def Args(parser):
flags.AddLocationFlag(parser, 'certificates', '--issuer-location')
concept_parsers.ConceptParser(
[
presentation_specs.ResourcePresentationSpec(
'--issuer',
resource_args.CreateCertificateAuthorityResourceSpec(
'CERTIFICATE_AUTHORITY'),
'The issuing Certificate Authority.',
required=False,
flag_name_overrides={'location': ''})
],
command_level_fallthroughs={
'--issuer.location': ['--issuer-location']
}).AddToParser(parser)
base.PAGE_SIZE_FLAG.SetDefault(parser, 100)
parser.display_info.AddFormat("""
table(
name.basename(),
name.scope().segment(-3):label=ISSUER,
name.scope().segment(-5):label=LOCATION,
revocation_details.yesno(yes="REVOKED", no="ACTIVE"):label=REVOCATION_STATUS,
certificate_description.subject_description.not_before_time():label=NOT_BEFORE,
certificate_description.subject_description.not_after_time():label=NOT_AFTER)
""")
parser.display_info.AddTransforms({
'not_before_time': text_utils.TransformNotBeforeTime,
'not_after_time': text_utils.TransformNotAfterTime
})
def Args(parser):
id_group = parser.add_group(mutex=True,
required=True,
help='The certificate identifier.')
base.Argument(
'--serial-number',
help='The serial number of the certificate.').AddToParser(id_group)
concept_parsers.ConceptParser([
presentation_specs.ResourcePresentationSpec(
'--certificate',
resource_args.CreateCertificateResourceSpec('certificate'),
'The certificate to revoke.',
flag_name_overrides={
'issuer': '',
'issuer-location': '',
'project': '',
},
group=id_group),
presentation_specs.ResourcePresentationSpec(
'--issuer',
resource_args.CreateCertificateAuthorityResourceSpec(
'Issuing CA', 'issuer', 'issuer-location'),
'The issuing certificate authority of the certificate to revoke.',
required=False),
]).AddToParser(parser)
flags.AddRevocationReasonFlag(parser)
def Args(parser):
concept_parsers.ConceptParser([
presentation_specs.ResourcePresentationSpec(
'--issuer',
resource_args.CreateCertificateAuthorityResourceSpec(
'CERTIFICATE_AUTHORITY',
ca_id_fallthroughs=[
deps.Fallthrough(
function=lambda: '-',
hint=('defaults to all Certificate Authorities in the '
'given location'),
active=False,
plural=False)
]), 'The issuing Certificate Authority. If this is omitted, '
'Certificates issued by all Certificate Authorities in the given '
'location will be listed.',
required=True),
]).AddToParser(parser)
base.PAGE_SIZE_FLAG.SetDefault(parser, 100)
parser.display_info.AddFormat("""
table(
name.basename(),
name.scope().segment(-3):label=ISSUER,
name.scope().segment(-5):label=LOCATION,
revocation_details.yesno(yes="REVOKED", no="ACTIVE"):label=REVOCATION_STATUS,
certificate_description.subject_description.not_before_time():label=NOT_BEFORE,
certificate_description.subject_description.not_after_time():label=NOT_AFTER)
""")
parser.display_info.AddTransforms({
'not_before_time': text_utils.TransformNotBeforeTime,
'not_after_time': text_utils.TransformNotAfterTime
})
def Args(parser):
id_group = parser.add_group(mutex=True,
required=True,
help='The certificate identifier.')
serial_num_group = id_group.add_group(
help='The serial number and certificate authority resource.',
required=False)
serial_num_group.add_argument(
'--serial-number',
help='The serial number of the certificate.',
required=True)
concept_parsers.ConceptParser([
presentation_specs.ResourcePresentationSpec(
'--certificate',
resource_args.CreateCertificateResourceSpec('CERTIFICATE'),
'The certificate to revoke.',
required=False,
prefixes=True,
group=id_group),
presentation_specs.ResourcePresentationSpec(
'--issuer',
resource_args.CreateCertificateAuthorityResourceSpec(
'CERTIFICATE_AUTHORITY', 'issuer', 'issuer-location'),
'The issuing certificate authority of the certificate to revoke.',
required=False,
group=serial_num_group),
]).AddToParser(parser)
flags.AddRevocationReasonFlag(parser)
def _AddCaResourceArg(self, required=False, prefixes=True):
concept_parsers.ConceptParser([
presentation_specs.ResourcePresentationSpec(
'--issuer',
resource_args.CreateCertificateAuthorityResourceSpec('Issuer'),
'Issuing CA',
prefixes=prefixes,
required=required)
]).AddToParser(self.parser)
def Args(parser):
reusable_config_group = parser.add_group(
mutex=True,
required=False,
help='The X.509 configuration used for the CA certificate.')
