Skip to content

Commit

Permalink
feat: [google-cloud-private-ca] Add encoding format to `.google.cloud…
Browse files Browse the repository at this point in the history 
….security.privateca.v1.CaPool` Resource (#12537)

BEGIN_COMMIT_OVERRIDE
feat: Add encoding format to
`.google.cloud.security.privateca.v1.CaPool` Resource
docs: A comment for field `maximum_lifetime` in message
`.google.cloud.security.privateca.v1.CaPool` is changed
docs: A comment for field `maximum_lifetime` in message
`.google.cloud.security.privateca.v1.CertificateTemplate` is changed
docs: A comment for field `subject_key_id` in message
`.google.cloud.security.privateca.v1.CertificateConfig` is changed
docs: A comment for method `FetchCaCerts` in service
`CertificateAuthorityService` is changed
docs: A comment for field `ignore_dependent_resources` in message
`.google.cloud.security.privateca.v1.DisableCertificateAuthorityRequest`
is changed
docs: A comment for field `ignore_dependent_resources` in message
`.google.cloud.security.privateca.v1.DeleteCertificateAuthorityRequest`
is changed
docs: A comment for field `ignore_dependent_resources` in message
`.google.cloud.security.privateca.v1.DeleteCaPoolRequest` is changed
docs: A comment for field `ca_certs` in message
`.google.cloud.security.privateca.v1.FetchCaCertsResponse` is changed
END_COMMIT_OVERRIDE

- [ ] Regenerate this pull request now.

docs: A comment for field `maximum_lifetime` in message
`.google.cloud.security.privateca.v1.CaPool` is changed
docs: A comment for field `maximum_lifetime` in message
`.google.cloud.security.privateca.v1.CertificateTemplate` is changed
docs: A comment for field `subject_key_id` in message
`.google.cloud.security.privateca.v1.CertificateConfig` is changed
docs: A comment for method `FetchCaCerts` in service
`CertificateAuthorityService` is changed
docs: A comment for field `ignore_dependent_resources` in message
`.google.cloud.security.privateca.v1.DisableCertificateAuthorityRequest`
is changed
docs: A comment for field `ignore_dependent_resources` in message
`.google.cloud.security.privateca.v1.DeleteCertificateAuthorityRequest`
is changed
docs: A comment for field `ignore_dependent_resources` in message
`.google.cloud.security.privateca.v1.DeleteCaPoolRequest` is changed
docs: A comment for field `ca_certs` in message
`.google.cloud.security.privateca.v1.FetchCaCertsResponse` is changed

PiperOrigin-RevId: 620969058

Source-Link:
googleapis/googleapis@8d326d5

Source-Link:
googleapis/googleapis-gen@24634b5
Copy-Tag:
eyJwIjoicGFja2FnZXMvZ29vZ2xlLWNsb3VkLXByaXZhdGUtY2EvLk93bEJvdC55YW1sIiwiaCI6IjI0NjM0YjUwZGY2ZmRlOWZkMjQ4NWEwZWMyNzA1YTk5NzIyNzA3ZjMifQ==

