Class: Google::Cloud::Security::PrivateCA::V1::CertificateAuthority

Inherits:
Object
  • Object
show all
Extended by:
Protobuf::MessageExts::ClassMethods
Includes:
Protobuf::MessageExts
Defined in:
proto_docs/google/cloud/security/privateca/v1/resources.rb

Overview

A CertificateAuthority represents an individual Certificate Authority. A CertificateAuthority can be used to create Certificates.

Defined Under Namespace

Modules: SignHashAlgorithm, State, Type Classes: AccessUrls, KeyVersionSpec, LabelsEntry

Instance Attribute Summary collapse

Instance Attribute Details

#access_urls::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority::AccessUrls (readonly)

Returns Output only. URLs for accessing content published by this CA, such as the CA certificate and CRLs.

Returns:



99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
# File 'proto_docs/google/cloud/security/privateca/v1/resources.rb', line 99

class CertificateAuthority
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # URLs where a {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority} will publish content.
  # @!attribute [rw] ca_certificate_access_url
  #   @return [::String]
  #     The URL where this {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}'s CA certificate is
  #     published. This will only be set for CAs that have been activated.
  # @!attribute [rw] crl_access_urls
  #   @return [::Array<::String>]
  #     The URLs where this {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}'s CRLs are published. This
  #     will only be set for CAs that have been activated.
  class AccessUrls
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # A Cloud KMS key configuration that a {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority} will use.
  # @!attribute [rw] cloud_kms_key_version
  #   @return [::String]
  #     The resource name for an existing Cloud KMS CryptoKeyVersion in the
  #     format
  #     `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.
  #     This option enables full flexibility in the key's capabilities and
  #     properties.
  # @!attribute [rw] algorithm
  #   @return [::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority::SignHashAlgorithm]
  #     The algorithm to use for creating a managed Cloud KMS key for a for a
  #     simplified experience. All managed keys will be have their
  #     [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] as `HSM`.
  class KeyVersionSpec
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class LabelsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # The type of a {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}, indicating its issuing chain.
  module Type
    # Not specified.
    TYPE_UNSPECIFIED = 0

    # Self-signed CA.
    SELF_SIGNED = 1

    # Subordinate CA. Could be issued by a Private CA {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}
    # or an unmanaged CA.
    SUBORDINATE = 2
  end

  # The state of a {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}, indicating if it can be used.
  module State
    # Not specified.
    STATE_UNSPECIFIED = 0

    # Certificates can be issued from this CA. CRLs will be generated for this
    # CA. The CA will be part of the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, and will be
    # used to issue certificates from the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
    ENABLED = 1

    # Certificates cannot be issued from this CA. CRLs will still be generated.
    # The CA will be part of the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, but will not be
    # used to issue certificates from the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
    DISABLED = 2

    # Certificates can be issued from this CA. CRLs will be generated for this
    # CA. The CA will be part of the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, but will not
    # be used to issue certificates from the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
    STAGED = 3

    # Certificates cannot be issued from this CA. CRLs will not be generated.
    # The CA will not be part of the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, and will not be
    # used to issue certificates from the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
    AWAITING_USER_ACTIVATION = 4

    # Certificates cannot be issued from this CA. CRLs will not be generated.
    # The CA may still be recovered by calling
    # {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthorityService::Client#undelete_certificate_authority CertificateAuthorityService.UndeleteCertificateAuthority} before
    # {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority#expire_time expire_time}.
    # The CA will not be part of the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, and will not be
    # used to issue certificates from the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
    DELETED = 5
  end

  # The algorithm of a Cloud KMS CryptoKeyVersion of a
  # [CryptoKey][google.cloud.kms.v1.CryptoKey] with the
  # [CryptoKeyPurpose][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose] value
  # `ASYMMETRIC_SIGN`. These values correspond to the
  # [CryptoKeyVersionAlgorithm][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm]
  # values. For RSA signing algorithms, the PSS algorithms should be preferred,
  # use PKCS1 algorithms if required for compatibility. For further
  # recommandations, see
  # https://cloud.google.com/kms/docs/algorithms#algorithm_recommendations.
  module SignHashAlgorithm
    # Not specified.
    SIGN_HASH_ALGORITHM_UNSPECIFIED = 0

    # maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_2048_SHA256
    RSA_PSS_2048_SHA256 = 1

    # maps to CryptoKeyVersionAlgorithm. RSA_SIGN_PSS_3072_SHA256
    RSA_PSS_3072_SHA256 = 2

    # maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_4096_SHA256
    RSA_PSS_4096_SHA256 = 3

    # maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_2048_SHA256
    RSA_PKCS1_2048_SHA256 = 6

    # maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_3072_SHA256
    RSA_PKCS1_3072_SHA256 = 7

    # maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_4096_SHA256
    RSA_PKCS1_4096_SHA256 = 8

    # maps to CryptoKeyVersionAlgorithm.EC_SIGN_P256_SHA256
    EC_P256_SHA256 = 4

    # maps to CryptoKeyVersionAlgorithm.EC_SIGN_P384_SHA384
    EC_P384_SHA384 = 5
  end
end

#ca_certificate_descriptions::Array<::Google::Cloud::Security::PrivateCA::V1::CertificateDescription> (readonly)

Returns Output only. A structured description of this CertificateAuthority's CA certificate and its issuers. Ordered as self-to-root.

Returns:



99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
# File 'proto_docs/google/cloud/security/privateca/v1/resources.rb', line 99

class CertificateAuthority
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # URLs where a {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority} will publish content.
  # @!attribute [rw] ca_certificate_access_url
  #   @return [::String]
  #     The URL where this {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}'s CA certificate is
  #     published. This will only be set for CAs that have been activated.
  # @!attribute [rw] crl_access_urls
  #   @return [::Array<::String>]
  #     The URLs where this {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}'s CRLs are published. This
  #     will only be set for CAs that have been activated.
  class AccessUrls
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # A Cloud KMS key configuration that a {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority} will use.
  # @!attribute [rw] cloud_kms_key_version
  #   @return [::String]
  #     The resource name for an existing Cloud KMS CryptoKeyVersion in the
  #     format
  #     `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.
  #     This option enables full flexibility in the key's capabilities and
  #     properties.
  # @!attribute [rw] algorithm
  #   @return [::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority::SignHashAlgorithm]
  #     The algorithm to use for creating a managed Cloud KMS key for a for a
  #     simplified experience. All managed keys will be have their
  #     [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] as `HSM`.
  class KeyVersionSpec
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class LabelsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # The type of a {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}, indicating its issuing chain.
  module Type
    # Not specified.
    TYPE_UNSPECIFIED = 0

    # Self-signed CA.
    SELF_SIGNED = 1

    # Subordinate CA. Could be issued by a Private CA {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}
    # or an unmanaged CA.
    SUBORDINATE = 2
  end

  # The state of a {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}, indicating if it can be used.
  module State
    # Not specified.
    STATE_UNSPECIFIED = 0

    # Certificates can be issued from this CA. CRLs will be generated for this
    # CA. The CA will be part of the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, and will be
    # used to issue certificates from the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
    ENABLED = 1

    # Certificates cannot be issued from this CA. CRLs will still be generated.
    # The CA will be part of the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, but will not be
    # used to issue certificates from the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
    DISABLED = 2

    # Certificates can be issued from this CA. CRLs will be generated for this
    # CA. The CA will be part of the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, but will not
    # be used to issue certificates from the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
    STAGED = 3

    # Certificates cannot be issued from this CA. CRLs will not be generated.
    # The CA will not be part of the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, and will not be
    # used to issue certificates from the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
    AWAITING_USER_ACTIVATION = 4

    # Certificates cannot be issued from this CA. CRLs will not be generated.
    # The CA may still be recovered by calling
    # {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthorityService::Client#undelete_certificate_authority CertificateAuthorityService.UndeleteCertificateAuthority} before
    # {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority#expire_time expire_time}.
    # The CA will not be part of the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, and will not be
    # used to issue certificates from the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
    DELETED = 5
  end

  # The algorithm of a Cloud KMS CryptoKeyVersion of a
  # [CryptoKey][google.cloud.kms.v1.CryptoKey] with the
  # [CryptoKeyPurpose][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose] value
  # `ASYMMETRIC_SIGN`. These values correspond to the
  # [CryptoKeyVersionAlgorithm][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm]
  # values. For RSA signing algorithms, the PSS algorithms should be preferred,
  # use PKCS1 algorithms if required for compatibility. For further
  # recommandations, see
  # https://cloud.google.com/kms/docs/algorithms#algorithm_recommendations.
  module SignHashAlgorithm
    # Not specified.
    SIGN_HASH_ALGORITHM_UNSPECIFIED = 0

    # maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_2048_SHA256
    RSA_PSS_2048_SHA256 = 1

    # maps to CryptoKeyVersionAlgorithm. RSA_SIGN_PSS_3072_SHA256
    RSA_PSS_3072_SHA256 = 2

    # maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_4096_SHA256
    RSA_PSS_4096_SHA256 = 3

    # maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_2048_SHA256
    RSA_PKCS1_2048_SHA256 = 6

    # maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_3072_SHA256
    RSA_PKCS1_3072_SHA256 = 7

    # maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_4096_SHA256
    RSA_PKCS1_4096_SHA256 = 8

    # maps to CryptoKeyVersionAlgorithm.EC_SIGN_P256_SHA256
    EC_P256_SHA256 = 4

    # maps to CryptoKeyVersionAlgorithm.EC_SIGN_P384_SHA384
    EC_P384_SHA384 = 5
  end
end

#config::Google::Cloud::Security::PrivateCA::V1::CertificateConfig

Returns Required. Immutable. The config used to create a self-signed X.509 certificate or CSR.