concept_parsers.ConceptParser([
presentation_specs.ResourcePresentationSpec(
'CERTIFICATE_AUTHORITY',
privateca_resource_args.CreateCertificateAuthorityResourceSpec(
'Certificate Authority'),
'The name of the root CA to create.',
required=True,
# We'll get these from the KMS key resource.
flag_name_overrides={
'location': '',
'project': '',
}),
presentation_specs.ResourcePresentationSpec(
'--kms-key-version',
kms_resource_args.GetKmsKeyVersionResourceSpec(),
'The KMS key version backing this CA.',
required=True),
presentation_specs.ResourcePresentationSpec(
'--reusable-config',
privateca_resource_args.CreateReusableConfigResourceSpec(
location_fallthrough=deps.Fallthrough(
function=lambda: '',
hint=('location will default to the same location as '
'the CA'),
active=False,
plural=False)),
'The Reusable Config containing X.509 values for this CA.',
flag_name_overrides={
'location': '',
'project': '',
},
group=reusable_config_group)
]).AddToParser(parser)
flags.AddSubjectFlags(parser, subject_required=True)
flags.AddPublishCaCertFlag(parser, use_update_help_text=False)
flags.AddPublishCrlFlag(parser, use_update_help_text=False)
flags.AddInlineReusableConfigFlags(reusable_config_group, is_ca=True)
flags.AddValidityFlag(parser,
resource_name='CA',
default_value='P10Y',
default_value_text='10 years')
flags.AddCertificateAuthorityIssuancePolicyFlag(parser)
labels_util.AddCreateLabelsFlags(parser)
def Args(parser):
key_spec_group = parser.add_group(
mutex=True,
help=
'The key configuration used for the CA certificate. Defaults to a '
'managed key if not specified.')
reusable_config_group = parser.add_group(
mutex=True,
required=False,
help='The X.509 configuration used for the CA certificate.')
issuer_configuration_group = parser.add_group(
mutex=True,
required=True,
help='The issuer configuration used for this CA certificate.')
concept_parsers.ConceptParser([
presentation_specs.ResourcePresentationSpec(
'CERTIFICATE_AUTHORITY',
resource_args.CreateCertificateAuthorityResourceSpec(
'Certificate Authority'),
'The name of the subordinate CA to create.',
required=True),
presentation_specs.ResourcePresentationSpec(
'--issuer',
resource_args.CreateCertificateAuthorityResourceSpec('Issuer'),
'The issuing certificate authority to use, if it is on Private CA.',
prefixes=True,
group=issuer_configuration_group),
presentation_specs.ResourcePresentationSpec(
'--kms-key-version',
resource_args.CreateKmsKeyVersionResourceSpec(),
'The KMS key version backing this CA.',
group=key_spec_group),
presentation_specs.ResourcePresentationSpec(
'--reusable-config',
resource_args.
CreateReusableConfigResourceSpec(location_fallthroughs=[
deps.Fallthrough(
function=lambda: '',
hint=(
'location will default to the same location as the '
'CA'),
active=False,
plural=False)
]),
'The Reusable Config containing X.509 values for this CA.',
flag_name_overrides={
'location': '',
'project': '',
},
group=reusable_config_group),
presentation_specs.ResourcePresentationSpec(
'--from-ca',
resource_args.CreateCertificateAuthorityResourceSpec(
'source CA'),
'An existing CA from which to copy configuration values for the '
'new CA. You can still override any of those values by explicitly '
'providing the appropriate flags.',
flag_name_overrides={'project': '--from-ca-project'},
prefixes=True)
]).AddToParser(parser)
flags.AddTierFlag(parser)
flags.AddSubjectFlags(parser, subject_required=False)
flags.AddPublishCaCertFlag(parser, use_update_help_text=False)
flags.AddPublishCrlFlag(parser, use_update_help_text=False)
flags.AddKeyAlgorithmFlag(key_spec_group,
default='rsa-pkcs1-2048-sha256')
flags.AddInlineReusableConfigFlags(reusable_config_group, is_ca=True)
flags.AddValidityFlag(parser,
resource_name='CA',
default_value='P3Y',
default_value_text='3 years')
flags.AddCertificateAuthorityIssuancePolicyFlag(parser)
labels_util.AddCreateLabelsFlags(parser)
flags.AddBucketFlag(parser)
offline_issuer_group = issuer_configuration_group.add_group(help=(
'If the issuing CA is not hosted on Private CA, you must provide '
'these settings:'))
base.Argument(
'--create-csr',
help=
('Indicates that a CSR should be generated which can be signed by '
'the issuing CA. This must be set if --issuer is not provided.'),
action='store_const',
const=True,
default=False,
required=True).AddToParser(offline_issuer_group)
base.Argument(
'--csr-output-file',
help=(
'The path where the resulting PEM-encoded CSR file should be '
'written.'),
required=True).AddToParser(offline_issuer_group)
def Args(parser):
reusable_config_group = parser.add_group(
mutex=True,
required=False,
help='The X.509 configuration used for the CA certificate.')
