1// Copyright 2023 Google LLC 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14 15syntax = "proto3"; 16 17package google.cloud.certificatemanager.v1; 18 19import "google/api/annotations.proto"; 20import "google/api/client.proto"; 21import "google/api/field_behavior.proto"; 22import "google/api/resource.proto"; 23import "google/cloud/certificatemanager/v1/certificate_issuance_config.proto"; 24import "google/cloud/certificatemanager/v1/trust_config.proto"; 25import "google/longrunning/operations.proto"; 26import "google/protobuf/empty.proto"; 27import "google/protobuf/field_mask.proto"; 28import "google/protobuf/timestamp.proto"; 29 30option csharp_namespace = "Google.Cloud.CertificateManager.V1"; 31option go_package = "cloud.google.com/go/certificatemanager/apiv1/certificatemanagerpb;certificatemanagerpb"; 32option java_multiple_files = true; 33option java_outer_classname = "CertificateManagerProto"; 34option java_package = "com.google.cloud.certificatemanager.v1"; 35option php_namespace = "Google\\Cloud\\CertificateManager\\V1"; 36option ruby_package = "Google::Cloud::CertificateManager::V1"; 37 38// API Overview 39// 40// Certificates Manager API allows customers to see and manage all their TLS 41// certificates. 42// 43// Certificates Manager API service provides methods to manage certificates, 44// group them into collections, and create serving configuration that can be 45// easily applied to other Cloud resources e.g. Target Proxies. 46// 47// Data Model 48// 49// The Certificates Manager service exposes the following resources: 50// 51// * `Certificate` that describes a single TLS certificate. 52// * `CertificateMap` that describes a collection of certificates that can be 53// attached to a target resource. 54// * `CertificateMapEntry` that describes a single configuration entry that 55// consists of a SNI and a group of certificates. It's a subresource of 56// CertificateMap. 57// 58// Certificate, CertificateMap and CertificateMapEntry IDs 59// have to fully match the regexp `[a-z0-9-]{1,63}`. In other words, 60// - only lower case letters, digits, and hyphen are allowed 61// - length of the resource ID has to be in [1,63] range. 62// 63// Provides methods to manage Cloud Certificate Manager entities. 64service CertificateManager { 65 option (google.api.default_host) = "certificatemanager.googleapis.com"; 66 option (google.api.oauth_scopes) = 67 "https://www.googleapis.com/auth/cloud-platform"; 68 69 // Lists Certificates in a given project and location. 70 rpc ListCertificates(ListCertificatesRequest) 71 returns (ListCertificatesResponse) { 72 option (google.api.http) = { 73 get: "/v1/{parent=projects/*/locations/*}/certificates" 74 }; 75 option (google.api.method_signature) = "parent"; 76 } 77 78 // Gets details of a single Certificate. 79 rpc GetCertificate(GetCertificateRequest) returns (Certificate) { 80 option (google.api.http) = { 81 get: "/v1/{name=projects/*/locations/*/certificates/*}" 82 }; 83 option (google.api.method_signature) = "name"; 84 } 85 86 // Creates a new Certificate in a given project and location. 87 rpc CreateCertificate(CreateCertificateRequest) 88 returns (google.longrunning.Operation) { 89 option (google.api.http) = { 90 post: "/v1/{parent=projects/*/locations/*}/certificates" 91 body: "certificate" 92 }; 93 option (google.api.method_signature) = "parent,certificate,certificate_id"; 94 option (google.longrunning.operation_info) = { 95 response_type: "Certificate" 96 metadata_type: "OperationMetadata" 97 }; 98 } 99 100 // Updates a Certificate. 101 rpc UpdateCertificate(UpdateCertificateRequest) 102 returns (google.longrunning.Operation) { 103 option (google.api.http) = { 104 patch: "/v1/{certificate.name=projects/*/locations/*/certificates/*}" 105 body: "certificate" 106 }; 107 option (google.api.method_signature) = "certificate,update_mask"; 108 option (google.longrunning.operation_info) = { 109 response_type: "Certificate" 110 metadata_type: "OperationMetadata" 111 }; 112 } 113 114 // Deletes a single Certificate. 115 rpc DeleteCertificate(DeleteCertificateRequest) 116 returns (google.longrunning.Operation) { 117 option (google.api.http) = { 118 delete: "/v1/{name=projects/*/locations/*/certificates/*}" 119 }; 120 option (google.api.method_signature) = "name"; 121 option (google.longrunning.operation_info) = { 122 response_type: "google.protobuf.Empty" 123 metadata_type: "OperationMetadata" 124 }; 125 } 126 127 // Lists CertificateMaps in a given project and location. 128 rpc ListCertificateMaps(ListCertificateMapsRequest) 129 returns (ListCertificateMapsResponse) { 130 option (google.api.http) = { 131 get: "/v1/{parent=projects/*/locations/*}/certificateMaps" 132 }; 133 option (google.api.method_signature) = "parent"; 134 } 135 136 // Gets details of a single CertificateMap. 137 rpc GetCertificateMap(GetCertificateMapRequest) returns (CertificateMap) { 138 option (google.api.http) = { 139 get: "/v1/{name=projects/*/locations/*/certificateMaps/*}" 140 }; 141 option (google.api.method_signature) = "name"; 142 } 143 144 // Creates a new CertificateMap in a given project and location. 145 rpc CreateCertificateMap(CreateCertificateMapRequest) 146 returns (google.longrunning.Operation) { 147 option (google.api.http) = { 148 post: "/v1/{parent=projects/*/locations/*}/certificateMaps" 149 body: "certificate_map" 150 }; 151 option (google.api.method_signature) = 152 "parent,certificate_map,certificate_map_id"; 153 option (google.longrunning.operation_info) = { 154 response_type: "CertificateMap" 155 metadata_type: "OperationMetadata" 156 }; 157 } 158 159 // Updates a CertificateMap. 160 rpc UpdateCertificateMap(UpdateCertificateMapRequest) 161 returns (google.longrunning.Operation) { 162 option (google.api.http) = { 163 patch: "/v1/{certificate_map.name=projects/*/locations/*/certificateMaps/*}" 164 body: "certificate_map" 165 }; 166 option (google.api.method_signature) = "certificate_map,update_mask"; 167 option (google.longrunning.operation_info) = { 168 response_type: "CertificateMap" 169 metadata_type: "OperationMetadata" 170 }; 171 } 172 173 // Deletes a single CertificateMap. A Certificate Map can't be deleted 174 // if it contains Certificate Map Entries. Remove all the entries from 175 // the map before calling this method. 