def Args(parser):
resource_args.AddCertificateAuthorityPositionalResourceArg(
parser, 'to update')
flags.AddPublishCrlFlag(parser, use_update_help_text=True)
flags.AddPublishCaCertFlag(parser, use_update_help_text=True)
flags.AddCertificateAuthorityIssuancePolicyFlag(parser)
labels_util.AddUpdateLabelsFlags(parser)
def testParseIssuancePolicy(self):
flags.AddCertificateAuthorityIssuancePolicyFlag(self.parser)
policy_issuance_path = self.Resource(
'tests', 'unit', 'surface', 'privateca', 'test_data',
'issuance_policy_example_small.yaml')
args = self.parser.parse_args(
['--issuance-policy', policy_issuance_path])
issuance_policy = flags.ParseIssuancePolicy(args)
self.assertEqual(issuance_policy.maximumLifetime, '825d')
def Args(parser):
resource_args.AddCertificateAuthorityPositionalResourceArg(
parser, 'to update')
flags.AddPublishCrlFlag(parser, use_update_help_text=True)
flags.AddPublishCaCertFlag(parser, use_update_help_text=True)
base.Argument(
'--pem-chain',
required=False,
help='A file containing a list of PEM-encoded certificates that represent the issuing chain of this CA.'
).AddToParser(parser)
flags.AddCertificateAuthorityIssuancePolicyFlag(parser)
labels_util.AddUpdateLabelsFlags(parser)
def Args(parser):
reusable_config_group = parser.add_group(
mutex=True,
required=False,
help='The X.509 configuration used for the CA certificate.')
concept_parsers.ConceptParser([
presentation_specs.ResourcePresentationSpec(
'CERTIFICATE_AUTHORITY',
privateca_resource_args.CreateCertificateAuthorityResourceSpec(
'Certificate Authority'),
'The name of the root CA to create.',
required=True,
# We'll get these from the KMS key resource.
flag_name_overrides={
'location': '',
'project': '',
}),
presentation_specs.ResourcePresentationSpec(
'--kms-key-version',
kms_resource_args.GetKmsKeyVersionResourceSpec(),
'The KMS key version backing this CA.',
required=True),
presentation_specs.ResourcePresentationSpec(
'--reusable-config',
privateca_resource_args.CreateReusableConfigResourceSpec(
location_fallthrough=deps.Fallthrough(
function=lambda: '',
hint=('location will default to the same location as '
'the CA'),
active=False,
plural=False)),
'The Reusable Config containing X.509 values for this CA.',
flag_name_overrides={
'location': '',
'project': '',
},
group=reusable_config_group)
]).AddToParser(parser)
flags.AddSubjectFlags(parser, subject_required=True)
flags.AddPublishCaCertFlag(parser, use_update_help_text=False)
flags.AddPublishCrlFlag(parser, use_update_help_text=False)
flags.AddInlineReusableConfigFlags(reusable_config_group, is_ca=True)
flags.AddValidityFlag(parser,
resource_name='CA',
default_value='P10Y',
default_value_text='10 years')
flags.AddCertificateAuthorityIssuancePolicyFlag(parser)
labels_util.AddCreateLabelsFlags(parser)
def Args(parser):
key_spec_group = parser.add_group(
mutex=True,
help=
'The key configuration used for the CA certificate. Defaults to a '
'managed key if not specified.')
reusable_config_group = parser.add_group(
mutex=True,
required=False,
help='The X.509 configuration used for the CA certificate.')
issuer_configuration_group = parser.add_group(
mutex=True,
required=True,
help='The issuer configuration used for this CA certificate.')
concept_parsers.ConceptParser([
presentation_specs.ResourcePresentationSpec(
'CERTIFICATE_AUTHORITY',
resource_args.CreateCertificateAuthorityResourceSpec(
'Certificate Authority'),
'The name of the subordinate CA to create.',
required=True),
presentation_specs.ResourcePresentationSpec(
'--issuer',
resource_args.CreateCertificateAuthorityResourceSpec('Issuer'),
'The issuing certificate authority to use, if it is on Private CA.',
prefixes=True,
group=issuer_configuration_group),
presentation_specs.ResourcePresentationSpec(
'--kms-key-version',
resource_args.CreateKmsKeyVersionResourceSpec(),
'The KMS key version backing this CA.',
group=key_spec_group),
presentation_specs.ResourcePresentationSpec(
'--reusable-config',
resource_args.
