1*d5c09012SAndroid Build Coastguard Worker// Copyright 2021 Google LLC 2*d5c09012SAndroid Build Coastguard Worker// 3*d5c09012SAndroid Build Coastguard Worker// Licensed under the Apache License, Version 2.0 (the "License"); 4*d5c09012SAndroid Build Coastguard Worker// you may not use this file except in compliance with the License. 5*d5c09012SAndroid Build Coastguard Worker// You may obtain a copy of the License at 6*d5c09012SAndroid Build Coastguard Worker// 7*d5c09012SAndroid Build Coastguard Worker// http://www.apache.org/licenses/LICENSE-2.0 8*d5c09012SAndroid Build Coastguard Worker// 9*d5c09012SAndroid Build Coastguard Worker// Unless required by applicable law or agreed to in writing, software 10*d5c09012SAndroid Build Coastguard Worker// distributed under the License is distributed on an "AS IS" BASIS, 11*d5c09012SAndroid Build Coastguard Worker// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12*d5c09012SAndroid Build Coastguard Worker// See the License for the specific language governing permissions and 13*d5c09012SAndroid Build Coastguard Worker// limitations under the License. 14*d5c09012SAndroid Build Coastguard Worker 15*d5c09012SAndroid Build Coastguard Workersyntax = "proto3"; 16*d5c09012SAndroid Build Coastguard Worker 17*d5c09012SAndroid Build Coastguard Workerpackage google.appengine.v1beta; 18*d5c09012SAndroid Build Coastguard Worker 19*d5c09012SAndroid Build Coastguard Workerimport "google/protobuf/timestamp.proto"; 20*d5c09012SAndroid Build Coastguard Worker 21*d5c09012SAndroid Build Coastguard Workeroption csharp_namespace = "Google.Cloud.AppEngine.V1Beta"; 22*d5c09012SAndroid Build Coastguard Workeroption go_package = "google.golang.org/genproto/googleapis/appengine/v1beta;appengine"; 23*d5c09012SAndroid Build Coastguard Workeroption java_multiple_files = true; 24*d5c09012SAndroid Build Coastguard Workeroption java_outer_classname = "CertificateProto"; 25*d5c09012SAndroid Build Coastguard Workeroption java_package = "com.google.appengine.v1beta"; 26*d5c09012SAndroid Build Coastguard Workeroption php_namespace = "Google\\Cloud\\AppEngine\\V1beta"; 27*d5c09012SAndroid Build Coastguard Workeroption ruby_package = "Google::Cloud::AppEngine::V1beta"; 28*d5c09012SAndroid Build Coastguard Worker 29*d5c09012SAndroid Build Coastguard Worker// An SSL certificate that a user has been authorized to administer. A user 30*d5c09012SAndroid Build Coastguard Worker// is authorized to administer any certificate that applies to one of their 31*d5c09012SAndroid Build Coastguard Worker// authorized domains. 32*d5c09012SAndroid Build Coastguard Workermessage AuthorizedCertificate { 33*d5c09012SAndroid Build Coastguard Worker // Full path to the `AuthorizedCertificate` resource in the API. Example: 34*d5c09012SAndroid Build Coastguard Worker // `apps/myapp/authorizedCertificates/12345`. 35*d5c09012SAndroid Build Coastguard Worker // 36*d5c09012SAndroid Build Coastguard Worker // @OutputOnly 37*d5c09012SAndroid Build Coastguard Worker string name = 1; 38*d5c09012SAndroid Build Coastguard Worker 39*d5c09012SAndroid Build Coastguard Worker // Relative name of the certificate. This is a unique value autogenerated 40*d5c09012SAndroid Build Coastguard Worker // on `AuthorizedCertificate` resource creation. Example: `12345`. 41*d5c09012SAndroid Build Coastguard Worker // 42*d5c09012SAndroid Build Coastguard Worker // @OutputOnly 43*d5c09012SAndroid Build Coastguard Worker string id = 2; 44*d5c09012SAndroid Build Coastguard Worker 45*d5c09012SAndroid Build Coastguard Worker // The user-specified display name of the certificate. This is not 46*d5c09012SAndroid Build Coastguard Worker // guaranteed to be unique. Example: `My Certificate`. 