/
certificate_authority_yaml_embed.go
executable file
·23 lines (20 loc) · 61.8 KB
/
certificate_authority_yaml_embed.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
// Copyright 2024 Google LLC. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
// GENERATED BY gen_go_data.go
// gen_go_data -package privateca -var YAML_certificate_authority blaze-out/k8-fastbuild/genfiles/cloud/graphite/mmv2/services/google/privateca/certificate_authority.yaml
package privateca
// blaze-out/k8-fastbuild/genfiles/cloud/graphite/mmv2/services/google/privateca/certificate_authority.yaml
var YAML_certificate_authority = []byte("info:\n title: Privateca/CertificateAuthority\n description: The Privateca CertificateAuthority resource\n x-dcl-struct-name: CertificateAuthority\n x-dcl-has-iam: false\npaths:\n get:\n description: The function used to get information about a CertificateAuthority\n parameters:\n - name: certificateAuthority\n required: true\n description: A full instance of a CertificateAuthority\n apply:\n description: The function used to apply information about a CertificateAuthority\n parameters:\n - name: certificateAuthority\n required: true\n description: A full instance of a CertificateAuthority\n delete:\n description: The function used to delete a CertificateAuthority\n parameters:\n - name: certificateAuthority\n required: true\n description: A full instance of a CertificateAuthority\n deleteAll:\n description: The function used to delete all CertificateAuthority\n parameters:\n - name: project\n required: true\n schema:\n type: string\n - name: location\n required: true\n schema:\n type: string\n - name: caPool\n required: true\n schema:\n type: string\n list:\n description: The function used to list information about many CertificateAuthority\n parameters:\n - name: project\n required: true\n schema:\n type: string\n - name: location\n required: true\n schema:\n type: string\n - name: caPool\n required: true\n schema:\n type: string\ncomponents:\n schemas:\n CertificateAuthority:\n title: CertificateAuthority\n x-dcl-id: projects/{{project}}/locations/{{location}}/caPools/{{ca_pool}}/certificateAuthorities/{{name}}\n x-dcl-parent-container: project\n x-dcl-labels: labels\n x-dcl-has-create: true\n x-dcl-has-iam: false\n x-dcl-read-timeout: 0\n x-dcl-apply-timeout: 0\n x-dcl-delete-timeout: 0\n type: object\n required:\n - name\n - type\n - config\n - lifetime\n - keySpec\n - project\n - location\n - caPool\n properties:\n accessUrls:\n type: object\n x-dcl-go-name: AccessUrls\n x-dcl-go-type: CertificateAuthorityAccessUrls\n readOnly: true\n description: Output only. URLs for accessing content published by this CA,\n such as the CA certificate and CRLs.\n x-kubernetes-immutable: true\n properties:\n caCertificateAccessUrl:\n type: string\n x-dcl-go-name: CaCertificateAccessUrl\n description: The URL where this CertificateAuthority's CA certificate\n is published. This will only be set for CAs that have been activated.\n x-kubernetes-immutable: true\n crlAccessUrls:\n type: array\n x-dcl-go-name: CrlAccessUrls\n description: The URLs where this CertificateAuthority's CRLs are published.\n This will only be set for CAs that have been activated.\n x-kubernetes-immutable: true\n x-dcl-send-empty: true\n x-dcl-list-type: list\n items:\n type: string\n x-dcl-go-type: string\n caCertificateDescriptions:\n type: array\n x-dcl-go-name: CaCertificateDescriptions\n readOnly: true\n description: Output only. A structured description of this CertificateAuthority's\n CA certificate and its issuers. Ordered as self-to-root.\n x-kubernetes-immutable: true\n x-dcl-list-type: list\n items:\n type: object\n x-dcl-go-type: CertificateAuthorityCaCertificateDescriptions\n properties:\n aiaIssuingCertificateUrls:\n type: array\n x-dcl-go-name: AiaIssuingCertificateUrls\n description: Describes lists of issuer CA certificate URLs that appear\n in the \"Authority Information Access\" extension in the certificate.\n x-dcl-send-empty: true\n x-dcl-list-type: list\n items:\n type: string\n x-dcl-go-type: string\n authorityKeyId:\n type: object\n x-dcl-go-name: AuthorityKeyId\n x-dcl-go-type: CertificateAuthorityCaCertificateDescriptionsAuthorityKeyId\n description: Identifies the subject_key_id of the parent certificate,\n per https://tools.ietf.org/html/rfc5280#section-4.2.1.1\n properties:\n keyId:\n type: string\n x-dcl-go-name: KeyId\n description: Optional. The value of this KeyId encoded in lowercase\n hexadecimal. This is most likely the 160 bit SHA-1 hash of the\n public key.\n certFingerprint:\n type: object\n x-dcl-go-name: CertFingerprint\n x-dcl-go-type: CertificateAuthorityCaCertificateDescriptionsCertFingerprint\n description: The hash of the x.509 certificate.\n properties:\n sha256Hash:\n type: string\n x-dcl-go-name: Sha256Hash\n description: The SHA 256 hash, encoded in hexadecimal, of the\n DER x509 certificate.