Index
CertificateManager
(interface)Certificate
(message)Certificate.ManagedCertificate
(message)Certificate.ManagedCertificate.AuthorizationAttemptInfo
(message)Certificate.ManagedCertificate.AuthorizationAttemptInfo.FailureReason
(enum)Certificate.ManagedCertificate.AuthorizationAttemptInfo.State
(enum)Certificate.ManagedCertificate.ProvisioningIssue
(message)Certificate.ManagedCertificate.ProvisioningIssue.Reason
(enum)Certificate.ManagedCertificate.State
(enum)Certificate.Scope
(enum)Certificate.SelfManagedCertificate
(message)CertificateIssuanceConfig
(message)CertificateIssuanceConfig.CertificateAuthorityConfig
(message)CertificateIssuanceConfig.CertificateAuthorityConfig.CertificateAuthorityServiceConfig
(message)CertificateIssuanceConfig.KeyAlgorithm
(enum)CertificateMap
(message)CertificateMap.GclbTarget
(message)CertificateMap.GclbTarget.IpConfig
(message)CertificateMapEntry
(message)CertificateMapEntry.Matcher
(enum)CreateCertificateIssuanceConfigRequest
(message)CreateCertificateMapEntryRequest
(message)CreateCertificateMapRequest
(message)CreateCertificateRequest
(message)CreateDnsAuthorizationRequest
(message)CreateTrustConfigRequest
(message)DeleteCertificateIssuanceConfigRequest
(message)DeleteCertificateMapEntryRequest
(message)DeleteCertificateMapRequest
(message)DeleteCertificateRequest
(message)DeleteDnsAuthorizationRequest
(message)DeleteTrustConfigRequest
(message)DnsAuthorization
(message)DnsAuthorization.DnsResourceRecord
(message)DnsAuthorization.Type
(enum)GetCertificateIssuanceConfigRequest
(message)GetCertificateMapEntryRequest
(message)GetCertificateMapRequest
(message)GetCertificateRequest
(message)GetDnsAuthorizationRequest
(message)GetTrustConfigRequest
(message)ListCertificateIssuanceConfigsRequest
(message)ListCertificateIssuanceConfigsResponse
(message)ListCertificateMapEntriesRequest
(message)ListCertificateMapEntriesResponse
(message)ListCertificateMapsRequest
(message)ListCertificateMapsResponse
(message)ListCertificatesRequest
(message)ListCertificatesResponse
(message)ListDnsAuthorizationsRequest
(message)ListDnsAuthorizationsResponse
(message)ListTrustConfigsRequest
(message)ListTrustConfigsResponse
(message)OperationMetadata
(message)ServingState
(enum)TrustConfig
(message)TrustConfig.AllowlistedCertificate
(message)TrustConfig.IntermediateCA
(message)TrustConfig.TrustAnchor
(message)TrustConfig.TrustStore
(message)UpdateCertificateIssuanceConfigRequest
(message)UpdateCertificateMapEntryRequest
(message)UpdateCertificateMapRequest
(message)UpdateCertificateRequest
(message)UpdateDnsAuthorizationRequest
(message)UpdateTrustConfigRequest
(message)
CertificateManager
API Overview
Certificates Manager API allows customers to see and manage all their TLS certificates.
Certificates Manager API service provides methods to manage certificates, group them into collections, and create serving configuration that can be easily applied to other Cloud resources e.g. Target Proxies.
Data Model
The Certificates Manager service exposes the following resources:
Certificate
that describes a single TLS certificate.CertificateMap
that describes a collection of certificates that can be attached to a target resource.CertificateMapEntry
that describes a single configuration entry that consists of a SNI and a group of certificates. It's a subresource of CertificateMap.
Certificate, CertificateMap and CertificateMapEntry IDs have to fully match the regexp [a-z0-9-]{1,63}
. In other words, - only lower case letters, digits, and hyphen are allowed - length of the resource ID has to be in [1,63] range.
Provides methods to manage Cloud Certificate Manager entities.