---------

Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com>
  • Loading branch information
@gcf-owl-bot
gcf-owl-bot[bot] and gcf-owl-bot[bot] committed Apr 2, 2024
1 parent fe25e52 commit 9297aea
Show file tree
Hide file tree
Showing 7 changed files with 60 additions and 21 deletions.
2 changes: 1 addition & 1 deletion ...google/cloud/security/privateca_v1/services/certificate_authority_service/async_client.py
View file
Expand Up @@ -2891,7 +2891,7 @@ async def fetch_ca_certs(
) -> service.FetchCaCertsResponse:
r"""FetchCaCerts returns the current trust anchor for the
[CaPool][google.cloud.security.privateca.v1.CaPool]. This will
include CA certificate chains for all Certificate Authorities in
include CA certificate chains for all certificate authorities in
the ENABLED, DISABLED, or STAGED states.
.. code-block:: python
Expand Down
2 changes: 1 addition & 1 deletion ...te-ca/google/cloud/security/privateca_v1/services/certificate_authority_service/client.py
View file
Expand Up @@ -3395,7 +3395,7 @@ def fetch_ca_certs(
) -> service.FetchCaCertsResponse:
r"""FetchCaCerts returns the current trust anchor for the
[CaPool][google.cloud.security.privateca.v1.CaPool]. This will
include CA certificate chains for all Certificate Authorities in
include CA certificate chains for all certificate authorities in
the ENABLED, DISABLED, or STAGED states.
.. code-block:: python
Expand Down
2 changes: 1 addition & 1 deletion ...gle/cloud/security/privateca_v1/services/certificate_authority_service/transports/grpc.py
View file
Expand Up @@ -845,7 +845,7 @@ def fetch_ca_certs(
FetchCaCerts returns the current trust anchor for the
[CaPool][google.cloud.security.privateca.v1.CaPool]. This will
include CA certificate chains for all Certificate Authorities in
include CA certificate chains for all certificate authorities in
the ENABLED, DISABLED, or STAGED states.
Returns:
Expand Down
2 changes: 1 addition & 1 deletion ...d/security/privateca_v1/services/certificate_authority_service/transports/grpc_asyncio.py
View file
Expand Up @@ -862,7 +862,7 @@ def fetch_ca_certs(
FetchCaCerts returns the current trust anchor for the
[CaPool][google.cloud.security.privateca.v1.CaPool]. This will
include CA certificate chains for all Certificate Authorities in
include CA certificate chains for all certificate authorities in
the ENABLED, DISABLED, or STAGED states.
Returns:
Expand Down
45 changes: 38 additions & 7 deletions packages/google-cloud-private-ca/google/cloud/security/privateca_v1/types/resources.py
View file
Expand Up @@ -597,8 +597,33 @@ class PublishingOptions(proto.Message):
certificates. CRLs will expire 7 days from their creation.
However, we will rebuild daily. CRLs are also rebuilt
shortly after a certificate is revoked.
encoding_format (google.cloud.security.privateca_v1.types.CaPool.PublishingOptions.EncodingFormat):
Optional. Specifies the encoding format of each
[CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
resource's CA certificate and CRLs. If this is omitted, CA
certificates and CRLs will be published in PEM.
"""

class EncodingFormat(proto.Enum):
r"""Supported encoding formats for publishing.
Values:
ENCODING_FORMAT_UNSPECIFIED (0):
Not specified. By default, PEM format will be
used.
PEM (1):
The
[CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s
CA certificate and CRLs will be published in PEM format.
DER (2):
The
[CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s
CA certificate and CRLs will be published in DER format.
"""
ENCODING_FORMAT_UNSPECIFIED = 0
PEM = 1
DER = 2

publish_ca_cert: bool = proto.Field(
proto.BOOL,
number=1,
Expand All @@ -607,6 +632,11 @@ class PublishingOptions(proto.Message):
proto.BOOL,
number=2,
)
encoding_format: "CaPool.PublishingOptions.EncodingFormat" = proto.Field(
proto.ENUM,
number=3,
enum="CaPool.PublishingOptions.EncodingFormat",
)