\n crlDistributionPoints:\n type: array\n x-dcl-go-name: CrlDistributionPoints\n description: Describes a list of locations to obtain CRL information,\n i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13\n x-dcl-send-empty: true\n x-dcl-list-type: list\n items:\n type: string\n x-dcl-go-type: string\n publicKey:\n type: object\n x-dcl-go-name: PublicKey\n x-dcl-go-type: CertificateAuthorityCaCertificateDescriptionsPublicKey\n description: The public key that corresponds to an issued certificate.\n required:\n - key\n - format\n properties:\n format:\n type: string\n x-dcl-go-name: Format\n x-dcl-go-type: CertificateAuthorityCaCertificateDescriptionsPublicKeyFormatEnum\n description: 'Required. The format of the public key. Possible\n values: PEM'\n enum:\n - PEM\n key:\n type: string\n x-dcl-go-name: Key\n description: Required. A public key. The padding and encoding\n must match with the `KeyFormat` value specified for the `format`\n field.\n subjectDescription:\n type: object\n x-dcl-go-name: SubjectDescription\n x-dcl-go-type: CertificateAuthorityCaCertificateDescriptionsSubjectDescription\n description: Describes some of the values in a certificate that are\n related to the subject and lifetime.\n properties:\n hexSerialNumber:\n type: string\n x-dcl-go-name: HexSerialNumber\n description: The serial number encoded in lowercase hexadecimal.\n lifetime:\n type: string\n x-dcl-go-name: Lifetime\n description: For convenience, the actual lifetime of an issued\n certificate.\n notAfterTime:\n type: string\n format: date-time\n x-dcl-go-name: NotAfterTime\n description: The time after which the certificate is expired.\n Per RFC 5280, the validity period for a certificate is the period\n of time from not_before_time through not_after_time, inclusive.\n Corresponds to 'not_before_time' + 'lifetime' - 1 second.\n notBeforeTime:\n type: string\n format: date-time\n x-dcl-go-name: NotBeforeTime\n description: The time at which the certificate becomes valid.\n subject:\n type: object\n x-dcl-go-name: Subject\n x-dcl-go-type: CertificateAuthorityCaCertificateDescriptionsSubjectDescriptionSubject\n description: Contains distinguished name fields such as the common\n name, location and organization.\n properties:\n commonName:\n type: string\n x-dcl-go-name: CommonName\n description: The \"common name\" of the subject.\n countryCode:\n type: string\n x-dcl-go-name: CountryCode\n description: The country code of the subject.\n locality:\n type: string\n x-dcl-go-name: Locality\n description: The locality or city of the subject.\n organization:\n type: string\n x-dcl-go-name: Organization\n description: The organization of the subject.\n organizationalUnit:\n type: string\n x-dcl-go-name: OrganizationalUnit\n description: The organizational_unit of the subject.\n postalCode:\n type: string\n x-dcl-go-name: PostalCode\n description: The postal code of the subject.\n province:\n type: string\n x-dcl-go-name: Province\n description: The province, territory, or regional state of\n the subject.\n streetAddress:\n type: string\n x-dcl-go-name: StreetAddress\n description: The street address of the subject.\n subjectAltName:\n type: object\n x-dcl-go-name: SubjectAltName\n x-dcl-go-type: CertificateAuthorityCaCertificateDescriptionsSubjectDescriptionSubjectAltName\n description: The subject alternative name fields.\n properties:\n customSans:\n type: array\n x-dcl-go-name: CustomSans\n description: Contains additional subject alternative name\n values.\n x-dcl-send-empty: true\n x-dcl-list-type: list\n items:\n type: object\n x-dcl-go-type: CertificateAuthorityCaCertificateDescriptionsSubjectDescriptionSubjectAltNameCustomSans\n required:\n - objectId\n - critical\n - value\n properties:\n critical:\n type: boolean\n x-dcl-go-name: Critical\n description: Optional. Indicates whether or not this\n extension is critical (i.e., if the client does not\n know how to handle this extension, the client should\n consider this to be an error).\n objectId:\n type: object\n x-dcl-go-name: ObjectId\n x-dcl-go-type: CertificateAuthorityCaCertificateDescriptionsSubjectDescriptionSubjectAltNameCustomSansObjectId\n description: Required. The OID for this X.509 extension.\n required:\n - objectIdPath\n properties:\n objectIdPath:\n type: array\n x-dcl-go-name: ObjectIdPath\n description: Required. The parts of an OID path.\n The most significant parts of the path come first.\n x-dcl-send-empty: true\n x-dcl-list-type: list\n items:\n type: integer\n format: int64\n x-dcl-go-type: int64\n value:\n type: string\n x-dcl-go-name: Value\n description: Required. The value of this X.509 extension.\n dnsNames:\n type: array\n x-dcl-go-name: DnsNames\n description: Contains only valid, fully-qualified host names.\n x-dcl-send-empty: true\n x-dcl-list-type: list\n items:\n type: string\n x-dcl-go-type: string\n emailAddresses:\n type: array\n x-dcl-go-name: EmailAddresses\n description: Contains only valid RFC 2822 E-mail addresses.