CreateCertificate |
---|
Creates a new Certificate in a given project and location.
|
CreateCertificateIssuanceConfig |
---|
Creates a new CertificateIssuanceConfig in a given project and location.
|
CreateCertificateMap |
---|
Creates a new CertificateMap in a given project and location.
|
CreateCertificateMapEntry |
---|
Creates a new CertificateMapEntry in a given project and location.
|
CreateDnsAuthorization |
---|
Creates a new DnsAuthorization in a given project and location.
|
CreateTrustConfig |
---|
Creates a new TrustConfig in a given project and location.
|
DeleteCertificate |
---|
Deletes a single Certificate.
|
DeleteCertificateIssuanceConfig |
---|
Deletes a single CertificateIssuanceConfig.
|
DeleteCertificateMap |
---|
Deletes a single CertificateMap. A Certificate Map can't be deleted if it contains Certificate Map Entries. Remove all the entries from the map before calling this method.
|
DeleteCertificateMapEntry |
---|
Deletes a single CertificateMapEntry.
|
DeleteDnsAuthorization |
---|
Deletes a single DnsAuthorization.
|
DeleteTrustConfig |
---|
Deletes a single TrustConfig.
|
GetCertificate |
---|
Gets details of a single Certificate.
|
GetCertificateIssuanceConfig |
---|
Gets details of a single CertificateIssuanceConfig.
|
GetCertificateMap |
---|
Gets details of a single CertificateMap.
|
GetCertificateMapEntry |
---|
Gets details of a single CertificateMapEntry.
|
GetDnsAuthorization |
---|
Gets details of a single DnsAuthorization.
|
GetTrustConfig |
---|
Gets details of a single TrustConfig.
|
ListCertificateIssuanceConfigs |
---|
Lists CertificateIssuanceConfigs in a given project and location.
|
ListCertificateMapEntries |
---|
Lists CertificateMapEntries in a given project and location.
|
ListCertificateMaps |
---|
Lists CertificateMaps in a given project and location.
|
ListCertificates |
---|
Lists Certificates in a given project and location.
|
ListDnsAuthorizations |
---|
Lists DnsAuthorizations in a given project and location.
|
ListTrustConfigs |
---|
Lists TrustConfigs in a given project and location.
|
UpdateCertificate |
---|
Updates a Certificate.
|
UpdateCertificateIssuanceConfig |
---|
Updates a CertificateIssuanceConfig.
|
UpdateCertificateMap |
---|
Updates a CertificateMap.
|
UpdateCertificateMapEntry |
---|
Updates a CertificateMapEntry.
|
UpdateDnsAuthorization |
---|
Updates a DnsAuthorization.
|
UpdateTrustConfig |
---|
Updates a TrustConfig.
|
Certificate
Defines TLS certificate.
Fields | |
---|---|
name |
Identifier. A user-defined name of the certificate. Certificate names must be unique globally and match pattern |
description |
Optional. One or more paragraphs of text description of a certificate. |
create_time |
Output only. The creation timestamp of a Certificate. |
update_time |
Output only. The last update timestamp of a Certificate. |
labels |
Optional. Set of labels associated with a Certificate. |
san_dnsnames[] |
Output only. The list of Subject Alternative Names of dnsName type defined in the certificate (see RFC 5280 4.2.1.6). Managed certificates that haven't been provisioned yet have this field populated with a value of the managed.domains field. |
pem_certificate |
Output only. The PEM-encoded certificate chain. |
expire_time |
Output only. The expiry timestamp of a Certificate. |
scope |
Optional. Immutable. The scope of the certificate. |
Union field type . Type of the certificate. Required. type can be only one of the following: |
|
self_managed |
If set, defines data of a self-managed certificate. |
managed |
If set, contains configuration and state of a managed certificate. |
ManagedCertificate
Configuration and state of a Managed Certificate. Certificate Manager provisions and renews Managed Certificates automatically, for as long as it's authorized to do so.
Fields | |
---|---|
domains[] |
Optional. Immutable. The domains for which a managed SSL certificate will be generated. Wildcard domains are only supported with DNS challenge resolution. |
dns_authorizations[] |
Optional. Immutable. Authorizations that will be used for performing domain authorization. Authorization requires the following IAM permission on the specified resource
|
issuance_config |
Optional. Immutable. The resource name for a Authorization requires the following IAM permission on the specified resource
|
state |
Output only. State of the managed certificate resource. |
provisioning_issue |
Output only. Information about issues with provisioning a Managed Certificate. |
authorization_attempt_info[] |
Output only. Detailed state of the latest authorization attempt for each domain specified for managed certificate resource. |
AuthorizationAttemptInfo
State of the latest attempt to authorize a domain for certificate issuance.