176 rpc DeleteCertificateMap(DeleteCertificateMapRequest) 177 returns (google.longrunning.Operation) { 178 option (google.api.http) = { 179 delete: "/v1/{name=projects/*/locations/*/certificateMaps/*}" 180 }; 181 option (google.api.method_signature) = "name"; 182 option (google.longrunning.operation_info) = { 183 response_type: "google.protobuf.Empty" 184 metadata_type: "OperationMetadata" 185 }; 186 } 187 188 // Lists CertificateMapEntries in a given project and location. 189 rpc ListCertificateMapEntries(ListCertificateMapEntriesRequest) 190 returns (ListCertificateMapEntriesResponse) { 191 option (google.api.http) = { 192 get: "/v1/{parent=projects/*/locations/*/certificateMaps/*}/certificateMapEntries" 193 }; 194 option (google.api.method_signature) = "parent"; 195 } 196 197 // Gets details of a single CertificateMapEntry. 198 rpc GetCertificateMapEntry(GetCertificateMapEntryRequest) 199 returns (CertificateMapEntry) { 200 option (google.api.http) = { 201 get: "/v1/{name=projects/*/locations/*/certificateMaps/*/certificateMapEntries/*}" 202 }; 203 option (google.api.method_signature) = "name"; 204 } 205 206 // Creates a new CertificateMapEntry in a given project and location. 207 rpc CreateCertificateMapEntry(CreateCertificateMapEntryRequest) 208 returns (google.longrunning.Operation) { 209 option (google.api.http) = { 210 post: "/v1/{parent=projects/*/locations/*/certificateMaps/*}/certificateMapEntries" 211 body: "certificate_map_entry" 212 }; 213 option (google.api.method_signature) = 214 "parent,certificate_map_entry,certificate_map_entry_id"; 215 option (google.longrunning.operation_info) = { 216 response_type: "CertificateMapEntry" 217 metadata_type: "OperationMetadata" 218 }; 219 } 220 221 // Updates a CertificateMapEntry. 222 rpc UpdateCertificateMapEntry(UpdateCertificateMapEntryRequest) 223 returns (google.longrunning.Operation) { 224 option (google.api.http) = { 225 patch: "/v1/{certificate_map_entry.name=projects/*/locations/*/certificateMaps/*/certificateMapEntries/*}" 226 body: "certificate_map_entry" 227 }; 228 option (google.api.method_signature) = "certificate_map_entry,update_mask"; 229 option (google.longrunning.operation_info) = { 230 response_type: "CertificateMapEntry" 231 metadata_type: "OperationMetadata" 232 }; 233 } 234 235 // Deletes a single CertificateMapEntry. 236 rpc DeleteCertificateMapEntry(DeleteCertificateMapEntryRequest) 237 returns (google.longrunning.Operation) { 238 option (google.api.http) = { 239 delete: "/v1/{name=projects/*/locations/*/certificateMaps/*/certificateMapEntries/*}" 240 }; 241 option (google.api.method_signature) = "name"; 242 option (google.longrunning.operation_info) = { 243 response_type: "google.protobuf.Empty" 244 metadata_type: "OperationMetadata" 245 }; 246 } 247 248 // Lists DnsAuthorizations in a given project and location. 249 rpc ListDnsAuthorizations(ListDnsAuthorizationsRequest) 250 returns (ListDnsAuthorizationsResponse) { 251 option (google.api.http) = { 252 get: "/v1/{parent=projects/*/locations/*}/dnsAuthorizations" 253 }; 254 option (google.api.method_signature) = "parent"; 255 } 256 257 // Gets details of a single DnsAuthorization. 258 rpc GetDnsAuthorization(GetDnsAuthorizationRequest) 259 returns (DnsAuthorization) { 260 option (google.api.http) = { 261 get: "/v1/{name=projects/*/locations/*/dnsAuthorizations/*}" 262 }; 263 option (google.api.method_signature) = "name"; 264 } 265 266 // Creates a new DnsAuthorization in a given project and location. 267 rpc CreateDnsAuthorization(CreateDnsAuthorizationRequest) 268 returns (google.longrunning.Operation) { 269 option (google.api.http) = { 270 post: "/v1/{parent=projects/*/locations/*}/dnsAuthorizations" 271 body: "dns_authorization" 272 }; 273 option (google.api.method_signature) = 274 "parent,dns_authorization,dns_authorization_id"; 275 option (google.longrunning.operation_info) = { 276 response_type: "DnsAuthorization" 277 metadata_type: "OperationMetadata" 278 }; 279 } 280 281 // Updates a DnsAuthorization. 282 rpc UpdateDnsAuthorization(UpdateDnsAuthorizationRequest) 283 returns (google.longrunning.Operation) { 284 option (google.api.http) = { 285 patch: "/v1/{dns_authorization.name=projects/*/locations/*/dnsAuthorizations/*}" 286 body: "dns_authorization" 287 }; 288 option (google.api.method_signature) = "dns_authorization,update_mask"; 289 option (google.longrunning.operation_info) = { 290 response_type: "DnsAuthorization" 291 metadata_type: "OperationMetadata" 292 }; 293 } 294 295 // Deletes a single DnsAuthorization. 296 rpc DeleteDnsAuthorization(DeleteDnsAuthorizationRequest) 297 returns (google.longrunning.Operation) { 298 option (google.api.http) = { 299 delete: "/v1/{name=projects/*/locations/*/dnsAuthorizations/*}" 300 }; 301 option (google.api.method_signature) = "name"; 302 option (google.longrunning.operation_info) = { 303 response_type: "google.protobuf.Empty" 304 metadata_type: "OperationMetadata" 305 }; 306 } 307 308 // Lists CertificateIssuanceConfigs in a given project and location. 309 rpc ListCertificateIssuanceConfigs(ListCertificateIssuanceConfigsRequest) 310 returns (ListCertificateIssuanceConfigsResponse) { 311 option (google.api.http) = { 312 get: "/v1/{parent=projects/*/locations/*}/certificateIssuanceConfigs" 313 }; 314 option (google.api.method_signature) = "parent"; 315 } 316 317 // Gets details of a single CertificateIssuanceConfig. 318 rpc GetCertificateIssuanceConfig(GetCertificateIssuanceConfigRequest) 319 returns (CertificateIssuanceConfig) { 320 option (google.api.http) = { 321 get: "/v1/{name=projects/*/locations/*/certificateIssuanceConfigs/*}" 322 }; 323 option (google.api.method_signature) = "name"; 324 } 325 326 // Creates a new CertificateIssuanceConfig in a given project and location. 