Returns:



99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
# File 'proto_docs/google/cloud/security/privateca/v1/resources.rb', line 99

class CertificateAuthority
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # URLs where a {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority} will publish content.
  # @!attribute [rw] ca_certificate_access_url
  #   @return [::String]
  #     The URL where this {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}'s CA certificate is
  #     published. This will only be set for CAs that have been activated.
  # @!attribute [rw] crl_access_urls
  #   @return [::Array<::String>]
  #     The URLs where this {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}'s CRLs are published. This
  #     will only be set for CAs that have been activated.
  class AccessUrls
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # A Cloud KMS key configuration that a {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority} will use.
  # @!attribute [rw] cloud_kms_key_version
  #   @return [::String]
  #     The resource name for an existing Cloud KMS CryptoKeyVersion in the
  #     format
  #     `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.
  #     This option enables full flexibility in the key's capabilities and
  #     properties.
  # @!attribute [rw] algorithm
  #   @return [::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority::SignHashAlgorithm]
  #     The algorithm to use for creating a managed Cloud KMS key for a for a
  #     simplified experience. All managed keys will be have their
  #     [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] as `HSM`.
  class KeyVersionSpec
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class LabelsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # The type of a {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}, indicating its issuing chain.
  module Type
    # Not specified.
    TYPE_UNSPECIFIED = 0

    # Self-signed CA.
    SELF_SIGNED = 1

    # Subordinate CA. Could be issued by a Private CA {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}
    # or an unmanaged CA.
    SUBORDINATE = 2
  end

  # The state of a {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}, indicating if it can be used.
  module State
    # Not specified.
    STATE_UNSPECIFIED = 0

    # Certificates can be issued from this CA. CRLs will be generated for this
    # CA. The CA will be part of the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, and will be
    # used to issue certificates from the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
    ENABLED = 1

    # Certificates cannot be issued from this CA. CRLs will still be generated.
    # The CA will be part of the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, but will not be
    # used to issue certificates from the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
    DISABLED = 2

    # Certificates can be issued from this CA. CRLs will be generated for this
    # CA. The CA will be part of the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, but will not
    # be used to issue certificates from the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
    STAGED = 3

    # Certificates cannot be issued from this CA. CRLs will not be generated.
    # The CA will not be part of the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, and will not be
    # used to issue certificates from the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
    AWAITING_USER_ACTIVATION = 4

    # Certificates cannot be issued from this CA. CRLs will not be generated.
    # The CA may still be recovered by calling
    # {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthorityService::Client#undelete_certificate_authority CertificateAuthorityService.UndeleteCertificateAuthority} before
    # {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority#expire_time expire_time}.
    # The CA will not be part of the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, and will not be
    # used to issue certificates from the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
    DELETED = 5
  end

  # The algorithm of a Cloud KMS CryptoKeyVersion of a
  # [CryptoKey][google.cloud.kms.v1.CryptoKey] with the
  # [CryptoKeyPurpose][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose] value
  # `ASYMMETRIC_SIGN`. These values correspond to the
  # [CryptoKeyVersionAlgorithm][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm]
  # values. For RSA signing algorithms, the PSS algorithms should be preferred,
  # use PKCS1 algorithms if required for compatibility. For further
  # recommandations, see
  # https://cloud.google.com/kms/docs/algorithms#algorithm_recommendations.
  module SignHashAlgorithm
    # Not specified.
    SIGN_HASH_ALGORITHM_UNSPECIFIED = 0

    # maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_2048_SHA256
    RSA_PSS_2048_SHA256 = 1

    # maps to CryptoKeyVersionAlgorithm. RSA_SIGN_PSS_3072_SHA256
    RSA_PSS_3072_SHA256 = 2

    # maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_4096_SHA256
    RSA_PSS_4096_SHA256 = 3

    # maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_2048_SHA256
    RSA_PKCS1_2048_SHA256 = 6

    # maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_3072_SHA256
    RSA_PKCS1_3072_SHA256 = 7

    # maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_4096_SHA256
    RSA_PKCS1_4096_SHA256 = 8

    # maps to CryptoKeyVersionAlgorithm.EC_SIGN_P256_SHA256
    EC_P256_SHA256 = 4

    # maps to CryptoKeyVersionAlgorithm.EC_SIGN_P384_SHA384
    EC_P384_SHA384 = 5
  end
end

#create_time::Google::Protobuf::Timestamp (readonly)

Returns Output only. The time at which this CertificateAuthority was created.

Returns:



99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
# File 'proto_docs/google/cloud/security/privateca/v1/resources.rb', line 99

class CertificateAuthority
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # URLs where a {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority} will publish content.
  # @!attribute [rw] ca_certificate_access_url
  #   @return [::String]
  #     The URL where this {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}'s CA certificate is
  #     published. This will only be set for CAs that have been activated.
  # @!attribute [rw] crl_access_urls
  #   @return [::Array<::String>]
  #     The URLs where this {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}'s CRLs are published. This
  #     will only be set for CAs that have been activated.
  class AccessUrls
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # A Cloud KMS key configuration that a {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority} will use.
  # @!attribute [rw] cloud_kms_key_version
  #   @return [::String]
  #     The resource name for an existing Cloud KMS CryptoKeyVersion in the
  #     format
  #     `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.
  #     This option enables full flexibility in the key's capabilities and
  #     properties.
  # @!attribute [rw] algorithm
  #   @return [::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority::SignHashAlgorithm]
  #     The algorithm to use for creating a managed Cloud KMS key for a for a
  #     simplified experience. All managed keys will be have their
  #     [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] as `HSM`.
  class KeyVersionSpec
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class LabelsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # The type of a {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}, indicating its issuing chain.
  module Type
    # Not specified.
    TYPE_UNSPECIFIED = 0

    # Self-signed CA.
    SELF_SIGNED = 1

    # Subordinate CA. Could be issued by a Private CA {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}
    # or an unmanaged CA.
    SUBORDINATE = 2
  end

  # The state of a {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}, indicating if it can be used.
  module State
    # Not specified.
    STATE_UNSPECIFIED = 0

    # Certificates can be issued from this CA. CRLs will be generated for this
    # CA. The CA will be part of the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, and will be
    # used to issue certificates from the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
    ENABLED = 1

    # Certificates cannot be issued from this CA. CRLs will still be generated.
    # The CA will be part of the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, but will not be
    # used to issue certificates from the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
    DISABLED = 2

    # Certificates can be issued from this CA. CRLs will be generated for this
    # CA. The CA will be part of the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, but will not
    # be used to issue certificates from the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
    STAGED = 3

    # Certificates cannot be issued from this CA. CRLs will not be generated.
    # The CA will not be part of the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, and will not be
    # used to issue certificates from the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
    AWAITING_USER_ACTIVATION = 4

    # Certificates cannot be issued from this CA. CRLs will not be generated.
    # The CA may still be recovered by calling
    # {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthorityService::Client#undelete_certificate_authority CertificateAuthorityService.UndeleteCertificateAuthority} before
    # {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority#expire_time expire_time}.
    # The CA will not be part of the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, and will not be
    # used to issue certificates from the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
    DELETED = 5
  end

  # The algorithm of a Cloud KMS CryptoKeyVersion of a
  # [CryptoKey][google.cloud.kms.v1.CryptoKey] with the
  # [CryptoKeyPurpose][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose] value
  # `ASYMMETRIC_SIGN`. These values correspond to the
  # [CryptoKeyVersionAlgorithm][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm]
  # values. For RSA signing algorithms, the PSS algorithms should be preferred,
  # use PKCS1 algorithms if required for compatibility. For further
  # recommandations, see
  # https://cloud.google.com/kms/docs/algorithms#algorithm_recommendations.
  module SignHashAlgorithm
    # Not specified.
    SIGN_HASH_ALGORITHM_UNSPECIFIED = 0

    # maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_2048_SHA256
    RSA_PSS_2048_SHA256 = 1

    # maps to CryptoKeyVersionAlgorithm. RSA_SIGN_PSS_3072_SHA256
    RSA_PSS_3072_SHA256 = 2

    # maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_4096_SHA256
    RSA_PSS_4096_SHA256 = 3

    # maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_2048_SHA256
    RSA_PKCS1_2048_SHA256 = 6

    # maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_3072_SHA256
    RSA_PKCS1_3072_SHA256 = 7

    # maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_4096_SHA256
    RSA_PKCS1_4096_SHA256 = 8

    # maps to CryptoKeyVersionAlgorithm.EC_SIGN_P256_SHA256
    EC_P256_SHA256 = 4

    # maps to CryptoKeyVersionAlgorithm.EC_SIGN_P384_SHA384
    EC_P384_SHA384 = 5
  end
end

#delete_time::Google::Protobuf::Timestamp (readonly)

Returns Output only. The time at which this CertificateAuthority was soft deleted, if it is in the DELETED state.