Fields | |
---|---|
domain |
Output only. Domain name of the authorization attempt. |
state |
Output only. State of the domain for managed certificate issuance. |
failure_reason |
Output only. Reason for failure of the authorization attempt for the domain. |
details |
Output only. Human readable explanation for reaching the state. Provided to help address the configuration issues. Not guaranteed to be stable. For programmatic access use FailureReason enum. |
FailureReason
Reason for failure of the authorization attempt for the domain.
Enums | |
---|---|
FAILURE_REASON_UNSPECIFIED |
FailureReason is unspecified. |
CONFIG |
There was a problem with the user's DNS or load balancer configuration for this domain. |
CAA |
Certificate issuance forbidden by an explicit CAA record for the domain or a failure to check CAA records for the domain. |
RATE_LIMITED |
Reached a CA or internal rate-limit for the domain, e.g. for certificates per top-level private domain. |
State
State of the domain for managed certificate issuance.
Enums | |
---|---|
STATE_UNSPECIFIED |
State is unspecified. |
AUTHORIZING |
Certificate provisioning for this domain is under way. Google Cloud will attempt to authorize the domain. |
AUTHORIZED |
A managed certificate can be provisioned, no issues for this domain. |
FAILED |
Attempt to authorize the domain failed. This prevents the Managed Certificate from being issued. See failure_reason and details fields for more information. |
ProvisioningIssue
Information about issues with provisioning a Managed Certificate.
Fields | |
---|---|
reason |
Output only. Reason for provisioning failures. |
details |
Output only. Human readable explanation about the issue. Provided to help address the configuration issues. Not guaranteed to be stable. For programmatic access use Reason enum. |
Reason
Reason for provisioning failures.
Enums | |
---|---|
REASON_UNSPECIFIED |
Reason is unspecified. |
AUTHORIZATION_ISSUE |
Certificate provisioning failed due to an issue with one or more of the domains on the certificate. For details of which domains failed, consult the authorization_attempt_info field. |
RATE_LIMITED |
Exceeded Certificate Authority quotas or internal rate limits of the system. Provisioning may take longer to complete. |
State
State of the managed certificate resource.
Enums | |
---|---|
STATE_UNSPECIFIED |
State is unspecified. |
PROVISIONING |
Certificate Manager attempts to provision or renew the certificate. If the process takes longer than expected, consult the provisioning_issue field. |
FAILED |
Multiple certificate provisioning attempts failed and Certificate Manager gave up. To try again, delete and create a new managed Certificate resource. For details see the provisioning_issue field. |
ACTIVE |
The certificate management is working, and a certificate has been provisioned. |
Scope
Certificate scope.
Enums | |
---|---|
DEFAULT |
Certificates with default scope are served from core Google data centers. If unsure, choose this option. |
EDGE_CACHE |
Certificates with scope EDGE_CACHE are special-purposed certificates, served from Edge Points of Presence. See https://cloud.google.com/vpc/docs/edge-locations. |
ALL_REGIONS |
Certificates with ALL_REGIONS scope are served from all Google Cloud regions. See https://cloud.google.com/compute/docs/regions-zones. |
SelfManagedCertificate
Certificate data for a SelfManaged Certificate. SelfManaged Certificates are uploaded by the user. Updating such certificates before they expire remains the user's responsibility.
Fields | |
---|---|
pem_certificate |
Optional. Input only. The PEM-encoded certificate chain. Leaf certificate comes first, followed by intermediate ones if any. |
pem_private_key |
Optional. Input only. The PEM-encoded private key of the leaf certificate. |
CertificateIssuanceConfig
CertificateIssuanceConfig specifies how to issue and manage a certificate.