47*d5c09012SAndroid Build Coastguard Worker string display_name = 3; 48*d5c09012SAndroid Build Coastguard Worker 49*d5c09012SAndroid Build Coastguard Worker // Topmost applicable domains of this certificate. This certificate 50*d5c09012SAndroid Build Coastguard Worker // applies to these domains and their subdomains. Example: `example.com`. 51*d5c09012SAndroid Build Coastguard Worker // 52*d5c09012SAndroid Build Coastguard Worker // @OutputOnly 53*d5c09012SAndroid Build Coastguard Worker repeated string domain_names = 4; 54*d5c09012SAndroid Build Coastguard Worker 55*d5c09012SAndroid Build Coastguard Worker // The time when this certificate expires. To update the renewal time on this 56*d5c09012SAndroid Build Coastguard Worker // certificate, upload an SSL certificate with a different expiration time 57*d5c09012SAndroid Build Coastguard Worker // using [`AuthorizedCertificates.UpdateAuthorizedCertificate`](). 58*d5c09012SAndroid Build Coastguard Worker // 59*d5c09012SAndroid Build Coastguard Worker // @OutputOnly 60*d5c09012SAndroid Build Coastguard Worker google.protobuf.Timestamp expire_time = 5; 61*d5c09012SAndroid Build Coastguard Worker 62*d5c09012SAndroid Build Coastguard Worker // The SSL certificate serving the `AuthorizedCertificate` resource. This 63*d5c09012SAndroid Build Coastguard Worker // must be obtained independently from a certificate authority. 64*d5c09012SAndroid Build Coastguard Worker CertificateRawData certificate_raw_data = 6; 65*d5c09012SAndroid Build Coastguard Worker 66*d5c09012SAndroid Build Coastguard Worker // Only applicable if this certificate is managed by App Engine. Managed 67*d5c09012SAndroid Build Coastguard Worker // certificates are tied to the lifecycle of a `DomainMapping` and cannot be 68*d5c09012SAndroid Build Coastguard Worker // updated or deleted via the `AuthorizedCertificates` API. If this 69*d5c09012SAndroid Build Coastguard Worker // certificate is manually administered by the user, this field will be empty. 70*d5c09012SAndroid Build Coastguard Worker // 71*d5c09012SAndroid Build Coastguard Worker // @OutputOnly 72*d5c09012SAndroid Build Coastguard Worker ManagedCertificate managed_certificate = 7; 73*d5c09012SAndroid Build Coastguard Worker 74*d5c09012SAndroid Build Coastguard Worker // The full paths to user visible Domain Mapping resources that have this 75*d5c09012SAndroid Build Coastguard Worker // certificate mapped. Example: `apps/myapp/domainMappings/example.com`. 76*d5c09012SAndroid Build Coastguard Worker // 77*d5c09012SAndroid Build Coastguard Worker // This may not represent the full list of mapped domain mappings if the user 78*d5c09012SAndroid Build Coastguard Worker // does not have `VIEWER` permissions on all of the applications that have 79*d5c09012SAndroid Build Coastguard Worker // this certificate mapped. See `domain_mappings_count` for a complete count. 80*d5c09012SAndroid Build Coastguard Worker // 81*d5c09012SAndroid Build Coastguard Worker // Only returned by `GET` or `LIST` requests when specifically requested by 82*d5c09012SAndroid Build Coastguard Worker // the `view=FULL_CERTIFICATE` option. 