327 rpc CreateCertificateIssuanceConfig(CreateCertificateIssuanceConfigRequest) 328 returns (google.longrunning.Operation) { 329 option (google.api.http) = { 330 post: "/v1/{parent=projects/*/locations/*}/certificateIssuanceConfigs" 331 body: "certificate_issuance_config" 332 }; 333 option (google.api.method_signature) = 334 "parent,certificate_issuance_config,certificate_issuance_config_id"; 335 option (google.longrunning.operation_info) = { 336 response_type: "CertificateIssuanceConfig" 337 metadata_type: "OperationMetadata" 338 }; 339 } 340 341 // Deletes a single CertificateIssuanceConfig. 342 rpc DeleteCertificateIssuanceConfig(DeleteCertificateIssuanceConfigRequest) 343 returns (google.longrunning.Operation) { 344 option (google.api.http) = { 345 delete: "/v1/{name=projects/*/locations/*/certificateIssuanceConfigs/*}" 346 }; 347 option (google.api.method_signature) = "name"; 348 option (google.longrunning.operation_info) = { 349 response_type: "google.protobuf.Empty" 350 metadata_type: "OperationMetadata" 351 }; 352 } 353 354 // Lists TrustConfigs in a given project and location. 355 rpc ListTrustConfigs(ListTrustConfigsRequest) 356 returns (ListTrustConfigsResponse) { 357 option (google.api.http) = { 358 get: "/v1/{parent=projects/*/locations/*}/trustConfigs" 359 }; 360 option (google.api.method_signature) = "parent"; 361 } 362 363 // Gets details of a single TrustConfig. 364 rpc GetTrustConfig(GetTrustConfigRequest) returns (TrustConfig) { 365 option (google.api.http) = { 366 get: "/v1/{name=projects/*/locations/*/trustConfigs/*}" 367 }; 368 option (google.api.method_signature) = "name"; 369 } 370 371 // Creates a new TrustConfig in a given project and location. 372 rpc CreateTrustConfig(CreateTrustConfigRequest) 373 returns (google.longrunning.Operation) { 374 option (google.api.http) = { 375 post: "/v1/{parent=projects/*/locations/*}/trustConfigs" 376 body: "trust_config" 377 }; 378 option (google.api.method_signature) = 379 "parent,trust_config,trust_config_id"; 380 option (google.longrunning.operation_info) = { 381 response_type: "TrustConfig" 382 metadata_type: "OperationMetadata" 383 }; 384 } 385 386 // Updates a TrustConfig. 387 rpc UpdateTrustConfig(UpdateTrustConfigRequest) 388 returns (google.longrunning.Operation) { 389 option (google.api.http) = { 390 patch: "/v1/{trust_config.name=projects/*/locations/*/trustConfigs/*}" 391 body: "trust_config" 392 }; 393 option (google.api.method_signature) = "trust_config,update_mask"; 394 option (google.longrunning.operation_info) = { 395 response_type: "TrustConfig" 396 metadata_type: "OperationMetadata" 397 }; 398 } 399 400 // Deletes a single TrustConfig. 401 rpc DeleteTrustConfig(DeleteTrustConfigRequest) 402 returns (google.longrunning.Operation) { 403 option (google.api.http) = { 404 delete: "/v1/{name=projects/*/locations/*/trustConfigs/*}" 405 }; 406 option (google.api.method_signature) = "name"; 407 option (google.longrunning.operation_info) = { 408 response_type: "google.protobuf.Empty" 409 metadata_type: "OperationMetadata" 410 }; 411 } 412} 413 414// Request for the `ListCertificates` method. 415message ListCertificatesRequest { 416 // Required. The project and location from which the certificate should be 417 // listed, specified in the format `projects/*/locations/*`. 418 string parent = 1 [ 419 (google.api.field_behavior) = REQUIRED, 420 (google.api.resource_reference) = { 421 type: "locations.googleapis.com/Location" 422 } 423 ]; 424 425 // Maximum number of certificates to return per call. 426 int32 page_size = 2; 427 428 // The value returned by the last `ListCertificatesResponse`. Indicates that 429 // this is a continuation of a prior `ListCertificates` call, and that the 430 // system should return the next page of data. 431 string page_token = 3; 432 433 // Filter expression to restrict the Certificates returned. 434 string filter = 4; 435 436 // A list of Certificate field names used to specify the order of the returned 437 // results. The default sorting order is ascending. To specify descending 438 // order for a field, add a suffix `" desc"`. 439 string order_by = 5; 440} 441 442// Response for the `ListCertificates` method. 443message ListCertificatesResponse { 444 // A list of certificates for the parent resource. 445 repeated Certificate certificates = 1; 446 447 // If there might be more results than those appearing in this response, then 448 // `next_page_token` is included. To get the next set of results, call this 449 // method again using the value of `next_page_token` as `page_token`. 450 string next_page_token = 2; 451 452 // A list of locations that could not be reached. 453 repeated string unreachable = 3; 454} 455 456// Request for the `GetCertificate` method. 457message GetCertificateRequest { 458 // Required. A name of the certificate to describe. Must be in the format 459 // `projects/*/locations/*/certificates/*`. 460 string name = 1 [ 461 (google.api.field_behavior) = REQUIRED, 462 (google.api.resource_reference) = { 463 type: "certificatemanager.googleapis.com/Certificate" 464 } 465 ]; 466} 467 468// Request for the `CreateCertificate` method. 469message CreateCertificateRequest { 470 // Required. The parent resource of the certificate. Must be in the format 471 // `projects/*/locations/*`. 472 string parent = 1 [ 473 (google.api.field_behavior) = REQUIRED, 474 (google.api.resource_reference) = { 475 type: "locations.googleapis.com/Location" 476 } 477 ]; 478 479 // Required. A user-provided name of the certificate. 480 string certificate_id = 2 [(google.api.field_behavior) = REQUIRED]; 481 482 // Required. A definition of the certificate to create. 483 Certificate certificate = 3 [(google.api.field_behavior) = REQUIRED]; 484} 485 486// Request for the `UpdateCertificate` method. 487message UpdateCertificateRequest { 488 // Required. A definition of the certificate to update. 489 Certificate certificate = 1 [(google.api.field_behavior) = REQUIRED]; 490 491 // Required. The update mask applies to the resource. For the `FieldMask` 492 // definition, see 493 // https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#fieldmask. 