Google Certificate Authority Service V1beta1 Client - Class CertificateAuthorityServiceClient (1.7.3)

Reference documentation and code samples for the Google Certificate Authority Service V1beta1 Client class CertificateAuthorityServiceClient.

Service Description: Certificate Authority Service manages private certificate authorities and issued certificates.

This class provides the ability to make remote calls to the backing service through method calls that map to API methods. Sample code to get started:

$certificateAuthorityServiceClient = new CertificateAuthorityServiceClient();
try {
    $formattedName = $certificateAuthorityServiceClient->certificateAuthorityName('[PROJECT]', '[LOCATION]', '[CERTIFICATE_AUTHORITY]');
    $pemCaCertificate = 'pem_ca_certificate';
    $subordinateConfig = new SubordinateConfig();
    $operationResponse = $certificateAuthorityServiceClient->activateCertificateAuthority($formattedName, $pemCaCertificate, $subordinateConfig);
    $operationResponse->pollUntilComplete();
    if ($operationResponse->operationSucceeded()) {
        $result = $operationResponse->getResult();
        // doSomethingWith($result)
    } else {
        $error = $operationResponse->getError();
        // handleError($error)
    }
    // Alternatively:
    // start the operation, keep the operation name, and resume later
    $operationResponse = $certificateAuthorityServiceClient->activateCertificateAuthority($formattedName, $pemCaCertificate, $subordinateConfig);
    $operationName = $operationResponse->getName();
    // ... do other work
    $newOperationResponse = $certificateAuthorityServiceClient->resumeOperation($operationName, 'activateCertificateAuthority');
    while (!$newOperationResponse->isDone()) {
        // ... do other work
        $newOperationResponse->reload();
    }
    if ($newOperationResponse->operationSucceeded()) {
        $result = $newOperationResponse->getResult();
        // doSomethingWith($result)
    } else {
        $error = $newOperationResponse->getError();
        // handleError($error)
    }
} finally {
    $certificateAuthorityServiceClient->close();
}

Many parameters require resource names to be formatted in a particular way. To assist with these names, this class includes a format method for each type of name, and additionally a parseName method to extract the individual identifiers contained within formatted names that are returned by the API.

Namespace

Google \ Cloud \ Security \ PrivateCA \ V1beta1

Methods

__construct

Constructor.

Parameters
Name Description
options array

Optional. Options for configuring the service API wrapper.

↳ apiEndpoint string

The address of the API remote host. May optionally include the port, formatted as "

↳ credentials string|array|FetchAuthTokenInterface|CredentialsWrapper

The credentials to be used by the client to authorize API calls. This option accepts either a path to a credentials file, or a decoded credentials file as a PHP array. Advanced usage: In addition, this option can also accept a pre-constructed Google\Auth\FetchAuthTokenInterface object or Google\ApiCore\CredentialsWrapper object. Note that when one of these objects are provided, any settings in $credentialsConfig will be ignored.

↳ credentialsConfig array

Options used to configure credentials, including auth token caching, for the client. For a full list of supporting configuration options, see Google\ApiCore\CredentialsWrapper::build() .

↳ disableRetries bool

Determines whether or not retries defined by the client configuration should be disabled. Defaults to false.

↳ clientConfig string|array

Client method configuration, including retry settings. This option can be either a path to a JSON file, or a PHP array containing the decoded JSON data. By default this settings points to the default client config file, which is provided in the resources folder.

↳ transport string|TransportInterface

The transport used for executing network requests. May be either the string rest or grpc. Defaults to grpc if gRPC support is detected on the system. Advanced usage: Additionally, it is possible to pass in an already instantiated Google\ApiCore\Transport\TransportInterface object. Note that when this object is provided, any settings in $transportConfig, and any $apiEndpoint setting, will be ignored.

↳ transportConfig array

Configuration options that will be used to construct the transport. Options for each supported transport type should be passed in a key for that transport. For example: $transportConfig = [ 'grpc' => [...], 'rest' => [...], ]; See the Google\ApiCore\Transport\GrpcTransport::build() and Google\ApiCore\Transport\RestTransport::build() methods for the supported options.

↳ clientCertSource callable

A callable which returns the client cert as a string. This can be used to provide a certificate and private key to the transport layer for mTLS.

activateCertificateAuthority

Activate a CertificateAuthority that is in state PENDING_ACTIVATION and is of type SUBORDINATE. After the parent Certificate Authority signs a certificate signing request from FetchCertificateAuthorityCsr, this method can complete the activation process.

Parameters
Name Description
name string

Required. The resource name for this CertificateAuthority in the format projects/*/locations/*/certificateAuthorities/*.

pemCaCertificate string

Required. The signed CA certificate issued from FetchCertificateAuthorityCsrResponse.pem_csr.

subordinateConfig Google\Cloud\Security\PrivateCA\V1beta1\SubordinateConfig

Required. Must include information about the issuer of 'pem_ca_certificate', and any further issuers until the self-signed CA.

optionalArgs array

Optional.

↳ requestId string

Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and t he request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
Type Description
Google\ApiCore\OperationResponse
Example
use Google\ApiCore\ApiException;
use Google\ApiCore\OperationResponse;
use Google\Cloud\Security\PrivateCA\V1beta1\CertificateAuthority;
use Google\Cloud\Security\PrivateCA\V1beta1\CertificateAuthorityServiceClient;
use Google\Cloud\Security\PrivateCA\V1beta1\SubordinateConfig;
use Google\Rpc\Status;

/**
 * @param string $formattedName                         The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority] in the
 *                                                      format `projects/*/locations/*/certificateAuthorities/*`. Please see
 *                                                      {@see CertificateAuthorityServiceClient::certificateAuthorityName()} for help formatting this field.
 * @param string $pemCaCertificate                      The signed CA certificate issued from
 *                                                      [FetchCertificateAuthorityCsrResponse.pem_csr][google.cloud.security.privateca.v1beta1.FetchCertificateAuthorityCsrResponse.pem_csr].
 * @param string $subordinateConfigCertificateAuthority This can refer to a [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority] in the same project that
 *                                                      was used to create a subordinate [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority]. This field
 *                                                      is used for information and usability purposes only. The resource name
 *                                                      is in the format `projects/*/locations/*/certificateAuthorities/*`.
 */
function activate_certificate_authority_sample(
    string $formattedName,
    string $pemCaCertificate,
    string $subordinateConfigCertificateAuthority
): void {
    // Create a client.
    $certificateAuthorityServiceClient = new CertificateAuthorityServiceClient();

    // Prepare any non-scalar elements to be passed along with the request.
    $subordinateConfig = (new SubordinateConfig())
        ->setCertificateAuthority($subordinateConfigCertificateAuthority);

