feat: [SecurityPrivateCa] add X.509 Name Constraints support (#5874)

PiperOrigin-RevId: 509331611
Source-Link: googleapis/googleapis@a57751b
Source-Link: googleapis/googleapis-gen@f99e972
Copy-Tag: eyJwIjoiU2VjdXJpdHlQcml2YXRlQ2EvLk93bEJvdC55YW1sIiwiaCI6ImY5OWU5NzJiNTIxMGFhMmE1ZDBmZTdjYjkxZmIwZGNhNGM4YTkwMzIifQ==

SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/activate_certificate_authority.php

@@ -31,21 +31,29 @@
 use Google\Rpc\Status;
 
 /**
- * Activate a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that is in state
+ * Activate a
+ * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+ * that is in state
  * [AWAITING_USER_ACTIVATION][google.cloud.security.privateca.v1.CertificateAuthority.State.AWAITING_USER_ACTIVATION]
- * and is of type [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE]. After
- * the parent Certificate Authority signs a certificate signing request from
- * [FetchCertificateAuthorityCsr][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCertificateAuthorityCsr], this method can complete the activation
- * process.
+ * and is of type
+ * [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE].
+ * After the parent Certificate Authority signs a certificate signing request
+ * from
+ * [FetchCertificateAuthorityCsr][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCertificateAuthorityCsr],
+ * this method can complete the activation process.
  *
- * @param string $formattedName                                  The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
- *                                                               format `projects/*/locations/*/caPools/*/certificateAuthorities/*`. Please see
+ * @param string $formattedName                                  The resource name for this
+ *                                                               [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+ *                                                               in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`. Please see
  *                                                               {@see CertificateAuthorityServiceClient::certificateAuthorityName()} for help formatting this field.
  * @param string $pemCaCertificate                               The signed CA certificate issued from
  *                                                               [FetchCertificateAuthorityCsrResponse.pem_csr][google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrResponse.pem_csr].
- * @param string $formattedSubordinateConfigCertificateAuthority This can refer to a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that was used to create a
- *                                                               subordinate [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]. This field is used for information
- *                                                               and usability purposes only. The resource name is in the format
+ * @param string $formattedSubordinateConfigCertificateAuthority This can refer to a
+ *                                                               [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+ *                                                               that was used to create a subordinate
+ *                                                               [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+ *                                                               This field is used for information and usability purposes only. The
+ *                                                               resource name is in the format
  *                                                               `projects/*/locations/*/caPools/*/certificateAuthorities/*`. Please see
  *                                                               {@see CertificateAuthorityServiceClient::certificateAuthorityName()} for help formatting this field.
  */

SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/create_ca_pool.php

@@ -34,11 +34,14 @@
  * Create a [CaPool][google.cloud.security.privateca.v1.CaPool].
  *
  * @param string $formattedParent The resource name of the location associated with the
- *                                [CaPool][google.cloud.security.privateca.v1.CaPool], in the format `projects/*/locations/*`. Please see
+ *                                [CaPool][google.cloud.security.privateca.v1.CaPool], in the format
+ *                                `projects/*/locations/*`. Please see
  *                                {@see CertificateAuthorityServiceClient::locationName()} for help formatting this field.
  * @param string $caPoolId        It must be unique within a location and match the regular
  *                                expression `[a-zA-Z0-9_-]{1,63}`
- * @param int    $caPoolTier      Immutable. The [Tier][google.cloud.security.privateca.v1.CaPool.Tier] of this [CaPool][google.cloud.security.privateca.v1.CaPool].
+ * @param int    $caPoolTier      Immutable. The
+ *                                [Tier][google.cloud.security.privateca.v1.CaPool.Tier] of this
+ *                                [CaPool][google.cloud.security.privateca.v1.CaPool].
  */
 function create_ca_pool_sample(string $formattedParent, string $caPoolId, int $caPoolTier): void
 {

SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/create_certificate.php

@@ -29,11 +29,14 @@
 use Google\Protobuf\Duration;
 
