feat: Automated regeneration of PrivateCA client

clients/private_ca/README.md

@@ -11,7 +11,7 @@ Install this package from [Hex](https://hex.pm) by adding
 
 ```elixir
 def deps do
-  [{:google_api_private_ca, "~> 0.11"}]
+  [{:google_api_private_ca, "~> 0.12"}]
 end
 ```
 

clients/private_ca/lib/google_api/private_ca/v1/metadata.ex

@@ -20,7 +20,7 @@ defmodule GoogleApi.PrivateCA.V1 do
   API client metadata for GoogleApi.PrivateCA.V1.
   """
 
-  @discovery_revision "20220915"
+  @discovery_revision "20240228"
 
   def discovery_revision(), do: @discovery_revision
 end

clients/private_ca/lib/google_api/private_ca/v1/model/activate_certificate_authority_request.ex

@@ -22,7 +22,7 @@ defmodule GoogleApi.PrivateCA.V1.Model.ActivateCertificateAuthorityRequest do
   ## Attributes
 
   *   `pemCaCertificate` (*type:* `String.t`, *default:* `nil`) - Required. The signed CA certificate issued from FetchCertificateAuthorityCsrResponse.pem_csr.
-  *   `requestId` (*type:* `String.t`, *default:* `nil`) - Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and t he request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
+  *   `requestId` (*type:* `String.t`, *default:* `nil`) - Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
   *   `subordinateConfig` (*type:* `GoogleApi.PrivateCA.V1.Model.SubordinateConfig.t`, *default:* `nil`) - Required. Must include information about the issuer of 'pem_ca_certificate', and any further issuers until the self-signed CA.
   """
 

clients/private_ca/lib/google_api/private_ca/v1/model/binding.ex

@@ -22,8 +22,8 @@ defmodule GoogleApi.PrivateCA.V1.Model.Binding do
   ## Attributes
 
   *   `condition` (*type:* `GoogleApi.PrivateCA.V1.Model.Expr.t`, *default:* `nil`) - The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
-  *   `members` (*type:* `list(String.t)`, *default:* `nil`) - Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `[email protected]` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `[email protected]`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `[email protected]`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `[email protected]?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `[email protected]?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `[email protected]?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. 
-  *   `role` (*type:* `String.t`, *default:* `nil`) - Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+  *   `members` (*type:* `list(String.t)`, *default:* `nil`) - Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `[email protected]` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `[email protected]`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `[email protected]`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workforce identity pool. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/group/{group_id}`: All workforce identities in a group. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All workforce identities with a specific attribute value. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/*`: All identities in a workforce identity pool. * `principal://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workload identity pool. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/group/{group_id}`: A workload identity pool group. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All identities in a workload identity pool with a certain attribute. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/*`: All identities in a workload identity pool. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `[email protected]?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `[email protected]?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `[email protected]?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `deleted:principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: Deleted single identity in a workforce identity pool. For example, `deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-pool-id/subject/my-subject-attribute-value`.
+  *   `role` (*type:* `String.t`, *default:* `nil`) - Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`. For an overview of the IAM roles and permissions, see the [IAM documentation](https://cloud.google.com/iam/docs/roles-overview). For a list of the available pre-defined roles, see [here](https://cloud.google.com/iam/docs/understanding-roles).
   """
 
   use GoogleApi.Gax.ModelBase

clients/private_ca/lib/google_api/private_ca/v1/model/certificate_config.ex

@@ -23,6 +23,7 @@ defmodule GoogleApi.PrivateCA.V1.Model.CertificateConfig do
 
   *   `publicKey` (*type:* `GoogleApi.PrivateCA.V1.Model.PublicKey.t`, *default:* `nil`) - Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.
   *   `subjectConfig` (*type:* `GoogleApi.PrivateCA.V1.Model.SubjectConfig.t`, *default:* `nil`) - Required. Specifies some of the values in a certificate that are related to the subject.
+  *   `subjectKeyId` (*type:* `GoogleApi.PrivateCA.V1.Model.CertificateConfigKeyId.t`, *default:* `nil`) - Optional. When specified this provides a custom SKI to be used in the certificate. This should only be used to maintain a SKI of an existing CA originally created outside CAS, which was not generated using method (1) described in RFC 5280 section 4.2.1.2.
   *   `x509Config` (*type:* `GoogleApi.PrivateCA.V1.Model.X509Parameters.t`, *default:* `nil`) - Required. Describes how some of the technical X.509 fields in a certificate should be populated.
   """
 
@@ -31,11 +32,13 @@ defmodule GoogleApi.PrivateCA.V1.Model.CertificateConfig do
   @type t :: %__MODULE__{
           :publicKey => GoogleApi.PrivateCA.V1.Model.PublicKey.t() | nil,
           :subjectConfig => GoogleApi.PrivateCA.V1.Model.SubjectConfig.t() | nil,
+          :subjectKeyId => GoogleApi.PrivateCA.V1.Model.CertificateConfigKeyId.t() | nil,
           :x509Config => GoogleApi.PrivateCA.V1.Model.X509Parameters.t() | nil
         }
 
   field(:publicKey, as: GoogleApi.PrivateCA.V1.Model.PublicKey)
   field(:subjectConfig, as: GoogleApi.PrivateCA.V1.Model.SubjectConfig)
+  field(:subjectKeyId, as: GoogleApi.PrivateCA.V1.Model.CertificateConfigKeyId)
   field(:x509Config, as: GoogleApi.PrivateCA.V1.Model.X509Parameters)
 end
 

clients/private_ca/lib/google_api/private_ca/v1beta1/model/key_id.ex → clients/private_ca/lib/google_api/private_ca/v1/model/certificate_config_key_id.ex

@@ -15,7 +15,7 @@
 # NOTE: This file is auto generated by the elixir code generator program.
 # Do not edit this file manually.
 