    // Call the API and handle any network failures.
    try {
        /** @var OperationResponse $response */
        $response = $certificateAuthorityServiceClient->activateCertificateAuthority(
            $formattedName,
            $pemCaCertificate,
            $subordinateConfig
        );
        $response->pollUntilComplete();

        if ($response->operationSucceeded()) {
            /** @var CertificateAuthority $result */
            $result = $response->getResult();
            printf('Operation successful with response data: %s' . PHP_EOL, $result->serializeToJsonString());
        } else {
            /** @var Status $error */
            $error = $response->getError();
            printf('Operation failed with error data: %s' . PHP_EOL, $error->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * Helper to execute the sample.
 *
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedName = CertificateAuthorityServiceClient::certificateAuthorityName(
        '[PROJECT]',
        '[LOCATION]',
        '[CERTIFICATE_AUTHORITY]'
    );
    $pemCaCertificate = '[PEM_CA_CERTIFICATE]';
    $subordinateConfigCertificateAuthority = '[CERTIFICATE_AUTHORITY]';

    activate_certificate_authority_sample(
        $formattedName,
        $pemCaCertificate,
        $subordinateConfigCertificateAuthority
    );
}

createCertificate

Create a new Certificate in a given Project, Location from a particular CertificateAuthority.

Parameters
Name Description
parent string

Required. The resource name of the location and CertificateAuthority associated with the Certificate, in the format projects/*/locations/*/certificateAuthorities/*.

certificate Google\Cloud\Security\PrivateCA\V1beta1\Certificate

Required. A Certificate with initial field values.

optionalArgs array

Optional.

↳ certificateId string

Optional. It must be unique within a location and match the regular expression [a-zA-Z0-9_-]{1,63}. This field is required when using a CertificateAuthority in the Enterprise CertificateAuthority.Tier, but is optional and its value is ignored otherwise.

↳ requestId string

Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and t he request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
Type Description
Google\Cloud\Security\PrivateCA\V1beta1\Certificate
Example
use Google\ApiCore\ApiException;
use Google\Cloud\Security\PrivateCA\V1beta1\Certificate;
use Google\Cloud\Security\PrivateCA\V1beta1\CertificateAuthorityServiceClient;
use Google\Protobuf\Duration;

/**
 * @param string $formattedParent The resource name of the location and [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority]
 *                                associated with the [Certificate][google.cloud.security.privateca.v1beta1.Certificate], in the format
 *                                `projects/*/locations/*/certificateAuthorities/*`. Please see
 *                                {@see CertificateAuthorityServiceClient::certificateAuthorityName()} for help formatting this field.
 */
function create_certificate_sample(string $formattedParent): void
{
    // Create a client.
    $certificateAuthorityServiceClient = new CertificateAuthorityServiceClient();

    // Prepare any non-scalar elements to be passed along with the request.
    $certificateLifetime = new Duration();
    $certificate = (new Certificate())
        ->setLifetime($certificateLifetime);

    // Call the API and handle any network failures.
    try {
        /** @var Certificate $response */
        $response = $certificateAuthorityServiceClient->createCertificate($formattedParent, $certificate);
        printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * Helper to execute the sample.
 *
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedParent = CertificateAuthorityServiceClient::certificateAuthorityName(
        '[PROJECT]',
        '[LOCATION]',
        '[CERTIFICATE_AUTHORITY]'
    );

    create_certificate_sample($formattedParent);
}

createCertificateAuthority

Create a new CertificateAuthority in a given Project and Location.

Parameters
Name Description
parent string

Required. The resource name of the location associated with the CertificateAuthorities, in the format projects/*/locations/*.

certificateAuthorityId string

Required. It must be unique within a location and match the regular expression [a-zA-Z0-9_-]{1,63}

certificateAuthority Google\Cloud\Security\PrivateCA\V1beta1\CertificateAuthority

Required. A CertificateAuthority with initial field values.

optionalArgs array

Optional.

↳ requestId string

Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and t he request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
Type Description
Google\ApiCore\OperationResponse
Example
use Google\ApiCore\ApiException;
use Google\ApiCore\OperationResponse;
use Google\Cloud\Security\PrivateCA\V1beta1\CertificateAuthority;
use Google\Cloud\Security\PrivateCA\V1beta1\CertificateAuthorityServiceClient;
use Google\Cloud\Security\PrivateCA\V1beta1\CertificateAuthority\KeyVersionSpec;
use Google\Cloud\Security\PrivateCA\V1beta1\CertificateAuthority\Tier;
use Google\Cloud\Security\PrivateCA\V1beta1\CertificateAuthority\Type;
use Google\Cloud\Security\PrivateCA\V1beta1\CertificateConfig;
use Google\Cloud\Security\PrivateCA\V1beta1\CertificateConfig\SubjectConfig;
use Google\Cloud\Security\PrivateCA\V1beta1\ReusableConfigWrapper;
use Google\Cloud\Security\PrivateCA\V1beta1\Subject;
use Google\Protobuf\Duration;
use Google\Rpc\Status;

/**
 * @param string $formattedParent                                        The resource name of the location associated with the
 *                                                                       [CertificateAuthorities][google.cloud.security.privateca.v1beta1.CertificateAuthority], in the format
 *                                                                       `projects/*/locations/*`. Please see
 *                                                                       {@see CertificateAuthorityServiceClient::locationName()} for help formatting this field.
 * @param string $certificateAuthorityId                                 It must be unique within a location and match the regular
 *                                                                       expression `[a-zA-Z0-9_-]{1,63}`
 * @param int    $certificateAuthorityType                               Immutable. The [Type][google.cloud.security.privateca.v1beta1.CertificateAuthority.Type] of this [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority].
 * @param int    $certificateAuthorityTier                               Immutable. The [Tier][google.cloud.security.privateca.v1beta1.CertificateAuthority.Tier] of this [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority].
 * @param string $certificateAuthorityConfigReusableConfigReusableConfig A resource path to a [ReusableConfig][google.cloud.security.privateca.v1beta1.ReusableConfig] in the format
 *                                                                       `projects/*/locations/*/reusableConfigs/*`.
 * @param string $certificateAuthorityKeySpecCloudKmsKeyVersion          The resource name for an existing Cloud KMS CryptoKeyVersion in the
 *                                                                       format
 *                                                                       `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.
 *                                                                       This option enables full flexibility in the key's capabilities and
 *                                                                       properties.
 */
function create_certificate_authority_sample(
    string $formattedParent,
    string $certificateAuthorityId,
    int $certificateAuthorityType,
    int $certificateAuthorityTier,
    string $certificateAuthorityConfigReusableConfigReusableConfig,
    string $certificateAuthorityKeySpecCloudKmsKeyVersion
): void {
    // Create a client.
    $certificateAuthorityServiceClient = new CertificateAuthorityServiceClient();

