def Run(self, args):
client = privateca_base.GetClientInstance()
messages = privateca_base.GetMessagesModule()
ca_ref = args.CONCEPTS.certificate_authority.Parse()
current_ca = client.projects_locations_certificateAuthorities.Get(
messages.
PrivatecaProjectsLocationsCertificateAuthoritiesGetRequest(
name=ca_ref.RelativeName()))
resource_args.CheckExpectedCAType(
messages.CertificateAuthority.TypeValueValuesEnum.SUBORDINATE,
current_ca)
operation = client.projects_locations_certificateAuthorities.Restore(
messages.
PrivatecaProjectsLocationsCertificateAuthoritiesRestoreRequest(
name=ca_ref.RelativeName(),
restoreCertificateAuthorityRequest=messages.
RestoreCertificateAuthorityRequest(
requestId=request_utils.GenerateRequestId())))
operations.Await(operation, 'Restoring Subordinate CA')
log.status.Print('Restored Subordinate CA [{}].'.format(
ca_ref.RelativeName()))
def Run(self, args):
client = privateca_base.GetClientInstance(api_version='v1')
messages = privateca_base.GetMessagesModule(api_version='v1')
ca_ref = args.CONCEPTS.certificate_authority.Parse()
current_ca = client.projects_locations_caPools_certificateAuthorities.Get(
messages.
PrivatecaProjectsLocationsCaPoolsCertificateAuthoritiesGetRequest(
name=ca_ref.RelativeName()))
resource_args.CheckExpectedCAType(
messages.CertificateAuthority.TypeValueValuesEnum.SELF_SIGNED,
current_ca,
version='v1')
operation = client.projects_locations_caPools_certificateAuthorities.Undelete(
messages.
PrivatecaProjectsLocationsCaPoolsCertificateAuthoritiesUndeleteRequest(
name=ca_ref.RelativeName(),
undeleteCertificateAuthorityRequest=messages.
UndeleteCertificateAuthorityRequest(
requestId=request_utils.GenerateRequestId())))
operations.Await(operation, 'Undeleting Root CA', api_version='v1')
log.status.Print('Undeleted Root CA [{}].'.format(
ca_ref.RelativeName()))
def CheckResponseRootTypeHookVersioned(response, unused_args):
resource_args.CheckExpectedCAType(
base.GetMessagesModule(api_version=version).CertificateAuthority.
TypeValueValuesEnum.SELF_SIGNED,
response,
version=version)
return response
def Run(self, args):
client = privateca_base.GetClientInstance()
messages = privateca_base.GetMessagesModule()
ca_ref = args.CONCEPTS.certificate_authority.Parse()
current_ca = client.projects_locations_certificateAuthorities.Get(
messages.
PrivatecaProjectsLocationsCertificateAuthoritiesGetRequest(
name=ca_ref.RelativeName()))
resource_args.CheckExpectedCAType(
messages.CertificateAuthority.TypeValueValuesEnum.SELF_SIGNED,
current_ca)
ca_to_update, update_mask = update_utils.UpdateCAFromArgs(
args, current_ca.labels)
operation = client.projects_locations_certificateAuthorities.Patch(
messages.
PrivatecaProjectsLocationsCertificateAuthoritiesPatchRequest(
name=ca_ref.RelativeName(),
certificateAuthority=ca_to_update,
updateMask=','.join(update_mask),
requestId=request_utils.GenerateRequestId()))
return operations.Await(operation, 'Updating Root CA.')
def Run(self, args):
client = privateca_base.GetClientInstance()
messages = privateca_base.GetMessagesModule()
ca_ref = args.CONCEPTS.certificate_authority.Parse()
if not console_io.PromptContinue(
message='You are about to delete Certificate Authority [{}]'.
format(ca_ref.RelativeName()),
default=True):
log.status.Print('Aborted by user.')
return
current_ca = client.projects_locations_certificateAuthorities.Get(
messages.
PrivatecaProjectsLocationsCertificateAuthoritiesGetRequest(
name=ca_ref.RelativeName()))
resource_args.CheckExpectedCAType(
messages.CertificateAuthority.TypeValueValuesEnum.SELF_SIGNED,
current_ca)
operation = client.projects_locations_certificateAuthorities.Delete(
messages.
PrivatecaProjectsLocationsCertificateAuthoritiesDeleteRequest(
name=ca_ref.RelativeName(),
requestId=request_utils.GenerateRequestId()))
operations.Await(operation, 'Deleting Root CA')
log.status.Print('Deleted Root CA [{}].'.format(ca_ref.RelativeName()))
def Run(self, args):
client = privateca_base.GetClientInstance(api_version='v1')
messages = privateca_base.GetMessagesModule(api_version='v1')
ca_ref = args.CONCEPTS.certificate_authority.Parse()
ca_name = ca_ref.RelativeName()
current_ca = client.projects_locations_caPools_certificateAuthorities.Get(
messages.
PrivatecaProjectsLocationsCaPoolsCertificateAuthoritiesGetRequest(
name=ca_name))
resource_args.CheckExpectedCAType(
messages.CertificateAuthority.TypeValueValuesEnum.SUBORDINATE,
current_ca,
version='v1')
ca_to_update, update_mask = update_utils_v1.UpdateCAFromArgs(
args, current_ca.labels)
# Patch is the gcloud client lib method to update a CA.
operation = client.projects_locations_caPools_certificateAuthorities.Patch(
messages.
PrivatecaProjectsLocationsCaPoolsCertificateAuthoritiesPatchRequest(
name=ca_name,
certificateAuthority=ca_to_update,
updateMask=','.join(update_mask),
requestId=request_utils.GenerateRequestId()))
return operations.Await(operation,
'Updating Subordinate CA.',
api_version='v1')
def CheckResponseSubordinateTypeHookVersioned(response, unused_args):
resource_args.CheckExpectedCAType(
base.GetMessagesModule(api_version=version).CertificateAuthority.
