def Run(self, args): new_ca, ca_ref, _ = create_utils.CreateCAFromArgs( args, is_subordinate=False) project_ref = ca_ref.Parent().Parent() key_version_ref = args.CONCEPTS.kms_key_version.Parse() kms_key_ref = key_version_ref.Parent() if key_version_ref else None iam.CheckCreateCertificateAuthorityPermissions(project_ref, kms_key_ref) bucket_ref = None if args.IsSpecified('bucket'): bucket_ref = storage.ValidateBucketForCertificateAuthority(args.bucket) new_ca.gcsBucket = bucket_ref.bucket p4sa_email = p4sa.GetOrCreate(project_ref) p4sa.AddResourceRoleBindings(p4sa_email, kms_key_ref, bucket_ref) create_utils.PrintBetaResourceDeletionDisclaimer('certificate authorities') operation = self.client.projects_locations_certificateAuthorities.Create( self.messages .PrivatecaProjectsLocationsCertificateAuthoritiesCreateRequest( certificateAuthority=new_ca, certificateAuthorityId=ca_ref.Name(), parent=ca_ref.Parent().RelativeName(), requestId=request_utils.GenerateRequestId())) ca_response = operations.Await(operation, 'Creating Certificate Authority.') ca = operations.GetMessageFromResponse(ca_response, self.messages.CertificateAuthority) log.status.Print('Created Certificate Authority [{}].'.format(ca.name))
def Run(self, args): new_ca, ca_ref, issuer_ref = create_utils.CreateCAFromArgs( args, is_subordinate=True) project_ref = ca_ref.Parent().Parent() key_version_ref = args.CONCEPTS.kms_key_version.Parse() kms_key_ref = key_version_ref.Parent() if key_version_ref else None iam.CheckCreateCertificateAuthorityPermissions(project_ref, kms_key_ref) if issuer_ref: iam.CheckCreateCertificatePermissions(issuer_ref) # Pro-actively look for issuing CA issues to avoid downstream issues. create_utils.ValidateIssuingCA(issuer_ref.RelativeName()) bucket_ref = None if args.IsSpecified('bucket'): bucket_ref = storage.ValidateBucketForCertificateAuthority( args.bucket) new_ca.gcsBucket = bucket_ref.bucket p4sa_email = p4sa.GetOrCreate(project_ref) p4sa.AddResourceRoleBindings(p4sa_email, kms_key_ref, bucket_ref) create_utils.PrintBetaResourceDeletionDisclaimer( 'certificate authorities') operations.Await( self.client.projects_locations_certificateAuthorities.Create( self.messages. PrivatecaProjectsLocationsCertificateAuthoritiesCreateRequest( certificateAuthority=new_ca, certificateAuthorityId=ca_ref.Name(), parent=ca_ref.Parent().RelativeName(), requestId=request_utils.GenerateRequestId())), 'Creating Certificate Authority.') csr_response = self.client.projects_locations_certificateAuthorities.Fetch( self.messages. PrivatecaProjectsLocationsCertificateAuthoritiesFetchRequest( name=ca_ref.RelativeName())) csr = csr_response.pemCsr if args.create_csr: files.WriteFileContents(args.csr_output_file, csr) log.status.Print( "Created Certificate Authority [{}] and saved CSR to '{}'.". format(ca_ref.RelativeName(), args.csr_output_file)) return if issuer_ref: ca_certificate = self._SignCsr(issuer_ref, csr, new_ca.lifetime) self._ActivateCertificateAuthority(ca_ref, ca_certificate.pemCertificate, issuer_ref) log.status.Print('Created Certificate Authority [{}].'.format( ca_ref.RelativeName())) return
def Run(self, args): self.client = privateca_base.GetClientInstance() self.messages = privateca_base.GetMessagesModule() cert_ref = args.CONCEPTS.certificate.Parse() issuing_ca = self._GetIssuingCa(cert_ref.Parent().RelativeName()) if issuing_ca.tier == self.messages.CertificateAuthority.TierValueValuesEnum.DEVOPS: CreateBeta._ValidateArgsForDevOpsIssuer(args) labels = labels_util.ParseCreateArgs( args, self.messages.Certificate.LabelsValue) request = self.messages.PrivatecaProjectsLocationsCertificateAuthoritiesCertificatesCreateRequest( ) request.certificate = self.messages.Certificate() request.certificateId = cert_ref.Name() request.certificate.lifetime = flags.ParseValidityFlag(args) request.certificate.labels = labels request.parent = cert_ref.Parent().RelativeName() request.requestId = request_utils.GenerateRequestId() # TODO(b/12345): only show this for Enterprise certs. create_utils.PrintBetaResourceDeletionDisclaimer('certificates') if args.csr: request.certificate.pemCsr = _ReadCsr(args.csr) elif args.generate_key: request.certificate.config = self._GenerateCertificateConfig( request, args, cert_ref.locationsId) else: # This should not happen because of the required arg group, but protects # in case of future additions. raise exceptions.OneOfArgumentsRequiredException( ['--csr', '--generate-key'], ('To create a certificate, please specify either a CSR or the ' '--generate-key flag to create a new key.')) certificate = self.client.projects_locations_certificateAuthorities_certificates.Create( request) status_message = 'Created Certificate' # DevOps certs won't have a name. if certificate.name: status_message += ' [{}]'.format(certificate.name) if args.IsSpecified('cert_output_file'): status_message += ' and saved it to [{}]'.format( args.cert_output_file) _WritePemChain(certificate.pemCertificate, certificate.pemCertificateChain, args.cert_output_file) status_message += '.' log.status.Print(status_message)