issuer_configuration_group = parser.add_group(
mutex=True,
required=True,
help='The issuer configuration used for this CA certificate.')
concept_parsers.ConceptParser([
presentation_specs.ResourcePresentationSpec(
'CERTIFICATE_AUTHORITY',
privateca_resource_args.CreateCertificateAuthorityResourceSpec(
'Certificate Authority'),
'The name of the subordinate CA to create.',
required=True,
# We'll get these from the KMS key resource.
flag_name_overrides={
'location': '',
'project': '',
}),
presentation_specs.ResourcePresentationSpec(
'--issuer',
privateca_resource_args.CreateCertificateAuthorityResourceSpec(
'Issuer'),
'The issuing certificate authority to use, if it is on Private CA.',
prefixes=True,
group=issuer_configuration_group),
presentation_specs.ResourcePresentationSpec(
'--kms-key-version',
kms_resource_args.GetKmsKeyVersionResourceSpec(),
'The KMS key version backing this CA.',
required=True),
presentation_specs.ResourcePresentationSpec(
'--reusable-config',
privateca_resource_args.CreateReusableConfigResourceSpec(
location_fallthrough=deps.Fallthrough(
function=lambda: '',
hint=(
'location will default to the same location as the '
'CA'),
active=False,
plural=False)),
'The Reusable Config containing X.509 values for this CA.',
flag_name_overrides={
'location': '',
'project': '',
},
group=reusable_config_group)
]).AddToParser(parser)
flags.AddSubjectFlags(parser, subject_required=True)
flags.AddPublishCaCertFlag(parser, use_update_help_text=False)
flags.AddPublishCrlFlag(parser, use_update_help_text=False)
flags.AddInlineReusableConfigFlags(reusable_config_group, is_ca=True)
flags.AddValidityFlag(parser,
resource_name='CA',
default_value='P10Y',
default_value_text='10 years')
flags.AddCertificateAuthorityIssuancePolicyFlag(parser)
labels_util.AddCreateLabelsFlags(parser)
offline_issuer_group = issuer_configuration_group.add_group(help=(
'If the issuing CA is not hosted on Private CA, you must provide '
'these settings:'))
base.Argument(
'--create-csr',
help=
('Indicates that a CSR should be generated which can be signed by '
'the issuing CA. This must be set if --issuer is not provided.'),
action='store_const',
const=True,
default=False,
required=True).AddToParser(offline_issuer_group)
base.Argument(
'--csr-output-file',
help=(
'The path where the resulting PEM-encoded CSR file should be '
'written.'),
required=True).AddToParser(offline_issuer_group)
def Args(parser):
key_spec_group = parser.add_group(
mutex=True,
help='The key configuration used for the CA certificate. Defaults to a '
'managed key if not specified.')
reusable_config_group = parser.add_group(
mutex=True,
required=False,
help='The X.509 configuration used for the CA certificate.')
concept_parsers.ConceptParser([
presentation_specs.ResourcePresentationSpec(
'CERTIFICATE_AUTHORITY',
resource_args.CreateCertificateAuthorityResourceSpec(
'Certificate Authority'),
'The name of the root CA to create.',
required=True),
presentation_specs.ResourcePresentationSpec(
'--kms-key-version',
resource_args.CreateKmsKeyVersionResourceSpec(),
'An existing KMS key version to back this CA.',
group=key_spec_group),
presentation_specs.ResourcePresentationSpec(
'--reusable-config',
resource_args.CreateReusableConfigResourceSpec(
location_fallthroughs=[
deps.Fallthrough(
function=lambda: '',
hint=('location will default to the same location as '
'the CA'),
active=False,
plural=False)
]),
'The Reusable Config containing X.509 values for this CA.',
flag_name_overrides={
'location': '',
'project': '',
},
group=reusable_config_group),
presentation_specs.ResourcePresentationSpec(
'--from-ca',
resource_args.CreateCertificateAuthorityResourceSpec('source CA'),
'An existing CA from which to copy configuration values for the new CA. '
'You can still override any of those values by explicitly providing '
'the appropriate flags.',
flag_name_overrides={'project': '--from-ca-project'},
prefixes=True)
]).AddToParser(parser)
flags.AddSubjectFlags(parser, subject_required=False)
flags.AddKeyAlgorithmFlag(key_spec_group, default='rsa-pkcs1-4096-sha256')
flags.AddValidityFlag(
parser,
resource_name='CA',
default_value='P10Y',
default_value_text='10 years')
labels_util.AddCreateLabelsFlags(parser)
flags.AddBucketFlag(parser)
flags.AddTierFlag(parser)
flags.AddPublishCaCertFlag(parser, use_update_help_text=False)
flags.AddPublishCrlFlag(parser, use_update_help_text=False)
flags.AddCertificateAuthorityIssuancePolicyFlag(parser)
flags.AddInlineReusableConfigFlags(
reusable_config_group,
is_ca_command=True,
default_max_chain_length=None)