Returns:



99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
# File 'proto_docs/google/cloud/security/privateca/v1/resources.rb', line 99

class CertificateAuthority
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # URLs where a {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority} will publish content.
  # @!attribute [rw] ca_certificate_access_url
  #   @return [::String]
  #     The URL where this {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}'s CA certificate is
  #     published. This will only be set for CAs that have been activated.
  # @!attribute [rw] crl_access_urls
  #   @return [::Array<::String>]
  #     The URLs where this {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}'s CRLs are published. This
  #     will only be set for CAs that have been activated.
  class AccessUrls
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # A Cloud KMS key configuration that a {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority} will use.
  # @!attribute [rw] cloud_kms_key_version
  #   @return [::String]
  #     The resource name for an existing Cloud KMS CryptoKeyVersion in the
  #     format
  #     `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.
  #     This option enables full flexibility in the key's capabilities and
  #     properties.
  # @!attribute [rw] algorithm
  #   @return [::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority::SignHashAlgorithm]
  #     The algorithm to use for creating a managed Cloud KMS key for a for a
  #     simplified experience. All managed keys will be have their
  #     [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] as `HSM`.
  class KeyVersionSpec
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class LabelsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # The type of a {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}, indicating its issuing chain.
  module Type
    # Not specified.
    TYPE_UNSPECIFIED = 0

    # Self-signed CA.
    SELF_SIGNED = 1

    # Subordinate CA. Could be issued by a Private CA {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}
    # or an unmanaged CA.
    SUBORDINATE = 2
  end

  # The state of a {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}, indicating if it can be used.
  module State
    # Not specified.
    STATE_UNSPECIFIED = 0

    # Certificates can be issued from this CA. CRLs will be generated for this
    # CA. The CA will be part of the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, and will be
    # used to issue certificates from the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
    ENABLED = 1

    # Certificates cannot be issued from this CA. CRLs will still be generated.
    # The CA will be part of the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, but will not be
    # used to issue certificates from the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
    DISABLED = 2

    # Certificates can be issued from this CA. CRLs will be generated for this
    # CA. The CA will be part of the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, but will not
    # be used to issue certificates from the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
    STAGED = 3

    # Certificates cannot be issued from this CA. CRLs will not be generated.
    # The CA will not be part of the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, and will not be
    # used to issue certificates from the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
    AWAITING_USER_ACTIVATION = 4

    # Certificates cannot be issued from this CA. CRLs will not be generated.
    # The CA may still be recovered by calling
    # {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthorityService::Client#undelete_certificate_authority CertificateAuthorityService.UndeleteCertificateAuthority} before
    # {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority#expire_time expire_time}.
    # The CA will not be part of the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, and will not be
    # used to issue certificates from the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
    DELETED = 5
  end

  # The algorithm of a Cloud KMS CryptoKeyVersion of a
  # [CryptoKey][google.cloud.kms.v1.CryptoKey] with the
  # [CryptoKeyPurpose][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose] value
  # `ASYMMETRIC_SIGN`. These values correspond to the
  # [CryptoKeyVersionAlgorithm][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm]
  # values. For RSA signing algorithms, the PSS algorithms should be preferred,
  # use PKCS1 algorithms if required for compatibility. For further
  # recommandations, see
  # https://cloud.google.com/kms/docs/algorithms#algorithm_recommendations.
  module SignHashAlgorithm
    # Not specified.
    SIGN_HASH_ALGORITHM_UNSPECIFIED = 0

    # maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_2048_SHA256
    RSA_PSS_2048_SHA256 = 1

    # maps to CryptoKeyVersionAlgorithm. RSA_SIGN_PSS_3072_SHA256
    RSA_PSS_3072_SHA256 = 2

    # maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_4096_SHA256
    RSA_PSS_4096_SHA256 = 3

    # maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_2048_SHA256
    RSA_PKCS1_2048_SHA256 = 6

    # maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_3072_SHA256
    RSA_PKCS1_3072_SHA256 = 7

    # maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_4096_SHA256
    RSA_PKCS1_4096_SHA256 = 8

    # maps to CryptoKeyVersionAlgorithm.EC_SIGN_P256_SHA256
    EC_P256_SHA256 = 4

    # maps to CryptoKeyVersionAlgorithm.EC_SIGN_P384_SHA384
    EC_P384_SHA384 = 5
  end
end

#expire_time::Google::Protobuf::Timestamp (readonly)

Returns Output only. The time at which this CertificateAuthority will be permanently purged, if it is in the DELETED state.

Returns:



99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
# File 'proto_docs/google/cloud/security/privateca/v1/resources.rb', line 99

class CertificateAuthority
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # URLs where a {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority} will publish content.
  # @!attribute [rw] ca_certificate_access_url
  #   @return [::String]
  #     The URL where this {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}'s CA certificate is
  #     published. This will only be set for CAs that have been activated.
  # @!attribute [rw] crl_access_urls
  #   @return [::Array<::String>]
  #     The URLs where this {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}'s CRLs are published. This
  #     will only be set for CAs that have been activated.
  class AccessUrls
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # A Cloud KMS key configuration that a {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority} will use.
  # @!attribute [rw] cloud_kms_key_version
  #   @return [::String]
  #     The resource name for an existing Cloud KMS CryptoKeyVersion in the
  #     format
  #     `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.
  #     This option enables full flexibility in the key's capabilities and
  #     properties.
  # @!attribute [rw] algorithm
  #   @return [::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority::SignHashAlgorithm]
  #     The algorithm to use for creating a managed Cloud KMS key for a for a
  #     simplified experience. All managed keys will be have their
  #     [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] as `HSM`.
  class KeyVersionSpec
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class LabelsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # The type of a {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}, indicating its issuing chain.
  module Type
    # Not specified.
    TYPE_UNSPECIFIED = 0

    # Self-signed CA.
    SELF_SIGNED = 1

    # Subordinate CA. Could be issued by a Private CA {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}
    # or an unmanaged CA.
    SUBORDINATE = 2
  end

  # The state of a {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}, indicating if it can be used.
  module State
    # Not specified.
    STATE_UNSPECIFIED = 0

    # Certificates can be issued from this CA. CRLs will be generated for this
    # CA. The CA will be part of the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, and will be
    # used to issue certificates from the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
    ENABLED = 1

    # Certificates cannot be issued from this CA. CRLs will still be generated.
    # The CA will be part of the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, but will not be
    # used to issue certificates from the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
    DISABLED = 2

    # Certificates can be issued from this CA. CRLs will be generated for this
    # CA. The CA will be part of the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, but will not
    # be used to issue certificates from the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
    STAGED = 3

    # Certificates cannot be issued from this CA. CRLs will not be generated.
    # The CA will not be part of the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, and will not be
    # used to issue certificates from the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
    AWAITING_USER_ACTIVATION = 4

    # Certificates cannot be issued from this CA. CRLs will not be generated.
    # The CA may still be recovered by calling
    # {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthorityService::Client#undelete_certificate_authority CertificateAuthorityService.UndeleteCertificateAuthority} before
    # {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority#expire_time expire_time}.
    # The CA will not be part of the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, and will not be
    # used to issue certificates from the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
    DELETED = 5
  end

  # The algorithm of a Cloud KMS CryptoKeyVersion of a
  # [CryptoKey][google.cloud.kms.v1.CryptoKey] with the
  # [CryptoKeyPurpose][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose] value
  # `ASYMMETRIC_SIGN`. These values correspond to the
  # [CryptoKeyVersionAlgorithm][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm]
  # values. For RSA signing algorithms, the PSS algorithms should be preferred,
  # use PKCS1 algorithms if required for compatibility. For further
  # recommandations, see
  # https://cloud.google.com/kms/docs/algorithms#algorithm_recommendations.
  module SignHashAlgorithm
    # Not specified.
    SIGN_HASH_ALGORITHM_UNSPECIFIED = 0

    # maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_2048_SHA256
    RSA_PSS_2048_SHA256 = 1

    # maps to CryptoKeyVersionAlgorithm. RSA_SIGN_PSS_3072_SHA256
    RSA_PSS_3072_SHA256 = 2

    # maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_4096_SHA256
    RSA_PSS_4096_SHA256 = 3

    # maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_2048_SHA256
    RSA_PKCS1_2048_SHA256 = 6

    # maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_3072_SHA256
    RSA_PKCS1_3072_SHA256 = 7

    # maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_4096_SHA256
    RSA_PKCS1_4096_SHA256 = 8

    # maps to CryptoKeyVersionAlgorithm.EC_SIGN_P256_SHA256
    EC_P256_SHA256 = 4

    # maps to CryptoKeyVersionAlgorithm.EC_SIGN_P384_SHA384
    EC_P384_SHA384 = 5
  end
end

#gcs_bucket::String

Returns Immutable. The name of a Cloud Storage bucket where this CertificateAuthority will publish content, such as the CA certificate and CRLs. This must be a bucket name, without any prefixes (such as gs://) or suffixes (such as .googleapis.com). For example, to use a bucket named my-bucket, you would simply specify my-bucket. If not specified, a managed bucket will be created.

Returns:

  • (::String)

    Immutable. The name of a Cloud Storage bucket where this CertificateAuthority will publish content, such as the CA certificate and CRLs. This must be a bucket name, without any prefixes (such as gs://) or suffixes (such as .googleapis.com). For example, to use a bucket named my-bucket, you would simply specify my-bucket. If not specified, a managed bucket will be created.



