the 'not_before_time' will be + // set to the issuance time or issuance time minus + // [backdate_duration][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.backdate_duration] + // depending on the [CaPool][google.cloud.security.privateca.v1.CaPool] + // configuration. + google.protobuf.Timestamp requested_not_before_time = 15 + [(google.api.field_behavior) = OPTIONAL]; } // A diff --git a/packages/google-cloud-security-privateca/protos/google/cloud/security/privateca/v1/service.proto b/packages/google-cloud-security-privateca/protos/google/cloud/security/privateca/v1/service.proto index 9054e267687e..28e67660da66 100644 --- a/packages/google-cloud-security-privateca/protos/google/cloud/security/privateca/v1/service.proto +++ b/packages/google-cloud-security-privateca/protos/google/cloud/security/privateca/v1/service.proto @@ -1,4 +1,4 @@ -// Copyright 2025 Google LLC +// Copyright 2026 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -505,9 +505,18 @@ message GetCertificateRequest { // Request message for // [CertificateAuthorityService.ListCertificates][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificates]. message ListCertificatesRequest { - // Required. The resource name of the location associated with the + // Required. The resource name of the parent associated with the // [Certificates][google.cloud.security.privateca.v1.Certificate], in the - // format `projects/*/locations/*/caPools/*`. + // format `projects/*/locations/*/caPools/*`. The parent resource name can be + // in one of two forms: + // + // 1. **Specific CA Pool:** To list certificates within a single CA Pool: + // `projects/*/locations/*/caPools/*` + // + // 2. **All CA Pools in a Location:** To list certificates across *all* CA + // Pools in a given project and location, use the wildcard character (`-`) + // in place of the CA Pool ID. + // Example: `projects/*/locations/*/caPools/-` string parent = 1 [ (google.api.field_behavior) = REQUIRED, (google.api.resource_reference) = { diff --git a/packages/google-cloud-security-privateca/protos/protos.d.ts b/packages/google-cloud-security-privateca/protos/protos.d.ts index 06162d90a834..4798747d8829 100644 --- a/packages/google-cloud-security-privateca/protos/protos.d.ts +++ b/packages/google-cloud-security-privateca/protos/protos.d.ts @@ -600,6 +600,9 @@ export namespace google { /** CaPool publishingOptions */ publishingOptions?: (google.cloud.security.privateca.v1.CaPool.IPublishingOptions|null); + /** CaPool encryptionSpec */ + encryptionSpec?: (google.cloud.security.privateca.v1.IEncryptionSpec|null); + /** CaPool labels */ labels?: ({ [k: string]: string }|null); } @@ -625,6 +628,9 @@ export namespace google { /** CaPool publishingOptions. */ public publishingOptions?: (google.cloud.security.privateca.v1.CaPool.IPublishingOptions|null); + /** CaPool encryptionSpec. */ + public encryptionSpec?: (google.cloud.security.privateca.v1.IEncryptionSpec|null); + /** CaPool labels. */ public labels: { [k: string]: string }; @@ -843,6 +849,9 @@ export namespace google { /** IssuancePolicy backdateDuration */ backdateDuration?: (google.protobuf.IDuration|null); + /** IssuancePolicy allowRequesterSpecifiedNotBeforeTime */ + allowRequesterSpecifiedNotBeforeTime?: (boolean|null); + /** IssuancePolicy maximumLifetime */ maximumLifetime?: (google.protobuf.IDuration|null); @@ -874,6 +883,9 @@ export namespace google { /** IssuancePolicy backdateDuration. */ public backdateDuration?: (google.protobuf.IDuration|null); + /** IssuancePolicy allowRequesterSpecifiedNotBeforeTime. */ + public allowRequesterSpecifiedNotBeforeTime: boolean; + /** IssuancePolicy maximumLifetime. */ public maximumLifetime?: (google.protobuf.IDuration|null); @@ -1394,6 +1406,103 @@ export namespace google { } } + /** Properties of an EncryptionSpec. */ + interface IEncryptionSpec { + + /** EncryptionSpec cloudKmsKey */ + cloudKmsKey?: (string|null); + } + + /** Represents an EncryptionSpec. */ + class EncryptionSpec implements IEncryptionSpec { + + /** + * Constructs a new EncryptionSpec. + * @param [properties] Properties to set + */ + constructor(properties?: google.cloud.security.privateca.v1.IEncryptionSpec); + + /** EncryptionSpec cloudKmsKey. */ + public