    // Prepare any non-scalar elements to be passed along with the request.
    $certificateAuthorityConfigSubjectConfigSubject = new Subject();
    $certificateAuthorityConfigSubjectConfig = (new SubjectConfig())
        ->setSubject($certificateAuthorityConfigSubjectConfigSubject);
    $certificateAuthorityConfigReusableConfig = (new ReusableConfigWrapper())
        ->setReusableConfig($certificateAuthorityConfigReusableConfigReusableConfig);
    $certificateAuthorityConfig = (new CertificateConfig())
        ->setSubjectConfig($certificateAuthorityConfigSubjectConfig)
        ->setReusableConfig($certificateAuthorityConfigReusableConfig);
    $certificateAuthorityLifetime = new Duration();
    $certificateAuthorityKeySpec = (new KeyVersionSpec())
        ->setCloudKmsKeyVersion($certificateAuthorityKeySpecCloudKmsKeyVersion);
    $certificateAuthority = (new CertificateAuthority())
        ->setType($certificateAuthorityType)
        ->setTier($certificateAuthorityTier)
        ->setConfig($certificateAuthorityConfig)
        ->setLifetime($certificateAuthorityLifetime)
        ->setKeySpec($certificateAuthorityKeySpec);

    // Call the API and handle any network failures.
    try {
        /** @var OperationResponse $response */
        $response = $certificateAuthorityServiceClient->createCertificateAuthority(
            $formattedParent,
            $certificateAuthorityId,
            $certificateAuthority
        );
        $response->pollUntilComplete();

        if ($response->operationSucceeded()) {
            /** @var CertificateAuthority $result */
            $result = $response->getResult();
            printf('Operation successful with response data: %s' . PHP_EOL, $result->serializeToJsonString());
        } else {
            /** @var Status $error */
            $error = $response->getError();
            printf('Operation failed with error data: %s' . PHP_EOL, $error->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * Helper to execute the sample.
 *
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedParent = CertificateAuthorityServiceClient::locationName('[PROJECT]', '[LOCATION]');
    $certificateAuthorityId = '[CERTIFICATE_AUTHORITY_ID]';
    $certificateAuthorityType = Type::TYPE_UNSPECIFIED;
    $certificateAuthorityTier = Tier::TIER_UNSPECIFIED;
    $certificateAuthorityConfigReusableConfigReusableConfig = '[REUSABLE_CONFIG]';
    $certificateAuthorityKeySpecCloudKmsKeyVersion = '[CLOUD_KMS_KEY_VERSION]';

    create_certificate_authority_sample(
        $formattedParent,
        $certificateAuthorityId,
        $certificateAuthorityType,
        $certificateAuthorityTier,
        $certificateAuthorityConfigReusableConfigReusableConfig,
        $certificateAuthorityKeySpecCloudKmsKeyVersion
    );
}

disableCertificateAuthority

Parameters
Name Description
name string

Required. The resource name for this CertificateAuthority in the format projects/*/locations/*/certificateAuthorities/*.

optionalArgs array

Optional.

↳ requestId string

Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and t he request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
Type Description
Google\ApiCore\OperationResponse
Example
use Google\ApiCore\ApiException;
use Google\ApiCore\OperationResponse;
use Google\Cloud\Security\PrivateCA\V1beta1\CertificateAuthority;
use Google\Cloud\Security\PrivateCA\V1beta1\CertificateAuthorityServiceClient;
use Google\Rpc\Status;

/**
 * @param string $formattedName The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority] in the
 *                              format `projects/*/locations/*/certificateAuthorities/*`. Please see
 *                              {@see CertificateAuthorityServiceClient::certificateAuthorityName()} for help formatting this field.
 */
function disable_certificate_authority_sample(string $formattedName): void
{
    // Create a client.
    $certificateAuthorityServiceClient = new CertificateAuthorityServiceClient();

    // Call the API and handle any network failures.
    try {
        /** @var OperationResponse $response */
        $response = $certificateAuthorityServiceClient->disableCertificateAuthority($formattedName);
        $response->pollUntilComplete();

        if ($response->operationSucceeded()) {
            /** @var CertificateAuthority $result */
            $result = $response->getResult();
            printf('Operation successful with response data: %s' . PHP_EOL, $result->serializeToJsonString());
        } else {
            /** @var Status $error */
            $error = $response->getError();
            printf('Operation failed with error data: %s' . PHP_EOL, $error->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * Helper to execute the sample.
 *
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedName = CertificateAuthorityServiceClient::certificateAuthorityName(
        '[PROJECT]',
        '[LOCATION]',
        '[CERTIFICATE_AUTHORITY]'
    );

    disable_certificate_authority_sample($formattedName);
}

enableCertificateAuthority

Parameters
Name Description
name string

Required. The resource name for this CertificateAuthority in the format projects/*/locations/*/certificateAuthorities/*.

optionalArgs array

Optional.

↳ requestId string

Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and t he request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
Type Description
Google\ApiCore\OperationResponse
Example
use Google\ApiCore\ApiException;
use Google\ApiCore\OperationResponse;
use Google\Cloud\Security\PrivateCA\V1beta1\CertificateAuthority;
use Google\Cloud\Security\PrivateCA\V1beta1\CertificateAuthorityServiceClient;
use Google\Rpc\Status;

/**
 * @param string $formattedName The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority] in the
 *                              format `projects/*/locations/*/certificateAuthorities/*`. Please see
 *                              {@see CertificateAuthorityServiceClient::certificateAuthorityName()} for help formatting this field.
 */
function enable_certificate_authority_sample(string $formattedName): void
{
    // Create a client.
    $certificateAuthorityServiceClient = new CertificateAuthorityServiceClient();

    // Call the API and handle any network failures.
    try {
        /** @var OperationResponse $response */
        $response = $certificateAuthorityServiceClient->enableCertificateAuthority($formattedName);
        $response->pollUntilComplete();

        if ($response->operationSucceeded()) {
            /** @var CertificateAuthority $result */
            $result = $response->getResult();
            printf('Operation successful with response data: %s' . PHP_EOL, $result->serializeToJsonString());
        } else {
            /** @var Status $error */
            $error = $response->getError();
            printf('Operation failed with error data: %s' . PHP_EOL, $error->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * Helper to execute the sample.
 *
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedName = CertificateAuthorityServiceClient::certificateAuthorityName(
        '[PROJECT]',
        '[LOCATION]',
        '[CERTIFICATE_AUTHORITY]'
    );

    enable_certificate_authority_sample($formattedName);
}

fetchCertificateAuthorityCsr

Fetch a certificate signing request (CSR) from a CertificateAuthority that is in state PENDING_ACTIVATION and is of type SUBORDINATE. The CSR must then be signed by the desired parent Certificate Authority, which could be another CertificateAuthority resource, or could be an on-prem certificate authority. See also ActivateCertificateAuthority.