99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
# File 'proto_docs/google/cloud/security/privateca/v1/resources.rb', line 99

class CertificateAuthority
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # URLs where a {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority} will publish content.
  # @!attribute [rw] ca_certificate_access_url
  #   @return [::String]
  #     The URL where this {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}'s CA certificate is
  #     published. This will only be set for CAs that have been activated.
  # @!attribute [rw] crl_access_urls
  #   @return [::Array<::String>]
  #     The URLs where this {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}'s CRLs are published. This
  #     will only be set for CAs that have been activated.
  class AccessUrls
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # A Cloud KMS key configuration that a {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority} will use.
  # @!attribute [rw] cloud_kms_key_version
  #   @return [::String]
  #     The resource name for an existing Cloud KMS CryptoKeyVersion in the
  #     format
  #     `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.
  #     This option enables full flexibility in the key's capabilities and
  #     properties.
  # @!attribute [rw] algorithm
  #   @return [::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority::SignHashAlgorithm]
  #     The algorithm to use for creating a managed Cloud KMS key for a for a
  #     simplified experience. All managed keys will be have their
  #     [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] as `HSM`.
  class KeyVersionSpec
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class LabelsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # The type of a {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}, indicating its issuing chain.
  module Type
    # Not specified.
    TYPE_UNSPECIFIED = 0

    # Self-signed CA.
    SELF_SIGNED = 1

    # Subordinate CA. Could be issued by a Private CA {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}
    # or an unmanaged CA.
    SUBORDINATE = 2
  end

  # The state of a {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}, indicating if it can be used.
  module State
    # Not specified.
    STATE_UNSPECIFIED = 0

    # Certificates can be issued from this CA. CRLs will be generated for this
    # CA. The CA will be part of the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, and will be
    # used to issue certificates from the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
    ENABLED = 1

    # Certificates cannot be issued from this CA. CRLs will still be generated.
    # The CA will be part of the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, but will not be
    # used to issue certificates from the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
    DISABLED = 2

    # Certificates can be issued from this CA. CRLs will be generated for this
    # CA. The CA will be part of the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, but will not
    # be used to issue certificates from the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
    STAGED = 3

    # Certificates cannot be issued from this CA. CRLs will not be generated.
    # The CA will not be part of the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, and will not be
    # used to issue certificates from the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
    AWAITING_USER_ACTIVATION = 4

    # Certificates cannot be issued from this CA. CRLs will not be generated.
    # The CA may still be recovered by calling
    # {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthorityService::Client#undelete_certificate_authority CertificateAuthorityService.UndeleteCertificateAuthority} before
    # {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority#expire_time expire_time}.
    # The CA will not be part of the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, and will not be
    # used to issue certificates from the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
    DELETED = 5
  end

  # The algorithm of a Cloud KMS CryptoKeyVersion of a
  # [CryptoKey][google.cloud.kms.v1.CryptoKey] with the
  # [CryptoKeyPurpose][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose] value
  # `ASYMMETRIC_SIGN`. These values correspond to the
  # [CryptoKeyVersionAlgorithm][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm]
  # values. For RSA signing algorithms, the PSS algorithms should be preferred,
  # use PKCS1 algorithms if required for compatibility. For further
  # recommandations, see
  # https://cloud.google.com/kms/docs/algorithms#algorithm_recommendations.
  module SignHashAlgorithm
    # Not specified.
    SIGN_HASH_ALGORITHM_UNSPECIFIED = 0

    # maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_2048_SHA256
    RSA_PSS_2048_SHA256 = 1

    # maps to CryptoKeyVersionAlgorithm. RSA_SIGN_PSS_3072_SHA256
    RSA_PSS_3072_SHA256 = 2

    # maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_4096_SHA256
    RSA_PSS_4096_SHA256 = 3

    # maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_2048_SHA256
    RSA_PKCS1_2048_SHA256 = 6

    # maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_3072_SHA256
    RSA_PKCS1_3072_SHA256 = 7

    # maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_4096_SHA256
    RSA_PKCS1_4096_SHA256 = 8

    # maps to CryptoKeyVersionAlgorithm.EC_SIGN_P256_SHA256
    EC_P256_SHA256 = 4

    # maps to CryptoKeyVersionAlgorithm.EC_SIGN_P384_SHA384
    EC_P384_SHA384 = 5
  end
end

#key_spec::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority::KeyVersionSpec

Returns Required. Immutable. Used when issuing certificates for this CertificateAuthority. If this CertificateAuthority is a self-signed CertificateAuthority, this key is also used to sign the self-signed CA certificate. Otherwise, it is used to sign a CSR.

Returns:



99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
# File 'proto_docs/google/cloud/security/privateca/v1/resources.rb', line 99

class CertificateAuthority
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # URLs where a {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority} will publish content.
  # @!attribute [rw] ca_certificate_access_url
  #   @return [::String]
  #     The URL where this {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}'s CA certificate is
  #     published. This will only be set for CAs that have been activated.
  # @!attribute [rw] crl_access_urls
  #   @return [::Array<::String>]
  #     The URLs where this {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}'s CRLs are published. This
  #     will only be set for CAs that have been activated.
  class AccessUrls
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # A Cloud KMS key configuration that a {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority} will use.
  # @!attribute [rw] cloud_kms_key_version
  #   @return [::String]
  #     The resource name for an existing Cloud KMS CryptoKeyVersion in the
  #     format
  #     `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.
  #     This option enables full flexibility in the key's capabilities and
  #     properties.
  # @!attribute [rw] algorithm
  #   @return [::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority::SignHashAlgorithm]
  #     The algorithm to use for creating a managed Cloud KMS key for a for a
  #     simplified experience. All managed keys will be have their
  #     [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] as `HSM`.
  class KeyVersionSpec
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class LabelsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # The type of a {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}, indicating its issuing chain.
  module Type
    # Not specified.
    TYPE_UNSPECIFIED = 0

    # Self-signed CA.
    SELF_SIGNED = 1

    # Subordinate CA. Could be issued by a Private CA {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}
    # or an unmanaged CA.
    SUBORDINATE = 2
  end

  # The state of a {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}, indicating if it can be used.
  module State
    # Not specified.
    STATE_UNSPECIFIED = 0

    # Certificates can be issued from this CA. CRLs will be generated for this
    # CA. The CA will be part of the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, and will be
    # used to issue certificates from the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
    ENABLED = 1

    # Certificates cannot be issued from this CA. CRLs will still be generated.
    # The CA will be part of the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, but will not be
    # used to issue certificates from the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
    DISABLED = 2

    # Certificates can be issued from this CA. CRLs will be generated for this
    # CA. The CA will be part of the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, but will not
    # be used to issue certificates from the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
    STAGED = 3

    # Certificates cannot be issued from this CA. CRLs will not be generated.
    # The CA will not be part of the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, and will not be
    # used to issue certificates from the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
    AWAITING_USER_ACTIVATION = 4

    # Certificates cannot be issued from this CA. CRLs will not be generated.
    # The CA may still be recovered by calling
    # {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthorityService::Client#undelete_certificate_authority CertificateAuthorityService.UndeleteCertificateAuthority} before
    # {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority#expire_time expire_time}.
    # The CA will not be part of the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, and will not be
    # used to issue certificates from the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
    DELETED = 5
  end

  # The algorithm of a Cloud KMS CryptoKeyVersion of a
  # [CryptoKey][google.cloud.kms.v1.CryptoKey] with the
  # [CryptoKeyPurpose][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose] value
  # `ASYMMETRIC_SIGN`. These values correspond to the
  # [CryptoKeyVersionAlgorithm][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm]
  # values. For RSA signing algorithms, the PSS algorithms should be preferred,
  # use PKCS1 algorithms if required for compatibility. For further
  # recommandations, see
  # https://cloud.google.com/kms/docs/algorithms#algorithm_recommendations.
  module SignHashAlgorithm
    # Not specified.
    SIGN_HASH_ALGORITHM_UNSPECIFIED = 0

    # maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_2048_SHA256
    RSA_PSS_2048_SHA256 = 1

    # maps to CryptoKeyVersionAlgorithm. RSA_SIGN_PSS_3072_SHA256
    RSA_PSS_3072_SHA256 = 2

    # maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_4096_SHA256
    RSA_PSS_4096_SHA256 = 3

    # maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_2048_SHA256
    RSA_PKCS1_2048_SHA256 = 6

    # maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_3072_SHA256
    RSA_PKCS1_3072_SHA256 = 7

    # maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_4096_SHA256
    RSA_PKCS1_4096_SHA256 = 8

    # maps to CryptoKeyVersionAlgorithm.EC_SIGN_P256_SHA256
    EC_P256_SHA256 = 4

    # maps to CryptoKeyVersionAlgorithm.EC_SIGN_P384_SHA384
    EC_P384_SHA384 = 5
  end
end

#labels::Google::Protobuf::Map{::String => ::String}

Returns Optional. Labels with user-defined metadata.

Returns:

  • (::Google::Protobuf::Map{::String => ::String})

    Optional. Labels with user-defined metadata.



99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
# File 'proto_docs/google/cloud/security/privateca/v1/resources.rb', line 99

class CertificateAuthority
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # URLs where a {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority} will publish content.
  # @!attribute [rw] ca_certificate_access_url
  #   @return [::String]
  #     The URL where this {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}'s CA certificate is
  #     published. This will only be set for CAs that have been activated.
  # @!attribute [rw] crl_access_urls
  #   @return [::Array<::String>]
  #     The URLs where this {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}'s CRLs are published. This
  #     will only be set for CAs that have been activated.
  class AccessUrls
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # A Cloud KMS key configuration that a {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority} will use.
  # @!attribute [rw] cloud_kms_key_version
  #   @return [::String]
  #     The resource name for an existing Cloud KMS CryptoKeyVersion in the
  #     format
  #     `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.
  #     This option enables full flexibility in the key's capabilities and
  #     properties.
  # @!attribute [rw] algorithm
  #   @return [::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority::SignHashAlgorithm]
  #     The algorithm to use for creating a managed Cloud KMS key for a for a
  #     simplified experience. All managed keys will be have their
  #     [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] as `HSM`.
  class KeyVersionSpec
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class LabelsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # The type of a {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}, indicating its issuing chain.
  module Type
    # Not specified.
    TYPE_UNSPECIFIED = 0

    # Self-signed CA.
    SELF_SIGNED = 1

    # Subordinate CA. Could be issued by a Private CA {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}
    # or an unmanaged CA.
    SUBORDINATE = 2
  end

  # The state of a {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}, indicating if it can be used.
  module State
    # Not specified.
    STATE_UNSPECIFIED = 0

    # Certificates can be issued from this CA. CRLs will be generated for this
    # CA. The CA will be part of the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, and will be
    # used to issue certificates from the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
    ENABLED = 1