cloudKmsKey: string; + + /** + * Creates a new EncryptionSpec instance using the specified properties. + * @param [properties] Properties to set + * @returns EncryptionSpec instance + */ + public static create(properties?: google.cloud.security.privateca.v1.IEncryptionSpec): google.cloud.security.privateca.v1.EncryptionSpec; + + /** + * Encodes the specified EncryptionSpec message. Does not implicitly {@link google.cloud.security.privateca.v1.EncryptionSpec.verify|verify} messages. + * @param message EncryptionSpec message or plain object to encode + * @param [writer] Writer to encode to + * @returns Writer + */ + public static encode(message: google.cloud.security.privateca.v1.IEncryptionSpec, writer?: $protobuf.Writer): $protobuf.Writer; + + /** + * Encodes the specified EncryptionSpec message, length delimited. Does not implicitly {@link google.cloud.security.privateca.v1.EncryptionSpec.verify|verify} messages. + * @param message EncryptionSpec message or plain object to encode + * @param [writer] Writer to encode to + * @returns Writer + */ + public static encodeDelimited(message: google.cloud.security.privateca.v1.IEncryptionSpec, writer?: $protobuf.Writer): $protobuf.Writer; + + /** + * Decodes an EncryptionSpec message from the specified reader or buffer. + * @param reader Reader or buffer to decode from + * @param [length] Message length if known beforehand + * @returns EncryptionSpec + * @throws {Error} If the payload is not a reader or valid buffer + * @throws {$protobuf.util.ProtocolError} If required fields are missing + */ + public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.cloud.security.privateca.v1.EncryptionSpec; + + /** + * Decodes an EncryptionSpec message from the specified reader or buffer, length delimited. + * @param reader Reader or buffer to decode from + * @returns EncryptionSpec + * @throws {Error} If the payload is not a reader or valid buffer + * @throws {$protobuf.util.ProtocolError} If required fields are missing + */ + public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.cloud.security.privateca.v1.EncryptionSpec; + + /** + * Verifies an EncryptionSpec message. + * @param message Plain object to verify + * @returns `null` if valid, otherwise the reason why it is not + */ + public static verify(message: { [k: string]: any }): (string|null); + + /** + * Creates an EncryptionSpec message from a plain object. Also converts values to their respective internal types. + * @param object Plain object + * @returns EncryptionSpec + */ + public static fromObject(object: { [k: string]: any }): google.cloud.security.privateca.v1.EncryptionSpec; + + /** + * Creates a plain object from an EncryptionSpec message. Also converts values to other types if specified. + * @param message EncryptionSpec + * @param [options] Conversion options + * @returns Plain object + */ + public static toObject(message: google.cloud.security.privateca.v1.EncryptionSpec, options?: $protobuf.IConversionOptions): { [k: string]: any }; + + /** + * Converts this EncryptionSpec to JSON. + * @returns JSON object + */ + public toJSON(): { [k: string]: any }; + + /** + * Gets the default type url for EncryptionSpec + * @param [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com") + * @returns The default type url + */ + public static getTypeUrl(typeUrlPrefix?: string): string; + } + /** Properties of a CertificateRevocationList. */ interface ICertificateRevocationList { @@ -1708,6 +1817,9 @@ export namespace google { /** Certificate labels */ labels?: ({ [k: string]: string }|null); + + /** Certificate requestedNotBeforeTime */ + requestedNotBeforeTime?: (google.protobuf.ITimestamp|null); } /** Represents a Certificate. */ @@ -1761,6 +1873,9 @@ export namespace google { /** Certificate labels. */ public labels: { [k: string]: string }; + /** Certificate requestedNotBeforeTime. */ + public requestedNotBeforeTime?: (google.protobuf.ITimestamp|null); + /** Certificate certificateConfig. */ public certificateConfig?: ("pemCsr"|"config"); diff --git a/packages/google-cloud-security-privateca/protos/protos.js b/packages/google-cloud-security-privateca/protos/protos.js index 0998d0089002..c44fa93b948e 100644 --- a/packages/google-cloud-security-privateca/protos/protos.js +++ b/packages/google-cloud-security-privateca/protos/protos.js @@ -1818,6 +1818,7 @@ * @property {google.cloud.security.privateca.v1.CaPool.Tier|null} [tier] CaPool tier * @property {google.cloud.security.privateca.v1.CaPool.IIssuancePolicy|null} [issuancePolicy] CaPool issuancePolicy * @property {google.cloud.security.privateca.v1.CaPool.IPublishingOptions|null} [publishingOptions] CaPool publishingOptions + * @property {google.cloud.security.privateca.v1.IEncryptionSpec|null} [encryptionSpec] CaPool encryptionSpec * @property {Object.