Parameters
Name Description
name string

Required. The resource name for this CertificateAuthority in the format projects/*/locations/*/certificateAuthorities/*.

optionalArgs array

Optional.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
Type Description
Google\Cloud\Security\PrivateCA\V1beta1\FetchCertificateAuthorityCsrResponse
Example
use Google\ApiCore\ApiException;
use Google\Cloud\Security\PrivateCA\V1beta1\CertificateAuthorityServiceClient;
use Google\Cloud\Security\PrivateCA\V1beta1\FetchCertificateAuthorityCsrResponse;

/**
 * @param string $formattedName The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority] in the
 *                              format `projects/*/locations/*/certificateAuthorities/*`. Please see
 *                              {@see CertificateAuthorityServiceClient::certificateAuthorityName()} for help formatting this field.
 */
function fetch_certificate_authority_csr_sample(string $formattedName): void
{
    // Create a client.
    $certificateAuthorityServiceClient = new CertificateAuthorityServiceClient();

    // Call the API and handle any network failures.
    try {
        /** @var FetchCertificateAuthorityCsrResponse $response */
        $response = $certificateAuthorityServiceClient->fetchCertificateAuthorityCsr($formattedName);
        printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * Helper to execute the sample.
 *
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedName = CertificateAuthorityServiceClient::certificateAuthorityName(
        '[PROJECT]',
        '[LOCATION]',
        '[CERTIFICATE_AUTHORITY]'
    );

    fetch_certificate_authority_csr_sample($formattedName);
}

getCertificate

Returns a Certificate.

Parameters
Name Description
name string

Required. The name of the Certificate to get.

optionalArgs array

Optional.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
Type Description
Google\Cloud\Security\PrivateCA\V1beta1\Certificate
Example
use Google\ApiCore\ApiException;
use Google\Cloud\Security\PrivateCA\V1beta1\Certificate;
use Google\Cloud\Security\PrivateCA\V1beta1\CertificateAuthorityServiceClient;

/**
 * @param string $formattedName The [name][google.cloud.security.privateca.v1beta1.Certificate.name] of the [Certificate][google.cloud.security.privateca.v1beta1.Certificate] to get. Please see
 *                              {@see CertificateAuthorityServiceClient::certificateName()} for help formatting this field.
 */
function get_certificate_sample(string $formattedName): void
{
    // Create a client.
    $certificateAuthorityServiceClient = new CertificateAuthorityServiceClient();

    // Call the API and handle any network failures.
    try {
        /** @var Certificate $response */
        $response = $certificateAuthorityServiceClient->getCertificate($formattedName);
        printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * Helper to execute the sample.
 *
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedName = CertificateAuthorityServiceClient::certificateName(
        '[PROJECT]',
        '[LOCATION]',
        '[CERTIFICATE_AUTHORITY]',
        '[CERTIFICATE]'
    );

    get_certificate_sample($formattedName);
}

getCertificateAuthority

Parameters
Name Description
name string

Required. The name of the CertificateAuthority to get.

optionalArgs array

Optional.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
Type Description
Google\Cloud\Security\PrivateCA\V1beta1\CertificateAuthority
Example
use Google\ApiCore\ApiException;
use Google\Cloud\Security\PrivateCA\V1beta1\CertificateAuthority;
use Google\Cloud\Security\PrivateCA\V1beta1\CertificateAuthorityServiceClient;

/**
 * @param string $formattedName The [name][google.cloud.security.privateca.v1beta1.CertificateAuthority.name] of the [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority] to
 *                              get. Please see
 *                              {@see CertificateAuthorityServiceClient::certificateAuthorityName()} for help formatting this field.
 */
function get_certificate_authority_sample(string $formattedName): void
{
    // Create a client.
    $certificateAuthorityServiceClient = new CertificateAuthorityServiceClient();

    // Call the API and handle any network failures.
    try {
        /** @var CertificateAuthority $response */
        $response = $certificateAuthorityServiceClient->getCertificateAuthority($formattedName);
        printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * Helper to execute the sample.
 *
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedName = CertificateAuthorityServiceClient::certificateAuthorityName(
        '[PROJECT]',
        '[LOCATION]',
        '[CERTIFICATE_AUTHORITY]'
    );

    get_certificate_authority_sample($formattedName);
}

getCertificateRevocationList

Parameters
Name Description
name string

Required. The name of the CertificateRevocationList to get.

optionalArgs array

Optional.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
Type Description
Google\Cloud\Security\PrivateCA\V1beta1\CertificateRevocationList
Example
use Google\ApiCore\ApiException;
use Google\Cloud\Security\PrivateCA\V1beta1\CertificateAuthorityServiceClient;
use Google\Cloud\Security\PrivateCA\V1beta1\CertificateRevocationList;

/**
 * @param string $formattedName The [name][google.cloud.security.privateca.v1beta1.CertificateRevocationList.name] of the
 *                              [CertificateRevocationList][google.cloud.security.privateca.v1beta1.CertificateRevocationList] to get. Please see
 *                              {@see CertificateAuthorityServiceClient::certificateRevocationListName()} for help formatting this field.
 */
function get_certificate_revocation_list_sample(string $formattedName): void
{
    // Create a client.
    $certificateAuthorityServiceClient = new CertificateAuthorityServiceClient();

    // Call the API and handle any network failures.
    try {
        /** @var CertificateRevocationList $response */
        $response = $certificateAuthorityServiceClient->getCertificateRevocationList($formattedName);
        printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * Helper to execute the sample.
 *
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedName = CertificateAuthorityServiceClient::certificateRevocationListName(
        '[PROJECT]',
        '[LOCATION]',
        '[CERTIFICATE_AUTHORITY]',
        '[CERTIFICATE_REVOCATION_LIST]'
    );

    get_certificate_revocation_list_sample($formattedName);
}

getReusableConfig

Returns a ReusableConfig.