Fields | |
---|---|
name |
Identifier. A user-defined name of the certificate issuance config. CertificateIssuanceConfig names must be unique globally and match pattern |
create_time |
Output only. The creation timestamp of a CertificateIssuanceConfig. |
update_time |
Output only. The last update timestamp of a CertificateIssuanceConfig. |
labels |
Optional. Set of labels associated with a CertificateIssuanceConfig. |
description |
Optional. One or more paragraphs of text description of a CertificateIssuanceConfig. |
certificate_authority_config |
Required. The CA that issues the workload certificate. It includes the CA address, type, authentication to CA service, etc. |
lifetime |
Required. Workload certificate lifetime requested. |
rotation_window_percentage |
Required. Specifies the percentage of elapsed time of the certificate lifetime to wait before renewing the certificate. Must be a number between 1-99, inclusive. |
key_algorithm |
Required. The key algorithm to use when generating the private key. |
CertificateAuthorityConfig
The CA that issues the workload certificate. It includes CA address, type, authentication to CA service, etc.
Fields | |
---|---|
Union field kind . The kind of CA config. kind can be only one of the following: |
|
certificate_authority_service_config |
Defines a CertificateAuthorityServiceConfig. |
CertificateAuthorityServiceConfig
Contains information required to contact CA service.
Fields | |
---|---|
ca_pool |
Required. A CA pool resource used to issue a certificate. The CA pool string has a relative resource path following the form "projects/{project}/locations/{location}/caPools/{ca_pool}". Authorization requires the following IAM permission on the specified resource
|
KeyAlgorithm
The type of keypair to generate.
Enums | |
---|---|
KEY_ALGORITHM_UNSPECIFIED |
Unspecified key algorithm. |
RSA_2048 |
Specifies RSA with a 2048-bit modulus. |
ECDSA_P256 |
Specifies ECDSA with curve P256. |
CertificateMap
Defines a collection of certificate configurations.
Fields | |
---|---|
name |
Identifier. A user-defined name of the Certificate Map. Certificate Map names must be unique globally and match pattern |
description |
Optional. One or more paragraphs of text description of a certificate map. |
create_time |
Output only. The creation timestamp of a Certificate Map. |
update_time |
Output only. The update timestamp of a Certificate Map. |
labels |
Optional. Set of labels associated with a Certificate Map. |
gclb_targets[] |
Output only. A list of GCLB targets that use this Certificate Map. A Target Proxy is only present on this list if it's attached to a Forwarding Rule. |
GclbTarget
Describes a Target Proxy that uses this Certificate Map.
Fields | |
---|---|
ip_configs[] |
Output only. IP configurations for this Target Proxy where the Certificate Map is serving. |
Union field target_proxy . A Target Proxy to which this map is attached to. target_proxy can be only one of the following: |
|
target_https_proxy |
Output only. This field returns the resource name in the following format: |
target_ssl_proxy |
Output only. This field returns the resource name in the following format: |
IpConfig
Defines IP configuration where this Certificate Map is serving.
Fields | |
---|---|
ip_address |
Output only. An external IP address. |
ports[] |
Output only. Ports. |
CertificateMapEntry
Defines a certificate map entry.
Fields | |
---|---|
name |
Identifier. A user-defined name of the Certificate Map Entry. Certificate Map Entry names must be unique globally and match pattern |
description |
Optional. One or more paragraphs of text description of a certificate map entry. |
create_time |
Output only. The creation timestamp of a Certificate Map Entry. |
update_time |
Output only. The update timestamp of a Certificate Map Entry. |
labels |
Optional. Set of labels associated with a Certificate Map Entry. |
certificates[] |
Optional. A set of Certificates defines for the given Authorization requires the following IAM permission on the specified resource
|
state |
Output only. A serving state of this Certificate Map Entry. |
Union field match . The matcher for this certificate map entry. Required. match can be only one of the following: |
|
hostname |
A Hostname (FQDN, e.g. |
matcher |
A predefined matcher for particular cases, other than SNI selection. |
Matcher
Defines predefined cases other than SNI-hostname match when this configuration should be applied.
Enums | |
---|---|
MATCHER_UNSPECIFIED |
A matcher has't been recognized. |
PRIMARY |
A primary certificate that is served when SNI wasn't specified in the request or SNI couldn't be found in the map. |
CreateCertificateIssuanceConfigRequest
Request for the CreateCertificateIssuanceConfig
method.