|null} [labels] CaPool labels */ @@ -1869,6 +1870,14 @@ */ CaPool.prototype.publishingOptions = null; + /** + * CaPool encryptionSpec. + * @member {google.cloud.security.privateca.v1.IEncryptionSpec|null|undefined} encryptionSpec + * @memberof google.cloud.security.privateca.v1.CaPool + * @instance + */ + CaPool.prototype.encryptionSpec = null; + /** * CaPool labels. * @member {Object.} labels @@ -1912,6 +1921,8 @@ if (message.labels != null && Object.hasOwnProperty.call(message, "labels")) for (var keys = Object.keys(message.labels), i = 0; i < keys.length; ++i) writer.uint32(/* id 5, wireType 2 =*/42).fork().uint32(/* id 1, wireType 2 =*/10).string(keys[i]).uint32(/* id 2, wireType 2 =*/18).string(message.labels[keys[i]]).ldelim(); + if (message.encryptionSpec != null && Object.hasOwnProperty.call(message, "encryptionSpec")) + $root.google.cloud.security.privateca.v1.EncryptionSpec.encode(message.encryptionSpec, writer.uint32(/* id 8, wireType 2 =*/66).fork()).ldelim(); return writer; }; @@ -1964,6 +1975,10 @@ message.publishingOptions = $root.google.cloud.security.privateca.v1.CaPool.PublishingOptions.decode(reader, reader.uint32()); break; } + case 8: { + message.encryptionSpec = $root.google.cloud.security.privateca.v1.EncryptionSpec.decode(reader, reader.uint32()); + break; + } case 5: { if (message.labels === $util.emptyObject) message.labels = {}; @@ -2044,6 +2059,11 @@ if (error) return "publishingOptions." + error; } + if (message.encryptionSpec != null && message.hasOwnProperty("encryptionSpec")) { + var error = $root.google.cloud.security.privateca.v1.EncryptionSpec.verify(message.encryptionSpec); + if (error) + return "encryptionSpec." + error; + } if (message.labels != null && message.hasOwnProperty("labels")) { if (!$util.isObject(message.labels)) return "labels: object expected"; @@ -2099,6 +2119,11 @@ throw TypeError(".google.cloud.security.privateca.v1.CaPool.publishingOptions: object expected"); message.publishingOptions = $root.google.cloud.security.privateca.v1.CaPool.PublishingOptions.fromObject(object.publishingOptions); } + if (object.encryptionSpec != null) { + if (typeof object.encryptionSpec !== "object") + throw TypeError(".google.cloud.security.privateca.v1.CaPool.encryptionSpec: object expected"); + message.encryptionSpec = $root.google.cloud.security.privateca.v1.EncryptionSpec.fromObject(object.encryptionSpec); + } if (object.labels) { if (typeof object.labels !== "object") throw TypeError(".google.cloud.security.privateca.v1.CaPool.labels: object expected"); @@ -2129,6 +2154,7 @@ object.tier = options.enums === String ? "TIER_UNSPECIFIED" : 0; object.issuancePolicy = null; object.publishingOptions = null; + object.encryptionSpec = null; } if (message.name != null && message.hasOwnProperty("name")) object.name = message.name; @@ -2144,6 +2170,8 @@ for (var j = 0; j < keys2.length; ++j) object.labels[keys2[j]] = message.labels[keys2[j]]; } + if (message.encryptionSpec != null && message.hasOwnProperty("encryptionSpec")) + object.encryptionSpec = $root.google.cloud.security.privateca.v1.EncryptionSpec.toObject(message.encryptionSpec, options); return object; }; @@ -2489,6 +2517,7 @@ * @interface IIssuancePolicy * @property {Array.