83*d5c09012SAndroid Build Coastguard Worker // 84*d5c09012SAndroid Build Coastguard Worker // @OutputOnly 85*d5c09012SAndroid Build Coastguard Worker repeated string visible_domain_mappings = 8; 86*d5c09012SAndroid Build Coastguard Worker 87*d5c09012SAndroid Build Coastguard Worker // Aggregate count of the domain mappings with this certificate mapped. This 88*d5c09012SAndroid Build Coastguard Worker // count includes domain mappings on applications for which the user does not 89*d5c09012SAndroid Build Coastguard Worker // have `VIEWER` permissions. 90*d5c09012SAndroid Build Coastguard Worker // 91*d5c09012SAndroid Build Coastguard Worker // Only returned by `GET` or `LIST` requests when specifically requested by 92*d5c09012SAndroid Build Coastguard Worker // the `view=FULL_CERTIFICATE` option. 93*d5c09012SAndroid Build Coastguard Worker // 94*d5c09012SAndroid Build Coastguard Worker // @OutputOnly 95*d5c09012SAndroid Build Coastguard Worker int32 domain_mappings_count = 9; 96*d5c09012SAndroid Build Coastguard Worker} 97*d5c09012SAndroid Build Coastguard Worker 98*d5c09012SAndroid Build Coastguard Worker// An SSL certificate obtained from a certificate authority. 99*d5c09012SAndroid Build Coastguard Workermessage CertificateRawData { 100*d5c09012SAndroid Build Coastguard Worker // PEM encoded x.509 public key certificate. This field is set once on 101*d5c09012SAndroid Build Coastguard Worker // certificate creation. Must include the header and footer. Example: 102*d5c09012SAndroid Build Coastguard Worker // <pre> 103*d5c09012SAndroid Build Coastguard Worker // -----BEGIN CERTIFICATE----- 104*d5c09012SAndroid Build Coastguard Worker // <certificate_value> 105*d5c09012SAndroid Build Coastguard Worker // -----END CERTIFICATE----- 106*d5c09012SAndroid Build Coastguard Worker // </pre> 107*d5c09012SAndroid Build Coastguard Worker string public_certificate = 1; 108*d5c09012SAndroid Build Coastguard Worker 109*d5c09012SAndroid Build Coastguard Worker // Unencrypted PEM encoded RSA private key. This field is set once on 110*d5c09012SAndroid Build Coastguard Worker // certificate creation and then encrypted. The key size must be 2048 111*d5c09012SAndroid Build Coastguard Worker // bits or fewer. Must include the header and footer. Example: 112*d5c09012SAndroid Build Coastguard Worker // <pre> 113*d5c09012SAndroid Build Coastguard Worker // -----BEGIN RSA PRIVATE KEY----- 114*d5c09012SAndroid Build Coastguard Worker // <unencrypted_key_value> 115*d5c09012SAndroid Build Coastguard Worker // -----END RSA PRIVATE KEY----- 116*d5c09012SAndroid Build Coastguard Worker // </pre> 117*d5c09012SAndroid Build Coastguard Worker // @InputOnly 118*d5c09012SAndroid Build Coastguard Worker string private_key = 2; 119*d5c09012SAndroid Build Coastguard Worker} 120*d5c09012SAndroid Build Coastguard Worker 121*d5c09012SAndroid Build Coastguard Worker// State of certificate management. Refers to the most recent certificate 122*d5c09012SAndroid Build Coastguard Worker// acquisition or renewal attempt. 123*d5c09012SAndroid Build Coastguard Workerenum ManagementStatus { 124*d5c09012SAndroid Build Coastguard Worker MANAGEMENT_STATUS_UNSPECIFIED = 0; 125*d5c09012SAndroid Build Coastguard Worker 126*d5c09012SAndroid Build Coastguard Worker // Certificate was successfully obtained and inserted into the serving 127*d5c09012SAndroid Build Coastguard Worker // system. 128*d5c09012SAndroid Build Coastguard Worker OK = 1; 129*d5c09012SAndroid Build Coastguard Worker 130*d5c09012SAndroid Build Coastguard Worker // Certificate is under active attempts to acquire or renew. 