Fields | |
---|---|
parent |
Required. The parent resource of the certificate issuance config. Must be in the format Authorization requires the following IAM permission on the specified resource
|
certificate_issuance_config_id |
Required. A user-provided name of the certificate config. |
certificate_issuance_config |
Required. A definition of the certificate issuance config to create. |
CreateCertificateMapEntryRequest
Request for the CreateCertificateMapEntry
method.
Fields | |
---|---|
parent |
Required. The parent resource of the certificate map entry. Must be in the format Authorization requires the following IAM permission on the specified resource
|
certificate_map_entry_id |
Required. A user-provided name of the certificate map entry. |
certificate_map_entry |
Required. A definition of the certificate map entry to create. |
CreateCertificateMapRequest
Request for the CreateCertificateMap
method.
Fields | |
---|---|
parent |
Required. The parent resource of the certificate map. Must be in the format Authorization requires the following IAM permission on the specified resource
|
certificate_map_id |
Required. A user-provided name of the certificate map. |
certificate_map |
Required. A definition of the certificate map to create. |
CreateCertificateRequest
Request for the CreateCertificate
method.
Fields | |
---|---|
parent |
Required. The parent resource of the certificate. Must be in the format Authorization requires the following IAM permission on the specified resource
|
certificate_id |
Required. A user-provided name of the certificate. |
certificate |
Required. A definition of the certificate to create. |
CreateDnsAuthorizationRequest
Request for the CreateDnsAuthorization
method.
Fields | |
---|---|
parent |
Required. The parent resource of the dns authorization. Must be in the format Authorization requires the following IAM permission on the specified resource
|
dns_authorization_id |
Required. A user-provided name of the dns authorization. |
dns_authorization |
Required. A definition of the dns authorization to create. |
CreateTrustConfigRequest
Request for the CreateTrustConfig
method.
Fields | |
---|---|
parent |
Required. The parent resource of the TrustConfig. Must be in the format Authorization requires the following IAM permission on the specified resource
|
trust_config_id |
Required. A user-provided name of the TrustConfig. Must match the regexp |
trust_config |
Required. A definition of the TrustConfig to create. |
DeleteCertificateIssuanceConfigRequest
Request for the DeleteCertificateIssuanceConfig
method.
Fields | |
---|---|
name |
Required. A name of the certificate issuance config to delete. Must be in the format Authorization requires the following IAM permission on the specified resource
|
DeleteCertificateMapEntryRequest
Request for the DeleteCertificateMapEntry
method.
Fields | |
---|---|
name |
Required. A name of the certificate map entry to delete. Must be in the format Authorization requires the following IAM permission on the specified resource
|
DeleteCertificateMapRequest
Request for the DeleteCertificateMap
method.
Fields | |
---|---|
name |
Required. A name of the certificate map to delete. Must be in the format Authorization requires the following IAM permission on the specified resource
|
DeleteCertificateRequest
Request for the DeleteCertificate
method.
Fields | |
---|---|
name |
Required. A name of the certificate to delete. Must be in the format Authorization requires the following IAM permission on the specified resource
|
DeleteDnsAuthorizationRequest
Request for the DeleteDnsAuthorization
method.
Fields | |
---|---|
name |
Required. A name of the dns authorization to delete. Must be in the format Authorization requires the following IAM permission on the specified resource
|
DeleteTrustConfigRequest
Request for the DeleteTrustConfig
method.
Fields | |
---|---|
name |
Required. A name of the TrustConfig to delete. Must be in the format Authorization requires the following IAM permission on the specified resource
|
etag |
Optional. The current etag of the TrustConfig. If an etag is provided and does not match the current etag of the resource, deletion will be blocked and an ABORTED error will be returned. |
DnsAuthorization
A DnsAuthorization resource describes a way to perform domain authorization for certificate issuance.