|null} [allowedKeyTypes] IssuancePolicy allowedKeyTypes * @property {google.protobuf.IDuration|null} [backdateDuration] IssuancePolicy backdateDuration + * @property {boolean|null} [allowRequesterSpecifiedNotBeforeTime] IssuancePolicy allowRequesterSpecifiedNotBeforeTime * @property {google.protobuf.IDuration|null} [maximumLifetime] IssuancePolicy maximumLifetime * @property {google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IIssuanceModes|null} [allowedIssuanceModes] IssuancePolicy allowedIssuanceModes * @property {google.cloud.security.privateca.v1.IX509Parameters|null} [baselineValues] IssuancePolicy baselineValues @@ -2528,6 +2557,14 @@ */ IssuancePolicy.prototype.backdateDuration = null; + /** + * IssuancePolicy allowRequesterSpecifiedNotBeforeTime. + * @member {boolean} allowRequesterSpecifiedNotBeforeTime + * @memberof google.cloud.security.privateca.v1.CaPool.IssuancePolicy + * @instance + */ + IssuancePolicy.prototype.allowRequesterSpecifiedNotBeforeTime = false; + /** * IssuancePolicy maximumLifetime. * @member {google.protobuf.IDuration|null|undefined} maximumLifetime @@ -2607,6 +2644,8 @@ $root.google.cloud.security.privateca.v1.CertificateExtensionConstraints.encode(message.passthroughExtensions, writer.uint32(/* id 6, wireType 2 =*/50).fork()).ldelim(); if (message.backdateDuration != null && Object.hasOwnProperty.call(message, "backdateDuration")) $root.google.protobuf.Duration.encode(message.backdateDuration, writer.uint32(/* id 7, wireType 2 =*/58).fork()).ldelim(); + if (message.allowRequesterSpecifiedNotBeforeTime != null && Object.hasOwnProperty.call(message, "allowRequesterSpecifiedNotBeforeTime")) + writer.uint32(/* id 8, wireType 0 =*/64).bool(message.allowRequesterSpecifiedNotBeforeTime); return writer; }; @@ -2653,6 +2692,10 @@ message.backdateDuration = $root.google.protobuf.Duration.decode(reader, reader.uint32()); break; } + case 8: { + message.allowRequesterSpecifiedNotBeforeTime = reader.bool(); + break; + } case 2: { message.maximumLifetime = $root.google.protobuf.Duration.decode(reader, reader.uint32()); break; @@ -2722,6 +2765,9 @@ if (error) return "backdateDuration." + error; } + if (message.allowRequesterSpecifiedNotBeforeTime != null && message.hasOwnProperty("allowRequesterSpecifiedNotBeforeTime")) + if (typeof message.allowRequesterSpecifiedNotBeforeTime !== "boolean") + return "allowRequesterSpecifiedNotBeforeTime: boolean expected"; if (message.maximumLifetime != null && message.hasOwnProperty("maximumLifetime")) { var error = $root.google.protobuf.Duration.verify(message.maximumLifetime); if (error) @@ -2777,6 +2823,8 @@ throw TypeError(".google.cloud.security.privateca.v1.CaPool.IssuancePolicy.backdateDuration: object expected"); message.backdateDuration = $root.google.protobuf.Duration.fromObject(object.backdateDuration); } + if (object.allowRequesterSpecifiedNotBeforeTime != null) + message.allowRequesterSpecifiedNotBeforeTime = Boolean(object.allowRequesterSpecifiedNotBeforeTime); if (object.maximumLifetime != null) { if (typeof object.maximumLifetime !== "object") throw TypeError(".google.cloud.security.privateca.v1.CaPool.IssuancePolicy.maximumLifetime: object expected"); @@ -2827,6 +2875,7 @@ object.identityConstraints = null; object.passthroughExtensions = null; object.backdateDuration = null; + object.allowRequesterSpecifiedNotBeforeTime = false; } if (message.allowedKeyTypes && message.allowedKeyTypes.length) { object.allowedKeyTypes = []; @@ -2845,6 +2894,8 @@ object.passthroughExtensions = $root.google.cloud.security.privateca.v1.CertificateExtensionConstraints.toObject(message.passthroughExtensions, options); if (message.backdateDuration != null && message.hasOwnProperty("backdateDuration")) object.backdateDuration = $root.google.protobuf.Duration.toObject(message.backdateDuration, options); + if (message.allowRequesterSpecifiedNotBeforeTime != null && message.hasOwnProperty("allowRequesterSpecifiedNotBeforeTime")) + object.allowRequesterSpecifiedNotBeforeTime = message.allowRequesterSpecifiedNotBeforeTime; return object; }; @@ -3882,6 +3933,211 @@ return CaPool; })(); + v1.EncryptionSpec = (function() { + + /** + * Properties of an EncryptionSpec. + * @memberof google.cloud.security.privateca.v1 + * @interface IEncryptionSpec + * @property {string|null} [cloudKmsKey] EncryptionSpec cloudKmsKey + */ + + /** + * Constructs a new EncryptionSpec. + * @memberof google.cloud.security.privateca.v1 + * @classdesc Represents an EncryptionSpec. + * @implements IEncryptionSpec + * @constructor + * @param {google.cloud.security.privateca.v1.IEncryptionSpec=} [properties] Properties to set + */ + function EncryptionSpec(properties) { + if (properties) + for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i) + if (properties[keys[i]] != null) + this[keys[i]] = properties[keys[i]]; + } + + /** + * EncryptionSpec cloudKmsKey. + * @member {string} cloudKmsKey + * @memberof google.cloud.security.privateca.v1.EncryptionSpec + * @instance + */ + EncryptionSpec.prototype.cloudKmsKey = ""; + + /** + * Creates a new EncryptionSpec instance using the specified properties. + * @function create + * @memberof google.cloud.security.privateca.v1.EncryptionSpec + * @static + * @param {google.cloud.security.privateca.v1.IEncryptionSpec=} [properties] Properties to set + * @returns {google.cloud.security.privateca.v1.EncryptionSpec} EncryptionSpec instance + */ + EncryptionSpec.create = function create(properties) { + return new EncryptionSpec(properties); + }; + + /** + * Encodes the specified EncryptionSpec message. Does not implicitly {@link google.cloud.security.privateca.v1.EncryptionSpec.verify|verify} messages. + * @function encode + * @memberof google.cloud.security.privateca.v1.EncryptionSpec + * @static + * @param {google.cloud.security.privateca.v1.IEncryptionSpec} message EncryptionSpec message or plain object to encode + * @param {$protobuf.Writer} [writer] Writer to encode to + * @returns {$protobuf.Writer} Writer + */ + EncryptionSpec.encode = function encode(message, writer) { + if (!writer) + writer = $Writer.create(); + if (message.cloudKmsKey != null && Object.hasOwnProperty.call(message, "cloudKmsKey")) + writer.uint32(/* id 1, wireType 2 =*/10).string(message.cloudKmsKey); + return writer; + }; + + /** + * Encodes the specified EncryptionSpec message, length delimited. Does not implicitly {@link google.cloud.security.privateca.v1.EncryptionSpec.verify|verify} messages. + * @function encodeDelimited + * @memberof google.cloud.security.privateca.v1.EncryptionSpec + * @static + * @param {google.cloud.security.privateca.v1.IEncryptionSpec} message EncryptionSpec message or plain object to encode + * @param {$protobuf.Writer} [writer] Writer to encode to + * @returns {$protobuf.Writer} Writer + */ + EncryptionSpec.encodeDelimited = function encodeDelimited(message, writer) { + return this.encode(message, writer).ldelim(); + }; + + /** + * Decodes an EncryptionSpec message from the specified reader or buffer. + * @function decode + * @memberof google.cloud.security.privateca.v1.EncryptionSpec + * @static + * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from + * @param {number} [length] Message length if known beforehand + * @returns {google.cloud.security.privateca.v1.EncryptionSpec} EncryptionSpec + * @throws {Error} If the payload is not a reader or valid buffer + * @throws {$protobuf.util.ProtocolError} If required fields are missing + */ + EncryptionSpec.decode = function decode(reader, length, error) { + if (!(reader instanceof $Reader)) + reader = $Reader.create(reader); + var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.cloud.security.privateca.v1.EncryptionSpec(); + while (reader.pos < end) { + var tag = reader.uint32(); + if (tag === error) + break; + switch (tag >>> 3) { + case 1: { + message.cloudKmsKey = reader.string(); + break; + } + default: + reader.skipType(tag & 7); + break; + } + } + return message; + }; + + /** + * Decodes an EncryptionSpec message from the specified reader or buffer, length delimited. + * @function decodeDelimited + * @memberof google.cloud.security.privateca.v1.EncryptionSpec + * @static + * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from + * @returns {google.cloud.security.privateca.v1.EncryptionSpec} EncryptionSpec + * @throws {Error} If the payload is not a reader or valid buffer + * @throws {$protobuf.util.ProtocolError} If required fields are missing + */ + EncryptionSpec.decodeDelimited = function decodeDelimited(reader) { + if (!(reader instanceof $Reader)) + reader = new $Reader(reader); + return this.decode(reader, reader.uint32()); + }; + + /** + * Verifies an EncryptionSpec message. + * @function verify + * @memberof google.cloud.security.privateca.v1.EncryptionSpec + * @static + * @param {Object.} message Plain object to verify + * @returns {string|null} `null` if valid, otherwise the reason why it is not + */ + EncryptionSpec.verify = function verify(message) { + if (typeof message !