-defmodule GoogleApi.PrivateCA.V1beta1.Model.KeyId do
+defmodule GoogleApi.PrivateCA.V1.Model.CertificateConfigKeyId do
   @moduledoc """
   A KeyId identifies a specific public key, usually by hashing the public key.
 
@@ -33,13 +33,13 @@ defmodule GoogleApi.PrivateCA.V1beta1.Model.KeyId do
   field(:keyId)
 end
 
-defimpl Poison.Decoder, for: GoogleApi.PrivateCA.V1beta1.Model.KeyId do
+defimpl Poison.Decoder, for: GoogleApi.PrivateCA.V1.Model.CertificateConfigKeyId do
   def decode(value, options) do
-    GoogleApi.PrivateCA.V1beta1.Model.KeyId.decode(value, options)
+    GoogleApi.PrivateCA.V1.Model.CertificateConfigKeyId.decode(value, options)
   end
 end
 
-defimpl Poison.Encoder, for: GoogleApi.PrivateCA.V1beta1.Model.KeyId do
+defimpl Poison.Encoder, for: GoogleApi.PrivateCA.V1.Model.CertificateConfigKeyId do
   def encode(value, options) do
     GoogleApi.Gax.ModelBase.encode(value, options)
   end

clients/private_ca/lib/google_api/private_ca/v1/model/certificate_template.ex

@@ -25,6 +25,7 @@ defmodule GoogleApi.PrivateCA.V1.Model.CertificateTemplate do
   *   `description` (*type:* `String.t`, *default:* `nil`) - Optional. A human-readable description of scenarios this template is intended for.
   *   `identityConstraints` (*type:* `GoogleApi.PrivateCA.V1.Model.CertificateIdentityConstraints.t`, *default:* `nil`) - Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity.
   *   `labels` (*type:* `map()`, *default:* `nil`) - Optional. Labels with user-defined metadata.
+  *   `maximumLifetime` (*type:* `String.t`, *default:* `nil`) - Optional. The maximum lifetime allowed for issued Certificates that use this template. If the issuing CaPool's IssuancePolicy specifies a maximum_lifetime the minimum of the two durations will be the maximum lifetime for issued Certificates. Note that if the issuing CertificateAuthority expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.
   *   `name` (*type:* `String.t`, *default:* `nil`) - Output only. The resource name for this CertificateTemplate in the format `projects/*/locations/*/certificateTemplates/*`.
   *   `passthroughExtensions` (*type:* `GoogleApi.PrivateCA.V1.Model.CertificateExtensionConstraints.t`, *default:* `nil`) - Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values.
   *   `predefinedValues` (*type:* `GoogleApi.PrivateCA.V1.Model.X509Parameters.t`, *default:* `nil`) - Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail.
@@ -39,6 +40,7 @@ defmodule GoogleApi.PrivateCA.V1.Model.CertificateTemplate do
           :identityConstraints =>
             GoogleApi.PrivateCA.V1.Model.CertificateIdentityConstraints.t() | nil,
           :labels => map() | nil,
+          :maximumLifetime => String.t() | nil,
           :name => String.t() | nil,
           :passthroughExtensions =>
             GoogleApi.PrivateCA.V1.Model.CertificateExtensionConstraints.t() | nil,
@@ -50,6 +52,7 @@ defmodule GoogleApi.PrivateCA.V1.Model.CertificateTemplate do
   field(:description)
   field(:identityConstraints, as: GoogleApi.PrivateCA.V1.Model.CertificateIdentityConstraints)
   field(:labels, type: :map)
+  field(:maximumLifetime)
   field(:name)
   field(:passthroughExtensions, as: GoogleApi.PrivateCA.V1.Model.CertificateExtensionConstraints)
   field(:predefinedValues, as: GoogleApi.PrivateCA.V1.Model.X509Parameters)

clients/private_ca/lib/google_api/private_ca/v1/model/disable_certificate_authority_request.ex

@@ -21,15 +21,18 @@ defmodule GoogleApi.PrivateCA.V1.Model.DisableCertificateAuthorityRequest do
 
   ## Attributes
 
-  *   `requestId` (*type:* `String.t`, *default:* `nil`) - Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and t he request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
+  *   `ignoreDependentResources` (*type:* `boolean()`, *default:* `nil`) - Optional. This field allows this CA to be disabled even if it's being depended on by another resource. However, doing so may result in unintended and unrecoverable effects on any dependent resource(s) since the CA will no longer be able to issue certificates.
+  *   `requestId` (*type:* `String.t`, *default:* `nil`) - Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
   """
 
   use GoogleApi.Gax.ModelBase
 
   @type t :: %__MODULE__{
+          :ignoreDependentResources => boolean() | nil,
           :requestId => String.t() | nil
         }
 
+  field(:ignoreDependentResources)
   field(:requestId)
 end