Fields | |
---|---|
name |
Identifier. A user-defined name of the dns authorization. DnsAuthorization names must be unique globally and match pattern |
create_time |
Output only. The creation timestamp of a DnsAuthorization. |
update_time |
Output only. The last update timestamp of a DnsAuthorization. |
labels |
Optional. Set of labels associated with a DnsAuthorization. |
description |
Optional. One or more paragraphs of text description of a DnsAuthorization. |
domain |
Required. Immutable. A domain that is being authorized. A DnsAuthorization resource covers a single domain and its wildcard, e.g. authorization for |
dns_resource_record |
Output only. DNS Resource Record that needs to be added to DNS configuration. |
type |
Optional. Immutable. Type of DnsAuthorization. If unset during resource creation the following default will be used: - in location |
DnsResourceRecord
The structure describing the DNS Resource Record that needs to be added to DNS configuration for the authorization to be usable by certificate.
Fields | |
---|---|
name |
Output only. Fully qualified name of the DNS Resource Record. e.g. |
type |
Output only. Type of the DNS Resource Record. Currently always set to "CNAME". |
data |
Output only. Data of the DNS Resource Record. |
Type
DnsAuthorization type.
Enums | |
---|---|
TYPE_UNSPECIFIED |
Type is unspecified. |
FIXED_RECORD |
FIXED_RECORD DNS authorization uses DNS-01 validation method. |
PER_PROJECT_RECORD |
PER_PROJECT_RECORD DNS authorization allows for independent management of Google-managed certificates with DNS authorization across multiple projects. |
GetCertificateIssuanceConfigRequest
Request for the GetCertificateIssuanceConfig
method.
Fields | |
---|---|
name |
Required. A name of the certificate issuance config to describe. Must be in the format Authorization requires the following IAM permission on the specified resource
|
GetCertificateMapEntryRequest
Request for the GetCertificateMapEntry
method.
Fields | |
---|---|
name |
Required. A name of the certificate map entry to describe. Must be in the format Authorization requires the following IAM permission on the specified resource
|
GetCertificateMapRequest
Request for the GetCertificateMap
method.
Fields | |
---|---|
name |
Required. A name of the certificate map to describe. Must be in the format Authorization requires the following IAM permission on the specified resource
|
GetCertificateRequest
Request for the GetCertificate
method.
Fields | |
---|---|
name |
Required. A name of the certificate to describe. Must be in the format Authorization requires the following IAM permission on the specified resource
|
GetDnsAuthorizationRequest
Request for the GetDnsAuthorization
method.
Fields | |
---|---|
name |
Required. A name of the dns authorization to describe. Must be in the format Authorization requires the following IAM permission on the specified resource
|
GetTrustConfigRequest
Request for the GetTrustConfig
method.
Fields | |
---|---|
name |
Required. A name of the TrustConfig to describe. Must be in the format Authorization requires the following IAM permission on the specified resource
|
ListCertificateIssuanceConfigsRequest
Request for the ListCertificateIssuanceConfigs
method.
Fields | |
---|---|
parent |
Required. The project and location from which the certificate should be listed, specified in the format Authorization requires the following IAM permission on the specified resource
|
page_size |
Optional. Maximum number of certificate configs to return per call. |
page_token |
Optional. The value returned by the last |
filter |
Optional. Filter expression to restrict the Certificates Configs returned. |
order_by |
Optional. A list of Certificate Config field names used to specify the order of the returned results. The default sorting order is ascending. To specify descending order for a field, add a suffix |
ListCertificateIssuanceConfigsResponse
Response for the ListCertificateIssuanceConfigs
method.
Fields | |
---|---|
certificate_issuance_configs[] |
A list of certificate configs for the parent resource. |
next_page_token |
If there might be more results than those appearing in this response, then |
unreachable[] |
Locations that could not be reached. |
ListCertificateMapEntriesRequest
Request for the ListCertificateMapEntries
method.
Fields | |
---|---|
parent |
Required. The project, location and certificate map from which the certificate map entries should be listed, specified in the format Authorization requires the following IAM permission on the specified resource
|
page_size |
Optional. Maximum number of certificate map entries to return. The service may return fewer than this value. If unspecified, at most 50 certificate map entries will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000. |
page_token |
Optional. The value returned by the last |
filter |
Optional. Filter expression to restrict the returned Certificate Map Entries. |
order_by |
Optional. A list of Certificate Map Entry field names used to specify the order of the returned results. The default sorting order is ascending. To specify descending order for a field, add a suffix |
ListCertificateMapEntriesResponse
Response for the ListCertificateMapEntries
method.