 /**
- * Create a new [Certificate][google.cloud.security.privateca.v1.Certificate] in a given Project, Location from a particular
+ * Create a new [Certificate][google.cloud.security.privateca.v1.Certificate]
+ * in a given Project, Location from a particular
  * [CaPool][google.cloud.security.privateca.v1.CaPool].
  *
- * @param string $formattedParent The resource name of the [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the [Certificate][google.cloud.security.privateca.v1.Certificate],
- *                                in the format `projects/*/locations/*/caPools/*`. Please see
+ * @param string $formattedParent The resource name of the
+ *                                [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+ *                                [Certificate][google.cloud.security.privateca.v1.Certificate], in the
+ *                                format `projects/*/locations/*/caPools/*`. Please see
  *                                {@see CertificateAuthorityServiceClient::caPoolName()} for help formatting this field.
  */
 function create_certificate_sample(string $formattedParent): void

SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/create_certificate_authority.php

@@ -37,15 +37,21 @@
 use Google\Rpc\Status;
 
 /**
- * Create a new [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in a given Project and Location.
+ * Create a new
+ * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+ * in a given Project and Location.
  *
- * @param string $formattedParent          The resource name of the [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
- *                                         [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority], in the format
- *                                         `projects/*/locations/*/caPools/*`. Please see
+ * @param string $formattedParent          The resource name of the
+ *                                         [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+ *                                         [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority],
+ *                                         in the format `projects/*/locations/*/caPools/*`. Please see
  *                                         {@see CertificateAuthorityServiceClient::caPoolName()} for help formatting this field.
  * @param string $certificateAuthorityId   It must be unique within a location and match the regular
  *                                         expression `[a-zA-Z0-9_-]{1,63}`
- * @param int    $certificateAuthorityType Immutable. The [Type][google.cloud.security.privateca.v1.CertificateAuthority.Type] of this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+ * @param int    $certificateAuthorityType Immutable. The
+ *                                         [Type][google.cloud.security.privateca.v1.CertificateAuthority.Type] of
+ *                                         this
+ *                                         [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
  */
 function create_certificate_authority_sample(
     string $formattedParent,

SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/create_certificate_template.php

@@ -30,11 +30,13 @@
 use Google\Rpc\Status;
 
 /**
- * Create a new [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] in a given Project and Location.
+ * Create a new
+ * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+ * in a given Project and Location.
  *
  * @param string $formattedParent       The resource name of the location associated with the
- *                                      [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate], in the format
- *                                      `projects/*/locations/*`. Please see
+ *                                      [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate],
+ *                                      in the format `projects/*/locations/*`. Please see
  *                                      {@see CertificateAuthorityServiceClient::locationName()} for help formatting this field.
  * @param string $certificateTemplateId It must be unique within a location and match the regular
  *                                      expression `[a-zA-Z0-9_-]{1,63}`

SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/delete_ca_pool.php

@@ -31,8 +31,9 @@
 /**
  * Delete a [CaPool][google.cloud.security.privateca.v1.CaPool].
  *
- * @param string $formattedName The resource name for this [CaPool][google.cloud.security.privateca.v1.CaPool] in the
- *                              format `projects/*/locations/*/caPools/*`. Please see
+ * @param string $formattedName The resource name for this
+ *                              [CaPool][google.cloud.security.privateca.v1.CaPool] in the format
+ *                              `projects/*/locations/*/caPools/*`. Please see
  *                              {@see CertificateAuthorityServiceClient::caPoolName()} for help formatting this field.
  */
 function delete_ca_pool_sample(string $formattedName): void

SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/delete_certificate_authority.php

@@ -30,10 +30,12 @@
 use Google\Rpc\Status;
 
 /**
- * Delete a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+ * Delete a
+ * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
  *
- * @param string $formattedName The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
- *                              format `projects/*/locations/*/caPools/*/certificateAuthorities/*`. Please see
+ * @param string $formattedName The resource name for this
+ *                              [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+ *                              in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`. Please see
  *                              {@see CertificateAuthorityServiceClient::certificateAuthorityName()} for help formatting this field.
  */
 function delete_certificate_authority_sample(string $formattedName): void

SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/delete_certificate_template.php

@@ -29,10 +29,12 @@
 use Google\Rpc\Status;
 