CreateReusableConfigResourceSpec(location_fallthroughs=[
deps.Fallthrough(
function=lambda: '',
hint=(
'location will default to the same location as the '
'CA'),
active=False,
plural=False)
]),
'The Reusable Config containing X.509 values for this CA.',
flag_name_overrides={
'location': '',
'project': '',
},
group=reusable_config_group),
presentation_specs.ResourcePresentationSpec(
'--from-ca',
resource_args.CreateCertificateAuthorityResourceSpec(
'source CA'),
'An existing CA from which to copy configuration values for the '
'new CA. You can still override any of those values by explicitly '
'providing the appropriate flags.',
flag_name_overrides={'project': '--from-ca-project'},
prefixes=True)
]).AddToParser(parser)
flags.AddTierFlag(parser)
flags.AddSubjectFlags(parser, subject_required=False)
flags.AddPublishCaCertFlag(parser, use_update_help_text=False)
flags.AddPublishCrlFlag(parser, use_update_help_text=False)
flags.AddKeyAlgorithmFlag(key_spec_group,
default='rsa-pkcs1-2048-sha256')
flags.AddInlineReusableConfigFlags(reusable_config_group, is_ca=True)
flags.AddValidityFlag(parser,
resource_name='CA',
default_value='P3Y',
default_value_text='3 years')
flags.AddCertificateAuthorityIssuancePolicyFlag(parser)
labels_util.AddCreateLabelsFlags(parser)
flags.AddBucketFlag(parser)
offline_issuer_group = issuer_configuration_group.add_group(help=(
'If the issuing CA is not hosted on Private CA, you must provide '
'these settings:'))
base.Argument(
'--create-csr',
help=
('Indicates that a CSR should be generated which can be signed by '
'the issuing CA. This must be set if --issuer is not provided.'),
action='store_const',
const=True,
default=False,
required=True).AddToParser(offline_issuer_group)
base.Argument(
'--csr-output-file',
help=(
'The path where the resulting PEM-encoded CSR file should be '
'written.'),
required=True).AddToParser(offline_issuer_group)
def testParseIssuancePolicyMissingIsNone(self):
flags.AddCertificateAuthorityIssuancePolicyFlag(self.parser)
args = self.parser.parse_args([])
issuance_policy = flags.ParseIssuancePolicy(args)
self.assertIsNone(issuance_policy)
def Args(parser):
reusable_config_group = parser.add_group(
mutex=True,
required=False,
help='The X.509 configuration used for the CA certificate.')
issuer_configuration_group = parser.add_group(
mutex=True,
required=True,
help='The issuer configuration used for this CA certificate.')
