-
Notifications
You must be signed in to change notification settings - Fork 2.8k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
docs(samples): added samples for issuance policy and certificate temp…
…lates (#264) * docs(samples): init commit - set issuance policy * docs(samples): added certificate template CRUD samples * refactor(samples): modified the samples for test coherence * test(samples): Added tests for issuance policy and certificate templates. * 🦉 Updates from OwlBot See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md * refactor(samples): included filter condition and comments * 🦉 Updates from OwlBot See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md * refactor(samples): included review comments * 🦉 Updates from OwlBot See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com>
- Loading branch information
1 parent
3dfb247
commit 342e279
Showing
9 changed files
with
619 additions
and
27 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
121 changes: 121 additions & 0 deletions
121
privateca/cloud-client/src/main/java/privateca/CreateCertificateTemplate.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,121 @@ | ||
| /* | ||
| * Copyright 2021 Google LLC | ||
| * | ||
| * Licensed under the Apache License, Version 2.0 (the "License"); | ||
| * you may not use this file except in compliance with the License. | ||
| * You may obtain a copy of the License at | ||
| * | ||
| * https://www.apache.org/licenses/LICENSE-2.0 | ||
| * | ||
| * Unless required by applicable law or agreed to in writing, software | ||
| * distributed under the License is distributed on an "AS IS" BASIS, | ||
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| * See the License for the specific language governing permissions and | ||
| * limitations under the License. | ||
| */ | ||
| package privateca; | ||
|
|
||
| // [START privateca_create_certificate_template] | ||
|
|
||
| import com.google.api.core.ApiFuture; | ||
| import com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient; | ||
| import com.google.cloud.security.privateca.v1.CertificateIdentityConstraints; | ||
| import com.google.cloud.security.privateca.v1.CertificateTemplate; | ||
| import com.google.cloud.security.privateca.v1.CreateCertificateTemplateRequest; | ||
| import com.google.cloud.security.privateca.v1.KeyUsage; | ||
| import com.google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions; | ||
| import com.google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions; | ||
| import com.google.cloud.security.privateca.v1.LocationName; | ||
| import com.google.cloud.security.privateca.v1.X509Parameters; | ||
| import com.google.cloud.security.privateca.v1.X509Parameters.CaOptions; | ||
| import com.google.longrunning.Operation; | ||
| import com.google.type.Expr; | ||
| import java.io.IOException; | ||
| import java.util.concurrent.ExecutionException; | ||
| import java.util.concurrent.TimeUnit; | ||
| import java.util.concurrent.TimeoutException; | ||
|
|
||
| public class CreateCertificateTemplate { | ||
|
|
||
| public static void main(String[] args) | ||
| throws IOException, ExecutionException, InterruptedException, TimeoutException { | ||
| /* TODO(developer): Replace these variables before running the sample. | ||
| location: For a list of locations, see: | ||
| https://cloud.google.com/certificate-authority-service/docs/locations */ | ||
| String project = "your-project-id"; | ||
| String location = "ca-location"; | ||
| String certificateTemplateId = "certificate-template-id"; | ||
|
|
||
| createCertificateTemplate(project, location, certificateTemplateId); | ||
| } | ||
|
|
||
| /* Creates a Certificate template. These templates can be reused for common | ||
| certificate issuance scenarios. */ | ||
| public static void createCertificateTemplate( | ||
| String project, String location, String certificateTemplateId) | ||
| throws IOException, ExecutionException, InterruptedException, TimeoutException { | ||
| /* Initialize client that will be used to send requests. This client only needs to be created | ||
| once, and can be reused for multiple requests. After completing all of your requests, call | ||
| the `certificateAuthorityServiceClient.close()` method on the client to safely | ||
| clean up any remaining background resources. */ | ||
| try (CertificateAuthorityServiceClient certificateAuthorityServiceClient = | ||
| CertificateAuthorityServiceClient.create()) { | ||
|
|
||
| /* Describes any predefined X.509 values set by this template. | ||
| The provided extensions are copied over to certificate requests that use this template.*/ | ||
| KeyUsage keyUsage = | ||
| KeyUsage.newBuilder() | ||
| .setBaseKeyUsage( | ||
| KeyUsageOptions.newBuilder() | ||
| .setDigitalSignature(true) | ||