131*d5c09012SAndroid Build Coastguard Worker PENDING = 2; 132*d5c09012SAndroid Build Coastguard Worker 133*d5c09012SAndroid Build Coastguard Worker // Most recent renewal failed due to an invalid DNS setup and will be 134*d5c09012SAndroid Build Coastguard Worker // retried. Renewal attempts will continue to fail until the certificate 135*d5c09012SAndroid Build Coastguard Worker // domain's DNS configuration is fixed. The last successfully provisioned 136*d5c09012SAndroid Build Coastguard Worker // certificate may still be serving. 137*d5c09012SAndroid Build Coastguard Worker FAILED_RETRYING_NOT_VISIBLE = 4; 138*d5c09012SAndroid Build Coastguard Worker 139*d5c09012SAndroid Build Coastguard Worker // All renewal attempts have been exhausted, likely due to an invalid DNS 140*d5c09012SAndroid Build Coastguard Worker // setup. 141*d5c09012SAndroid Build Coastguard Worker FAILED_PERMANENT = 6; 142*d5c09012SAndroid Build Coastguard Worker 143*d5c09012SAndroid Build Coastguard Worker // Most recent renewal failed due to an explicit CAA record that does not 144*d5c09012SAndroid Build Coastguard Worker // include one of the in-use CAs (Google CA and Let's Encrypt). Renewals will 145*d5c09012SAndroid Build Coastguard Worker // continue to fail until the CAA is reconfigured. The last successfully 146*d5c09012SAndroid Build Coastguard Worker // provisioned certificate may still be serving. 147*d5c09012SAndroid Build Coastguard Worker FAILED_RETRYING_CAA_FORBIDDEN = 7; 148*d5c09012SAndroid Build Coastguard Worker 149*d5c09012SAndroid Build Coastguard Worker // Most recent renewal failed due to a CAA retrieval failure. This means that 150*d5c09012SAndroid Build Coastguard Worker // the domain's DNS provider does not properly handle CAA records, failing 151*d5c09012SAndroid Build Coastguard Worker // requests for CAA records when no CAA records are defined. Renewals will 152*d5c09012SAndroid Build Coastguard Worker // continue to fail until the DNS provider is changed or a CAA record is 153*d5c09012SAndroid Build Coastguard Worker // added for the given domain. The last successfully provisioned certificate 154*d5c09012SAndroid Build Coastguard Worker // may still be serving. 155*d5c09012SAndroid Build Coastguard Worker FAILED_RETRYING_CAA_CHECKING = 8; 156*d5c09012SAndroid Build Coastguard Worker} 157*d5c09012SAndroid Build Coastguard Worker 158*d5c09012SAndroid Build Coastguard Worker// A certificate managed by App Engine. 159*d5c09012SAndroid Build Coastguard Workermessage ManagedCertificate { 160*d5c09012SAndroid Build Coastguard Worker // Time at which the certificate was last renewed. The renewal process is 161*d5c09012SAndroid Build Coastguard Worker // fully managed. Certificate renewal will automatically occur before the 162*d5c09012SAndroid Build Coastguard Worker // certificate expires. Renewal errors can be tracked via `ManagementStatus`. 163*d5c09012SAndroid Build Coastguard Worker // 164*d5c09012SAndroid Build Coastguard Worker // @OutputOnly 165*d5c09012SAndroid Build Coastguard Worker google.protobuf.Timestamp last_renewal_time = 1; 166*d5c09012SAndroid Build Coastguard Worker 167*d5c09012SAndroid Build Coastguard Worker // Status of certificate management. Refers to the most recent certificate 168*d5c09012SAndroid Build Coastguard Worker // acquisition or renewal attempt. 169*d5c09012SAndroid Build Coastguard Worker // 170*d5c09012SAndroid Build Coastguard Worker // @OutputOnly 171*d5c09012SAndroid Build Coastguard Worker ManagementStatus status = 2; 172*d5c09012SAndroid Build Coastguard Worker} 173