concept_parsers.ConceptParser([
presentation_specs.ResourcePresentationSpec(
'CERTIFICATE_AUTHORITY',
privateca_resource_args.CreateCertificateAuthorityResourceSpec(
'Certificate Authority'),
'The name of the subordinate CA to create.',
required=True,
# We'll get these from the KMS key resource.
flag_name_overrides={
'location': '',
'project': '',
}),
presentation_specs.ResourcePresentationSpec(
'--issuer',
privateca_resource_args.CreateCertificateAuthorityResourceSpec(
'Issuer'),
'The issuing certificate authority to use, if it is on Private CA.',
prefixes=True,
group=issuer_configuration_group),
presentation_specs.ResourcePresentationSpec(
'--kms-key-version',
kms_resource_args.GetKmsKeyVersionResourceSpec(),
'The KMS key version backing this CA.',
required=True),
presentation_specs.ResourcePresentationSpec(
'--reusable-config',
privateca_resource_args.CreateReusableConfigResourceSpec(
location_fallthrough=deps.Fallthrough(
function=lambda: '',
hint=(
'location will default to the same location as the '
'CA'),
active=False,
plural=False)),
'The Reusable Config containing X.509 values for this CA.',
flag_name_overrides={
'location': '',
'project': '',
},
group=reusable_config_group)
]).AddToParser(parser)
flags.AddSubjectFlags(parser, subject_required=True)
flags.AddPublishCaCertFlag(parser, use_update_help_text=False)
flags.AddPublishCrlFlag(parser, use_update_help_text=False)
flags.AddInlineReusableConfigFlags(reusable_config_group, is_ca=True)
flags.AddValidityFlag(parser,
resource_name='CA',
default_value='P10Y',
default_value_text='10 years')
flags.AddCertificateAuthorityIssuancePolicyFlag(parser)
labels_util.AddCreateLabelsFlags(parser)
offline_issuer_group = issuer_configuration_group.add_group(help=(
'If the issuing CA is not hosted on Private CA, you must provide '
'these settings:'))
base.Argument(
'--create-csr',
help=
('Indicates that a CSR should be generated which can be signed by '
'the issuing CA. This must be set if --issuer is not provided.'),
action='store_const',
const=True,
default=False,
required=True).AddToParser(offline_issuer_group)
base.Argument(
'--csr-output-file',
help=(
'The path where the resulting PEM-encoded CSR file should be '
'written.'),
required=True).AddToParser(offline_issuer_group)
def Args(parser):
key_spec_group = parser.add_group(
mutex=True,
help='The key configuration used for the CA certificate. Defaults to a '
'managed key if not specified.')
reusable_config_group = parser.add_group(
mutex=True,
required=False,
help='The X.509 configuration used for the CA certificate.')
concept_parsers.ConceptParser([
presentation_specs.ResourcePresentationSpec(
'CERTIFICATE_AUTHORITY',
resource_args.CreateCertificateAuthorityResourceSpec(
'Certificate Authority'),
'The name of the root CA to create.',
required=True),
presentation_specs.ResourcePresentationSpec(
'--kms-key-version',
resource_args.CreateKmsKeyVersionResourceSpec(),
'An existing KMS key version to back this CA.',
group=key_spec_group),
presentation_specs.ResourcePresentationSpec(
'--reusable-config',
resource_args.CreateReusableConfigResourceSpec(
location_fallthroughs=[
deps.Fallthrough(
function=lambda: '',
hint=('location will default to the same location as '
'the CA'),
active=False,
plural=False)
]),
'The Reusable Config containing X.509 values for this CA.',
flag_name_overrides={
'location': '',
'project': '',
},
group=reusable_config_group),
presentation_specs.ResourcePresentationSpec(
'--from-ca',
resource_args.CreateCertificateAuthorityResourceSpec('source CA'),
'An existing CA from which to copy configuration values for the new CA. '
'You can still override any of those values by explicitly providing '
'the appropriate flags.',
flag_name_overrides={'project': '--from-ca-project'},
prefixes=True)
]).AddToParser(parser)
flags.AddSubjectFlags(parser, subject_required=False)
flags.AddKeyAlgorithmFlag(key_spec_group, default='rsa-pkcs1-4096-sha256')
flags.AddValidityFlag(
parser,
resource_name='CA',
default_value='P10Y',
default_value_text='10 years')
labels_util.AddCreateLabelsFlags(parser)
flags.AddBucketFlag(parser)
flags.AddTierFlag(parser)
flags.AddPublishCaCertFlag(parser, use_update_help_text=False)
flags.AddPublishCrlFlag(parser, use_update_help_text=False)
flags.AddCertificateAuthorityIssuancePolicyFlag(parser)
flags.AddInlineReusableConfigFlags(
reusable_config_group,
is_ca_command=True,
default_max_chain_length=None)