| .setKeyEncipherment(true) | ||
| .build()) | ||
| .setExtendedKeyUsage(ExtendedKeyUsageOptions.newBuilder().setServerAuth(true).build()) | ||
| .build(); | ||
|
|
||
| CaOptions caOptions = CaOptions.newBuilder().setIsCa(false).build(); | ||
|
|
||
| /* CEL expression that is evaluated against the Subject and | ||
| Subject Alternative Name of the certificate before it is issued. */ | ||
| Expr expr = | ||
| Expr.newBuilder().setExpression("subject_alt_names.all(san, san.type == DNS)").build(); | ||
|
|
||
| // Set the certificate issuance schema. | ||
| CertificateTemplate certificateTemplate = | ||
| CertificateTemplate.newBuilder() | ||
| .setPredefinedValues( | ||
| X509Parameters.newBuilder().setKeyUsage(keyUsage).setCaOptions(caOptions).build()) | ||
| .setIdentityConstraints( | ||
| CertificateIdentityConstraints.newBuilder() | ||
| .setCelExpression(expr) | ||
| .setAllowSubjectPassthrough(false) | ||
| .setAllowSubjectAltNamesPassthrough(false) | ||
| .build()) | ||
| .build(); | ||
|
|
||
| // Set the parent and certificate template properties. | ||
| CreateCertificateTemplateRequest certificateTemplateRequest = | ||
| CreateCertificateTemplateRequest.newBuilder() | ||
| .setParent(LocationName.of(project, location).toString()) | ||
| .setCertificateTemplate(certificateTemplate) | ||
| .setCertificateTemplateId(certificateTemplateId) | ||
| .build(); | ||
|
|
||
| // Create Template request. | ||
| ApiFuture<Operation> futureCall = | ||
| certificateAuthorityServiceClient | ||
| .createCertificateTemplateCallable() | ||
| .futureCall(certificateTemplateRequest); | ||
|
|
||
| Operation response = futureCall.get(60, TimeUnit.SECONDS); | ||
|
|
||
| if (response.hasError()) { | ||
| System.out.println("Error creating certificate template ! " + response.getError()); | ||
| return; | ||
| } | ||
|
|
||
| System.out.println("Successfully created certificate template ! " + response.getName()); | ||
| } | ||
| } | ||
| } | ||
| // [END privateca_create_certificate_template] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
78 changes: 78 additions & 0 deletions
78
privateca/cloud-client/src/main/java/privateca/DeleteCertificateTemplate.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,78 @@ | ||
| /* | ||
| * Copyright 2021 Google LLC | ||
| * | ||
| * Licensed under the Apache License, Version 2.0 (the "License"); | ||
| * you may not use this file except in compliance with the License. | ||
| * You may obtain a copy of the License at | ||
| * | ||
| * https://www.apache.org/licenses/LICENSE-2.0 | ||
| * | ||
| * Unless required by applicable law or agreed to in writing, software | ||
| * distributed under the License is distributed on an "AS IS" BASIS, | ||
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| * See the License for the specific language governing permissions and | ||
| * limitations under the License. | ||
| */ | ||
| package privateca; | ||
|
|
||
| // [START privateca_delete_certificate_template] | ||
|
|
||
| import com.google.api.core.ApiFuture; | ||
| import com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient; | ||
| import com.google.cloud.security.privateca.v1.CertificateTemplateName; | ||
| import com.google.cloud.security.privateca.v1.DeleteCertificateTemplateRequest; | ||
| import com.google.longrunning.Operation; | ||
| import java.io.IOException; | ||
| import java.util.concurrent.ExecutionException; | ||
| import java.util.concurrent.TimeUnit; | ||
| import java.util.concurrent.TimeoutException; | ||
|
|
||
| public class DeleteCertificateTemplate { | ||
|
|
||
| public static void main(String[] args) | ||
| throws IOException, ExecutionException, InterruptedException, TimeoutException { | ||
| /* TODO(developer): Replace these variables before running the sample. | ||
| location: For a list of locations, see: | ||
| https://cloud.google.com/certificate-authority-service/docs/locations | ||
| certificateTemplateId: Id of the certificate template to delete. */ | ||
| String project = "your-project-id"; | ||
| String location = "ca-location"; | ||
| String certificateTemplateId = "certificate-template-id"; | ||
|
|
||
| deleteCertificateTemplate(project, location, certificateTemplateId); | ||
| } | ||
|
|
||
| // Deletes the certificate template present in the given project and location. | ||
| public static void deleteCertificateTemplate( | ||
| String project, String location, String certificateTemplateId) | ||
| throws IOException, ExecutionException, InterruptedException, TimeoutException { | ||
| /* Initialize client that will be used to send requests. This client only needs to be created | ||
| once, and can be reused for multiple requests. After completing all of your requests, call | ||
| the `certificateAuthorityServiceClient.close()` method on the client to safely | ||