494 google.protobuf.FieldMask update_mask = 2 495 [(google.api.field_behavior) = REQUIRED]; 496} 497 498// Request for the `DeleteCertificate` method. 499message DeleteCertificateRequest { 500 // Required. A name of the certificate to delete. Must be in the format 501 // `projects/*/locations/*/certificates/*`. 502 string name = 1 [ 503 (google.api.field_behavior) = REQUIRED, 504 (google.api.resource_reference) = { 505 type: "certificatemanager.googleapis.com/Certificate" 506 } 507 ]; 508} 509 510// Request for the `ListCertificateMaps` method. 511message ListCertificateMapsRequest { 512 // Required. The project and location from which the certificate maps should 513 // be listed, specified in the format `projects/*/locations/*`. 514 string parent = 1 [ 515 (google.api.field_behavior) = REQUIRED, 516 (google.api.resource_reference) = { 517 type: "locations.googleapis.com/Location" 518 } 519 ]; 520 521 // Maximum number of certificate maps to return per call. 522 int32 page_size = 2; 523 524 // The value returned by the last `ListCertificateMapsResponse`. Indicates 525 // that this is a continuation of a prior `ListCertificateMaps` call, and that 526 // the system should return the next page of data. 527 string page_token = 3; 528 529 // Filter expression to restrict the Certificates Maps returned. 530 string filter = 4; 531 532 // A list of Certificate Map field names used to specify the order of the 533 // returned results. The default sorting order is ascending. To specify 534 // descending order for a field, add a suffix `" desc"`. 535 string order_by = 5; 536} 537 538// Response for the `ListCertificateMaps` method. 539message ListCertificateMapsResponse { 540 // A list of certificate maps for the parent resource. 541 repeated CertificateMap certificate_maps = 1; 542 543 // If there might be more results than those appearing in this response, then 544 // `next_page_token` is included. To get the next set of results, call this 545 // method again using the value of `next_page_token` as `page_token`. 546 string next_page_token = 2; 547 548 // Locations that could not be reached. 549 repeated string unreachable = 3; 550} 551 552// Request for the `GetCertificateMap` method. 553message GetCertificateMapRequest { 554 // Required. A name of the certificate map to describe. Must be in the format 555 // `projects/*/locations/*/certificateMaps/*`. 556 string name = 1 [ 557 (google.api.field_behavior) = REQUIRED, 558 (google.api.resource_reference) = { 559 type: "certificatemanager.googleapis.com/CertificateMap" 560 } 561 ]; 562} 563 564// Request for the `CreateCertificateMap` method. 565message CreateCertificateMapRequest { 566 // Required. The parent resource of the certificate map. Must be in the format 567 // `projects/*/locations/*`. 568 string parent = 1 [ 569 (google.api.field_behavior) = REQUIRED, 570 (google.api.resource_reference) = { 571 type: "locations.googleapis.com/Location" 572 } 573 ]; 574 575 // Required. A user-provided name of the certificate map. 576 string certificate_map_id = 2 [(google.api.field_behavior) = REQUIRED]; 577 578 // Required. A definition of the certificate map to create. 579 CertificateMap certificate_map = 3 [(google.api.field_behavior) = REQUIRED]; 580} 581 582// Request for the `UpdateCertificateMap` method. 583message UpdateCertificateMapRequest { 584 // Required. A definition of the certificate map to update. 585 CertificateMap certificate_map = 1 [(google.api.field_behavior) = REQUIRED]; 586 587 // Required. The update mask applies to the resource. For the `FieldMask` 588 // definition, see 589 // https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#fieldmask. 590 google.protobuf.FieldMask update_mask = 2 591 [(google.api.field_behavior) = REQUIRED]; 592} 593 594// Request for the `DeleteCertificateMap` method. 595message DeleteCertificateMapRequest { 596 // Required. A name of the certificate map to delete. Must be in the format 597 // `projects/*/locations/*/certificateMaps/*`. 598 string name = 1 [ 599 (google.api.field_behavior) = REQUIRED, 600 (google.api.resource_reference) = { 601 type: "certificatemanager.googleapis.com/CertificateMap" 602 } 603 ]; 604} 605 606// Request for the `ListCertificateMapEntries` method. 607message ListCertificateMapEntriesRequest { 608 // Required. The project, location and certificate map from which the 609 // certificate map entries should be listed, specified in the format 610 // `projects/*/locations/*/certificateMaps/*`. 611 string parent = 1 [ 612 (google.api.field_behavior) = REQUIRED, 613 (google.api.resource_reference) = { 614 type: "certificatemanager.googleapis.com/CertificateMap" 615 } 616 ]; 617 618 // Maximum number of certificate map entries to return. The service may return 619 // fewer than this value. 620 // If unspecified, at most 50 certificate map entries will be returned. 621 // The maximum value is 1000; values above 1000 will be coerced to 1000. 622 int32 page_size = 2; 623 624 // The value returned by the last `ListCertificateMapEntriesResponse`. 625 // Indicates that this is a continuation of a prior 626 // `ListCertificateMapEntries` call, and that the system should return the 627 // next page of data. 628 string page_token = 3; 629 630 // Filter expression to restrict the returned Certificate Map Entries. 631 string filter = 4; 632 633 // A list of Certificate Map Entry field names used to specify 634 // the order of the returned results. The default sorting order is ascending. 635 // To specify descending order for a field, add a suffix `" desc"`. 636 string order_by = 5; 637} 638 639// Response for the `ListCertificateMapEntries` method. 640message ListCertificateMapEntriesResponse { 641 // A list of certificate map entries for the parent resource. 642 repeated CertificateMapEntry certificate_map_entries = 1; 643 644 // If there might be more results than those appearing in this response, then 645 // `next_page_token` is included. To get the next set of results, call this 646 // method again using the value of `next_page_token` as `page_token`. 647 string next_page_token = 2; 648 649 // Locations that could not be reached. 