Fields | |
---|---|
certificate_map_entries[] |
A list of certificate map entries for the parent resource. |
next_page_token |
If there might be more results than those appearing in this response, then |
unreachable[] |
Locations that could not be reached. |
ListCertificateMapsRequest
Request for the ListCertificateMaps
method.
Fields | |
---|---|
parent |
Required. The project and location from which the certificate maps should be listed, specified in the format Authorization requires the following IAM permission on the specified resource
|
page_size |
Optional. Maximum number of certificate maps to return per call. |
page_token |
Optional. The value returned by the last |
filter |
Optional. Filter expression to restrict the Certificates Maps returned. |
order_by |
Optional. A list of Certificate Map field names used to specify the order of the returned results. The default sorting order is ascending. To specify descending order for a field, add a suffix |
ListCertificateMapsResponse
Response for the ListCertificateMaps
method.
Fields | |
---|---|
certificate_maps[] |
A list of certificate maps for the parent resource. |
next_page_token |
If there might be more results than those appearing in this response, then |
unreachable[] |
Locations that could not be reached. |
ListCertificatesRequest
Request for the ListCertificates
method.
Fields | |
---|---|
parent |
Required. The project and location from which the certificate should be listed, specified in the format Authorization requires the following IAM permission on the specified resource
|
page_size |
Optional. Maximum number of certificates to return per call. |
page_token |
Optional. The value returned by the last |
filter |
Optional. Filter expression to restrict the Certificates returned. |
order_by |
Optional. A list of Certificate field names used to specify the order of the returned results. The default sorting order is ascending. To specify descending order for a field, add a suffix |
ListCertificatesResponse
Response for the ListCertificates
method.
Fields | |
---|---|
certificates[] |
A list of certificates for the parent resource. |
next_page_token |
If there might be more results than those appearing in this response, then |
unreachable[] |
A list of locations that could not be reached. |
ListDnsAuthorizationsRequest
Request for the ListDnsAuthorizations
method.
Fields | |
---|---|
parent |
Required. The project and location from which the dns authorizations should be listed, specified in the format Authorization requires the following IAM permission on the specified resource
|
page_size |
Optional. Maximum number of dns authorizations to return per call. |
page_token |
Optional. The value returned by the last |
filter |
Optional. Filter expression to restrict the Dns Authorizations returned. |
order_by |
Optional. A list of Dns Authorization field names used to specify the order of the returned results. The default sorting order is ascending. To specify descending order for a field, add a suffix |
ListDnsAuthorizationsResponse
Response for the ListDnsAuthorizations
method.
Fields | |
---|---|
dns_authorizations[] |
A list of dns authorizations for the parent resource. |
next_page_token |
If there might be more results than those appearing in this response, then |
unreachable[] |
Locations that could not be reached. |
ListTrustConfigsRequest
Request for the ListTrustConfigs
method.
Fields | |
---|---|
parent |
Required. The project and location from which the TrustConfigs should be listed, specified in the format Authorization requires the following IAM permission on the specified resource
|
page_size |
Optional. Maximum number of TrustConfigs to return per call. |
page_token |
Optional. The value returned by the last |
filter |
Optional. Filter expression to restrict the TrustConfigs returned. |
order_by |
Optional. A list of TrustConfig field names used to specify the order of the returned results. The default sorting order is ascending. To specify descending order for a field, add a suffix |
ListTrustConfigsResponse
Response for the ListTrustConfigs
method.
Fields | |
---|---|
trust_configs[] |
A list of TrustConfigs for the parent resource. |
next_page_token |
If there might be more results than those appearing in this response, then |
unreachable[] |
Locations that could not be reached. |
OperationMetadata
Represents the metadata of the long-running operation. Output only.
Fields | |
---|---|
create_time |
The time the operation was created. |
end_time |
The time the operation finished running. |
target |
Server-defined resource path for the target of the operation. |
verb |
Name of the verb executed by the operation. |
status_message |
Human-readable status of the operation, if any. |
requested_cancellation |
Identifies whether the user has requested cancellation of the operation. Operations that have successfully been cancelled have [Operation.error][] value with a |
api_version |
API version used to start the operation. |
ServingState
Defines set of serving states associated with a resource.