Parameters
Name Description
name string

Required. The name of the ReusableConfigs to get.

optionalArgs array

Optional.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
Type Description
Google\Cloud\Security\PrivateCA\V1beta1\ReusableConfig
Example
use Google\ApiCore\ApiException;
use Google\Cloud\Security\PrivateCA\V1beta1\CertificateAuthorityServiceClient;
use Google\Cloud\Security\PrivateCA\V1beta1\ReusableConfig;

/**
 * @param string $formattedName The [name][ReusableConfigs.name] of the [ReusableConfigs][] to get. Please see
 *                              {@see CertificateAuthorityServiceClient::reusableConfigName()} for help formatting this field.
 */
function get_reusable_config_sample(string $formattedName): void
{
    // Create a client.
    $certificateAuthorityServiceClient = new CertificateAuthorityServiceClient();

    // Call the API and handle any network failures.
    try {
        /** @var ReusableConfig $response */
        $response = $certificateAuthorityServiceClient->getReusableConfig($formattedName);
        printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * Helper to execute the sample.
 *
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedName = CertificateAuthorityServiceClient::reusableConfigName(
        '[PROJECT]',
        '[LOCATION]',
        '[REUSABLE_CONFIG]'
    );

    get_reusable_config_sample($formattedName);
}

listCertificateAuthorities

Parameters
Name Description
parent string

Required. The resource name of the location associated with the CertificateAuthorities, in the format projects/*/locations/*.

optionalArgs array

Optional.

↳ pageSize int

The maximum number of resources contained in the underlying API response. The API may return fewer values in a page, even if there are additional values to be retrieved.

↳ pageToken string

A page token is used to specify a page of values to be returned. If no page token is specified (the default), the first page of values will be returned. Any page token used here must have been generated by a previous call to the API.

↳ filter string

Optional. Only include resources that match the filter in the response.

↳ orderBy string

Optional. Specify how the results should be sorted.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
Type Description
Google\ApiCore\PagedListResponse
Example
use Google\ApiCore\ApiException;
use Google\ApiCore\PagedListResponse;
use Google\Cloud\Security\PrivateCA\V1beta1\CertificateAuthority;
use Google\Cloud\Security\PrivateCA\V1beta1\CertificateAuthorityServiceClient;

/**
 * @param string $formattedParent The resource name of the location associated with the
 *                                [CertificateAuthorities][google.cloud.security.privateca.v1beta1.CertificateAuthority], in the format
 *                                `projects/*/locations/*`. Please see
 *                                {@see CertificateAuthorityServiceClient::locationName()} for help formatting this field.
 */
function list_certificate_authorities_sample(string $formattedParent): void
{
    // Create a client.
    $certificateAuthorityServiceClient = new CertificateAuthorityServiceClient();

    // Call the API and handle any network failures.
    try {
        /** @var PagedListResponse $response */
        $response = $certificateAuthorityServiceClient->listCertificateAuthorities($formattedParent);

        /** @var CertificateAuthority $element */
        foreach ($response as $element) {
            printf('Element data: %s' . PHP_EOL, $element->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * Helper to execute the sample.
 *
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedParent = CertificateAuthorityServiceClient::locationName('[PROJECT]', '[LOCATION]');

    list_certificate_authorities_sample($formattedParent);
}

listCertificateRevocationLists

Parameters
Name Description
parent string

Required. The resource name of the location associated with the CertificateRevocationLists, in the format projects/*/locations/*/certificateauthorities/*.

optionalArgs array

Optional.

↳ pageSize int

The maximum number of resources contained in the underlying API response. The API may return fewer values in a page, even if there are additional values to be retrieved.

↳ pageToken string

A page token is used to specify a page of values to be returned. If no page token is specified (the default), the first page of values will be returned. Any page token used here must have been generated by a previous call to the API.

↳ filter string

Optional. Only include resources that match the filter in the response.

↳ orderBy string

Optional. Specify how the results should be sorted.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
Type Description
Google\ApiCore\PagedListResponse
Example
use Google\ApiCore\ApiException;
use Google\ApiCore\PagedListResponse;
use Google\Cloud\Security\PrivateCA\V1beta1\CertificateAuthorityServiceClient;
use Google\Cloud\Security\PrivateCA\V1beta1\CertificateRevocationList;

/**
 * @param string $formattedParent The resource name of the location associated with the
 *                                [CertificateRevocationLists][google.cloud.security.privateca.v1beta1.CertificateRevocationList], in the format
 *                                `projects/*/locations/*/certificateauthorities/*`. Please see
 *                                {@see CertificateAuthorityServiceClient::certificateAuthorityName()} for help formatting this field.
 */
function list_certificate_revocation_lists_sample(string $formattedParent): void
{
    // Create a client.
    $certificateAuthorityServiceClient = new CertificateAuthorityServiceClient();

    // Call the API and handle any network failures.
    try {
        /** @var PagedListResponse $response */
        $response = $certificateAuthorityServiceClient->listCertificateRevocationLists($formattedParent);

        /** @var CertificateRevocationList $element */
        foreach ($response as $element) {
            printf('Element data: %s' . PHP_EOL, $element->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * Helper to execute the sample.
 *
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedParent = CertificateAuthorityServiceClient::certificateAuthorityName(
        '[PROJECT]',
        '[LOCATION]',
        '[CERTIFICATE_AUTHORITY]'
    );

    list_certificate_revocation_lists_sample($formattedParent);
}

listCertificates

Lists Certificates.

Parameters
Name Description
parent string

Required. The resource name of the location associated with the Certificates, in the format projects/*/locations/*/certificateauthorities/*.

optionalArgs array

Optional.

↳ pageSize int

The maximum number of resources contained in the underlying API response. The API may return fewer values in a page, even if there are additional values to be retrieved.

↳ pageToken string

A page token is used to specify a page of values to be returned. If no page token is specified (the default), the first page of values will be returned. Any page token used here must have been generated by a previous call to the API.

↳ filter string

Optional. Only include resources that match the filter in the response. For details on supported filters and syntax, see Certificates Filtering documentation.

↳ orderBy string

Optional. Specify how the results should be sorted. For details on supported fields and syntax, see Certificates Sorting documentation.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
Type Description
Google\ApiCore\PagedListResponse
Example
use Google\ApiCore\ApiException;
use Google\ApiCore\PagedListResponse;
use Google\Cloud\Security\PrivateCA\V1beta1\Certificate;
use Google\Cloud\Security\PrivateCA\V1beta1\CertificateAuthorityServiceClient;

/**
 * @param string $formattedParent The resource name of the location associated with the
 *                                [Certificates][google.cloud.security.privateca.v1beta1.Certificate], in the format
 *                                `projects/*/locations/*/certificateauthorities/*`. Please see
 *                                {@see CertificateAuthorityServiceClient::certificateAuthorityName()} for help formatting this field.
 */
function list_certificates_sample(string $formattedParent): void
{
    // Create a client.
    $certificateAuthorityServiceClient = new CertificateAuthorityServiceClient();

    // Call the API and handle any network failures.
    try {
        /** @var PagedListResponse $response */
        $response = $certificateAuthorityServiceClient->listCertificates($formattedParent);

        /** @var Certificate $element */
        foreach ($response as $element) {
            printf('Element data: %s' . PHP_EOL, $element->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * Helper to execute the sample.
 *
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedParent = CertificateAuthorityServiceClient::certificateAuthorityName(
        '[PROJECT]',
        '[LOCATION]',
        '[CERTIFICATE_AUTHORITY]'
    );

    list_certificates_sample($formattedParent);
}

listReusableConfigs

Parameters
Name Description
parent string

Required. The resource name of the location associated with the ReusableConfigs, in the format projects/*/locations/*.

optionalArgs array

Optional.