\n x-dcl-send-empty: true\n x-dcl-list-type: list\n items:\n type: string\n x-dcl-go-type: string\n ipAddresses:\n type: array\n x-dcl-go-name: IPAddresses\n description: Contains only valid 32-bit IPv4 addresses or\n RFC 4291 IPv6 addresses.\n x-dcl-send-empty: true\n x-dcl-list-type: list\n items:\n type: string\n x-dcl-go-type: string\n uris:\n type: array\n x-dcl-go-name: Uris\n description: Contains only valid RFC 3986 URIs.\n x-dcl-send-empty: true\n x-dcl-list-type: list\n items:\n type: string\n x-dcl-go-type: string\n subjectKeyId:\n type: object\n x-dcl-go-name: SubjectKeyId\n x-dcl-go-type: CertificateAuthorityCaCertificateDescriptionsSubjectKeyId\n description: Provides a means of identifiying certificates that contain\n a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.\n properties:\n keyId:\n type: string\n x-dcl-go-name: KeyId\n description: Optional. The value of this KeyId encoded in lowercase\n hexadecimal. This is most likely the 160 bit SHA-1 hash of the\n public key.\n x509Description:\n type: object\n x-dcl-go-name: X509Description\n x-dcl-go-type: CertificateAuthorityCaCertificateDescriptionsX509Description\n description: Describes some of the technical X.509 fields in a certificate.\n properties:\n additionalExtensions:\n type: array\n x-dcl-go-name: AdditionalExtensions\n description: Optional. Describes custom X.509 extensions.\n x-dcl-send-empty: true\n x-dcl-list-type: list\n items:\n type: object\n x-dcl-go-type: CertificateAuthorityCaCertificateDescriptionsX509DescriptionAdditionalExtensions\n required:\n - objectId\n - value\n properties:\n critical:\n type: boolean\n x-dcl-go-name: Critical\n description: Optional. Indicates whether or not this extension\n is critical (i.e., if the client does not know how to\n handle this extension, the client should consider this\n to be an error).\n objectId:\n type: object\n x-dcl-go-name: ObjectId\n x-dcl-go-type: CertificateAuthorityCaCertificateDescriptionsX509DescriptionAdditionalExtensionsObjectId\n description: Required. The OID for this X.509 extension.\n required:\n - objectIdPath\n properties:\n objectIdPath:\n type: array\n x-dcl-go-name: ObjectIdPath\n description: Required. The parts of an OID path. The\n most significant parts of the path come first.\n x-dcl-send-empty: true\n x-dcl-list-type: list\n items:\n type: integer\n format: int64\n x-dcl-go-type: int64\n value:\n type: string\n x-dcl-go-name: Value\n description: Required. The value of this X.509 extension.\n aiaOcspServers:\n type: array\n x-dcl-go-name: AiaOcspServers\n readOnly: true\n description: Optional. Describes Online Certificate Status Protocol\n (OCSP) endpoint addresses that appear in the \"Authority Information\n Access\" extension in the certificate.\n x-kubernetes-immutable: true\n x-dcl-list-type: list\n items:\n type: string\n x-dcl-go-type: string\n caOptions:\n type: object\n x-dcl-go-name: CaOptions\n x-dcl-go-type: CertificateAuthorityCaCertificateDescriptionsX509DescriptionCaOptions\n description: Optional. Describes options in this X509Parameters\n that are relevant in a CA certificate.\n properties:\n isCa:\n type: boolean\n x-dcl-go-name: IsCa\n description: Optional. Refers to the \"CA\" X.509 extension,\n which is a boolean value. When this value is missing, the\n extension will be omitted from the CA certificate.\n maxIssuerPathLength:\n type: integer\n format: int64\n x-dcl-go-name: MaxIssuerPathLength\n description: Optional. Refers to the path length restriction\n X.509 extension. For a CA certificate, this value describes\n the depth of subordinate CA certificates that are allowed.\n If this value is less than 0, the request will fail. If\n this value is missing, the max path length will be omitted\n from the CA certificate.\n keyUsage:\n type: object\n x-dcl-go-name: KeyUsage\n x-dcl-go-type: CertificateAuthorityCaCertificateDescriptionsX509DescriptionKeyUsage\n description: Optional. Indicates the intended use for keys that\n correspond to a certificate.\n properties:\n baseKeyUsage:\n type: object\n x-dcl-go-name: BaseKeyUsage\n x-dcl-go-type: CertificateAuthorityCaCertificateDescriptionsX509DescriptionKeyUsageBaseKeyUsage\n description: Describes high-level ways in which a key may\n be used.\n properties:\n certSign:\n type: boolean\n x-dcl-go-name: CertSign\n description: The key may be used to sign certificates.\n contentCommitment:\n type: boolean\n x-dcl-go-name: ContentCommitment\n description: The key may be used for cryptographic commitments.\n Note that this may also be referred to as \"non-repudiation\".\n crlSign:\n type: boolean\n x-dcl-go-name: CrlSign\n description: The key may be used sign certificate revocation\n lists.\n dataEncipherment:\n type: boolean\n x-dcl-go-name: DataEncipherment\n description: The key may be used to encipher data.\n decipherOnly:\n type: boolean\n x-dcl-go-name: DecipherOnly\n description: The key may be used to decipher only.