650 repeated string unreachable = 3; 651} 652 653// Request for the `GetCertificateMapEntry` method. 654message GetCertificateMapEntryRequest { 655 // Required. A name of the certificate map entry to describe. Must be in the 656 // format `projects/*/locations/*/certificateMaps/*/certificateMapEntries/*`. 657 string name = 1 [ 658 (google.api.field_behavior) = REQUIRED, 659 (google.api.resource_reference) = { 660 type: "certificatemanager.googleapis.com/CertificateMapEntry" 661 } 662 ]; 663} 664 665// Request for the `CreateCertificateMapEntry` method. 666message CreateCertificateMapEntryRequest { 667 // Required. The parent resource of the certificate map entry. Must be in the 668 // format `projects/*/locations/*/certificateMaps/*`. 669 string parent = 1 [ 670 (google.api.field_behavior) = REQUIRED, 671 (google.api.resource_reference) = { 672 type: "certificatemanager.googleapis.com/CertificateMap" 673 } 674 ]; 675 676 // Required. A user-provided name of the certificate map entry. 677 string certificate_map_entry_id = 2 [(google.api.field_behavior) = REQUIRED]; 678 679 // Required. A definition of the certificate map entry to create. 680 CertificateMapEntry certificate_map_entry = 3 681 [(google.api.field_behavior) = REQUIRED]; 682} 683 684// Request for the `UpdateCertificateMapEntry` method. 685message UpdateCertificateMapEntryRequest { 686 // Required. A definition of the certificate map entry to create map entry. 687 CertificateMapEntry certificate_map_entry = 1 688 [(google.api.field_behavior) = REQUIRED]; 689 690 // Required. The update mask applies to the resource. For the `FieldMask` 691 // definition, see 692 // https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#fieldmask. 693 google.protobuf.FieldMask update_mask = 2 694 [(google.api.field_behavior) = REQUIRED]; 695} 696 697// Request for the `DeleteCertificateMapEntry` method. 698message DeleteCertificateMapEntryRequest { 699 // Required. A name of the certificate map entry to delete. Must be in the 700 // format `projects/*/locations/*/certificateMaps/*/certificateMapEntries/*`. 701 string name = 1 [ 702 (google.api.field_behavior) = REQUIRED, 703 (google.api.resource_reference) = { 704 type: "certificatemanager.googleapis.com/CertificateMapEntry" 705 } 706 ]; 707} 708 709// Request for the `ListDnsAuthorizations` method. 710message ListDnsAuthorizationsRequest { 711 // Required. The project and location from which the dns authorizations should 712 // be listed, specified in the format `projects/*/locations/*`. 713 string parent = 1 [ 714 (google.api.field_behavior) = REQUIRED, 715 (google.api.resource_reference) = { 716 type: "locations.googleapis.com/Location" 717 } 718 ]; 719 720 // Maximum number of dns authorizations to return per call. 721 int32 page_size = 2; 722 723 // The value returned by the last `ListDnsAuthorizationsResponse`. Indicates 724 // that this is a continuation of a prior `ListDnsAuthorizations` call, and 725 // that the system should return the next page of data. 726 string page_token = 3; 727 728 // Filter expression to restrict the Dns Authorizations returned. 729 string filter = 4; 730 731 // A list of Dns Authorization field names used to specify the order of the 732 // returned results. The default sorting order is ascending. To specify 733 // descending order for a field, add a suffix `" desc"`. 734 string order_by = 5; 735} 736 737// Response for the `ListDnsAuthorizations` method. 738message ListDnsAuthorizationsResponse { 739 // A list of dns authorizations for the parent resource. 740 repeated DnsAuthorization dns_authorizations = 1; 741 742 // If there might be more results than those appearing in this response, then 743 // `next_page_token` is included. To get the next set of results, call this 744 // method again using the value of `next_page_token` as `page_token`. 745 string next_page_token = 2; 746 747 // Locations that could not be reached. 748 repeated string unreachable = 3; 749} 750 751// Request for the `GetDnsAuthorization` method. 752message GetDnsAuthorizationRequest { 753 // Required. A name of the dns authorization to describe. Must be in the 754 // format `projects/*/locations/*/dnsAuthorizations/*`. 755 string name = 1 [ 756 (google.api.field_behavior) = REQUIRED, 757 (google.api.resource_reference) = { 758 type: "certificatemanager.googleapis.com/DnsAuthorization" 759 } 760 ]; 761} 762 763// Request for the `CreateDnsAuthorization` method. 764message CreateDnsAuthorizationRequest { 765 // Required. The parent resource of the dns authorization. Must be in the 766 // format `projects/*/locations/*`. 767 string parent = 1 [ 768 (google.api.field_behavior) = REQUIRED, 769 (google.api.resource_reference) = { 770 type: "locations.googleapis.com/Location" 771 } 772 ]; 773 774 // Required. A user-provided name of the dns authorization. 775 string dns_authorization_id = 2 [(google.api.field_behavior) = REQUIRED]; 776 777 // Required. A definition of the dns authorization to create. 778 DnsAuthorization dns_authorization = 3 779 [(google.api.field_behavior) = REQUIRED]; 780} 781 782// Request for the `UpdateDnsAuthorization` method. 783message UpdateDnsAuthorizationRequest { 784 // Required. A definition of the dns authorization to update. 785 DnsAuthorization dns_authorization = 1 786 [(google.api.field_behavior) = REQUIRED]; 787 788 // Required. The update mask applies to the resource. For the `FieldMask` 789 // definition, see 790 // https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#fieldmask. 791 google.protobuf.FieldMask update_mask = 2 792 [(google.api.field_behavior) = REQUIRED]; 793} 794 795// Request for the `DeleteDnsAuthorization` method. 796message DeleteDnsAuthorizationRequest { 797 // Required. A name of the dns authorization to delete. Must be in the format 798 // `projects/*/locations/*/dnsAuthorizations/*`. 799 string name = 1 [ 800 (google.api.field_behavior) = REQUIRED, 801 (google.api.resource_reference) = { 802 type: "certificatemanager.googleapis.com/DnsAuthorization" 803 } 804 ]; 805} 806 807// Represents the metadata of the long-running operation. Output only. 808message OperationMetadata { 809 // The time the operation was created. 