def Run(self, args): client = privateca_base.GetClientInstance() messages = privateca_base.GetMessagesModule() ca_ref = args.CONCEPTS.certificate_authority.Parse() current_ca = client.projects_locations_certificateAuthorities.Get( messages. PrivatecaProjectsLocationsCertificateAuthoritiesGetRequest( name=ca_ref.RelativeName())) resource_args.CheckExpectedCAType( messages.CertificateAuthority.TypeValueValuesEnum.SUBORDINATE, current_ca) operation = client.projects_locations_certificateAuthorities.Restore( messages. PrivatecaProjectsLocationsCertificateAuthoritiesRestoreRequest( name=ca_ref.RelativeName(), restoreCertificateAuthorityRequest=messages. RestoreCertificateAuthorityRequest( requestId=request_utils.GenerateRequestId()))) operations.Await(operation, 'Restoring Subordinate CA') log.status.Print('Restored Subordinate CA [{}].'.format( ca_ref.RelativeName()))
def Run(self, args): client = privateca_base.GetClientInstance(api_version='v1') messages = privateca_base.GetMessagesModule(api_version='v1') ca_ref = args.CONCEPTS.certificate_authority.Parse() current_ca = client.projects_locations_caPools_certificateAuthorities.Get( messages. PrivatecaProjectsLocationsCaPoolsCertificateAuthoritiesGetRequest( name=ca_ref.RelativeName())) resource_args.CheckExpectedCAType( messages.CertificateAuthority.TypeValueValuesEnum.SELF_SIGNED, current_ca, version='v1') operation = client.projects_locations_caPools_certificateAuthorities.Undelete( messages. PrivatecaProjectsLocationsCaPoolsCertificateAuthoritiesUndeleteRequest( name=ca_ref.RelativeName(), undeleteCertificateAuthorityRequest=messages. UndeleteCertificateAuthorityRequest( requestId=request_utils.GenerateRequestId()))) operations.Await(operation, 'Undeleting Root CA', api_version='v1') log.status.Print('Undeleted Root CA [{}].'.format( ca_ref.RelativeName()))
def CheckResponseRootTypeHookVersioned(response, unused_args): resource_args.CheckExpectedCAType( base.GetMessagesModule(api_version=version).CertificateAuthority. TypeValueValuesEnum.SELF_SIGNED, response, version=version) return response
def Run(self, args): client = privateca_base.GetClientInstance() messages = privateca_base.GetMessagesModule() ca_ref = args.CONCEPTS.certificate_authority.Parse() current_ca = client.projects_locations_certificateAuthorities.Get( messages. PrivatecaProjectsLocationsCertificateAuthoritiesGetRequest( name=ca_ref.RelativeName())) resource_args.CheckExpectedCAType( messages.CertificateAuthority.TypeValueValuesEnum.SELF_SIGNED, current_ca) ca_to_update, update_mask = update_utils.UpdateCAFromArgs( args, current_ca.labels) operation = client.projects_locations_certificateAuthorities.Patch( messages. PrivatecaProjectsLocationsCertificateAuthoritiesPatchRequest( name=ca_ref.RelativeName(), certificateAuthority=ca_to_update, updateMask=','.join(update_mask), requestId=request_utils.GenerateRequestId())) return operations.Await(operation, 'Updating Root CA.')
def Run(self, args): client = privateca_base.GetClientInstance() messages = privateca_base.GetMessagesModule() ca_ref = args.CONCEPTS.certificate_authority.Parse() if not console_io.PromptContinue( message='You are about to delete Certificate Authority [{}]'. format(ca_ref.RelativeName()), default=True): log.status.Print('Aborted by user.') return current_ca = client.projects_locations_certificateAuthorities.Get( messages. PrivatecaProjectsLocationsCertificateAuthoritiesGetRequest( name=ca_ref.RelativeName())) resource_args.CheckExpectedCAType( messages.CertificateAuthority.TypeValueValuesEnum.SELF_SIGNED, current_ca) operation = client.projects_locations_certificateAuthorities.Delete( messages. PrivatecaProjectsLocationsCertificateAuthoritiesDeleteRequest( name=ca_ref.RelativeName(), requestId=request_utils.GenerateRequestId())) operations.Await(operation, 'Deleting Root CA') log.status.Print('Deleted Root CA [{}].'.format(ca_ref.RelativeName()))
def Run(self, args): client = privateca_base.GetClientInstance(api_version='v1') messages = privateca_base.GetMessagesModule(api_version='v1') ca_ref = args.CONCEPTS.certificate_authority.Parse() ca_name = ca_ref.RelativeName() current_ca = client.projects_locations_caPools_certificateAuthorities.Get( messages. PrivatecaProjectsLocationsCaPoolsCertificateAuthoritiesGetRequest( name=ca_name)) resource_args.CheckExpectedCAType( messages.CertificateAuthority.TypeValueValuesEnum.SUBORDINATE, current_ca, version='v1') ca_to_update, update_mask = update_utils_v1.UpdateCAFromArgs( args, current_ca.labels) # Patch is the gcloud client lib method to update a CA. operation = client.projects_locations_caPools_certificateAuthorities.Patch( messages. PrivatecaProjectsLocationsCaPoolsCertificateAuthoritiesPatchRequest( name=ca_name, certificateAuthority=ca_to_update, updateMask=','.join(update_mask), requestId=request_utils.GenerateRequestId())) return operations.Await(operation, 'Updating Subordinate CA.', api_version='v1')