\n digitalSignature:\n type: boolean\n x-dcl-go-name: DigitalSignature\n description: The key may be used for digital signatures.\n encipherOnly:\n type: boolean\n x-dcl-go-name: EncipherOnly\n description: The key may be used to encipher only.\n keyAgreement:\n type: boolean\n x-dcl-go-name: KeyAgreement\n description: The key may be used in a key agreement protocol.\n keyEncipherment:\n type: boolean\n x-dcl-go-name: KeyEncipherment\n description: The key may be used to encipher other keys.\n extendedKeyUsage:\n type: object\n x-dcl-go-name: ExtendedKeyUsage\n x-dcl-go-type: CertificateAuthorityCaCertificateDescriptionsX509DescriptionKeyUsageExtendedKeyUsage\n description: Detailed scenarios in which a key may be used.\n properties:\n clientAuth:\n type: boolean\n x-dcl-go-name: ClientAuth\n description: Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially\n described as \"TLS WWW client authentication\", though\n regularly used for non-WWW TLS.\n codeSigning:\n type: boolean\n x-dcl-go-name: CodeSigning\n description: Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially\n described as \"Signing of downloadable executable code\n client authentication\".\n emailProtection:\n type: boolean\n x-dcl-go-name: EmailProtection\n description: Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially\n described as \"Email protection\".\n ocspSigning:\n type: boolean\n x-dcl-go-name: OcspSigning\n description: Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially\n described as \"Signing OCSP responses\".\n serverAuth:\n type: boolean\n x-dcl-go-name: ServerAuth\n description: Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially\n described as \"TLS WWW server authentication\", though\n regularly used for non-WWW TLS.\n timeStamping:\n type: boolean\n x-dcl-go-name: TimeStamping\n description: Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially\n described as \"Binding the hash of an object to a time\".\n unknownExtendedKeyUsages:\n type: array\n x-dcl-go-name: UnknownExtendedKeyUsages\n description: Used to describe extended key usages that are\n not listed in the KeyUsage.ExtendedKeyUsageOptions message.\n x-dcl-send-empty: true\n x-dcl-list-type: list\n items:\n type: object\n x-dcl-go-type: CertificateAuthorityCaCertificateDescriptionsX509DescriptionKeyUsageUnknownExtendedKeyUsages\n required:\n - objectIdPath\n properties:\n objectIdPath:\n type: array\n x-dcl-go-name: ObjectIdPath\n description: Required. The parts of an OID path. The\n most significant parts of the path come first.\n x-dcl-send-empty: true\n x-dcl-list-type: list\n items:\n type: integer\n format: int64\n x-dcl-go-type: int64\n policyIds:\n type: array\n x-dcl-go-name: PolicyIds\n description: Optional. Describes the X.509 certificate policy\n object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.\n x-dcl-send-empty: true\n x-dcl-list-type: list\n items:\n type: object\n x-dcl-go-type: CertificateAuthorityCaCertificateDescriptionsX509DescriptionPolicyIds\n required:\n - objectIdPath\n properties:\n objectIdPath:\n type: array\n x-dcl-go-name: ObjectIdPath\n description: Required. The parts of an OID path. The most\n significant parts of the path come first.\n x-dcl-send-empty: true\n x-dcl-list-type: list\n items:\n type: integer\n format: int64\n x-dcl-go-type: int64\n caPool:\n type: string\n x-dcl-go-name: CaPool\n description: The caPool for the resource\n x-kubernetes-immutable: true\n x-dcl-references:\n - resource: Privateca/CaPool\n field: name\n parent: true\n x-dcl-parameter: true\n config:\n type: object\n x-dcl-go-name: Config\n x-dcl-go-type: CertificateAuthorityConfig\n description: Required. Immutable. The config used to create a self-signed\n X.509 certificate or CSR.\n x-kubernetes-immutable: true\n required:\n - subjectConfig\n - x509Config\n properties:\n publicKey:\n type: object\n x-dcl-go-name: PublicKey\n x-dcl-go-type: CertificateAuthorityConfigPublicKey\n readOnly: true\n description: Optional. The public key that corresponds to this config.\n This is, for example, used when issuing Certificates, but not when\n creating a self-signed CertificateAuthority or CertificateAuthority\n CSR.\n x-kubernetes-immutable: true\n required:\n - key\n - format\n properties:\n format:\n type: string\n x-dcl-go-name: Format\n x-dcl-go-type: CertificateAuthorityConfigPublicKeyFormatEnum\n description: 'Required. The format of the public key. Possible values:\n PEM'\n x-kubernetes-immutable: true\n enum:\n - PEM\n key:\n type: string\n x-dcl-go-name: Key\n description: Required. A public key. The padding and encoding must\n match with the `KeyFormat` value specified for the `format` field.\n x-kubernetes-immutable: true\n subjectConfig:\n type: object\n x-dcl-go-name: SubjectConfig\n x-dcl-go-type: CertificateAuthorityConfigSubjectConfig\n description: Required. Specifies some of the values in a certificate\n that are related to the subject.