↳ pageSize int

The maximum number of resources contained in the underlying API response. The API may return fewer values in a page, even if there are additional values to be retrieved.

↳ pageToken string

A page token is used to specify a page of values to be returned. If no page token is specified (the default), the first page of values will be returned. Any page token used here must have been generated by a previous call to the API.

↳ filter string

Optional. Only include resources that match the filter in the response.

↳ orderBy string

Optional. Specify how the results should be sorted.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
Type Description
Google\ApiCore\PagedListResponse
Example
use Google\ApiCore\ApiException;
use Google\ApiCore\PagedListResponse;
use Google\Cloud\Security\PrivateCA\V1beta1\CertificateAuthorityServiceClient;
use Google\Cloud\Security\PrivateCA\V1beta1\ReusableConfig;

/**
 * @param string $formattedParent The resource name of the location associated with the
 *                                [ReusableConfigs][google.cloud.security.privateca.v1beta1.ReusableConfig], in the format
 *                                `projects/*/locations/*`. Please see
 *                                {@see CertificateAuthorityServiceClient::locationName()} for help formatting this field.
 */
function list_reusable_configs_sample(string $formattedParent): void
{
    // Create a client.
    $certificateAuthorityServiceClient = new CertificateAuthorityServiceClient();

    // Call the API and handle any network failures.
    try {
        /** @var PagedListResponse $response */
        $response = $certificateAuthorityServiceClient->listReusableConfigs($formattedParent);

        /** @var ReusableConfig $element */
        foreach ($response as $element) {
            printf('Element data: %s' . PHP_EOL, $element->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * Helper to execute the sample.
 *
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedParent = CertificateAuthorityServiceClient::locationName('[PROJECT]', '[LOCATION]');

    list_reusable_configs_sample($formattedParent);
}

restoreCertificateAuthority

Restore a CertificateAuthority that is scheduled for deletion.

Parameters
Name Description
name string

Required. The resource name for this CertificateAuthority in the format projects/*/locations/*/certificateAuthorities/*.

optionalArgs array

Optional.

↳ requestId string

Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and t he request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
Type Description
Google\ApiCore\OperationResponse
Example
use Google\ApiCore\ApiException;
use Google\ApiCore\OperationResponse;
use Google\Cloud\Security\PrivateCA\V1beta1\CertificateAuthority;
use Google\Cloud\Security\PrivateCA\V1beta1\CertificateAuthorityServiceClient;
use Google\Rpc\Status;

/**
 * @param string $formattedName The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority] in the
 *                              format `projects/*/locations/*/certificateAuthorities/*`. Please see
 *                              {@see CertificateAuthorityServiceClient::certificateAuthorityName()} for help formatting this field.
 */
function restore_certificate_authority_sample(string $formattedName): void
{
    // Create a client.
    $certificateAuthorityServiceClient = new CertificateAuthorityServiceClient();

    // Call the API and handle any network failures.
    try {
        /** @var OperationResponse $response */
        $response = $certificateAuthorityServiceClient->restoreCertificateAuthority($formattedName);
        $response->pollUntilComplete();

        if ($response->operationSucceeded()) {
            /** @var CertificateAuthority $result */
            $result = $response->getResult();
            printf('Operation successful with response data: %s' . PHP_EOL, $result->serializeToJsonString());
        } else {
            /** @var Status $error */
            $error = $response->getError();
            printf('Operation failed with error data: %s' . PHP_EOL, $error->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * Helper to execute the sample.
 *
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedName = CertificateAuthorityServiceClient::certificateAuthorityName(
        '[PROJECT]',
        '[LOCATION]',
        '[CERTIFICATE_AUTHORITY]'
    );

    restore_certificate_authority_sample($formattedName);
}

revokeCertificate

Revoke a Certificate.

Parameters
Name Description
name string

Required. The resource name for this Certificate in the format projects/*/locations/*/certificateAuthorities/*/certificates/*.

reason int

Required. The RevocationReason for revoking this certificate. For allowed values, use constants defined on Google\Cloud\Security\PrivateCA\V1beta1\RevocationReason

optionalArgs array

Optional.

↳ requestId string

Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and t he request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
Type Description
Google\Cloud\Security\PrivateCA\V1beta1\Certificate
Example
use Google\ApiCore\ApiException;
use Google\Cloud\Security\PrivateCA\V1beta1\Certificate;
use Google\Cloud\Security\PrivateCA\V1beta1\CertificateAuthorityServiceClient;
use Google\Cloud\Security\PrivateCA\V1beta1\RevocationReason;

/**
 * @param string $formattedName The resource name for this [Certificate][google.cloud.security.privateca.v1beta1.Certificate] in the
 *                              format `projects/*/locations/*/certificateAuthorities/*/certificates/*`. Please see
 *                              {@see CertificateAuthorityServiceClient::certificateName()} for help formatting this field.
 * @param int    $reason        The [RevocationReason][google.cloud.security.privateca.v1beta1.RevocationReason] for revoking this certificate.
 */
function revoke_certificate_sample(string $formattedName, int $reason): void
{
    // Create a client.
    $certificateAuthorityServiceClient = new CertificateAuthorityServiceClient();

    // Call the API and handle any network failures.
    try {
        /** @var Certificate $response */
        $response = $certificateAuthorityServiceClient->revokeCertificate($formattedName, $reason);
        printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * Helper to execute the sample.
 *
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedName = CertificateAuthorityServiceClient::certificateName(
        '[PROJECT]',
        '[LOCATION]',
        '[CERTIFICATE_AUTHORITY]',
        '[CERTIFICATE]'
    );
    $reason = RevocationReason::REVOCATION_REASON_UNSPECIFIED;

    revoke_certificate_sample($formattedName, $reason);
}

scheduleDeleteCertificateAuthority

Schedule a CertificateAuthority for deletion.

