-
Notifications
You must be signed in to change notification settings - Fork 2.2k
/
certificate.proto
172 lines (148 loc) · 6.5 KB
/
certificate.proto
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
// Copyright 2021 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
syntax = "proto3";
package google.appengine.v1beta;
import "google/protobuf/timestamp.proto";
option csharp_namespace = "Google.Cloud.AppEngine.V1Beta";
option go_package = "google.golang.org/genproto/googleapis/appengine/v1beta;appengine";
option java_multiple_files = true;
option java_outer_classname = "CertificateProto";
option java_package = "com.google.appengine.v1beta";
option php_namespace = "Google\\Cloud\\AppEngine\\V1beta";
option ruby_package = "Google::Cloud::AppEngine::V1beta";
// An SSL certificate that a user has been authorized to administer. A user
// is authorized to administer any certificate that applies to one of their
// authorized domains.
message AuthorizedCertificate {
// Full path to the `AuthorizedCertificate` resource in the API. Example:
// `apps/myapp/authorizedCertificates/12345`.
//
// @OutputOnly
string name = 1;
// Relative name of the certificate. This is a unique value autogenerated
// on `AuthorizedCertificate` resource creation. Example: `12345`.
//
// @OutputOnly
string id = 2;
// The user-specified display name of the certificate. This is not
// guaranteed to be unique. Example: `My Certificate`.
string display_name = 3;
// Topmost applicable domains of this certificate. This certificate
// applies to these domains and their subdomains. Example: `example.com`.
//
// @OutputOnly
repeated string domain_names = 4;
// The time when this certificate expires. To update the renewal time on this
// certificate, upload an SSL certificate with a different expiration time
// using [`AuthorizedCertificates.UpdateAuthorizedCertificate`]().
//
// @OutputOnly
google.protobuf.Timestamp expire_time = 5;
// The SSL certificate serving the `AuthorizedCertificate` resource. This
// must be obtained independently from a certificate authority.
CertificateRawData certificate_raw_data = 6;
// Only applicable if this certificate is managed by App Engine. Managed
// certificates are tied to the lifecycle of a `DomainMapping` and cannot be
// updated or deleted via the `AuthorizedCertificates` API. If this
// certificate is manually administered by the user, this field will be empty.
//
// @OutputOnly
ManagedCertificate managed_certificate = 7;
// The full paths to user visible Domain Mapping resources that have this
// certificate mapped. Example: `apps/myapp/domainMappings/example.com`.
//
// This may not represent the full list of mapped domain mappings if the user
// does not have `VIEWER` permissions on all of the applications that have
// this certificate mapped. See `domain_mappings_count` for a complete count.
//
// Only returned by `GET` or `LIST` requests when specifically requested by
// the `view=FULL_CERTIFICATE` option.
//
// @OutputOnly
repeated string visible_domain_mappings = 8;
// Aggregate count of the domain mappings with this certificate mapped. This
// count includes domain mappings on applications for which the user does not
// have `VIEWER` permissions.
//
// Only returned by `GET` or `LIST` requests when specifically requested by
// the `view=FULL_CERTIFICATE` option.
//
// @OutputOnly
int32 domain_mappings_count = 9;
}
// An SSL certificate obtained from a certificate authority.
message CertificateRawData {
// PEM encoded x.509 public key certificate. This field is set once on
// certificate creation. Must include the header and footer. Example:
// <pre>
// -----BEGIN CERTIFICATE-----
// <certificate_value>
// -----END CERTIFICATE-----
// </pre>
string public_certificate = 1;
// Unencrypted PEM encoded RSA private key. This field is set once on
// certificate creation and then encrypted. The key size must be 2048
// bits or fewer. Must include the header and footer. Example:
// <pre>
// -----BEGIN RSA PRIVATE KEY-----
// <unencrypted_key_value>
// -----END RSA PRIVATE KEY-----
// </pre>
// @InputOnly
string private_key = 2;
}
// State of certificate management. Refers to the most recent certificate
// acquisition or renewal attempt.
enum ManagementStatus {
MANAGEMENT_STATUS_UNSPECIFIED = 0;
// Certificate was successfully obtained and inserted into the serving
// system.
OK = 1;
// Certificate is under active attempts to acquire or renew.
PENDING = 2;
// Most recent renewal failed due to an invalid DNS setup and will be
// retried. Renewal attempts will continue to fail until the certificate
// domain's DNS configuration is fixed. The last successfully provisioned
// certificate may still be serving.
FAILED_RETRYING_NOT_VISIBLE = 4;
// All renewal attempts have been exhausted, likely due to an invalid DNS
// setup.
FAILED_PERMANENT = 6;
// Most recent renewal failed due to an explicit CAA record that does not
// include one of the in-use CAs (Google CA and Let's Encrypt). Renewals will
// continue to fail until the CAA is reconfigured. The last successfully
// provisioned certificate may still be serving.
FAILED_RETRYING_CAA_FORBIDDEN = 7;
// Most recent renewal failed due to a CAA retrieval failure. This means that
// the domain's DNS provider does not properly handle CAA records, failing
// requests for CAA records when no CAA records are defined. Renewals will
// continue to fail until the DNS provider is changed or a CAA record is
// added for the given domain. The last successfully provisioned certificate
// may still be serving.
FAILED_RETRYING_CAA_CHECKING = 8;
}
// A certificate managed by App Engine.
message ManagedCertificate {
// Time at which the certificate was last renewed. The renewal process is
// fully managed. Certificate renewal will automatically occur before the
// certificate expires. Renewal errors can be tracked via `ManagementStatus`.
//
// @OutputOnly
google.protobuf.Timestamp last_renewal_time = 1;
// Status of certificate management. Refers to the most recent certificate
// acquisition or renewal attempt.
//
// @OutputOnly
ManagementStatus status = 2;
}