\n x-kubernetes-immutable: true\n required:\n - subject\n properties:\n subject:\n type: object\n x-dcl-go-name: Subject\n x-dcl-go-type: CertificateAuthorityConfigSubjectConfigSubject\n description: Required. Contains distinguished name fields such as\n the common name, location and organization.\n x-kubernetes-immutable: true\n properties:\n commonName:\n type: string\n x-dcl-go-name: CommonName\n description: The \"common name\" of the subject.\n x-kubernetes-immutable: true\n countryCode:\n type: string\n x-dcl-go-name: CountryCode\n description: The country code of the subject.\n x-kubernetes-immutable: true\n locality:\n type: string\n x-dcl-go-name: Locality\n description: The locality or city of the subject.\n x-kubernetes-immutable: true\n organization:\n type: string\n x-dcl-go-name: Organization\n description: The organization of the subject.\n x-kubernetes-immutable: true\n organizationalUnit:\n type: string\n x-dcl-go-name: OrganizationalUnit\n description: The organizational_unit of the subject.\n x-kubernetes-immutable: true\n postalCode:\n type: string\n x-dcl-go-name: PostalCode\n description: The postal code of the subject.\n x-kubernetes-immutable: true\n province:\n type: string\n x-dcl-go-name: Province\n description: The province, territory, or regional state of the\n subject.\n x-kubernetes-immutable: true\n streetAddress:\n type: string\n x-dcl-go-name: StreetAddress\n description: The street address of the subject.\n x-kubernetes-immutable: true\n subjectAltName:\n type: object\n x-dcl-go-name: SubjectAltName\n x-dcl-go-type: CertificateAuthorityConfigSubjectConfigSubjectAltName\n description: Optional. The subject alternative name fields.\n x-kubernetes-immutable: true\n properties:\n customSans:\n type: array\n x-dcl-go-name: CustomSans\n description: Contains additional subject alternative name values.\n x-kubernetes-immutable: true\n x-dcl-send-empty: true\n x-dcl-list-type: list\n items:\n type: object\n x-dcl-go-type: CertificateAuthorityConfigSubjectConfigSubjectAltNameCustomSans\n required:\n - objectId\n - value\n properties:\n critical:\n type: boolean\n x-dcl-go-name: Critical\n description: Optional. Indicates whether or not this extension\n is critical (i.e., if the client does not know how to\n handle this extension, the client should consider this\n to be an error).\n x-kubernetes-immutable: true\n objectId:\n type: object\n x-dcl-go-name: ObjectId\n x-dcl-go-type: CertificateAuthorityConfigSubjectConfigSubjectAltNameCustomSansObjectId\n description: Required. The OID for this X.509 extension.\n x-kubernetes-immutable: true\n required:\n - objectIdPath\n properties:\n objectIdPath:\n type: array\n x-dcl-go-name: ObjectIdPath\n description: Required. The parts of an OID path. The\n most significant parts of the path come first.\n x-kubernetes-immutable: true\n x-dcl-send-empty: true\n x-dcl-list-type: list\n items:\n type: integer\n format: int64\n x-dcl-go-type: int64\n value:\n type: string\n x-dcl-go-name: Value\n description: Required. The value of this X.509 extension.\n x-kubernetes-immutable: true\n dnsNames:\n type: array\n x-dcl-go-name: DnsNames\n description: Contains only valid, fully-qualified host names.\n x-kubernetes-immutable: true\n x-dcl-send-empty: true\n x-dcl-list-type: list\n items:\n type: string\n x-dcl-go-type: string\n emailAddresses:\n type: array\n x-dcl-go-name: EmailAddresses\n description: Contains only valid RFC 2822 E-mail addresses.\n x-kubernetes-immutable: true\n x-dcl-send-empty: true\n x-dcl-list-type: list\n items:\n type: string\n x-dcl-go-type: string\n ipAddresses:\n type: array\n x-dcl-go-name: IPAddresses\n description: Contains only valid 32-bit IPv4 addresses or RFC\n 4291 IPv6 addresses.\n x-kubernetes-immutable: true\n x-dcl-send-empty: true\n x-dcl-list-type: list\n items:\n type: string\n x-dcl-go-type: string\n uris:\n type: array\n x-dcl-go-name: Uris\n description: Contains only valid RFC 3986 URIs.\n x-kubernetes-immutable: true\n x-dcl-send-empty: true\n x-dcl-list-type: list\n items:\n type: string\n x-dcl-go-type: string\n x509Config:\n type: object\n x-dcl-go-name: X509Config\n x-dcl-go-type: CertificateAuthorityConfigX509Config\n description: Required. Describes how some of the technical X.509 fields\n in a certificate should be populated.\n x-kubernetes-immutable: true\n properties:\n additionalExtensions:\n type: array\n x-dcl-go-name: AdditionalExtensions\n description: Optional. Describes custom X.509 extensions.\n x-kubernetes-immutable: true\n x-dcl-send-empty: true\n x-dcl-list-type: list\n items:\n type: object\n x-dcl-go-type: CertificateAuthorityConfigX509ConfigAdditionalExtensions\n required:\n - objectId\n - value\n properties:\n critical:\n type: boolean\n x-dcl-go-name: Critical\n description: Optional. Indicates whether or not this extension\n is critical (i.e., if the client does not know how to handle\n this extension, the client should consider this to be an\n error).