class IssuancePolicy(proto.Message):
r"""Defines controls over all certificate issuance within a
Expand All @@ -625,9 +655,9 @@ class IssuancePolicy(proto.Message):
Note that if the issuing
[CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
expires before a
[Certificate][google.cloud.security.privateca.v1.Certificate]'s
requested maximum_lifetime, the effective lifetime will be
explicitly truncated to match it.
[Certificate][google.cloud.security.privateca.v1.Certificate]
resource's requested maximum_lifetime, the effective
lifetime will be explicitly truncated to match it.
allowed_issuance_modes (google.cloud.security.privateca_v1.types.CaPool.IssuancePolicy.IssuanceModes):
Optional. If specified, then only methods allowed in the
[IssuanceModes][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes]
Expand Down Expand Up @@ -1213,7 +1243,8 @@ class CertificateTemplate(proto.Message):
Optional. The maximum lifetime allowed for issued
[Certificates][google.cloud.security.privateca.v1.Certificate]
that use this template. If the issuing
[CaPool][google.cloud.security.privateca.v1.CaPool]'s
[CaPool][google.cloud.security.privateca.v1.CaPool]
resource's
[IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy]
specifies a
[maximum_lifetime][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.maximum_lifetime]
Expand Down Expand Up @@ -1655,9 +1686,9 @@ class CertificateConfig(proto.Message):
Optional. When specified this provides a
custom SKI to be used in the certificate. This
should only be used to maintain a SKI of an
existing CA originally created outside CAS,
which was not generated using method (1)
described in RFC 5280 section 4.2.1.2.
existing CA originally created outside CA
service, which was not generated using method
(1) described in RFC 5280 section 4.2.1.2.
"""

class SubjectConfig(proto.Message):
Expand Down
16 changes: 8 additions & 8 deletions packages/google-cloud-private-ca/google/cloud/security/privateca_v1/types/service.py
View file
Expand Up @@ -537,8 +537,8 @@ class DisableCertificateAuthorityRequest(proto.Message):
disabled even if it's being depended on by
another resource. However, doing so may result
in unintended and unrecoverable effects on any
dependent resource(s) since the CA will no
longer be able to issue certificates.
dependent resources since the CA will no longer
be able to issue certificates.
"""

name: str = proto.Field(
Expand Down Expand Up @@ -826,12 +826,12 @@ class DeleteCertificateAuthorityRequest(proto.Message):
proceed, there will be no way to recover this
CA.
ignore_dependent_resources (bool):
Optional. This field allows this ca to be
Optional. This field allows this CA to be
deleted even if it's being depended on by
another resource. However, doing so may result
in unintended and unrecoverable effects on any
dependent resource(s) since the CA will no
longer be able to issue certificates.
dependent resources since the CA will no longer
be able to issue certificates.
"""

name: str = proto.Field(
Expand Down Expand Up @@ -1047,7 +1047,7 @@ class DeleteCaPoolRequest(proto.Message):
deleted even if it's being depended on by
another resource. However, doing so may result
in unintended and unrecoverable effects on any
dependent resource(s) since the pool will no
dependent resources since the pool will no
longer be able to issue certificates.
"""

Expand Down Expand Up @@ -1112,8 +1112,8 @@ class FetchCaCertsResponse(proto.Message):
Attributes:
ca_certs (MutableSequence[google.cloud.security.privateca_v1.types.FetchCaCertsResponse.CertChain]):
The PEM encoded CA certificate chains of all Certificate
Authorities in this
The PEM encoded CA certificate chains of all certificate
authorities in this
[CaPool][google.cloud.security.privateca.v1.CaPool] in the
ENABLED, DISABLED, or STAGED states.
"""
Expand Down
12 changes: 10 additions & 2 deletions ...ogle-cloud-private-ca/tests/unit/gapic/privateca_v1/test_certificate_authority_service.py
View file
Expand Up @@ -16467,7 +16467,11 @@ def test_create_ca_pool_rest(request_type):
"additional_extensions": {},
},
},
"publishing_options": {"publish_ca_cert": True, "publish_crl": True},
"publishing_options": {
"publish_ca_cert": True,
"publish_crl": True,
"encoding_format": 1,
},
"labels": {},
}
# The version of a generated dependency at test runtime may differ from the version used during generation.
Expand Down Expand Up @@ -16927,7 +16931,11 @@ def test_update_ca_pool_rest(request_type):
"additional_extensions": {},
},
},
"publishing_options": {"publish_ca_cert": True, "publish_crl": True},
"publishing_options": {
"publish_ca_cert": True,
"publish_crl": True,
"encoding_format": 1,
},
"labels": {},
}
# The version of a generated dependency at test runtime may differ from the version used during generation.
Expand Down

0 comments on commit 9297aea

Please sign in to comment.