810 google.protobuf.Timestamp create_time = 1; 811 812 // The time the operation finished running. 813 google.protobuf.Timestamp end_time = 2; 814 815 // Server-defined resource path for the target of the operation. 816 string target = 3; 817 818 // Name of the verb executed by the operation. 819 string verb = 4; 820 821 // Human-readable status of the operation, if any. 822 string status_message = 5; 823 824 // Identifies whether the user has requested cancellation 825 // of the operation. Operations that have successfully been cancelled 826 // have [Operation.error][] value with a 827 // [google.rpc.Status.code][google.rpc.Status.code] of 1, corresponding to 828 // `Code.CANCELLED`. 829 bool requested_cancellation = 6; 830 831 // API version used to start the operation. 832 string api_version = 7; 833} 834 835// Defines TLS certificate. 836message Certificate { 837 option (google.api.resource) = { 838 type: "certificatemanager.googleapis.com/Certificate" 839 pattern: "projects/{project}/locations/{location}/certificates/{certificate}" 840 }; 841 842 // Certificate data for a SelfManaged Certificate. 843 // SelfManaged Certificates are uploaded by the user. Updating such 844 // certificates before they expire remains the user's responsibility. 845 message SelfManagedCertificate { 846 // Input only. The PEM-encoded certificate chain. 847 // Leaf certificate comes first, followed by intermediate ones if any. 848 string pem_certificate = 1 [(google.api.field_behavior) = INPUT_ONLY]; 849 850 // Input only. The PEM-encoded private key of the leaf certificate. 851 string pem_private_key = 2 [(google.api.field_behavior) = INPUT_ONLY]; 852 } 853 854 // Configuration and state of a Managed Certificate. 855 // Certificate Manager provisions and renews Managed Certificates 856 // automatically, for as long as it's authorized to do so. 857 message ManagedCertificate { 858 // State of the managed certificate resource. 859 enum State { 860 // State is unspecified. 861 STATE_UNSPECIFIED = 0; 862 863 // Certificate Manager attempts to provision or renew the certificate. 864 // If the process takes longer than expected, consult the 865 // `provisioning_issue` field. 866 PROVISIONING = 1; 867 868 // Multiple certificate provisioning attempts failed and Certificate 869 // Manager gave up. To try again, delete and create a new managed 870 // Certificate resource. 871 // For details see the `provisioning_issue` field. 872 FAILED = 2; 873 874 // The certificate management is working, and a certificate has been 875 // provisioned. 876 ACTIVE = 3; 877 } 878 879 // Information about issues with provisioning a Managed Certificate. 880 message ProvisioningIssue { 881 // Reason for provisioning failures. 882 enum Reason { 883 // Reason is unspecified. 884 REASON_UNSPECIFIED = 0; 885 886 // Certificate provisioning failed due to an issue with one or more of 887 // the domains on the certificate. 888 // For details of which domains failed, consult the 889 // `authorization_attempt_info` field. 890 AUTHORIZATION_ISSUE = 1; 891 892 // Exceeded Certificate Authority quotas or internal rate limits of the 893 // system. Provisioning may take longer to complete. 894 RATE_LIMITED = 2; 895 } 896 897 // Output only. Reason for provisioning failures. 898 Reason reason = 1 [(google.api.field_behavior) = OUTPUT_ONLY]; 899 900 // Output only. Human readable explanation about the issue. Provided to 901 // help address the configuration issues. Not guaranteed to be stable. For 902 // programmatic access use Reason enum. 903 string details = 2 [(google.api.field_behavior) = OUTPUT_ONLY]; 904 } 905 906 // State of the latest attempt to authorize a domain for certificate 907 // issuance. 908 message AuthorizationAttemptInfo { 909 // State of the domain for managed certificate issuance. 910 enum State { 911 // State is unspecified. 912 STATE_UNSPECIFIED = 0; 913 914 // Certificate provisioning for this domain is under way. Google Cloud 915 // will attempt to authorize the domain. 916 AUTHORIZING = 1; 917 918 // A managed certificate can be provisioned, no issues for this domain. 919 AUTHORIZED = 6; 920 921 // Attempt to authorize the domain failed. This prevents the Managed 922 // Certificate from being issued. 923 // See `failure_reason` and `details` fields for more information. 924 FAILED = 7; 925 } 926 927 // Reason for failure of the authorization attempt for the domain. 928 enum FailureReason { 929 // FailureReason is unspecified. 930 FAILURE_REASON_UNSPECIFIED = 0; 931 932 // There was a problem with the user's DNS or load balancer 933 // configuration for this domain. 934 CONFIG = 1; 935 936 // Certificate issuance forbidden by an explicit CAA record for the 937 // domain or a failure to check CAA records for the domain. 938 CAA = 2; 939 940 // Reached a CA or internal rate-limit for the domain, 941 // e.g. for certificates per top-level private domain. 942 RATE_LIMITED = 3; 943 } 944 945 // Domain name of the authorization attempt. 946 string domain = 1; 947 948 // Output only. State of the domain for managed certificate issuance. 949 State state = 2 [(google.api.field_behavior) = OUTPUT_ONLY]; 950 951 // Output only. Reason for failure of the authorization attempt for the 952 // domain. 953 FailureReason failure_reason = 3 954 [(google.api.field_behavior) = OUTPUT_ONLY]; 955 956 // Output only. Human readable explanation for reaching the state. 957 // Provided to help address the configuration issues. Not guaranteed to be 958 // stable. For programmatic access use FailureReason enum. 959 string details = 4 [(google.api.field_behavior) = OUTPUT_ONLY]; 960 } 961 962 // Immutable. The domains for which a managed SSL certificate will be 963 // generated. Wildcard domains are only supported with DNS challenge 964 // resolution. 965 repeated string domains = 1 [(google.api.field_behavior) = IMMUTABLE]; 966 967 // Immutable. Authorizations that will be used for performing domain 968 // authorization. 