\n x-kubernetes-immutable: true\n objectId:\n type: object\n x-dcl-go-name: ObjectId\n x-dcl-go-type: CertificateAuthorityConfigX509ConfigAdditionalExtensionsObjectId\n description: Required. The OID for this X.509 extension.\n x-kubernetes-immutable: true\n required:\n - objectIdPath\n properties:\n objectIdPath:\n type: array\n x-dcl-go-name: ObjectIdPath\n description: Required. The parts of an OID path. The most\n significant parts of the path come first.\n x-kubernetes-immutable: true\n x-dcl-send-empty: true\n x-dcl-list-type: list\n items:\n type: integer\n format: int64\n x-dcl-go-type: int64\n value:\n type: string\n x-dcl-go-name: Value\n description: Required. The value of this X.509 extension.\n x-kubernetes-immutable: true\n aiaOcspServers:\n type: array\n x-dcl-go-name: AiaOcspServers\n readOnly: true\n description: Optional. Describes Online Certificate Status Protocol\n (OCSP) endpoint addresses that appear in the \"Authority Information\n Access\" extension in the certificate.\n x-kubernetes-immutable: true\n x-dcl-list-type: list\n items:\n type: string\n x-dcl-go-type: string\n caOptions:\n type: object\n x-dcl-go-name: CaOptions\n x-dcl-go-type: CertificateAuthorityConfigX509ConfigCaOptions\n description: Optional. Describes options in this X509Parameters\n that are relevant in a CA certificate.\n x-kubernetes-immutable: true\n properties:\n isCa:\n type: boolean\n x-dcl-go-name: IsCa\n description: Optional. Refers to the \"CA\" X.509 extension, which\n is a boolean value. When this value is missing, the extension\n will be omitted from the CA certificate.\n x-kubernetes-immutable: true\n maxIssuerPathLength:\n type: integer\n format: int64\n x-dcl-go-name: MaxIssuerPathLength\n description: Optional. Refers to the path length restriction\n X.509 extension. For a CA certificate, this value describes\n the depth of subordinate CA certificates that are allowed.\n If this value is less than 0, the request will fail. If this\n value is missing, the max path length will be omitted from\n the CA certificate.\n x-kubernetes-immutable: true\n zeroMaxIssuerPathLength:\n type: boolean\n x-dcl-go-name: ZeroMaxIssuerPathLength\n description: Optional. When true, the \"path length constraint\"\n in Basic Constraints extension will be set to 0. if both max_issuer_path_length\n and zero_max_issuer_path_length are unset, the max path length\n will be omitted from the CA certificate.\n x-kubernetes-immutable: true\n keyUsage:\n type: object\n x-dcl-go-name: KeyUsage\n x-dcl-go-type: CertificateAuthorityConfigX509ConfigKeyUsage\n description: Optional. Indicates the intended use for keys that\n correspond to a certificate.\n x-kubernetes-immutable: true\n properties:\n baseKeyUsage:\n type: object\n x-dcl-go-name: BaseKeyUsage\n x-dcl-go-type: CertificateAuthorityConfigX509ConfigKeyUsageBaseKeyUsage\n description: Describes high-level ways in which a key may be\n used.\n x-kubernetes-immutable: true\n properties:\n certSign:\n type: boolean\n x-dcl-go-name: CertSign\n description: The key may be used to sign certificates.\n x-kubernetes-immutable: true\n contentCommitment:\n type: boolean\n x-dcl-go-name: ContentCommitment\n description: The key may be used for cryptographic commitments.\n Note that this may also be referred to as \"non-repudiation\".\n x-kubernetes-immutable: true\n crlSign:\n type: boolean\n x-dcl-go-name: CrlSign\n description: The key may be used sign certificate revocation\n lists.\n x-kubernetes-immutable: true\n dataEncipherment:\n type: boolean\n x-dcl-go-name: DataEncipherment\n description: The key may be used to encipher data.\n x-kubernetes-immutable: true\n decipherOnly:\n type: boolean\n x-dcl-go-name: DecipherOnly\n description: The key may be used to decipher only.\n x-kubernetes-immutable: true\n digitalSignature:\n type: boolean\n x-dcl-go-name: DigitalSignature\n description: The key may be used for digital signatures.\n x-kubernetes-immutable: true\n encipherOnly:\n type: boolean\n x-dcl-go-name: EncipherOnly\n description: The key may be used to encipher only.\n x-kubernetes-immutable: true\n keyAgreement:\n type: boolean\n x-dcl-go-name: KeyAgreement\n description: The key may be used in a key agreement protocol.\n x-kubernetes-immutable: true\n keyEncipherment:\n type: boolean\n x-dcl-go-name: KeyEncipherment\n description: The key may be used to encipher other keys.\n x-kubernetes-immutable: true\n extendedKeyUsage:\n type: object\n x-dcl-go-name: ExtendedKeyUsage\n x-dcl-go-type: CertificateAuthorityConfigX509ConfigKeyUsageExtendedKeyUsage\n description: Detailed scenarios in which a key may be used.\n x-kubernetes-immutable: true\n properties:\n clientAuth:\n type: boolean\n x-dcl-go-name: ClientAuth\n description: Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially\n described as \"TLS WWW client authentication\", though regularly\n used for non-WWW TLS.