== "object" || message === null) + return "object expected"; + if (message.cloudKmsKey != null && message.hasOwnProperty("cloudKmsKey")) + if (!$util.isString(message.cloudKmsKey)) + return "cloudKmsKey: string expected"; + return null; + }; + + /** + * Creates an EncryptionSpec message from a plain object. Also converts values to their respective internal types. + * @function fromObject + * @memberof google.cloud.security.privateca.v1.EncryptionSpec + * @static + * @param {Object.} object Plain object + * @returns {google.cloud.security.privateca.v1.EncryptionSpec} EncryptionSpec + */ + EncryptionSpec.fromObject = function fromObject(object) { + if (object instanceof $root.google.cloud.security.privateca.v1.EncryptionSpec) + return object; + var message = new $root.google.cloud.security.privateca.v1.EncryptionSpec(); + if (object.cloudKmsKey != null) + message.cloudKmsKey = String(object.cloudKmsKey); + return message; + }; + + /** + * Creates a plain object from an EncryptionSpec message. Also converts values to other types if specified. + * @function toObject + * @memberof google.cloud.security.privateca.v1.EncryptionSpec + * @static + * @param {google.cloud.security.privateca.v1.EncryptionSpec} message EncryptionSpec + * @param {$protobuf.IConversionOptions} [options] Conversion options + * @returns {Object.} Plain object + */ + EncryptionSpec.toObject = function toObject(message, options) { + if (!options) + options = {}; + var object = {}; + if (options.defaults) + object.cloudKmsKey = ""; + if (message.cloudKmsKey != null && message.hasOwnProperty("cloudKmsKey")) + object.cloudKmsKey = message.cloudKmsKey; + return object; + }; + + /** + * Converts this EncryptionSpec to JSON. + * @function toJSON + * @memberof google.cloud.security.privateca.v1.EncryptionSpec + * @instance + * @returns {Object.} JSON object + */ + EncryptionSpec.prototype.toJSON = function toJSON() { + return this.constructor.toObject(this, $protobuf.util.toJSONOptions); + }; + + /** + * Gets the default type url for EncryptionSpec + * @function getTypeUrl + * @memberof google.cloud.security.privateca.v1.EncryptionSpec + * @static + * @param {string} [typeUrlPrefix] your custom typeUrlPrefix(default "type.googleapis.com") + * @returns {string} The default type url + */ + EncryptionSpec.getTypeUrl = function getTypeUrl(typeUrlPrefix) { + if (typeUrlPrefix === undefined) { + typeUrlPrefix = "type.googleapis.com"; + } + return typeUrlPrefix + "/google.cloud.security.privateca.v1.EncryptionSpec"; + }; + + return EncryptionSpec; + })(); + v1.CertificateRevocationList = (function() { /** @@ -4743,6 +4999,7 @@ * @property {google.protobuf.ITimestamp|null} [createTime] Certificate createTime * @property {google.protobuf.ITimestamp|null} [updateTime] Certificate updateTime * @property {Object.|null} [labels] Certificate labels + * @property {google.protobuf.ITimestamp|null} [requestedNotBeforeTime] Certificate requestedNotBeforeTime */ /** @@ -4874,6 +5131,14 @@ */ Certificate.prototype.labels = $util.emptyObject; + /** + * Certificate requestedNotBeforeTime. + * @member {google.protobuf.ITimestamp|null|undefined} requestedNotBeforeTime + * @memberof google.cloud.security.privateca.v1.Certificate + * @instance + */ + Certificate.prototype.requestedNotBeforeTime = null; + // OneOf field names bound to virtual getters and setters var $oneOfFields; @@ -4942,6 +5207,8 @@ if (message.labels != null && Object.hasOwnProperty.call(message, "labels")) for (var keys = Object.keys(message.labels), i = 0; i < keys.length; ++i) writer.uint32(/* id 14, wireType 2 =*/114).fork().uint32(/* id 1, wireType 2 =*/10).string(keys[i]).uint32(/* id 2, wireType 2 =*/18).string(message.labels[keys[i]]).ldelim(); + if (message.requestedNotBeforeTime != null && Object.hasOwnProperty.call(message, "requestedNotBeforeTime")) + $root.google.protobuf.Timestamp.encode(message.requestedNotBeforeTime, writer.uint32(/* id 15, wireType 2 =*/122).fork()).ldelim(); return writer; }; @@ -5055,6 +5322,10 @@ message.labels[key] = value; break; } + case 15: { + message.requestedNotBeforeTime = $root.google.protobuf.Timestamp.decode(reader, reader.uint32()); + break; + } default: reader.skipType(tag & 7); break; @@ -5168,6 +5439,11 @@ if (!