def Run(self, args):
new_ca, ca_ref, _ = create_utils.CreateCAFromArgs(
args, is_subordinate=False)
project_ref = ca_ref.Parent().Parent()
key_version_ref = args.CONCEPTS.kms_key_version.Parse()
kms_key_ref = key_version_ref.Parent() if key_version_ref else None
iam.CheckCreateCertificateAuthorityPermissions(project_ref, kms_key_ref)
bucket_ref = None
if args.IsSpecified('bucket'):
bucket_ref = storage.ValidateBucketForCertificateAuthority(args.bucket)
new_ca.gcsBucket = bucket_ref.bucket
p4sa_email = p4sa.GetOrCreate(project_ref)
p4sa.AddResourceRoleBindings(p4sa_email, kms_key_ref, bucket_ref)
create_utils.PrintBetaResourceDeletionDisclaimer('certificate authorities')
operation = self.client.projects_locations_certificateAuthorities.Create(
self.messages
.PrivatecaProjectsLocationsCertificateAuthoritiesCreateRequest(
certificateAuthority=new_ca,
certificateAuthorityId=ca_ref.Name(),
parent=ca_ref.Parent().RelativeName(),
requestId=request_utils.GenerateRequestId()))
ca_response = operations.Await(operation, 'Creating Certificate Authority.')
ca = operations.GetMessageFromResponse(ca_response,
self.messages.CertificateAuthority)
log.status.Print('Created Certificate Authority [{}].'.format(ca.name))
def Run(self, args):
new_ca, ca_ref, issuer_ref = create_utils.CreateCAFromArgs(
args, is_subordinate=True)
project_ref = ca_ref.Parent().Parent()
key_version_ref = args.CONCEPTS.kms_key_version.Parse()
kms_key_ref = key_version_ref.Parent() if key_version_ref else None
iam.CheckCreateCertificateAuthorityPermissions(project_ref,
kms_key_ref)
if issuer_ref:
iam.CheckCreateCertificatePermissions(issuer_ref)
# Pro-actively look for issuing CA issues to avoid downstream issues.
create_utils.ValidateIssuingCA(issuer_ref.RelativeName())
bucket_ref = None
if args.IsSpecified('bucket'):
bucket_ref = storage.ValidateBucketForCertificateAuthority(
args.bucket)
new_ca.gcsBucket = bucket_ref.bucket
p4sa_email = p4sa.GetOrCreate(project_ref)
p4sa.AddResourceRoleBindings(p4sa_email, kms_key_ref, bucket_ref)
create_utils.PrintBetaResourceDeletionDisclaimer(
'certificate authorities')
operations.Await(
self.client.projects_locations_certificateAuthorities.Create(
self.messages.
PrivatecaProjectsLocationsCertificateAuthoritiesCreateRequest(
certificateAuthority=new_ca,
certificateAuthorityId=ca_ref.Name(),
parent=ca_ref.Parent().RelativeName(),
requestId=request_utils.GenerateRequestId())),
'Creating Certificate Authority.')
csr_response = self.client.projects_locations_certificateAuthorities.Fetch(
self.messages.
PrivatecaProjectsLocationsCertificateAuthoritiesFetchRequest(
name=ca_ref.RelativeName()))
csr = csr_response.pemCsr
if args.create_csr:
files.WriteFileContents(args.csr_output_file, csr)
log.status.Print(
"Created Certificate Authority [{}] and saved CSR to '{}'.".
format(ca_ref.RelativeName(), args.csr_output_file))
return
if issuer_ref:
ca_certificate = self._SignCsr(issuer_ref, csr, new_ca.lifetime)
self._ActivateCertificateAuthority(ca_ref,
ca_certificate.pemCertificate,
issuer_ref)
log.status.Print('Created Certificate Authority [{}].'.format(
ca_ref.RelativeName()))
return
def Run(self, args):
self.client = privateca_base.GetClientInstance()
self.messages = privateca_base.GetMessagesModule()
cert_ref = args.CONCEPTS.certificate.Parse()
issuing_ca = self._GetIssuingCa(cert_ref.Parent().RelativeName())
if issuing_ca.tier == self.messages.CertificateAuthority.TierValueValuesEnum.DEVOPS:
CreateBeta._ValidateArgsForDevOpsIssuer(args)
labels = labels_util.ParseCreateArgs(
args, self.messages.Certificate.LabelsValue)
request = self.messages.PrivatecaProjectsLocationsCertificateAuthoritiesCertificatesCreateRequest(
)
request.certificate = self.messages.Certificate()
request.certificateId = cert_ref.Name()
request.certificate.lifetime = flags.ParseValidityFlag(args)
request.certificate.labels = labels
request.parent = cert_ref.Parent().RelativeName()
request.requestId = request_utils.GenerateRequestId()
# TODO(b/12345): only show this for Enterprise certs.
create_utils.PrintBetaResourceDeletionDisclaimer('certificates')
if args.csr:
request.certificate.pemCsr = _ReadCsr(args.csr)
elif args.generate_key:
request.certificate.config = self._GenerateCertificateConfig(
request, args, cert_ref.locationsId)
else:
# This should not happen because of the required arg group, but protects
# in case of future additions.
raise exceptions.OneOfArgumentsRequiredException(
['--csr', '--generate-key'],
('To create a certificate, please specify either a CSR or the '
'--generate-key flag to create a new key.'))
certificate = self.client.projects_locations_certificateAuthorities_certificates.Create(
request)
status_message = 'Created Certificate'
# DevOps certs won't have a name.
if certificate.name:
status_message += ' [{}]'.format(certificate.name)
if args.IsSpecified('cert_output_file'):
status_message += ' and saved it to [{}]'.format(
args.cert_output_file)
_WritePemChain(certificate.pemCertificate,
certificate.pemCertificateChain,
args.cert_output_file)
status_message += '.'
log.status.Print(status_message)