def CheckResponseSubordinateTypeHookVersioned(response, unused_args): resource_args.CheckExpectedCAType( base.GetMessagesModule(api_version=version).CertificateAuthority. TypeValueValuesEnum.SUBORDINATE, response, version=version) return response
def _CheckRequestTypeHook(resource_ref, expected_type, version='v1beta1'): """Do a get on a CA resource and check its type against expected_type.""" client = base.GetClientInstance(api_version=version) messages = base.GetMessagesModule(api_version=version) certificate_authority = client.projects_locations_certificateAuthorities.Get( messages.PrivatecaProjectsLocationsCertificateAuthoritiesGetRequest( name=resource_ref.RelativeName())) resource_args.CheckExpectedCAType(expected_type, certificate_authority)
def Run(self, args): client = privateca_base.GetClientInstance() messages = privateca_base.GetMessagesModule() ca_ref = args.CONCEPTS.certificate_authority.Parse() if not console_io.PromptContinue( message= 'You are about to schedule Certificate Authority [{}] for deletion in 30 days' .format(ca_ref.RelativeName()), default=True): log.status.Print('Aborted by user.') return current_ca = client.projects_locations_certificateAuthorities.Get( messages. PrivatecaProjectsLocationsCertificateAuthoritiesGetRequest( name=ca_ref.RelativeName())) resource_args.CheckExpectedCAType( messages.CertificateAuthority.TypeValueValuesEnum.SUBORDINATE, current_ca) operation = client.projects_locations_certificateAuthorities.ScheduleDelete( messages. PrivatecaProjectsLocationsCertificateAuthoritiesScheduleDeleteRequest( name=ca_ref.RelativeName(), scheduleDeleteCertificateAuthorityRequest=messages. ScheduleDeleteCertificateAuthorityRequest( ignoreActiveCertificates=args.ignore_active_certificates, requestId=request_utils.GenerateRequestId()))) ca_response = operations.Await( operation, 'Scheduling Subordinate CA for deletion') ca = operations.GetMessageFromResponse(ca_response, messages.CertificateAuthority) formatted_deletion_time = times.ParseDateTime( ca.deleteTime).astimezone(tz.tzutc()).strftime('%Y-%m-%dT%H:%MZ') log.status.Print( 'Scheduled Subordinate CA [{}] for deletion at {}.'.format( ca_ref.RelativeName(), formatted_deletion_time))
def Run(self, args): client = privateca_base.GetClientInstance(api_version='v1') messages = privateca_base.GetMessagesModule(api_version='v1') ca_ref = args.CONCEPTS.certificate_authority.Parse() ca_name = ca_ref.RelativeName() if args.skip_grace_period: prompt_message = ( 'You are about to delete Certificate Authority [{}] as ' 'soon as possible without a 30-day grace period where ' 'undeletion would have been allowed. If you proceed, there ' 'will be no way to recover this CA.').format( ca_ref.RelativeName()) else: prompt_message = ( 'You are about to delete Certificate Authority [{}]').format( ca_ref.RelativeName()) if not console_io.PromptContinue(message=prompt_message, default=True): log.status.Print('Aborted by user.') return current_ca = client.projects_locations_caPools_certificateAuthorities.Get( messages. PrivatecaProjectsLocationsCaPoolsCertificateAuthoritiesGetRequest( name=ca_name)) resource_args.CheckExpectedCAType( messages.CertificateAuthority.TypeValueValuesEnum.SUBORDINATE, current_ca, version='v1') operation = client.projects_locations_caPools_certificateAuthorities.Delete( messages. PrivatecaProjectsLocationsCaPoolsCertificateAuthoritiesDeleteRequest( name=ca_name, ignoreActiveCertificates=args.ignore_active_certificates, skipGracePeriod=args.skip_grace_period, requestId=request_utils.GenerateRequestId())) try: ca_response = operations.Await(operation, 'Deleting Subordinate CA', api_version='v1') except waiter.OperationError as e: # API error message refers to the proto field name which is slightly # different from the gcloud flag name. raise operations.OperationError( six.text_type(e).replace( '`ignore_active_certificates` parameter', '`--ignore-active-certificates` flag')) ca = operations.GetMessageFromResponse(ca_response, messages.CertificateAuthority) formatted_expire_time = times.ParseDateTime(ca.expireTime).astimezone( tz.tzutc()).strftime('%Y-%m-%dT%H:%MZ') if current_ca.state == messages.CertificateAuthority.StateValueValuesEnum.AWAITING_USER_ACTIVATION: log.status.Print( 'Deleted Subordinate CA [{}]. This CA was never activated and cannot be recovered using `subordinates undelete`.' .format(ca_name)) elif args.skip_grace_period: log.status.Print( 'Deleted Subordinate CA [{}]. CA can not be undeleted.'.format( ca_name)) else: log.status.Print( 'Deleted Subordinate CA [{}]. CA can be undeleted until {}.'. format(ca_name, formatted_expire_time))
def CheckResponseRootTypeHook(response, unused_args): """Raises an exception if the response is not a root ca.""" resource_args.CheckExpectedCAType( base.GetMessagesModule().CertificateAuthority.TypeValueValuesEnum. SELF_SIGNED, response) return response
def CheckResponseSubordinateTypeHook(response, unused_args): """Raises an exception if the response is not a subordinate ca.""" resource_args.CheckExpectedCAType( base.GetMessagesModule().CertificateAuthority.TypeValueValuesEnum. SUBORDINATE, response) return response