    # Certificates cannot be issued from this CA. CRLs will still be generated.
    # The CA will be part of the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, but will not be
    # used to issue certificates from the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
    DISABLED = 2

    # Certificates can be issued from this CA. CRLs will be generated for this
    # CA. The CA will be part of the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, but will not
    # be used to issue certificates from the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
    STAGED = 3

    # Certificates cannot be issued from this CA. CRLs will not be generated.
    # The CA will not be part of the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, and will not be
    # used to issue certificates from the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
    AWAITING_USER_ACTIVATION = 4

    # Certificates cannot be issued from this CA. CRLs will not be generated.
    # The CA may still be recovered by calling
    # {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthorityService::Client#undelete_certificate_authority CertificateAuthorityService.UndeleteCertificateAuthority} before
    # {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority#expire_time expire_time}.
    # The CA will not be part of the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, and will not be
    # used to issue certificates from the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
    DELETED = 5
  end

  # The algorithm of a Cloud KMS CryptoKeyVersion of a
  # [CryptoKey][google.cloud.kms.v1.CryptoKey] with the
  # [CryptoKeyPurpose][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose] value
  # `ASYMMETRIC_SIGN`. These values correspond to the
  # [CryptoKeyVersionAlgorithm][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm]
  # values. For RSA signing algorithms, the PSS algorithms should be preferred,
  # use PKCS1 algorithms if required for compatibility. For further
  # recommandations, see
  # https://cloud.google.com/kms/docs/algorithms#algorithm_recommendations.
  module SignHashAlgorithm
    # Not specified.
    SIGN_HASH_ALGORITHM_UNSPECIFIED = 0

    # maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_2048_SHA256
    RSA_PSS_2048_SHA256 = 1

    # maps to CryptoKeyVersionAlgorithm. RSA_SIGN_PSS_3072_SHA256
    RSA_PSS_3072_SHA256 = 2

    # maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_4096_SHA256
    RSA_PSS_4096_SHA256 = 3

    # maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_2048_SHA256
    RSA_PKCS1_2048_SHA256 = 6

    # maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_3072_SHA256
    RSA_PKCS1_3072_SHA256 = 7

    # maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_4096_SHA256
    RSA_PKCS1_4096_SHA256 = 8

    # maps to CryptoKeyVersionAlgorithm.EC_SIGN_P256_SHA256
    EC_P256_SHA256 = 4

    # maps to CryptoKeyVersionAlgorithm.EC_SIGN_P384_SHA384
    EC_P384_SHA384 = 5
  end
end

#lifetime::Google::Protobuf::Duration

Returns Required. The desired lifetime of the CA certificate. Used to create the "not_before_time" and "not_after_time" fields inside an X.509 certificate.

Returns:

  • (::Google::Protobuf::Duration)

    Required. The desired lifetime of the CA certificate. Used to create the "not_before_time" and "not_after_time" fields inside an X.509 certificate.



99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
# File 'proto_docs/google/cloud/security/privateca/v1/resources.rb', line 99

class CertificateAuthority
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # URLs where a {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority} will publish content.
  # @!attribute [rw] ca_certificate_access_url
  #   @return [::String]
  #     The URL where this {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}'s CA certificate is
  #     published. This will only be set for CAs that have been activated.
  # @!attribute [rw] crl_access_urls
  #   @return [::Array<::String>]
  #     The URLs where this {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}'s CRLs are published. This
  #     will only be set for CAs that have been activated.
  class AccessUrls
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # A Cloud KMS key configuration that a {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority} will use.
  # @!attribute [rw] cloud_kms_key_version
  #   @return [::String]
  #     The resource name for an existing Cloud KMS CryptoKeyVersion in the
  #     format
  #     `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.
  #     This option enables full flexibility in the key's capabilities and
  #     properties.
  # @!attribute [rw] algorithm
  #   @return [::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority::SignHashAlgorithm]
  #     The algorithm to use for creating a managed Cloud KMS key for a for a
  #     simplified experience. All managed keys will be have their
  #     [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] as `HSM`.
  class KeyVersionSpec
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class LabelsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # The type of a {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}, indicating its issuing chain.
  module Type
    # Not specified.
    TYPE_UNSPECIFIED = 0

    # Self-signed CA.
    SELF_SIGNED = 1

    # Subordinate CA. Could be issued by a Private CA {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}
    # or an unmanaged CA.
    SUBORDINATE = 2
  end

  # The state of a {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}, indicating if it can be used.
  module State
    # Not specified.
    STATE_UNSPECIFIED = 0

    # Certificates can be issued from this CA. CRLs will be generated for this
    # CA. The CA will be part of the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, and will be
    # used to issue certificates from the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
    ENABLED = 1

    # Certificates cannot be issued from this CA. CRLs will still be generated.
    # The CA will be part of the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, but will not be
    # used to issue certificates from the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
    DISABLED = 2

    # Certificates can be issued from this CA. CRLs will be generated for this
    # CA. The CA will be part of the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, but will not
    # be used to issue certificates from the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
    STAGED = 3

    # Certificates cannot be issued from this CA. CRLs will not be generated.
    # The CA will not be part of the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, and will not be
    # used to issue certificates from the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
    AWAITING_USER_ACTIVATION = 4

    # Certificates cannot be issued from this CA. CRLs will not be generated.
    # The CA may still be recovered by calling
    # {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthorityService::Client#undelete_certificate_authority CertificateAuthorityService.UndeleteCertificateAuthority} before
    # {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority#expire_time expire_time}.
    # The CA will not be part of the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, and will not be
    # used to issue certificates from the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
    DELETED = 5
  end

  # The algorithm of a Cloud KMS CryptoKeyVersion of a
  # [CryptoKey][google.cloud.kms.v1.CryptoKey] with the
  # [CryptoKeyPurpose][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose] value
  # `ASYMMETRIC_SIGN`. These values correspond to the
  # [CryptoKeyVersionAlgorithm][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm]
  # values. For RSA signing algorithms, the PSS algorithms should be preferred,
  # use PKCS1 algorithms if required for compatibility. For further
  # recommandations, see
  # https://cloud.google.com/kms/docs/algorithms#algorithm_recommendations.
  module SignHashAlgorithm
    # Not specified.
    SIGN_HASH_ALGORITHM_UNSPECIFIED = 0

    # maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_2048_SHA256
    RSA_PSS_2048_SHA256 = 1

    # maps to CryptoKeyVersionAlgorithm. RSA_SIGN_PSS_3072_SHA256
    RSA_PSS_3072_SHA256 = 2

    # maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_4096_SHA256
    RSA_PSS_4096_SHA256 = 3

    # maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_2048_SHA256
    RSA_PKCS1_2048_SHA256 = 6

    # maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_3072_SHA256
    RSA_PKCS1_3072_SHA256 = 7

    # maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_4096_SHA256
    RSA_PKCS1_4096_SHA256 = 8

    # maps to CryptoKeyVersionAlgorithm.EC_SIGN_P256_SHA256
    EC_P256_SHA256 = 4

    # maps to CryptoKeyVersionAlgorithm.EC_SIGN_P384_SHA384
    EC_P384_SHA384 = 5
  end
end

#name::String (readonly)

Returns Output only. The resource name for this CertificateAuthority in the format projects/*/locations/*/caPools/*/certificateAuthorities/*.

Returns:

  • (::String)

    Output only. The resource name for this CertificateAuthority in the format projects/*/locations/*/caPools/*/certificateAuthorities/*.



99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
# File 'proto_docs/google/cloud/security/privateca/v1/resources.rb', line 99

class CertificateAuthority
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # URLs where a {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority} will publish content.
  # @!attribute [rw] ca_certificate_access_url
  #   @return [::String]
  #     The URL where this {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}'s CA certificate is
  #     published. This will only be set for CAs that have been activated.
  # @!attribute [rw] crl_access_urls
  #   @return [::Array<::String>]
  #     The URLs where this {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}'s CRLs are published. This
  #     will only be set for CAs that have been activated.
  class AccessUrls
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # A Cloud KMS key configuration that a {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority} will use.
  # @!attribute [rw] cloud_kms_key_version
  #   @return [::String]
  #     The resource name for an existing Cloud KMS CryptoKeyVersion in the
  #     format
  #     `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.
  #     This option enables full flexibility in the key's capabilities and
  #     properties.
  # @!attribute [rw] algorithm
  #   @return [::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority::SignHashAlgorithm]
  #     The algorithm to use for creating a managed Cloud KMS key for a for a
  #     simplified experience. All managed keys will be have their
  #     [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] as `HSM`.
  class KeyVersionSpec
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class LabelsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # The type of a {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}, indicating its issuing chain.
  module Type
    # Not specified.
    TYPE_UNSPECIFIED = 0

    # Self-signed CA.
    SELF_SIGNED = 1

    # Subordinate CA. Could be issued by a Private CA {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}
    # or an unmanaged CA.
    SUBORDINATE = 2
  end

  # The state of a {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}, indicating if it can be used.
  module State
    # Not specified.
    STATE_UNSPECIFIED = 0

    # Certificates can be issued from this CA. CRLs will be generated for this
    # CA. The CA will be part of the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, and will be
    # used to issue certificates from the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
    ENABLED = 1

    # Certificates cannot be issued from this CA. CRLs will still be generated.
    # The CA will be part of the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, but will not be
    # used to issue certificates from the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
    DISABLED = 2

    # Certificates can be issued from this CA. CRLs will be generated for this
    # CA. The CA will be part of the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, but will not
    # be used to issue certificates from the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
    STAGED = 3