969 repeated string dns_authorizations = 2 [ 970 (google.api.field_behavior) = IMMUTABLE, 971 (google.api.resource_reference) = { 972 type: "certificatemanager.googleapis.com/DnsAuthorization" 973 } 974 ]; 975 976 // Immutable. The resource name for a 977 // [CertificateIssuanceConfig][google.cloud.certificatemanager.v1.CertificateIssuanceConfig] 978 // used to configure private PKI certificates in the format 979 // `projects/*/locations/*/certificateIssuanceConfigs/*`. 980 // If this field is not set, the certificates will instead be publicly 981 // signed as documented at 982 // https://cloud.google.com/load-balancing/docs/ssl-certificates/google-managed-certs#caa. 983 string issuance_config = 6 [ 984 (google.api.field_behavior) = IMMUTABLE, 985 (google.api.resource_reference) = { 986 type: "certificatemanager.googleapis.com/CertificateIssuanceConfig" 987 } 988 ]; 989 990 // Output only. State of the managed certificate resource. 991 State state = 4 [(google.api.field_behavior) = OUTPUT_ONLY]; 992 993 // Output only. Information about issues with provisioning a Managed 994 // Certificate. 995 ProvisioningIssue provisioning_issue = 3 996 [(google.api.field_behavior) = OUTPUT_ONLY]; 997 998 // Output only. Detailed state of the latest authorization attempt for each 999 // domain specified for managed certificate resource. 1000 repeated AuthorizationAttemptInfo authorization_attempt_info = 5 1001 [(google.api.field_behavior) = OUTPUT_ONLY]; 1002 } 1003 1004 // Certificate scope. 1005 enum Scope { 1006 // Certificates with default scope are served from core Google data centers. 1007 // If unsure, choose this option. 1008 DEFAULT = 0; 1009 1010 // Certificates with scope EDGE_CACHE are special-purposed certificates, 1011 // served from Edge Points of Presence. 1012 // See https://cloud.google.com/vpc/docs/edge-locations. 1013 EDGE_CACHE = 1; 1014 1015 // Certificates with ALL_REGIONS scope are served from all Google Cloud 1016 // regions. See https://cloud.google.com/compute/docs/regions-zones. 1017 ALL_REGIONS = 2; 1018 } 1019 1020 // A user-defined name of the certificate. Certificate names must be unique 1021 // globally and match pattern `projects/*/locations/*/certificates/*`. 1022 string name = 1; 1023 1024 // One or more paragraphs of text description of a certificate. 1025 string description = 8; 1026 1027 // Output only. The creation timestamp of a Certificate. 1028 google.protobuf.Timestamp create_time = 2 1029 [(google.api.field_behavior) = OUTPUT_ONLY]; 1030 1031 // Output only. The last update timestamp of a Certificate. 1032 google.protobuf.Timestamp update_time = 3 1033 [(google.api.field_behavior) = OUTPUT_ONLY]; 1034 1035 // Set of labels associated with a Certificate. 1036 map<string, string> labels = 4; 1037 1038 oneof type { 1039 // If set, defines data of a self-managed certificate. 1040 SelfManagedCertificate self_managed = 5; 1041 1042 // If set, contains configuration and state of a managed certificate. 1043 ManagedCertificate managed = 11; 1044 } 1045 1046 // Output only. The list of Subject Alternative Names of dnsName type defined 1047 // in the certificate (see RFC 5280 4.2.1.6). Managed certificates that 1048 // haven't been provisioned yet have this field populated with a value of the 1049 // managed.domains field. 1050 repeated string san_dnsnames = 6 [(google.api.field_behavior) = OUTPUT_ONLY]; 1051 1052 // Output only. The PEM-encoded certificate chain. 1053 string pem_certificate = 9 [(google.api.field_behavior) = OUTPUT_ONLY]; 1054 1055 // Output only. The expiry timestamp of a Certificate. 1056 google.protobuf.Timestamp expire_time = 7 1057 [(google.api.field_behavior) = OUTPUT_ONLY]; 1058 1059 // Immutable. The scope of the certificate. 1060 Scope scope = 12 [(google.api.field_behavior) = IMMUTABLE]; 1061} 1062 1063// Defines a collection of certificate configurations. 1064message CertificateMap { 1065 option (google.api.resource) = { 1066 type: "certificatemanager.googleapis.com/CertificateMap" 1067 pattern: "projects/{project}/locations/{location}/certificateMaps/{certificate_map}" 1068 }; 1069 1070 // Describes a Target Proxy that uses this Certificate Map. 1071 message GclbTarget { 1072 // Defines IP configuration where this Certificate Map is serving. 1073 message IpConfig { 1074 // Output only. An external IP address. 1075 string ip_address = 1 [(google.api.field_behavior) = OUTPUT_ONLY]; 1076 1077 // Output only. Ports. 1078 repeated uint32 ports = 3 [(google.api.field_behavior) = OUTPUT_ONLY]; 1079 } 1080 1081 // A Target Proxy to which this map is attached to. 1082 oneof target_proxy { 1083 // Output only. This field returns the resource name in the following 1084 // format: 1085 // `//compute.googleapis.com/projects/*/global/targetHttpsProxies/*`. 1086 string target_https_proxy = 1 [(google.api.field_behavior) = OUTPUT_ONLY]; 1087 1088 // Output only. This field returns the resource name in the following 1089 // format: 1090 // `//compute.googleapis.com/projects/*/global/targetSslProxies/*`. 1091 string target_ssl_proxy = 3 [(google.api.field_behavior) = OUTPUT_ONLY]; 1092 } 1093 1094 // Output only. IP configurations for this Target Proxy where the 1095 // Certificate Map is serving. 1096 repeated IpConfig ip_configs = 2 1097 [(google.api.field_behavior) = OUTPUT_ONLY]; 1098 } 1099 1100 // A user-defined name of the Certificate Map. Certificate Map names must be 1101 // unique globally and match pattern 1102 // `projects/*/locations/*/certificateMaps/*`. 1103 string name = 1; 1104 1105 // One or more paragraphs of text description of a certificate map. 1106 string description = 5; 1107 1108 // Output only. The creation timestamp of a Certificate Map. 1109 google.protobuf.Timestamp create_time = 2 1110 [(google.api.field_behavior) = OUTPUT_ONLY]; 1111 1112 // Output only. The update timestamp of a Certificate Map. 1113 google.protobuf.Timestamp update_time = 6 1114 [(google.api.field_behavior) = OUTPUT_ONLY]; 1115 1116 // Set of labels associated with a Certificate Map. 1117 map<string, string> labels = 3; 1118 1119 // Output only. A list of GCLB targets that use this Certificate Map. 1120 // A Target Proxy is only present on this list if it's attached to a 1121 // Forwarding Rule. 1122 repeated GclbTarget gclb_targets = 4 1123 [(google.api.field_behavior) = OUTPUT_ONLY]; 1124} 1125 1126// Defines a certificate map entry. 