1// Copyright 2023 Google LLC 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14 15syntax = "proto3"; 16 17package google.cloud.certificatemanager.v1; 18 19import "google/api/field_behavior.proto"; 20import "google/api/resource.proto"; 21import "google/protobuf/field_mask.proto"; 22import "google/protobuf/timestamp.proto"; 23 24option csharp_namespace = "Google.Cloud.CertificateManager.V1"; 25option go_package = "cloud.google.com/go/certificatemanager/apiv1/certificatemanagerpb;certificatemanagerpb"; 26option java_multiple_files = true; 27option java_outer_classname = "TrustConifgProto"; 28option java_package = "com.google.cloud.certificatemanager.v1"; 29option php_namespace = "Google\\Cloud\\CertificateManager\\V1"; 30option ruby_package = "Google::Cloud::CertificateManager::V1"; 31 32// Request for the `ListTrustConfigs` method. 33message ListTrustConfigsRequest { 34 // Required. The project and location from which the TrustConfigs should be 35 // listed, specified in the format `projects/*/locations/*`. 36 string parent = 1 [ 37 (google.api.field_behavior) = REQUIRED, 38 (google.api.resource_reference) = { 39 type: "locations.googleapis.com/Location" 40 } 41 ]; 42 43 // Maximum number of TrustConfigs to return per call. 44 int32 page_size = 2; 45 46 // The value returned by the last `ListTrustConfigsResponse`. Indicates 47 // that this is a continuation of a prior `ListTrustConfigs` call, and that 48 // the system should return the next page of data. 49 string page_token = 3; 50 51 // Filter expression to restrict the TrustConfigs returned. 52 string filter = 4; 53 54 // A list of TrustConfig field names used to specify the order of the 55 // returned results. The default sorting order is ascending. To specify 56 // descending order for a field, add a suffix `" desc"`. 57 string order_by = 5; 58} 59 60// Response for the `ListTrustConfigs` method. 61message ListTrustConfigsResponse { 62 // A list of TrustConfigs for the parent resource. 63 repeated TrustConfig trust_configs = 1; 64 65 // If there might be more results than those appearing in this response, then 66 // `next_page_token` is included. To get the next set of results, call this 67 // method again using the value of `next_page_token` as `page_token`. 68 string next_page_token = 2; 69 70 // Locations that could not be reached. 71 repeated string unreachable = 3; 72} 73 74// Request for the `GetTrustConfig` method. 75message GetTrustConfigRequest { 76 // Required. A name of the TrustConfig to describe. Must be in the format 77 // `projects/*/locations/*/trustConfigs/*`. 78 string name = 1 [ 79 (google.api.field_behavior) = REQUIRED, 80 (google.api.resource_reference) = { 81 type: "certificatemanager.googleapis.com/TrustConfig" 82 } 83 ]; 84} 85 86// Request for the `CreateTrustConfig` method. 87message CreateTrustConfigRequest { 88 // Required. The parent resource of the TrustConfig. Must be in the format 89 // `projects/*/locations/*`. 90 string parent = 1 [ 91 (google.api.field_behavior) = REQUIRED, 92 (google.api.resource_reference) = { 93 type: "locations.googleapis.com/Location" 94 } 95 ]; 96 97 // Required. A user-provided name of the TrustConfig. Must match the regexp 98 // `[a-z0-9-]{1,63}`. 99 string trust_config_id = 2 [(google.api.field_behavior) = REQUIRED]; 100 101 // Required. A definition of the TrustConfig to create. 102 TrustConfig trust_config = 3 [(google.api.field_behavior) = REQUIRED]; 103} 104 105// Request for the `UpdateTrustConfig` method. 106message UpdateTrustConfigRequest { 107 // Required. A definition of the TrustConfig to update. 108 TrustConfig trust_config = 1 [(google.api.field_behavior) = REQUIRED]; 109 110 // Required. The update mask applies to the resource. For the `FieldMask` 111 // definition, see 112 // https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#fieldmask. 113 google.protobuf.FieldMask update_mask = 2 114 [(google.api.field_behavior) = REQUIRED]; 115} 116 117// Request for the `DeleteTrustConfig` method. 118message DeleteTrustConfigRequest { 119 // Required. A name of the TrustConfig to delete. Must be in the format 120 // `projects/*/locations/*/trustConfigs/*`. 121 string name = 1 [ 122 (google.api.field_behavior) = REQUIRED, 123 (google.api.resource_reference) = { 124 type: "certificatemanager.googleapis.com/TrustConfig" 125 } 126 ]; 127 128 // The current etag of the TrustConfig. 129 // If an etag is provided and does not match the current etag of the resource, 130 // deletion will be blocked and an ABORTED error will be returned. 131 string etag = 2; 132} 133 134// Defines a trust config. 135message TrustConfig { 136 option (google.api.resource) = { 137 type: "certificatemanager.googleapis.com/TrustConfig" 138 pattern: "projects/{project}/locations/{location}/trustConfigs/{trust_config}" 139 }; 140 141 // Defines a trust anchor. 142 message TrustAnchor { 143 oneof kind { 144 // PEM root certificate of the PKI used for validation. 145 // 146 // Each certificate provided in PEM format may occupy up to 5kB. 147 string pem_certificate = 1; 148 } 149 } 150 151 // Defines an intermediate CA. 152 message IntermediateCA { 153 oneof kind { 154 // PEM intermediate certificate used for building up paths 155 // for validation. 156 // 157 // Each certificate provided in PEM format may occupy up to 5kB. 158 string pem_certificate = 1; 159 } 160 } 161 162 // Defines a trust store. 163 message TrustStore { 164 // List of Trust Anchors to be used while performing validation 165 // against a given TrustStore. 166 repeated TrustAnchor trust_anchors = 1; 167 168 // Set of intermediate CA certificates used for the path building 169 // phase of chain validation. 170 // 171 // The field is currently not supported if TrustConfig is used for the 172 // workload certificate feature. 173 repeated IntermediateCA intermediate_cas = 2; 174 } 175 176 // A user-defined name of the trust config. TrustConfig names must be 177 // unique globally and match pattern 178 // `projects/*/locations/*/trustConfigs/*`. 179 string name = 1; 180 181 // Output only. The creation timestamp of a TrustConfig. 182 google.protobuf.Timestamp create_time = 2 183 [(google.api.field_behavior) = OUTPUT_ONLY]; 184 185 // Output only. The last update timestamp of a TrustConfig. 186 google.protobuf.Timestamp update_time = 3 187 [(google.api.field_behavior) = OUTPUT_ONLY]; 188 189 // Set of labels associated with a TrustConfig. 190 map<string, string> labels = 4; 191 192 // One or more paragraphs of text description of a TrustConfig. 193 string description = 5; 194 195 // This checksum is computed by the server based on the value of other 196 // fields, and may be sent on update and delete requests to ensure the 197 // client has an up-to-date value before proceeding. 198 string etag = 6; 199 200 // Set of trust stores to perform validation against. 201 // 202 // This field is supported when TrustConfig is configured with Load Balancers, 203 // currently not supported for SPIFFE certificate validation. 204 // 205 // Only one TrustStore specified is currently allowed. 206 repeated TrustStore trust_stores = 8; 207} 208