1// Copyright 2020 Google LLC 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14 15syntax = "proto3"; 16 17package google.appengine.v1; 18 19import "google/protobuf/timestamp.proto"; 20 21option csharp_namespace = "Google.Cloud.AppEngine.V1"; 22option go_package = "cloud.google.com/go/appengine/apiv1/appenginepb;appenginepb"; 23option java_multiple_files = true; 24option java_outer_classname = "CertificateProto"; 25option java_package = "com.google.appengine.v1"; 26option php_namespace = "Google\\Cloud\\AppEngine\\V1"; 27option ruby_package = "Google::Cloud::AppEngine::V1"; 28 29// An SSL certificate that a user has been authorized to administer. A user 30// is authorized to administer any certificate that applies to one of their 31// authorized domains. 32message AuthorizedCertificate { 33 // Full path to the `AuthorizedCertificate` resource in the API. Example: 34 // `apps/myapp/authorizedCertificates/12345`. 35 // 36 // @OutputOnly 37 string name = 1; 38 39 // Relative name of the certificate. This is a unique value autogenerated 40 // on `AuthorizedCertificate` resource creation. Example: `12345`. 41 // 42 // @OutputOnly 43 string id = 2; 44 45 // The user-specified display name of the certificate. This is not 46 // guaranteed to be unique. Example: `My Certificate`. 47 string display_name = 3; 48 49 // Topmost applicable domains of this certificate. This certificate 50 // applies to these domains and their subdomains. Example: `example.com`. 51 // 52 // @OutputOnly 53 repeated string domain_names = 4; 54 55 // The time when this certificate expires. To update the renewal time on this 56 // certificate, upload an SSL certificate with a different expiration time 57 // using [`AuthorizedCertificates.UpdateAuthorizedCertificate`](). 58 // 59 // @OutputOnly 60 google.protobuf.Timestamp expire_time = 5; 61 62 // The SSL certificate serving the `AuthorizedCertificate` resource. This 63 // must be obtained independently from a certificate authority. 64 CertificateRawData certificate_raw_data = 6; 65 66 // Only applicable if this certificate is managed by App Engine. Managed 67 // certificates are tied to the lifecycle of a `DomainMapping` and cannot be 68 // updated or deleted via the `AuthorizedCertificates` API. If this 69 // certificate is manually administered by the user, this field will be empty. 70 // 71 // @OutputOnly 72 ManagedCertificate managed_certificate = 7; 73 74 // The full paths to user visible Domain Mapping resources that have this 75 // certificate mapped. Example: `apps/myapp/domainMappings/example.com`. 76 // 77 // This may not represent the full list of mapped domain mappings if the user 78 // does not have `VIEWER` permissions on all of the applications that have 79 // this certificate mapped. See `domain_mappings_count` for a complete count. 80 // 81 // Only returned by `GET` or `LIST` requests when specifically requested by 82 // the `view=FULL_CERTIFICATE` option. 83 // 84 // @OutputOnly 85 repeated string visible_domain_mappings = 8; 86 87 // Aggregate count of the domain mappings with this certificate mapped. This 88 // count includes domain mappings on applications for which the user does not 89 // have `VIEWER` permissions. 90 // 91 // Only returned by `GET` or `LIST` requests when specifically requested by 92 // the `view=FULL_CERTIFICATE` option. 93 // 94 // @OutputOnly 95 int32 domain_mappings_count = 9; 96} 97 98// An SSL certificate obtained from a certificate authority. 99message CertificateRawData { 100 // PEM encoded x.509 public key certificate. This field is set once on 101 // certificate creation. Must include the header and footer. Example: 102 // <pre> 103 // -----BEGIN CERTIFICATE----- 104 // <certificate_value> 105 // -----END CERTIFICATE----- 106 // </pre> 107 string public_certificate = 1; 108 109 // Unencrypted PEM encoded RSA private key. This field is set once on 110 // certificate creation and then encrypted. The key size must be 2048 111 // bits or fewer. Must include the header and footer. Example: 112 // <pre> 113 // -----BEGIN RSA PRIVATE KEY----- 114 // <unencrypted_key_value> 115 // -----END RSA PRIVATE KEY----- 116 // </pre> 117 // @InputOnly 118 string private_key = 2; 119} 120 121// State of certificate management. Refers to the most recent certificate 122// acquisition or renewal attempt. 123enum ManagementStatus { 124 MANAGEMENT_STATUS_UNSPECIFIED = 0; 125 126 // Certificate was successfully obtained and inserted into the serving 127 // system. 128 OK = 1; 129 130 // Certificate is under active attempts to acquire or renew. 131 PENDING = 2; 132 133 // Most recent renewal failed due to an invalid DNS setup and will be 134 // retried. Renewal attempts will continue to fail until the certificate 135 // domain's DNS configuration is fixed. The last successfully provisioned 136 // certificate may still be serving. 137 FAILED_RETRYING_NOT_VISIBLE = 4; 138 139 // All renewal attempts have been exhausted, likely due to an invalid DNS 140 // setup. 141 FAILED_PERMANENT = 6; 142 143 // Most recent renewal failed due to an explicit CAA record that does not 144 // include one of the in-use CAs (Google CA and Let's Encrypt). Renewals will 145 // continue to fail until the CAA is reconfigured. The last successfully 146 // provisioned certificate may still be serving. 147 FAILED_RETRYING_CAA_FORBIDDEN = 7; 148 149 // Most recent renewal failed due to a CAA retrieval failure. This means that 150 // the domain's DNS provider does not properly handle CAA records, failing 151 // requests for CAA records when no CAA records are defined. Renewals will 152 // continue to fail until the DNS provider is changed or a CAA record is 153 // added for the given domain. The last successfully provisioned certificate 154 // may still be serving. 155 FAILED_RETRYING_CAA_CHECKING = 8; 156} 157 158// A certificate managed by App Engine. 159message ManagedCertificate { 160 // Time at which the certificate was last renewed. The renewal process is 161 // fully managed. Certificate renewal will automatically occur before the 162 // certificate expires. Renewal errors can be tracked via `ManagementStatus`. 163 // 164 // @OutputOnly 165 google.protobuf.Timestamp last_renewal_time = 1; 166 167 // Status of certificate management. Refers to the most recent certificate 168 // acquisition or renewal attempt. 169 // 170 // @OutputOnly 171 ManagementStatus status = 2; 172} 173