Enums | |
---|---|
SERVING_STATE_UNSPECIFIED |
The status is undefined. |
ACTIVE |
The configuration is serving. |
PENDING |
Update is in progress. Some frontends may serve this configuration. |
TrustConfig
Defines a trust config.
Fields | |
---|---|
name |
Identifier. A user-defined name of the trust config. TrustConfig names must be unique globally and match pattern |
create_time |
Output only. The creation timestamp of a TrustConfig. |
update_time |
Output only. The last update timestamp of a TrustConfig. |
labels |
Optional. Set of labels associated with a TrustConfig. |
description |
Optional. One or more paragraphs of text description of a TrustConfig. |
etag |
This checksum is computed by the server based on the value of other fields, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding. |
trust_stores[] |
Optional. Set of trust stores to perform validation against. This field is supported when TrustConfig is configured with Load Balancers, currently not supported for SPIFFE certificate validation. Only one TrustStore specified is currently allowed. |
allowlisted_certificates[] |
Optional. A certificate matching an allowlisted certificate is always considered valid as long as the certificate is parseable, proof of private key possession is established, and constraints on the certificate's SAN field are met. |
AllowlistedCertificate
Defines an allowlisted certificate.
Fields | |
---|---|
pem_certificate |
Required. PEM certificate that is allowlisted. The certificate can be up to 5k bytes, and must be a parseable X.509 certificate. |
IntermediateCA
Defines an intermediate CA.
Fields | |
---|---|
Union field kind . Kind of the intermediate CA. Required. kind can be only one of the following: |
|
pem_certificate |
PEM intermediate certificate used for building up paths for validation. Each certificate provided in PEM format may occupy up to 5kB. |
TrustAnchor
Defines a trust anchor.
Fields | |
---|---|
Union field kind . Kind of the trust anchor. Required. kind can be only one of the following: |
|
pem_certificate |
PEM root certificate of the PKI used for validation. Each certificate provided in PEM format may occupy up to 5kB. |
TrustStore
Defines a trust store.
Fields | |
---|---|
trust_anchors[] |
Optional. List of Trust Anchors to be used while performing validation against a given TrustStore. |
intermediate_cas[] |
Optional. Set of intermediate CA certificates used for the path building phase of chain validation. The field is currently not supported if TrustConfig is used for the workload certificate feature. |
UpdateCertificateIssuanceConfigRequest
Request for the UpdateCertificateIssuanceConfig
method.
Fields | |
---|---|
certificate_issuance_config |
Required. A definition of the certificate issuance config to update. Authorization requires the following IAM permission on the specified resource
|
update_mask |
Required. The update mask applies to the resource. For the |
UpdateCertificateMapEntryRequest
Request for the UpdateCertificateMapEntry
method.
Fields | |
---|---|
certificate_map_entry |
Required. A definition of the certificate map entry to create map entry. Authorization requires the following IAM permission on the specified resource
|
update_mask |
Required. The update mask applies to the resource. For the |
UpdateCertificateMapRequest
Request for the UpdateCertificateMap
method.
Fields | |
---|---|
certificate_map |
Required. A definition of the certificate map to update. Authorization requires the following IAM permission on the specified resource
|
update_mask |
Required. The update mask applies to the resource. For the |
UpdateCertificateRequest
Request for the UpdateCertificate
method.
Fields | |
---|---|
certificate |
Required. A definition of the certificate to update. Authorization requires the following IAM permission on the specified resource
|
update_mask |
Required. The update mask applies to the resource. For the |
UpdateDnsAuthorizationRequest
Request for the UpdateDnsAuthorization
method.
Fields | |
---|---|
dns_authorization |
Required. A definition of the dns authorization to update. Authorization requires the following IAM permission on the specified resource
|
update_mask |
Required. The update mask applies to the resource. For the |
UpdateTrustConfigRequest
Request for the UpdateTrustConfig
method.
Fields | |
---|---|
trust_config |
Required. A definition of the TrustConfig to update. Authorization requires the following IAM permission on the specified resource
|
update_mask |
Required. The update mask applies to the resource. For the |