Parameters
Name Description
name string

Required. The resource name for this CertificateAuthority in the format projects/*/locations/*/certificateAuthorities/*.

optionalArgs array

Optional.

↳ requestId string

Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and t he request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
Type Description
Google\ApiCore\OperationResponse
Example
use Google\ApiCore\ApiException;
use Google\ApiCore\OperationResponse;
use Google\Cloud\Security\PrivateCA\V1beta1\CertificateAuthority;
use Google\Cloud\Security\PrivateCA\V1beta1\CertificateAuthorityServiceClient;
use Google\Rpc\Status;

/**
 * @param string $formattedName The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority] in the
 *                              format `projects/*/locations/*/certificateAuthorities/*`. Please see
 *                              {@see CertificateAuthorityServiceClient::certificateAuthorityName()} for help formatting this field.
 */
function schedule_delete_certificate_authority_sample(string $formattedName): void
{
    // Create a client.
    $certificateAuthorityServiceClient = new CertificateAuthorityServiceClient();

    // Call the API and handle any network failures.
    try {
        /** @var OperationResponse $response */
        $response = $certificateAuthorityServiceClient->scheduleDeleteCertificateAuthority($formattedName);
        $response->pollUntilComplete();

        if ($response->operationSucceeded()) {
            /** @var CertificateAuthority $result */
            $result = $response->getResult();
            printf('Operation successful with response data: %s' . PHP_EOL, $result->serializeToJsonString());
        } else {
            /** @var Status $error */
            $error = $response->getError();
            printf('Operation failed with error data: %s' . PHP_EOL, $error->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * Helper to execute the sample.
 *
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedName = CertificateAuthorityServiceClient::certificateAuthorityName(
        '[PROJECT]',
        '[LOCATION]',
        '[CERTIFICATE_AUTHORITY]'
    );

    schedule_delete_certificate_authority_sample($formattedName);
}

updateCertificate

Update a Certificate. Currently, the only field you can update is the labels field.

Parameters
Name Description
certificate Google\Cloud\Security\PrivateCA\V1beta1\Certificate

Required. Certificate with updated values.

updateMask Google\Protobuf\FieldMask

Required. A list of fields to be updated in this request.

optionalArgs array

Optional.

↳ requestId string

Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and t he request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
Type Description
Google\Cloud\Security\PrivateCA\V1beta1\Certificate
Example
use Google\ApiCore\ApiException;
use Google\Cloud\Security\PrivateCA\V1beta1\Certificate;
use Google\Cloud\Security\PrivateCA\V1beta1\CertificateAuthorityServiceClient;
use Google\Protobuf\Duration;
use Google\Protobuf\FieldMask;

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function update_certificate_sample(): void
{
    // Create a client.
    $certificateAuthorityServiceClient = new CertificateAuthorityServiceClient();

    // Prepare any non-scalar elements to be passed along with the request.
    $certificateLifetime = new Duration();
    $certificate = (new Certificate())
        ->setLifetime($certificateLifetime);
    $updateMask = new FieldMask();

    // Call the API and handle any network failures.
    try {
        /** @var Certificate $response */
        $response = $certificateAuthorityServiceClient->updateCertificate($certificate, $updateMask);
        printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

updateCertificateAuthority

Parameters
Name Description
certificateAuthority Google\Cloud\Security\PrivateCA\V1beta1\CertificateAuthority

Required. CertificateAuthority with updated values.

updateMask Google\Protobuf\FieldMask

Required. A list of fields to be updated in this request.

optionalArgs array

Optional.

↳ requestId string

Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and t he request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
Type Description
Google\ApiCore\OperationResponse
Example
use Google\ApiCore\ApiException;
use Google\ApiCore\OperationResponse;
use Google\Cloud\Security\PrivateCA\V1beta1\CertificateAuthority;
use Google\Cloud\Security\PrivateCA\V1beta1\CertificateAuthorityServiceClient;
use Google\Cloud\Security\PrivateCA\V1beta1\CertificateAuthority\KeyVersionSpec;
use Google\Cloud\Security\PrivateCA\V1beta1\CertificateAuthority\Tier;
use Google\Cloud\Security\PrivateCA\V1beta1\CertificateAuthority\Type;
use Google\Cloud\Security\PrivateCA\V1beta1\CertificateConfig;
use Google\Cloud\Security\PrivateCA\V1beta1\CertificateConfig\SubjectConfig;
use Google\Cloud\Security\PrivateCA\V1beta1\ReusableConfigWrapper;
use Google\Cloud\Security\PrivateCA\V1beta1\Subject;
use Google\Protobuf\Duration;
use Google\Protobuf\FieldMask;
use Google\Rpc\Status;

/**
 * @param int    $certificateAuthorityType                               Immutable. The [Type][google.cloud.security.privateca.v1beta1.CertificateAuthority.Type] of this [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority].
 * @param int    $certificateAuthorityTier                               Immutable. The [Tier][google.cloud.security.privateca.v1beta1.CertificateAuthority.Tier] of this [CertificateAuthority][google.cloud.security.privateca.v1beta1.CertificateAuthority].
 * @param string $certificateAuthorityConfigReusableConfigReusableConfig A resource path to a [ReusableConfig][google.cloud.security.privateca.v1beta1.ReusableConfig] in the format
 *                                                                       `projects/*/locations/*/reusableConfigs/*`.
 * @param string $certificateAuthorityKeySpecCloudKmsKeyVersion          The resource name for an existing Cloud KMS CryptoKeyVersion in the
 *                                                                       format
 *                                                                       `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.
 *                                                                       This option enables full flexibility in the key's capabilities and
 *                                                                       properties.
 */
function update_certificate_authority_sample(
    int $certificateAuthorityType,
    int $certificateAuthorityTier,
    string $certificateAuthorityConfigReusableConfigReusableConfig,
    string $certificateAuthorityKeySpecCloudKmsKeyVersion
): void {
    // Create a client.
    $certificateAuthorityServiceClient = new CertificateAuthorityServiceClient();