1127message CertificateMapEntry { 1128 option (google.api.resource) = { 1129 type: "certificatemanager.googleapis.com/CertificateMapEntry" 1130 pattern: "projects/{project}/locations/{location}/certificateMaps/{certificate_map}/certificateMapEntries/{certificate_map_entry}" 1131 }; 1132 1133 // Defines predefined cases other than SNI-hostname match when this 1134 // configuration should be applied. 1135 enum Matcher { 1136 // A matcher has't been recognized. 1137 MATCHER_UNSPECIFIED = 0; 1138 1139 // A primary certificate that is served when SNI wasn't specified in the 1140 // request or SNI couldn't be found in the map. 1141 PRIMARY = 1; 1142 } 1143 1144 // A user-defined name of the Certificate Map Entry. Certificate Map Entry 1145 // names must be unique globally and match pattern 1146 // `projects/*/locations/*/certificateMaps/*/certificateMapEntries/*`. 1147 string name = 1; 1148 1149 // One or more paragraphs of text description of a certificate map entry. 1150 string description = 9; 1151 1152 // Output only. The creation timestamp of a Certificate Map Entry. 1153 google.protobuf.Timestamp create_time = 2 1154 [(google.api.field_behavior) = OUTPUT_ONLY]; 1155 1156 // Output only. The update timestamp of a Certificate Map Entry. 1157 google.protobuf.Timestamp update_time = 3 1158 [(google.api.field_behavior) = OUTPUT_ONLY]; 1159 1160 // Set of labels associated with a Certificate Map Entry. 1161 map<string, string> labels = 4; 1162 1163 oneof match { 1164 // A Hostname (FQDN, e.g. `example.com`) or a wildcard hostname expression 1165 // (`*.example.com`) for a set of hostnames with common suffix. Used as 1166 // Server Name Indication (SNI) for selecting a proper certificate. 1167 string hostname = 5; 1168 1169 // A predefined matcher for particular cases, other than SNI selection. 1170 Matcher matcher = 10; 1171 } 1172 1173 // A set of Certificates defines for the given `hostname`. There can be 1174 // defined up to four certificates in each Certificate Map Entry. Each 1175 // certificate must match pattern `projects/*/locations/*/certificates/*`. 1176 repeated string certificates = 7 [(google.api.resource_reference) = { 1177 type: "certificatemanager.googleapis.com/Certificate" 1178 }]; 1179 1180 // Output only. A serving state of this Certificate Map Entry. 1181 ServingState state = 8 [(google.api.field_behavior) = OUTPUT_ONLY]; 1182} 1183 1184// A DnsAuthorization resource describes a way to perform domain authorization 1185// for certificate issuance. 1186message DnsAuthorization { 1187 option (google.api.resource) = { 1188 type: "certificatemanager.googleapis.com/DnsAuthorization" 1189 pattern: "projects/{project}/locations/{location}/dnsAuthorizations/{dns_authorization}" 1190 }; 1191 1192 // The structure describing the DNS Resource Record that needs to be added 1193 // to DNS configuration for the authorization to be usable by 1194 // certificate. 1195 message DnsResourceRecord { 1196 // Output only. Fully qualified name of the DNS Resource Record. 1197 // e.g. `_acme-challenge.example.com` 1198 string name = 1 [(google.api.field_behavior) = OUTPUT_ONLY]; 1199 1200 // Output only. Type of the DNS Resource Record. 1201 // Currently always set to "CNAME". 1202 string type = 2 [(google.api.field_behavior) = OUTPUT_ONLY]; 1203 1204 // Output only. Data of the DNS Resource Record. 1205 string data = 3 [(google.api.field_behavior) = OUTPUT_ONLY]; 1206 } 1207 1208 // DnsAuthorization type. 1209 enum Type { 1210 // Type is unspecified. 1211 TYPE_UNSPECIFIED = 0; 1212 1213 // FIXED_RECORD DNS authorization uses DNS-01 validation method. 1214 FIXED_RECORD = 1; 1215 1216 // PER_PROJECT_RECORD DNS authorization allows for independent management 1217 // of Google-managed certificates with DNS authorization across multiple 1218 // projects. 1219 PER_PROJECT_RECORD = 2; 1220 } 1221 1222 // A user-defined name of the dns authorization. DnsAuthorization names must 1223 // be unique globally and match pattern 1224 // `projects/*/locations/*/dnsAuthorizations/*`. 1225 string name = 1; 1226 1227 // Output only. The creation timestamp of a DnsAuthorization. 1228 google.protobuf.Timestamp create_time = 2 1229 [(google.api.field_behavior) = OUTPUT_ONLY]; 1230 1231 // Output only. The last update timestamp of a DnsAuthorization. 1232 google.protobuf.Timestamp update_time = 3 1233 [(google.api.field_behavior) = OUTPUT_ONLY]; 1234 1235 // Set of labels associated with a DnsAuthorization. 1236 map<string, string> labels = 4; 1237 1238 // One or more paragraphs of text description of a DnsAuthorization. 1239 string description = 5; 1240 1241 // Required. Immutable. A domain that is being authorized. A DnsAuthorization 1242 // resource covers a single domain and its wildcard, e.g. authorization for 1243 // `example.com` can be used to issue certificates for `example.com` and 1244 // `*.example.com`. 1245 string domain = 6 [ 1246 (google.api.field_behavior) = REQUIRED, 1247 (google.api.field_behavior) = IMMUTABLE 1248 ]; 1249 1250 // Output only. DNS Resource Record that needs to be added to DNS 1251 // configuration. 1252 DnsResourceRecord dns_resource_record = 10 1253 [(google.api.field_behavior) = OUTPUT_ONLY]; 1254 1255 // Immutable. Type of DnsAuthorization. If unset during resource creation the 1256 // following default will be used: 1257 // - in location global: FIXED_RECORD. 1258 Type type = 11 [(google.api.field_behavior) = IMMUTABLE]; 1259} 1260 1261// Defines set of serving states associated with a resource. 1262enum ServingState { 1263 // The status is undefined. 1264 SERVING_STATE_UNSPECIFIED = 0; 1265 1266 // The configuration is serving. 1267 ACTIVE = 1; 1268 1269 // Update is in progress. Some frontends may serve this configuration. 1270 PENDING = 2; 1271} 1272