| clean up any remaining background resources. */ | ||
| try (CertificateAuthorityServiceClient certificateAuthorityServiceClient = | ||
| CertificateAuthorityServiceClient.create()) { | ||
|
|
||
| // Set the parent name of the certificate template to be deleted. | ||
| DeleteCertificateTemplateRequest request = | ||
| DeleteCertificateTemplateRequest.newBuilder() | ||
| .setName( | ||
| CertificateTemplateName.of(project, location, certificateTemplateId).toString()) | ||
| .build(); | ||
|
|
||
| ApiFuture<Operation> futureCall = | ||
| certificateAuthorityServiceClient.deleteCertificateTemplateCallable().futureCall(request); | ||
|
|
||
| Operation response = futureCall.get(60, TimeUnit.SECONDS); | ||
|
|
||
| // Check for errors. | ||
| if (response.hasError()) { | ||
| System.out.println("Error deleting the certificate template ! " + response.getError()); | ||
| return; | ||
| } | ||
|
|
||
| System.out.println("Successfully created certificate template ! " + response.getName()); | ||
| } | ||
| } | ||
| } | ||
| // [END privateca_delete_certificate_template] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
73 changes: 73 additions & 0 deletions
73
privateca/cloud-client/src/main/java/privateca/ListCertificateTemplates.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,73 @@ | ||
| /* | ||
| * Copyright 2021 Google LLC | ||
| * | ||
| * Licensed under the Apache License, Version 2.0 (the "License"); | ||
| * you may not use this file except in compliance with the License. | ||
| * You may obtain a copy of the License at | ||
| * | ||
| * https://www.apache.org/licenses/LICENSE-2.0 | ||
| * | ||
| * Unless required by applicable law or agreed to in writing, software | ||
| * distributed under the License is distributed on an "AS IS" BASIS, | ||
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| * See the License for the specific language governing permissions and | ||
| * limitations under the License. | ||
| */ | ||
| package privateca; | ||
|
|
||
| // [START privateca_list_certificate_template] | ||
|
|
||
| import com.google.api.core.ApiFuture; | ||
| import com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient; | ||
| import com.google.cloud.security.privateca.v1.CertificateTemplate; | ||
| import com.google.cloud.security.privateca.v1.ListCertificateTemplatesRequest; | ||
| import com.google.cloud.security.privateca.v1.ListCertificateTemplatesResponse; | ||
| import com.google.cloud.security.privateca.v1.LocationName; | ||
| import java.io.IOException; | ||
| import java.util.concurrent.ExecutionException; | ||
| import java.util.concurrent.TimeUnit; | ||
| import java.util.concurrent.TimeoutException; | ||
|
|
||
| public class ListCertificateTemplates { | ||
|
|
||
| public static void main(String[] args) | ||
| throws IOException, ExecutionException, InterruptedException, TimeoutException { | ||
| /* TODO(developer): Replace these variables before running the sample. | ||
| location: For a list of locations, see: | ||
| https://cloud.google.com/certificate-authority-service/docs/locations */ | ||
| String project = "your-project-id"; | ||
| String location = "ca-location"; | ||
|
|
||
| listCertificateTemplates(project, location); | ||
| } | ||
|
|
||
| // Lists the certificate templates present in the given project and location. | ||
| public static void listCertificateTemplates(String project, String location) | ||
| throws IOException, ExecutionException, InterruptedException, TimeoutException { | ||
| /* Initialize client that will be used to send requests. This client only needs to be created | ||
| once, and can be reused for multiple requests. After completing all of your requests, call | ||
| the `certificateAuthorityServiceClient.close()` method on the client to safely | ||
| clean up any remaining background resources. */ | ||
| try (CertificateAuthorityServiceClient certificateAuthorityServiceClient = | ||
| CertificateAuthorityServiceClient.create()) { | ||
|
|
||
| // Set the parent name to list the certificate templates. | ||
| ListCertificateTemplatesRequest request = | ||
| ListCertificateTemplatesRequest.newBuilder() | ||
| .setParent(LocationName.of(project, location).toString()) | ||
| .build(); | ||
|
|
||
| ApiFuture<ListCertificateTemplatesResponse> futureCall = | ||
| certificateAuthorityServiceClient.listCertificateTemplatesCallable().futureCall(request); | ||
|
|
||
| // Get the response. | ||
| ListCertificateTemplatesResponse response = futureCall.get(60, TimeUnit.SECONDS); | ||
|
|
||
| // List all templates. | ||
| for (CertificateTemplate template : response.getCertificateTemplatesList()) { | ||
| System.out.println(template.getName()); | ||
| } | ||
| } | ||
| } | ||
| } | ||
| // [END privateca_list_certificate_template] |
Oops, something went wrong.