    # Certificates cannot be issued from this CA. CRLs will not be generated.
    # The CA will not be part of the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, and will not be
    # used to issue certificates from the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
    AWAITING_USER_ACTIVATION = 4

    # Certificates cannot be issued from this CA. CRLs will not be generated.
    # The CA may still be recovered by calling
    # {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthorityService::Client#undelete_certificate_authority CertificateAuthorityService.UndeleteCertificateAuthority} before
    # {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority#expire_time expire_time}.
    # The CA will not be part of the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, and will not be
    # used to issue certificates from the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
    DELETED = 5
  end

  # The algorithm of a Cloud KMS CryptoKeyVersion of a
  # [CryptoKey][google.cloud.kms.v1.CryptoKey] with the
  # [CryptoKeyPurpose][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose] value
  # `ASYMMETRIC_SIGN`. These values correspond to the
  # [CryptoKeyVersionAlgorithm][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm]
  # values. For RSA signing algorithms, the PSS algorithms should be preferred,
  # use PKCS1 algorithms if required for compatibility. For further
  # recommandations, see
  # https://cloud.google.com/kms/docs/algorithms#algorithm_recommendations.
  module SignHashAlgorithm
    # Not specified.
    SIGN_HASH_ALGORITHM_UNSPECIFIED = 0

    # maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_2048_SHA256
    RSA_PSS_2048_SHA256 = 1

    # maps to CryptoKeyVersionAlgorithm. RSA_SIGN_PSS_3072_SHA256
    RSA_PSS_3072_SHA256 = 2

    # maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_4096_SHA256
    RSA_PSS_4096_SHA256 = 3

    # maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_2048_SHA256
    RSA_PKCS1_2048_SHA256 = 6

    # maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_3072_SHA256
    RSA_PKCS1_3072_SHA256 = 7

    # maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_4096_SHA256
    RSA_PKCS1_4096_SHA256 = 8

    # maps to CryptoKeyVersionAlgorithm.EC_SIGN_P256_SHA256
    EC_P256_SHA256 = 4

    # maps to CryptoKeyVersionAlgorithm.EC_SIGN_P384_SHA384
    EC_P384_SHA384 = 5
  end
end

#pem_ca_certificates::Array<::String> (readonly)

Returns Output only. This CertificateAuthority's certificate chain, including the current CertificateAuthority's certificate. Ordered such that the root issuer is the final element (consistent with RFC 5246). For a self-signed CA, this will only list the current CertificateAuthority's certificate.

Returns:

  • (::Array<::String>)

    Output only. This CertificateAuthority's certificate chain, including the current CertificateAuthority's certificate. Ordered such that the root issuer is the final element (consistent with RFC 5246). For a self-signed CA, this will only list the current CertificateAuthority's certificate.



99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
# File 'proto_docs/google/cloud/security/privateca/v1/resources.rb', line 99

class CertificateAuthority
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # URLs where a {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority} will publish content.
  # @!attribute [rw] ca_certificate_access_url
  #   @return [::String]
  #     The URL where this {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}'s CA certificate is
  #     published. This will only be set for CAs that have been activated.
  # @!attribute [rw] crl_access_urls
  #   @return [::Array<::String>]
  #     The URLs where this {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}'s CRLs are published. This
  #     will only be set for CAs that have been activated.
  class AccessUrls
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # A Cloud KMS key configuration that a {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority} will use.
  # @!attribute [rw] cloud_kms_key_version
  #   @return [::String]
  #     The resource name for an existing Cloud KMS CryptoKeyVersion in the
  #     format
  #     `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.
  #     This option enables full flexibility in the key's capabilities and
  #     properties.
  # @!attribute [rw] algorithm
  #   @return [::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority::SignHashAlgorithm]
  #     The algorithm to use for creating a managed Cloud KMS key for a for a
  #     simplified experience. All managed keys will be have their
  #     [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] as `HSM`.
  class KeyVersionSpec
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class LabelsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # The type of a {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}, indicating its issuing chain.
  module Type
    # Not specified.
    TYPE_UNSPECIFIED = 0

    # Self-signed CA.
    SELF_SIGNED = 1

    # Subordinate CA. Could be issued by a Private CA {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}
    # or an unmanaged CA.
    SUBORDINATE = 2
  end

  # The state of a {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}, indicating if it can be used.
  module State
    # Not specified.
    STATE_UNSPECIFIED = 0

    # Certificates can be issued from this CA. CRLs will be generated for this
    # CA. The CA will be part of the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, and will be
    # used to issue certificates from the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
    ENABLED = 1

    # Certificates cannot be issued from this CA. CRLs will still be generated.
    # The CA will be part of the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, but will not be
    # used to issue certificates from the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
    DISABLED = 2

    # Certificates can be issued from this CA. CRLs will be generated for this
    # CA. The CA will be part of the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, but will not
    # be used to issue certificates from the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
    STAGED = 3

    # Certificates cannot be issued from this CA. CRLs will not be generated.
    # The CA will not be part of the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, and will not be
    # used to issue certificates from the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
    AWAITING_USER_ACTIVATION = 4

    # Certificates cannot be issued from this CA. CRLs will not be generated.
    # The CA may still be recovered by calling
    # {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthorityService::Client#undelete_certificate_authority CertificateAuthorityService.UndeleteCertificateAuthority} before
    # {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority#expire_time expire_time}.
    # The CA will not be part of the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, and will not be
    # used to issue certificates from the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
    DELETED = 5
  end

  # The algorithm of a Cloud KMS CryptoKeyVersion of a
  # [CryptoKey][google.cloud.kms.v1.CryptoKey] with the
  # [CryptoKeyPurpose][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose] value
  # `ASYMMETRIC_SIGN`. These values correspond to the
  # [CryptoKeyVersionAlgorithm][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm]
  # values. For RSA signing algorithms, the PSS algorithms should be preferred,
  # use PKCS1 algorithms if required for compatibility. For further
  # recommandations, see
  # https://cloud.google.com/kms/docs/algorithms#algorithm_recommendations.
  module SignHashAlgorithm
    # Not specified.
    SIGN_HASH_ALGORITHM_UNSPECIFIED = 0

    # maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_2048_SHA256
    RSA_PSS_2048_SHA256 = 1

    # maps to CryptoKeyVersionAlgorithm. RSA_SIGN_PSS_3072_SHA256
    RSA_PSS_3072_SHA256 = 2

    # maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_4096_SHA256
    RSA_PSS_4096_SHA256 = 3

    # maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_2048_SHA256
    RSA_PKCS1_2048_SHA256 = 6

    # maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_3072_SHA256
    RSA_PKCS1_3072_SHA256 = 7

    # maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_4096_SHA256
    RSA_PKCS1_4096_SHA256 = 8

    # maps to CryptoKeyVersionAlgorithm.EC_SIGN_P256_SHA256
    EC_P256_SHA256 = 4

    # maps to CryptoKeyVersionAlgorithm.EC_SIGN_P384_SHA384
    EC_P384_SHA384 = 5
  end
end

#state::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority::State (readonly)

Returns Output only. The State for this CertificateAuthority.



99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
# File 'proto_docs/google/cloud/security/privateca/v1/resources.rb', line 99

class CertificateAuthority
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # URLs where a {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority} will publish content.
  # @!attribute [rw] ca_certificate_access_url
  #   @return [::String]
  #     The URL where this {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}'s CA certificate is
  #     published. This will only be set for CAs that have been activated.
  # @!attribute [rw] crl_access_urls
  #   @return [::Array<::String>]
  #     The URLs where this {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}'s CRLs are published. This
  #     will only be set for CAs that have been activated.
  class AccessUrls
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # A Cloud KMS key configuration that a {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority} will use.
  # @!attribute [rw] cloud_kms_key_version
  #   @return [::String]
  #     The resource name for an existing Cloud KMS CryptoKeyVersion in the
  #     format
  #     `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.
  #     This option enables full flexibility in the key's capabilities and
  #     properties.
  # @!attribute [rw] algorithm
  #   @return [::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority::SignHashAlgorithm]
  #     The algorithm to use for creating a managed Cloud KMS key for a for a
  #     simplified experience. All managed keys will be have their
  #     [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] as `HSM`.
  class KeyVersionSpec
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class LabelsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # The type of a {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}, indicating its issuing chain.
  module Type
    # Not specified.
    TYPE_UNSPECIFIED = 0

    # Self-signed CA.
    SELF_SIGNED = 1

    # Subordinate CA. Could be issued by a Private CA {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}
    # or an unmanaged CA.
    SUBORDINATE = 2
  end

  # The state of a {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}, indicating if it can be used.
  module State
    # Not specified.
    STATE_UNSPECIFIED = 0

    # Certificates can be issued from this CA. CRLs will be generated for this
    # CA. The CA will be part of the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, and will be
    # used to issue certificates from the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
    ENABLED = 1

    # Certificates cannot be issued from this CA. CRLs will still be generated.
    # The CA will be part of the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, but will not be
    # used to issue certificates from the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
    DISABLED = 2

    # Certificates can be issued from this CA. CRLs will be generated for this
    # CA. The CA will be part of the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, but will not
    # be used to issue certificates from the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
    STAGED = 3

    # Certificates cannot be issued from this CA. CRLs will not be generated.
    # The CA will not be part of the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, and will not be
    # used to issue certificates from the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
    AWAITING_USER_ACTIVATION = 4

    # Certificates cannot be issued from this CA. CRLs will not be generated.
    # The CA may still be recovered by calling
    # {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthorityService::Client#undelete_certificate_authority CertificateAuthorityService.UndeleteCertificateAuthority} before
    # {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority#expire_time expire_time}.
    # The CA will not be part of the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, and will not be
    # used to issue certificates from the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
    DELETED = 5
  end