\n x-kubernetes-immutable: true\n codeSigning:\n type: boolean\n x-dcl-go-name: CodeSigning\n description: Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially\n described as \"Signing of downloadable executable code\n client authentication\".\n x-kubernetes-immutable: true\n emailProtection:\n type: boolean\n x-dcl-go-name: EmailProtection\n description: Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially\n described as \"Email protection\".\n x-kubernetes-immutable: true\n ocspSigning:\n type: boolean\n x-dcl-go-name: OcspSigning\n description: Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially\n described as \"Signing OCSP responses\".\n x-kubernetes-immutable: true\n serverAuth:\n type: boolean\n x-dcl-go-name: ServerAuth\n description: Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially\n described as \"TLS WWW server authentication\", though regularly\n used for non-WWW TLS.\n x-kubernetes-immutable: true\n timeStamping:\n type: boolean\n x-dcl-go-name: TimeStamping\n description: Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially\n described as \"Binding the hash of an object to a time\".\n x-kubernetes-immutable: true\n unknownExtendedKeyUsages:\n type: array\n x-dcl-go-name: UnknownExtendedKeyUsages\n description: Used to describe extended key usages that are not\n listed in the KeyUsage.ExtendedKeyUsageOptions message.\n x-kubernetes-immutable: true\n x-dcl-send-empty: true\n x-dcl-list-type: list\n items:\n type: object\n x-dcl-go-type: CertificateAuthorityConfigX509ConfigKeyUsageUnknownExtendedKeyUsages\n required:\n - objectIdPath\n properties:\n objectIdPath:\n type: array\n x-dcl-go-name: ObjectIdPath\n description: Required. The parts of an OID path. The most\n significant parts of the path come first.\n x-kubernetes-immutable: true\n x-dcl-send-empty: true\n x-dcl-list-type: list\n items:\n type: integer\n format: int64\n x-dcl-go-type: int64\n policyIds:\n type: array\n x-dcl-go-name: PolicyIds\n description: Optional. Describes the X.509 certificate policy object\n identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.\n x-kubernetes-immutable: true\n x-dcl-send-empty: true\n x-dcl-list-type: list\n items:\n type: object\n x-dcl-go-type: CertificateAuthorityConfigX509ConfigPolicyIds\n required:\n - objectIdPath\n properties:\n objectIdPath:\n type: array\n x-dcl-go-name: ObjectIdPath\n description: Required. The parts of an OID path. The most\n significant parts of the path come first.\n x-kubernetes-immutable: true\n x-dcl-send-empty: true\n x-dcl-list-type: list\n items:\n type: integer\n format: int64\n x-dcl-go-type: int64\n createTime:\n type: string\n format: date-time\n x-dcl-go-name: CreateTime\n readOnly: true\n description: Output only. The time at which this CertificateAuthority was\n created.\n x-kubernetes-immutable: true\n deleteTime:\n type: string\n format: date-time\n x-dcl-go-name: DeleteTime\n readOnly: true\n description: Output only. The time at which this CertificateAuthority was\n soft deleted, if it is in the DELETED state.\n x-kubernetes-immutable: true\n expireTime:\n type: string\n format: date-time\n x-dcl-go-name: ExpireTime\n readOnly: true\n description: Output only. The time at which this CertificateAuthority will\n be permanently purged, if it is in the DELETED state.\n x-kubernetes-immutable: true\n gcsBucket:\n type: string\n x-dcl-go-name: GcsBucket\n description: Immutable. The name of a Cloud Storage bucket where this CertificateAuthority\n will publish content, such as the CA certificate and CRLs. This must be\n a bucket name, without any prefixes (such as `gs://`) or suffixes (such\n as `.googleapis.com`). For example, to use a bucket named `my-bucket`,\n you would simply specify `my-bucket`. If not specified, a managed bucket\n will be created.\n x-kubernetes-immutable: true\n x-dcl-references:\n - resource: Storage/Bucket\n field: name\n keySpec:\n type: object\n x-dcl-go-name: KeySpec\n x-dcl-go-type: CertificateAuthorityKeySpec\n description: Required. Immutable. Used when issuing certificates for this\n CertificateAuthority. If this CertificateAuthority is a self-signed CertificateAuthority,\n this key is also used to sign the self-signed CA certificate. Otherwise,\n it is used to sign a CSR.\n x-kubernetes-immutable: true\n properties:\n algorithm:\n type: string\n x-dcl-go-name: Algorithm\n x-dcl-go-type: CertificateAuthorityKeySpecAlgorithmEnum\n description: 'The algorithm to use for creating a managed Cloud KMS\n key for a for a simplified experience. All managed keys will be have\n their ProtectionLevel as `HSM`. Possible values: RSA_PSS_2048_SHA256,\n RSA_PSS_3072_SHA256, RSA_PSS_4096_SHA256, RSA_PKCS1_2048_SHA256, RSA_PKCS1_3072_SHA256,\n RSA_PKCS1_4096_SHA256, EC_P256_SHA256, EC_P384_SHA384'\n x-kubernetes-immutable: true\n x-dcl-conflicts:\n - cloudKmsKeyVersion\n enum:\n - RSA_PSS_2048_SHA256\n - RSA_PSS_3072_SHA256\n - RSA_PSS_4096_SHA256\n - RSA_PKCS1_2048_SHA256\n - RSA_PKCS1_3072_SHA256\n - RSA_PKCS1_4096_SHA256\n - EC_P256_SHA256\n - EC_P384_SHA384\n cloudKmsKeyVersion:\n type: string\n x-dcl-go-name: CloudKmsKeyVersion\n description: The resource name for an existing Cloud KMS CryptoKeyVersion\n in the format `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.