$util.isString(message.labels[key[i]])) return "labels: string{k:string} expected"; } + if (message.requestedNotBeforeTime != null && message.hasOwnProperty("requestedNotBeforeTime")) { + var error = $root.google.protobuf.Timestamp.verify(message.requestedNotBeforeTime); + if (error) + return "requestedNotBeforeTime." + error; + } return null; }; @@ -5261,6 +5537,11 @@ for (var keys = Object.keys(object.labels), i = 0; i < keys.length; ++i) message.labels[keys[i]] = String(object.labels[keys[i]]); } + if (object.requestedNotBeforeTime != null) { + if (typeof object.requestedNotBeforeTime !== "object") + throw TypeError(".google.cloud.security.privateca.v1.Certificate.requestedNotBeforeTime: object expected"); + message.requestedNotBeforeTime = $root.google.protobuf.Timestamp.fromObject(object.requestedNotBeforeTime); + } return message; }; @@ -5292,6 +5573,7 @@ object.certificateDescription = null; object.createTime = null; object.updateTime = null; + object.requestedNotBeforeTime = null; } if (message.name != null && message.hasOwnProperty("name")) object.name = message.name; @@ -5334,6 +5616,8 @@ for (var j = 0; j < keys2.length; ++j) object.labels[keys2[j]] = message.labels[keys2[j]]; } + if (message.requestedNotBeforeTime != null && message.hasOwnProperty("requestedNotBeforeTime")) + object.requestedNotBeforeTime = $root.google.protobuf.Timestamp.toObject(message.requestedNotBeforeTime, options); return object; }; diff --git a/packages/google-cloud-security-privateca/protos/protos.json b/packages/google-cloud-security-privateca/protos/protos.json index a18ade7f6134..14b25276d45b 100644 --- a/packages/google-cloud-security-privateca/protos/protos.json +++ b/packages/google-cloud-security-privateca/protos/protos.json @@ -289,6 +289,13 @@ "(google.api.field_behavior)": "OPTIONAL" } }, + "encryptionSpec": { + "type": "EncryptionSpec", + "id": 8, + "options": { + "(google.api.field_behavior)": "OPTIONAL" + } + }, "labels": { "keyType": "string", "type": "string", @@ -357,6 +364,13 @@ "(google.api.field_behavior)": "OPTIONAL" } }, + "allowRequesterSpecifiedNotBeforeTime": { + "type": "bool", + "id": 8, + "options": { + "(google.api.field_behavior)": "OPTIONAL" + } + }, "maximumLifetime": { "type": "google.protobuf.Duration", "id": 2, @@ -477,6 +491,14 @@ } } }, + "EncryptionSpec": { + "fields": { + "cloudKmsKey": { + "type": "string", + "id": 1 + } + } + }, "CertificateRevocationList": { "options": { "(google.api.resource).type": "privateca.googleapis.com/CertificateRevocationList", @@ -700,6 +722,13 @@ "options": { "(google.api.field_behavior)": "OPTIONAL" } + }, + "requestedNotBeforeTime": { + "type": "google.protobuf.Timestamp", + "id": 15, + "options": { + "(google.api.field_behavior)": "OPTIONAL" + } } }, "nested": { diff --git a/packages/google-cloud-security-privateca/samples/generated/v1/certificate_authority_service.list_certificates.js b/packages/google-cloud-security-privateca/samples/generated/v1/certificate_authority_service.list_certificates.js index fa52b3bbb00b..fa81a8eb69e2 100644 --- a/packages/google-cloud-security-privateca/samples/generated/v1/certificate_authority_service.list_certificates.js +++ b/packages/google-cloud-security-privateca/samples/generated/v1/certificate_authority_service.list_certificates.js @@ -29,9 +29,16 @@ function main(parent) { * TODO(developer): Uncomment these variables before running the sample. */ /** - * Required. The resource name of the location associated with the + * Required. The resource name of the parent associated with the * Certificates google.cloud.security.privateca.v1.Certificate, in the - * format `projects/* /locations/* /caPools/*`. + * format `projects/* /locations/* /caPools/*`. The parent resource name can be + * in one of two forms: + * 1. **Specific CA Pool:** To list certificates within a single CA Pool: + * `projects/* /locations/* /caPools/*` + * 2. **All CA Pools in a Location:** To list certificates across *all* CA + * Pools in a given project and location, use the wildcard character (`-`) + * in place of the CA Pool ID. + * Example: `projects/* /locations/* /caPools/-` */ // const parent = 'abc123' /** diff --git