  # The algorithm of a Cloud KMS CryptoKeyVersion of a
  # [CryptoKey][google.cloud.kms.v1.CryptoKey] with the
  # [CryptoKeyPurpose][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose] value
  # `ASYMMETRIC_SIGN`. These values correspond to the
  # [CryptoKeyVersionAlgorithm][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm]
  # values. For RSA signing algorithms, the PSS algorithms should be preferred,
  # use PKCS1 algorithms if required for compatibility. For further
  # recommandations, see
  # https://cloud.google.com/kms/docs/algorithms#algorithm_recommendations.
  module SignHashAlgorithm
    # Not specified.
    SIGN_HASH_ALGORITHM_UNSPECIFIED = 0

    # maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_2048_SHA256
    RSA_PSS_2048_SHA256 = 1

    # maps to CryptoKeyVersionAlgorithm. RSA_SIGN_PSS_3072_SHA256
    RSA_PSS_3072_SHA256 = 2

    # maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_4096_SHA256
    RSA_PSS_4096_SHA256 = 3

    # maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_2048_SHA256
    RSA_PKCS1_2048_SHA256 = 6

    # maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_3072_SHA256
    RSA_PKCS1_3072_SHA256 = 7

    # maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_4096_SHA256
    RSA_PKCS1_4096_SHA256 = 8

    # maps to CryptoKeyVersionAlgorithm.EC_SIGN_P256_SHA256
    EC_P256_SHA256 = 4

    # maps to CryptoKeyVersionAlgorithm.EC_SIGN_P384_SHA384
    EC_P384_SHA384 = 5
  end
end

#subordinate_config::Google::Cloud::Security::PrivateCA::V1::SubordinateConfig

Returns Optional. If this is a subordinate CertificateAuthority, this field will be set with the subordinate configuration, which describes its issuers. This may be updated, but this CertificateAuthority must continue to validate.

Returns:



99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
# File 'proto_docs/google/cloud/security/privateca/v1/resources.rb', line 99

class CertificateAuthority
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # URLs where a {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority} will publish content.
  # @!attribute [rw] ca_certificate_access_url
  #   @return [::String]
  #     The URL where this {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}'s CA certificate is
  #     published. This will only be set for CAs that have been activated.
  # @!attribute [rw] crl_access_urls
  #   @return [::Array<::String>]
  #     The URLs where this {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}'s CRLs are published. This
  #     will only be set for CAs that have been activated.
  class AccessUrls
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # A Cloud KMS key configuration that a {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority} will use.
  # @!attribute [rw] cloud_kms_key_version
  #   @return [::String]
  #     The resource name for an existing Cloud KMS CryptoKeyVersion in the
  #     format
  #     `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.
  #     This option enables full flexibility in the key's capabilities and
  #     properties.
  # @!attribute [rw] algorithm
  #   @return [::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority::SignHashAlgorithm]
  #     The algorithm to use for creating a managed Cloud KMS key for a for a
  #     simplified experience. All managed keys will be have their
  #     [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] as `HSM`.
  class KeyVersionSpec
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class LabelsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # The type of a {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}, indicating its issuing chain.
  module Type
    # Not specified.
    TYPE_UNSPECIFIED = 0

    # Self-signed CA.
    SELF_SIGNED = 1

    # Subordinate CA. Could be issued by a Private CA {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}
    # or an unmanaged CA.
    SUBORDINATE = 2
  end

  # The state of a {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}, indicating if it can be used.
  module State
    # Not specified.
    STATE_UNSPECIFIED = 0

    # Certificates can be issued from this CA. CRLs will be generated for this
    # CA. The CA will be part of the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, and will be
    # used to issue certificates from the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
    ENABLED = 1

    # Certificates cannot be issued from this CA. CRLs will still be generated.
    # The CA will be part of the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, but will not be
    # used to issue certificates from the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
    DISABLED = 2

    # Certificates can be issued from this CA. CRLs will be generated for this
    # CA. The CA will be part of the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, but will not
    # be used to issue certificates from the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
    STAGED = 3

    # Certificates cannot be issued from this CA. CRLs will not be generated.
    # The CA will not be part of the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, and will not be
    # used to issue certificates from the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
    AWAITING_USER_ACTIVATION = 4

    # Certificates cannot be issued from this CA. CRLs will not be generated.
    # The CA may still be recovered by calling
    # {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthorityService::Client#undelete_certificate_authority CertificateAuthorityService.UndeleteCertificateAuthority} before
    # {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority#expire_time expire_time}.
    # The CA will not be part of the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, and will not be
    # used to issue certificates from the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
    DELETED = 5
  end

  # The algorithm of a Cloud KMS CryptoKeyVersion of a
  # [CryptoKey][google.cloud.kms.v1.CryptoKey] with the
  # [CryptoKeyPurpose][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose] value
  # `ASYMMETRIC_SIGN`. These values correspond to the
  # [CryptoKeyVersionAlgorithm][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm]
  # values. For RSA signing algorithms, the PSS algorithms should be preferred,
  # use PKCS1 algorithms if required for compatibility. For further
  # recommandations, see
  # https://cloud.google.com/kms/docs/algorithms#algorithm_recommendations.
  module SignHashAlgorithm
    # Not specified.
    SIGN_HASH_ALGORITHM_UNSPECIFIED = 0

    # maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_2048_SHA256
    RSA_PSS_2048_SHA256 = 1

    # maps to CryptoKeyVersionAlgorithm. RSA_SIGN_PSS_3072_SHA256
    RSA_PSS_3072_SHA256 = 2

    # maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_4096_SHA256
    RSA_PSS_4096_SHA256 = 3

    # maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_2048_SHA256
    RSA_PKCS1_2048_SHA256 = 6

    # maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_3072_SHA256
    RSA_PKCS1_3072_SHA256 = 7

    # maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_4096_SHA256
    RSA_PKCS1_4096_SHA256 = 8

    # maps to CryptoKeyVersionAlgorithm.EC_SIGN_P256_SHA256
    EC_P256_SHA256 = 4

    # maps to CryptoKeyVersionAlgorithm.EC_SIGN_P384_SHA384
    EC_P384_SHA384 = 5
  end
end

#tier::Google::Cloud::Security::PrivateCA::V1::CaPool::Tier (readonly)

Returns Output only. The CaPool.Tier of the CaPool that includes this CertificateAuthority.

Returns:



99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
# File 'proto_docs/google/cloud/security/privateca/v1/resources.rb', line 99

class CertificateAuthority
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # URLs where a {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority} will publish content.
  # @!attribute [rw] ca_certificate_access_url
  #   @return [::String]
  #     The URL where this {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}'s CA certificate is
  #     published. This will only be set for CAs that have been activated.
  # @!attribute [rw] crl_access_urls
  #   @return [::Array<::String>]
  #     The URLs where this {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}'s CRLs are published. This
  #     will only be set for CAs that have been activated.
  class AccessUrls
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # A Cloud KMS key configuration that a {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority} will use.
  # @!attribute [rw] cloud_kms_key_version
  #   @return [::String]
  #     The resource name for an existing Cloud KMS CryptoKeyVersion in the
  #     format
  #     `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.
  #     This option enables full flexibility in the key's capabilities and
  #     properties.
  # @!attribute [rw] algorithm
  #   @return [::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority::SignHashAlgorithm]
  #     The algorithm to use for creating a managed Cloud KMS key for a for a
  #     simplified experience. All managed keys will be have their
  #     [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] as `HSM`.
  class KeyVersionSpec
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class LabelsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # The type of a {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}, indicating its issuing chain.
  module Type
    # Not specified.
    TYPE_UNSPECIFIED = 0

    # Self-signed CA.
    SELF_SIGNED = 1

    # Subordinate CA. Could be issued by a Private CA {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}
    # or an unmanaged CA.
    SUBORDINATE = 2
  end

  # The state of a {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}, indicating if it can be used.
  module State
    # Not specified.
    STATE_UNSPECIFIED = 0

    # Certificates can be issued from this CA. CRLs will be generated for this
    # CA. The CA will be part of the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, and will be
    # used to issue certificates from the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
    ENABLED = 1

    # Certificates cannot be issued from this CA. CRLs will still be generated.
    # The CA will be part of the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, but will not be
    # used to issue certificates from the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
    DISABLED = 2

    # Certificates can be issued from this CA. CRLs will be generated for this
    # CA. The CA will be part of the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, but will not
    # be used to issue certificates from the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
    STAGED = 3

    # Certificates cannot be issued from this CA. CRLs will not be generated.
    # The CA will not be part of the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, and will not be
    # used to issue certificates from the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
    AWAITING_USER_ACTIVATION = 4

    # Certificates cannot be issued from this CA. CRLs will not be generated.
    # The CA may still be recovered by calling
    # {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthorityService::Client#undelete_certificate_authority CertificateAuthorityService.UndeleteCertificateAuthority} before
    # {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority#expire_time expire_time}.
    # The CA will not be part of the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, and will not be
    # used to issue certificates from the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
    DELETED = 5
  end

  # The algorithm of a Cloud KMS CryptoKeyVersion of a
  # [CryptoKey][google.cloud.kms.v1.CryptoKey] with the
  # [CryptoKeyPurpose][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose] value
  # `ASYMMETRIC_SIGN`. These values correspond to the
  # [CryptoKeyVersionAlgorithm][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm]
  # values. For RSA signing algorithms, the PSS algorithms should be preferred,
  # use PKCS1 algorithms if required for compatibility. For further
  # recommandations, see
  # https://cloud.google.com/kms/docs/algorithms#algorithm_recommendations.
  module SignHashAlgorithm
    # Not specified.
    SIGN_HASH_ALGORITHM_UNSPECIFIED = 0

    # maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_2048_SHA256
    RSA_PSS_2048_SHA256 = 1

    # maps to CryptoKeyVersionAlgorithm. RSA_SIGN_PSS_3072_SHA256
    RSA_PSS_3072_SHA256 = 2

    # maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_4096_SHA256
    RSA_PSS_4096_SHA256 = 3

    # maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_2048_SHA256
    RSA_PKCS1_2048_SHA256 = 6

    # maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_3072_SHA256
    RSA_PKCS1_3072_SHA256 = 7

    # maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_4096_SHA256
    RSA_PKCS1_4096_SHA256 = 8

    # maps to CryptoKeyVersionAlgorithm.EC_SIGN_P256_SHA256
    EC_P256_SHA256 = 4

    # maps to CryptoKeyVersionAlgorithm.EC_SIGN_P384_SHA384
    EC_P384_SHA384 = 5
  end
end

#type::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority::Type

Returns Required. Immutable. The Type of this CertificateAuthority.