TypeValueValuesEnum.SUBORDINATE,
response,
version=version)
return response
def _CheckRequestTypeHook(resource_ref, expected_type, version='v1beta1'):
"""Do a get on a CA resource and check its type against expected_type."""
client = base.GetClientInstance(api_version=version)
messages = base.GetMessagesModule(api_version=version)
certificate_authority = client.projects_locations_certificateAuthorities.Get(
messages.PrivatecaProjectsLocationsCertificateAuthoritiesGetRequest(
name=resource_ref.RelativeName()))
resource_args.CheckExpectedCAType(expected_type, certificate_authority)
def Run(self, args):
client = privateca_base.GetClientInstance()
messages = privateca_base.GetMessagesModule()
ca_ref = args.CONCEPTS.certificate_authority.Parse()
if not console_io.PromptContinue(
message=
'You are about to schedule Certificate Authority [{}] for deletion in 30 days'
.format(ca_ref.RelativeName()),
default=True):
log.status.Print('Aborted by user.')
return
current_ca = client.projects_locations_certificateAuthorities.Get(
messages.
PrivatecaProjectsLocationsCertificateAuthoritiesGetRequest(
name=ca_ref.RelativeName()))
resource_args.CheckExpectedCAType(
messages.CertificateAuthority.TypeValueValuesEnum.SUBORDINATE,
current_ca)
operation = client.projects_locations_certificateAuthorities.ScheduleDelete(
messages.
PrivatecaProjectsLocationsCertificateAuthoritiesScheduleDeleteRequest(
name=ca_ref.RelativeName(),
scheduleDeleteCertificateAuthorityRequest=messages.
ScheduleDeleteCertificateAuthorityRequest(
ignoreActiveCertificates=args.ignore_active_certificates,
requestId=request_utils.GenerateRequestId())))
ca_response = operations.Await(
operation, 'Scheduling Subordinate CA for deletion')
ca = operations.GetMessageFromResponse(ca_response,
messages.CertificateAuthority)
formatted_deletion_time = times.ParseDateTime(
ca.deleteTime).astimezone(tz.tzutc()).strftime('%Y-%m-%dT%H:%MZ')
log.status.Print(
'Scheduled Subordinate CA [{}] for deletion at {}.'.format(
ca_ref.RelativeName(), formatted_deletion_time))
def Run(self, args):
client = privateca_base.GetClientInstance(api_version='v1')
messages = privateca_base.GetMessagesModule(api_version='v1')
ca_ref = args.CONCEPTS.certificate_authority.Parse()
ca_name = ca_ref.RelativeName()
if args.skip_grace_period:
prompt_message = (
'You are about to delete Certificate Authority [{}] as '
'soon as possible without a 30-day grace period where '
'undeletion would have been allowed. If you proceed, there '
'will be no way to recover this CA.').format(
ca_ref.RelativeName())
else:
prompt_message = (
'You are about to delete Certificate Authority [{}]').format(
ca_ref.RelativeName())
if not console_io.PromptContinue(message=prompt_message, default=True):
log.status.Print('Aborted by user.')
return
current_ca = client.projects_locations_caPools_certificateAuthorities.Get(
messages.
PrivatecaProjectsLocationsCaPoolsCertificateAuthoritiesGetRequest(
name=ca_name))
resource_args.CheckExpectedCAType(
messages.CertificateAuthority.TypeValueValuesEnum.SUBORDINATE,
current_ca,
version='v1')
operation = client.projects_locations_caPools_certificateAuthorities.Delete(
messages.
PrivatecaProjectsLocationsCaPoolsCertificateAuthoritiesDeleteRequest(
name=ca_name,
ignoreActiveCertificates=args.ignore_active_certificates,
skipGracePeriod=args.skip_grace_period,
requestId=request_utils.GenerateRequestId()))
try:
ca_response = operations.Await(operation,
'Deleting Subordinate CA',
api_version='v1')
except waiter.OperationError as e:
# API error message refers to the proto field name which is slightly
# different from the gcloud flag name.
raise operations.OperationError(
six.text_type(e).replace(
'`ignore_active_certificates` parameter',
'`--ignore-active-certificates` flag'))
ca = operations.GetMessageFromResponse(ca_response,
messages.CertificateAuthority)
formatted_expire_time = times.ParseDateTime(ca.expireTime).astimezone(
tz.tzutc()).strftime('%Y-%m-%dT%H:%MZ')
if current_ca.state == messages.CertificateAuthority.StateValueValuesEnum.AWAITING_USER_ACTIVATION:
log.status.Print(
'Deleted Subordinate CA [{}]. This CA was never activated and cannot be recovered using `subordinates undelete`.'
.format(ca_name))
elif args.skip_grace_period:
log.status.Print(
'Deleted Subordinate CA [{}]. CA can not be undeleted.'.format(
ca_name))
else:
log.status.Print(
'Deleted Subordinate CA [{}]. CA can be undeleted until {}.'.
format(ca_name, formatted_expire_time))
def CheckResponseRootTypeHook(response, unused_args):
"""Raises an exception if the response is not a root ca."""
resource_args.CheckExpectedCAType(
base.GetMessagesModule().CertificateAuthority.TypeValueValuesEnum.
SELF_SIGNED, response)
return response
def CheckResponseSubordinateTypeHook(response, unused_args):
"""Raises an exception if the response is not a subordinate ca."""
resource_args.CheckExpectedCAType(
base.GetMessagesModule().CertificateAuthority.TypeValueValuesEnum.
SUBORDINATE, response)
return response