    // Prepare any non-scalar elements to be passed along with the request.
    $certificateAuthorityConfigSubjectConfigSubject = new Subject();
    $certificateAuthorityConfigSubjectConfig = (new SubjectConfig())
        ->setSubject($certificateAuthorityConfigSubjectConfigSubject);
    $certificateAuthorityConfigReusableConfig = (new ReusableConfigWrapper())
        ->setReusableConfig($certificateAuthorityConfigReusableConfigReusableConfig);
    $certificateAuthorityConfig = (new CertificateConfig())
        ->setSubjectConfig($certificateAuthorityConfigSubjectConfig)
        ->setReusableConfig($certificateAuthorityConfigReusableConfig);
    $certificateAuthorityLifetime = new Duration();
    $certificateAuthorityKeySpec = (new KeyVersionSpec())
        ->setCloudKmsKeyVersion($certificateAuthorityKeySpecCloudKmsKeyVersion);
    $certificateAuthority = (new CertificateAuthority())
        ->setType($certificateAuthorityType)
        ->setTier($certificateAuthorityTier)
        ->setConfig($certificateAuthorityConfig)
        ->setLifetime($certificateAuthorityLifetime)
        ->setKeySpec($certificateAuthorityKeySpec);
    $updateMask = new FieldMask();

    // Call the API and handle any network failures.
    try {
        /** @var OperationResponse $response */
        $response = $certificateAuthorityServiceClient->updateCertificateAuthority(
            $certificateAuthority,
            $updateMask
        );
        $response->pollUntilComplete();

        if ($response->operationSucceeded()) {
            /** @var CertificateAuthority $result */
            $result = $response->getResult();
            printf('Operation successful with response data: %s' . PHP_EOL, $result->serializeToJsonString());
        } else {
            /** @var Status $error */
            $error = $response->getError();
            printf('Operation failed with error data: %s' . PHP_EOL, $error->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * Helper to execute the sample.
 *
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $certificateAuthorityType = Type::TYPE_UNSPECIFIED;
    $certificateAuthorityTier = Tier::TIER_UNSPECIFIED;
    $certificateAuthorityConfigReusableConfigReusableConfig = '[REUSABLE_CONFIG]';
    $certificateAuthorityKeySpecCloudKmsKeyVersion = '[CLOUD_KMS_KEY_VERSION]';

    update_certificate_authority_sample(
        $certificateAuthorityType,
        $certificateAuthorityTier,
        $certificateAuthorityConfigReusableConfigReusableConfig,
        $certificateAuthorityKeySpecCloudKmsKeyVersion
    );
}

updateCertificateRevocationList

Parameters
Name Description
certificateRevocationList Google\Cloud\Security\PrivateCA\V1beta1\CertificateRevocationList

Required. CertificateRevocationList with updated values.

updateMask Google\Protobuf\FieldMask

Required. A list of fields to be updated in this request.

optionalArgs array

Optional.

↳ requestId string

Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and t he request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
Type Description
Google\ApiCore\OperationResponse
Example
use Google\ApiCore\ApiException;
use Google\ApiCore\OperationResponse;
use Google\Cloud\Security\PrivateCA\V1beta1\CertificateAuthorityServiceClient;
use Google\Cloud\Security\PrivateCA\V1beta1\CertificateRevocationList;
use Google\Protobuf\FieldMask;
use Google\Rpc\Status;

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function update_certificate_revocation_list_sample(): void
{
    // Create a client.
    $certificateAuthorityServiceClient = new CertificateAuthorityServiceClient();

    // Prepare any non-scalar elements to be passed along with the request.
    $certificateRevocationList = new CertificateRevocationList();
    $updateMask = new FieldMask();

    // Call the API and handle any network failures.
    try {
        /** @var OperationResponse $response */
        $response = $certificateAuthorityServiceClient->updateCertificateRevocationList(
            $certificateRevocationList,
            $updateMask
        );
        $response->pollUntilComplete();

        if ($response->operationSucceeded()) {
            /** @var CertificateRevocationList $result */
            $result = $response->getResult();
            printf('Operation successful with response data: %s' . PHP_EOL, $result->serializeToJsonString());
        } else {
            /** @var Status $error */
            $error = $response->getError();
            printf('Operation failed with error data: %s' . PHP_EOL, $error->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

getOperationsClient

Return an OperationsClient object with the same endpoint as $this.

Returns
Type Description
Google\ApiCore\LongRunning\OperationsClient

resumeOperation

Resume an existing long running operation that was previously started by a long running API method. If $methodName is not provided, or does not match a long running API method, then the operation can still be resumed, but the OperationResponse object will not deserialize the final response.

Parameters
Name Description
operationName string

The name of the long running operation

methodName string

The name of the method used to start the operation

Returns
Type Description
Google\ApiCore\OperationResponse

static::certificateName

Formats a string containing the fully-qualified path to represent a certificate resource.

Parameters
Name Description
project string
location string
certificateAuthority string
certificate string
Returns
Type Description
string The formatted certificate resource.

static::certificateAuthorityName

Formats a string containing the fully-qualified path to represent a certificate_authority resource.

Parameters
Name Description
project string
location string
certificateAuthority string
Returns
Type Description
string The formatted certificate_authority resource.

static::certificateRevocationListName

Formats a string containing the fully-qualified path to represent a certificate_revocation_list resource.

Parameters
Name Description
project string
location string
certificateAuthority string
certificateRevocationList string
Returns
Type Description
string The formatted certificate_revocation_list resource.

static::locationName

Formats a string containing the fully-qualified path to represent a location resource.

Parameters
Name Description
project string
location string
Returns
Type Description
string The formatted location resource.

static::reusableConfigName

Formats a string containing the fully-qualified path to represent a reusable_config resource.

Parameters
Name Description
project string
location string
reusableConfig string
Returns
Type Description
string The formatted reusable_config resource.

static::parseName

Parses a formatted name string and returns an associative array of the components in the name.

The following name formats are supported: Template: Pattern

  • certificate: projects/{project}/locations/{location}/certificateAuthorities/{certificate_authority}/certificates/{certificate}
  • certificateAuthority: projects/{project}/locations/{location}/certificateAuthorities/{certificate_authority}
  • certificateRevocationList: projects/{project}/locations/{location}/certificateAuthorities/{certificate_authority}/certificateRevocationLists/{certificate_revocation_list}
  • location: projects/{project}/locations/{location}
  • reusableConfig: projects/{project}/locations/{location}/reusableConfigs/{reusable_config}

The optional $template argument can be supplied to specify a particular pattern, and must match one of the templates listed above. If no $template argument is provided, or if the $template argument does not match one of the templates listed, then parseName will check each of the supported templates, and return the first match.

Parameters
Name Description
formattedName string

The formatted name string

template string

Optional name of template to match

Returns
Type Description
array An associative array from name component IDs to component values.

Constants

SERVICE_NAME

Value: 'google.cloud.security.privateca.v1beta1.CertificateAuthorityService'

The name of the service.

SERVICE_ADDRESS

Value: 'privateca.googleapis.com'

The default address of the service.

DEFAULT_SERVICE_PORT

Value: 443

The default port of the service.

CODEGEN_NAME

Value: 'gapic'

The name of the code generator, to be included in the agent header.