99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
# File 'proto_docs/google/cloud/security/privateca/v1/resources.rb', line 99

class CertificateAuthority
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # URLs where a {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority} will publish content.
  # @!attribute [rw] ca_certificate_access_url
  #   @return [::String]
  #     The URL where this {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}'s CA certificate is
  #     published. This will only be set for CAs that have been activated.
  # @!attribute [rw] crl_access_urls
  #   @return [::Array<::String>]
  #     The URLs where this {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}'s CRLs are published. This
  #     will only be set for CAs that have been activated.
  class AccessUrls
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # A Cloud KMS key configuration that a {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority} will use.
  # @!attribute [rw] cloud_kms_key_version
  #   @return [::String]
  #     The resource name for an existing Cloud KMS CryptoKeyVersion in the
  #     format
  #     `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.
  #     This option enables full flexibility in the key's capabilities and
  #     properties.
  # @!attribute [rw] algorithm
  #   @return [::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority::SignHashAlgorithm]
  #     The algorithm to use for creating a managed Cloud KMS key for a for a
  #     simplified experience. All managed keys will be have their
  #     [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] as `HSM`.
  class KeyVersionSpec
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class LabelsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # The type of a {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}, indicating its issuing chain.
  module Type
    # Not specified.
    TYPE_UNSPECIFIED = 0

    # Self-signed CA.
    SELF_SIGNED = 1

    # Subordinate CA. Could be issued by a Private CA {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}
    # or an unmanaged CA.
    SUBORDINATE = 2
  end

  # The state of a {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}, indicating if it can be used.
  module State
    # Not specified.
    STATE_UNSPECIFIED = 0

    # Certificates can be issued from this CA. CRLs will be generated for this
    # CA. The CA will be part of the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, and will be
    # used to issue certificates from the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
    ENABLED = 1

    # Certificates cannot be issued from this CA. CRLs will still be generated.
    # The CA will be part of the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, but will not be
    # used to issue certificates from the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
    DISABLED = 2

    # Certificates can be issued from this CA. CRLs will be generated for this
    # CA. The CA will be part of the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, but will not
    # be used to issue certificates from the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
    STAGED = 3

    # Certificates cannot be issued from this CA. CRLs will not be generated.
    # The CA will not be part of the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, and will not be
    # used to issue certificates from the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
    AWAITING_USER_ACTIVATION = 4

    # Certificates cannot be issued from this CA. CRLs will not be generated.
    # The CA may still be recovered by calling
    # {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthorityService::Client#undelete_certificate_authority CertificateAuthorityService.UndeleteCertificateAuthority} before
    # {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority#expire_time expire_time}.
    # The CA will not be part of the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, and will not be
    # used to issue certificates from the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
    DELETED = 5
  end

  # The algorithm of a Cloud KMS CryptoKeyVersion of a
  # [CryptoKey][google.cloud.kms.v1.CryptoKey] with the
  # [CryptoKeyPurpose][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose] value
  # `ASYMMETRIC_SIGN`. These values correspond to the
  # [CryptoKeyVersionAlgorithm][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm]
  # values. For RSA signing algorithms, the PSS algorithms should be preferred,
  # use PKCS1 algorithms if required for compatibility. For further
  # recommandations, see
  # https://cloud.google.com/kms/docs/algorithms#algorithm_recommendations.
  module SignHashAlgorithm
    # Not specified.
    SIGN_HASH_ALGORITHM_UNSPECIFIED = 0

    # maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_2048_SHA256
    RSA_PSS_2048_SHA256 = 1

    # maps to CryptoKeyVersionAlgorithm. RSA_SIGN_PSS_3072_SHA256
    RSA_PSS_3072_SHA256 = 2

    # maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_4096_SHA256
    RSA_PSS_4096_SHA256 = 3

    # maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_2048_SHA256
    RSA_PKCS1_2048_SHA256 = 6

    # maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_3072_SHA256
    RSA_PKCS1_3072_SHA256 = 7

    # maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_4096_SHA256
    RSA_PKCS1_4096_SHA256 = 8

    # maps to CryptoKeyVersionAlgorithm.EC_SIGN_P256_SHA256
    EC_P256_SHA256 = 4

    # maps to CryptoKeyVersionAlgorithm.EC_SIGN_P384_SHA384
    EC_P384_SHA384 = 5
  end
end

#update_time::Google::Protobuf::Timestamp (readonly)

Returns Output only. The time at which this CertificateAuthority was last updated.

Returns:



99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
# File 'proto_docs/google/cloud/security/privateca/v1/resources.rb', line 99

class CertificateAuthority
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # URLs where a {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority} will publish content.
  # @!attribute [rw] ca_certificate_access_url
  #   @return [::String]
  #     The URL where this {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}'s CA certificate is
  #     published. This will only be set for CAs that have been activated.
  # @!attribute [rw] crl_access_urls
  #   @return [::Array<::String>]
  #     The URLs where this {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}'s CRLs are published. This
  #     will only be set for CAs that have been activated.
  class AccessUrls
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # A Cloud KMS key configuration that a {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority} will use.
  # @!attribute [rw] cloud_kms_key_version
  #   @return [::String]
  #     The resource name for an existing Cloud KMS CryptoKeyVersion in the
  #     format
  #     `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.
  #     This option enables full flexibility in the key's capabilities and
  #     properties.
  # @!attribute [rw] algorithm
  #   @return [::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority::SignHashAlgorithm]
  #     The algorithm to use for creating a managed Cloud KMS key for a for a
  #     simplified experience. All managed keys will be have their
  #     [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] as `HSM`.
  class KeyVersionSpec
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class LabelsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # The type of a {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}, indicating its issuing chain.
  module Type
    # Not specified.
    TYPE_UNSPECIFIED = 0

    # Self-signed CA.
    SELF_SIGNED = 1

    # Subordinate CA. Could be issued by a Private CA {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}
    # or an unmanaged CA.
    SUBORDINATE = 2
  end

  # The state of a {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}, indicating if it can be used.
  module State
    # Not specified.
    STATE_UNSPECIFIED = 0

    # Certificates can be issued from this CA. CRLs will be generated for this
    # CA. The CA will be part of the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, and will be
    # used to issue certificates from the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
    ENABLED = 1

    # Certificates cannot be issued from this CA. CRLs will still be generated.
    # The CA will be part of the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, but will not be
    # used to issue certificates from the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
    DISABLED = 2

    # Certificates can be issued from this CA. CRLs will be generated for this
    # CA. The CA will be part of the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, but will not
    # be used to issue certificates from the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
    STAGED = 3

    # Certificates cannot be issued from this CA. CRLs will not be generated.
    # The CA will not be part of the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, and will not be
    # used to issue certificates from the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
    AWAITING_USER_ACTIVATION = 4

    # Certificates cannot be issued from this CA. CRLs will not be generated.
    # The CA may still be recovered by calling
    # {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthorityService::Client#undelete_certificate_authority CertificateAuthorityService.UndeleteCertificateAuthority} before
    # {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority#expire_time expire_time}.
    # The CA will not be part of the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}'s trust anchor, and will not be
    # used to issue certificates from the {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
    DELETED = 5
  end

  # The algorithm of a Cloud KMS CryptoKeyVersion of a
  # [CryptoKey][google.cloud.kms.v1.CryptoKey] with the
  # [CryptoKeyPurpose][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose] value
  # `ASYMMETRIC_SIGN`. These values correspond to the
  # [CryptoKeyVersionAlgorithm][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm]
  # values. For RSA signing algorithms, the PSS algorithms should be preferred,
  # use PKCS1 algorithms if required for compatibility. For further
  # recommandations, see
  # https://cloud.google.com/kms/docs/algorithms#algorithm_recommendations.
  module SignHashAlgorithm
    # Not specified.
    SIGN_HASH_ALGORITHM_UNSPECIFIED = 0

    # maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_2048_SHA256
    RSA_PSS_2048_SHA256 = 1

    # maps to CryptoKeyVersionAlgorithm. RSA_SIGN_PSS_3072_SHA256
    RSA_PSS_3072_SHA256 = 2

    # maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_4096_SHA256
    RSA_PSS_4096_SHA256 = 3

    # maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_2048_SHA256
    RSA_PKCS1_2048_SHA256 = 6

    # maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_3072_SHA256
    RSA_PKCS1_3072_SHA256 = 7

    # maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_4096_SHA256
    RSA_PKCS1_4096_SHA256 = 8

    # maps to CryptoKeyVersionAlgorithm.EC_SIGN_P256_SHA256
    EC_P256_SHA256 = 4

    # maps to CryptoKeyVersionAlgorithm.EC_SIGN_P384_SHA384
    EC_P384_SHA384 = 5
  end
end