\n This option enables full flexibility in the key's capabilities and\n properties.\n x-kubernetes-immutable: true\n x-dcl-conflicts:\n - algorithm\n x-dcl-references:\n - resource: Cloudkms/CryptoKeyVersion\n field: name\n labels:\n type: object\n additionalProperties:\n type: string\n x-dcl-go-name: Labels\n description: Optional. Labels with user-defined metadata.\n lifetime:\n type: string\n x-dcl-go-name: Lifetime\n description: Required. The desired lifetime of the CA certificate. Used\n to create the \"not_before_time\" and \"not_after_time\" fields inside an\n X.509 certificate.\n x-kubernetes-immutable: true\n location:\n type: string\n x-dcl-go-name: Location\n description: The location for the resource\n x-kubernetes-immutable: true\n x-dcl-parameter: true\n name:\n type: string\n x-dcl-go-name: Name\n description: The resource name for this CertificateAuthority in the format\n `projects/*/locations/*/caPools/*/certificateAuthorities/*`.\n x-kubernetes-immutable: true\n x-dcl-has-long-form: true\n pemCaCertificates:\n type: array\n x-dcl-go-name: PemCaCertificates\n readOnly: true\n description: Output only. This CertificateAuthority's certificate chain,\n including the current CertificateAuthority's certificate. Ordered such\n that the root issuer is the final element (consistent with RFC 5246).\n For a self-signed CA, this will only list the current CertificateAuthority's\n certificate.\n x-kubernetes-immutable: true\n x-dcl-list-type: list\n items:\n type: string\n x-dcl-go-type: string\n project:\n type: string\n x-dcl-go-name: Project\n description: The project for the resource\n x-kubernetes-immutable: true\n x-dcl-references:\n - resource: Cloudresourcemanager/Project\n field: name\n parent: true\n x-dcl-parameter: true\n state:\n type: string\n x-dcl-go-name: State\n x-dcl-go-type: CertificateAuthorityStateEnum\n readOnly: true\n description: 'Output only. The State for this CertificateAuthority. Possible\n values: ENABLED, DISABLED, STAGED, AWAITING_USER_ACTIVATION, DELETED'\n x-kubernetes-immutable: true\n enum:\n - ENABLED\n - DISABLED\n - STAGED\n - AWAITING_USER_ACTIVATION\n - DELETED\n subordinateConfig:\n type: object\n x-dcl-go-name: SubordinateConfig\n x-dcl-go-type: CertificateAuthoritySubordinateConfig\n readOnly: true\n description: Optional. If this is a subordinate CertificateAuthority, this\n field will be set with the subordinate configuration, which describes\n its issuers. This may be updated, but this CertificateAuthority must continue\n to validate.\n x-kubernetes-immutable: true\n properties:\n certificateAuthority:\n type: string\n x-dcl-go-name: CertificateAuthority\n description: Required. This can refer to a CertificateAuthority in the\n same project that was used to create a subordinate CertificateAuthority.\n This field is used for information and usability purposes only. The\n resource name is in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.\n x-kubernetes-immutable: true\n x-dcl-conflicts:\n - pemIssuerChain\n x-dcl-references:\n - resource: Privateca/CertificateAuthority\n field: selfLink\n pemIssuerChain:\n type: object\n x-dcl-go-name: PemIssuerChain\n x-dcl-go-type: CertificateAuthoritySubordinateConfigPemIssuerChain\n description: Required. Contains the PEM certificate chain for the issuers\n of this CertificateAuthority, but not pem certificate for this CA\n itself.\n x-kubernetes-immutable: true\n x-dcl-conflicts:\n - certificateAuthority\n required:\n - pemCertificates\n properties:\n pemCertificates:\n type: array\n x-dcl-go-name: PemCertificates\n description: Required. Expected to be in leaf-to-root order according\n to RFC 5246.\n x-kubernetes-immutable: true\n x-dcl-send-empty: true\n x-dcl-list-type: list\n items:\n type: string\n x-dcl-go-type: string\n tier:\n type: string\n x-dcl-go-name: Tier\n x-dcl-go-type: CertificateAuthorityTierEnum\n readOnly: true\n description: 'Output only. The CaPool.Tier of the CaPool that includes this\n CertificateAuthority. Possible values: ENTERPRISE, DEVOPS'\n x-kubernetes-immutable: true\n enum:\n - ENTERPRISE\n - DEVOPS\n type:\n type: string\n x-dcl-go-name: Type\n x-dcl-go-type: CertificateAuthorityTypeEnum\n description: 'Required. Immutable. The Type of this CertificateAuthority.\n Possible values: SELF_SIGNED, SUBORDINATE'\n x-kubernetes-immutable: true\n enum:\n - SELF_SIGNED\n - SUBORDINATE\n updateTime:\n type: string\n format: date-time\n x-dcl-go-name: UpdateTime\n readOnly: true\n description: Output only. The time at which this CertificateAuthority was\n last updated.\n x-kubernetes-immutable: true\n")
// 60952 bytes
// MD5: 007e3eff923dcb49d130bc3cb94f03b5