a/packages/google-cloud-security-privateca/samples/generated/v1/snippet_metadata_google.cloud.security.privateca.v1.json b/packages/google-cloud-security-privateca/samples/generated/v1/snippet_metadata_google.cloud.security.privateca.v1.json index afd0121e4e57..72d7dcb4ed20 100644 --- a/packages/google-cloud-security-privateca/samples/generated/v1/snippet_metadata_google.cloud.security.privateca.v1.json +++ b/packages/google-cloud-security-privateca/samples/generated/v1/snippet_metadata_google.cloud.security.privateca.v1.json @@ -122,7 +122,7 @@ "segments": [ { "start": 25, - "end": 85, + "end": 92, "type": "FULL" } ], diff --git a/packages/google-cloud-security-privateca/src/v1/certificate_authority_service_client.ts b/packages/google-cloud-security-privateca/src/v1/certificate_authority_service_client.ts index 4bac97cc9e83..01b6373b2fd7 100644 --- a/packages/google-cloud-security-privateca/src/v1/certificate_authority_service_client.ts +++ b/packages/google-cloud-security-privateca/src/v1/certificate_authority_service_client.ts @@ -5022,9 +5022,18 @@ export class CertificateAuthorityServiceClient { * @param {Object} request * The request object that will be sent. * @param {string} request.parent - * Required. The resource name of the location associated with the + * Required. The resource name of the parent associated with the * {@link protos.google.cloud.security.privateca.v1.Certificate|Certificates}, in the - * format `projects/* /locations/* /caPools/*`. + * format `projects/* /locations/* /caPools/*`. The parent resource name can be + * in one of two forms: + * + * 1. **Specific CA Pool:** To list certificates within a single CA Pool: + * `projects/* /locations/* /caPools/*` + * + * 2. **All CA Pools in a Location:** To list certificates across *all* CA + * Pools in a given project and location, use the wildcard character (`-`) + * in place of the CA Pool ID. + * Example: `projects/* /locations/* /caPools/-` * @param {number} [request.pageSize] * Optional. Limit on the number of * {@link protos.google.cloud.security.privateca.v1.Certificate|Certificates} to include @@ -5165,9 +5174,18 @@ export class CertificateAuthorityServiceClient { * @param {Object} request * The request object that will be sent. * @param {string} request.parent - * Required. The resource name of the location associated with the + * Required. The resource name of the parent associated with the * {@link protos.google.cloud.security.privateca.v1.Certificate|Certificates}, in the - * format `projects/* /locations/* /caPools/*`. + * format `projects/* /locations/* /caPools/*`. The parent resource name can be + * in one of two forms: + * + * 1. **Specific CA Pool:** To list certificates within a single CA Pool: + * `projects/* /locations/* /caPools/*` + * + * 2. **All CA Pools in a Location:** To list certificates across *all* CA + * Pools in a given project and location, use the wildcard character (`-`) + * in place of the CA Pool ID. + * Example: `projects/* /locations/* /caPools/-` * @param {number} [request.pageSize] * Optional. Limit on the number of * {@link protos.google.cloud.security.privateca.v1.Certificate|Certificates} to include @@ -5231,9 +5249,18 @@ export class CertificateAuthorityServiceClient { * @param {Object} request * The request object that will be sent. * @param {string} request.parent - * Required. The resource name of the location associated with the + * Required. The resource name of the parent associated with the * {@link protos.google.cloud.security.privateca.v1.Certificate|Certificates}, in the - * format `projects/* /locations/* /caPools/*`. + * format `projects/* /locations/* /caPools/*`. The parent resource name can be + * in one of two forms: + * + * 1. **Specific CA Pool:** To list certificates within a single CA Pool: + * `projects/* /locations/* /caPools/*` + * + * 2. **All CA Pools in a Location:** To list certificates across *all* CA + * Pools in a given project and location, use the wildcard character (`-`) + * in place of the CA Pool ID. + * Example: `projects/* /locations/* /caPools/-` * @param {number} [request.pageSize] * Optional. Limit on the number of * {@link protos.google.cloud.security.privateca.v1.Certificate|Certificates} to include