 /**
- * DeleteCertificateTemplate deletes a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+ * DeleteCertificateTemplate deletes a
+ * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
  *
- * @param string $formattedName The resource name for this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] in the format
- *                              `projects/*/locations/*/certificateTemplates/*`. Please see
+ * @param string $formattedName The resource name for this
+ *                              [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+ *                              in the format `projects/*/locations/*/certificateTemplates/*`. Please see
  *                              {@see CertificateAuthorityServiceClient::certificateTemplateName()} for help formatting this field.
  */
 function delete_certificate_template_sample(string $formattedName): void

SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/disable_certificate_authority.php

@@ -30,10 +30,12 @@
 use Google\Rpc\Status;
 
 /**
- * Disable a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+ * Disable a
+ * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
  *
- * @param string $formattedName The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
- *                              format `projects/*/locations/*/caPools/*/certificateAuthorities/*`. Please see
+ * @param string $formattedName The resource name for this
+ *                              [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+ *                              in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`. Please see
  *                              {@see CertificateAuthorityServiceClient::certificateAuthorityName()} for help formatting this field.
  */
 function disable_certificate_authority_sample(string $formattedName): void

SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/enable_certificate_authority.php

@@ -30,10 +30,12 @@
 use Google\Rpc\Status;
 
 /**
- * Enable a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+ * Enable a
+ * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
  *
- * @param string $formattedName The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
- *                              format `projects/*/locations/*/caPools/*/certificateAuthorities/*`. Please see
+ * @param string $formattedName The resource name for this
+ *                              [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+ *                              in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`. Please see
  *                              {@see CertificateAuthorityServiceClient::certificateAuthorityName()} for help formatting this field.
  */
 function enable_certificate_authority_sample(string $formattedName): void

SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/fetch_ca_certs.php

@@ -28,12 +28,15 @@
 use Google\Cloud\Security\PrivateCA\V1\FetchCaCertsResponse;
 
 /**
- * FetchCaCerts returns the current trust anchor for the [CaPool][google.cloud.security.privateca.v1.CaPool]. This will
- * include CA certificate chains for all ACTIVE [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+ * FetchCaCerts returns the current trust anchor for the
+ * [CaPool][google.cloud.security.privateca.v1.CaPool]. This will include CA
+ * certificate chains for all ACTIVE
+ * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
  * resources in the [CaPool][google.cloud.security.privateca.v1.CaPool].
  *
- * @param string $formattedCaPool The resource name for the [CaPool][google.cloud.security.privateca.v1.CaPool] in the
- *                                format `projects/*/locations/*/caPools/*`. Please see
+ * @param string $formattedCaPool The resource name for the
+ *                                [CaPool][google.cloud.security.privateca.v1.CaPool] in the format
+ *                                `projects/*/locations/*/caPools/*`. Please see
  *                                {@see CertificateAuthorityServiceClient::caPoolName()} for help formatting this field.
  */
 function fetch_ca_certs_sample(string $formattedCaPool): void

SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/fetch_certificate_authority_csr.php

@@ -28,16 +28,21 @@
 use Google\Cloud\Security\PrivateCA\V1\FetchCertificateAuthorityCsrResponse;
 
 /**
- * Fetch a certificate signing request (CSR) from a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+ * Fetch a certificate signing request (CSR) from a
+ * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
  * that is in state
  * [AWAITING_USER_ACTIVATION][google.cloud.security.privateca.v1.CertificateAuthority.State.AWAITING_USER_ACTIVATION]
- * and is of type [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE]. The
- * CSR must then be signed by the desired parent Certificate Authority, which
- * could be another [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] resource, or could be an on-prem
- * certificate authority. See also [ActivateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.ActivateCertificateAuthority].
+ * and is of type
+ * [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE].
+ * The CSR must then be signed by the desired parent Certificate Authority,
+ * which could be another
+ * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+ * resource, or could be an on-prem certificate authority. See also
+ * [ActivateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.ActivateCertificateAuthority].
  *
- * @param string $formattedName The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
- *                              format `projects/*/locations/*/caPools/*/certificateAuthorities/*`. Please see
+ * @param string $formattedName The resource name for this
+ *                              [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+ *                              in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`. Please see
  *                              {@see CertificateAuthorityServiceClient::certificateAuthorityName()} for help formatting this field.
  */
 function fetch_certificate_authority_csr_sample(string $formattedName): void

SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/get_ca_pool.php

@@ -30,7 +30,8 @@
 /**
  * Returns a [CaPool][google.cloud.security.privateca.v1.CaPool].
  *
- * @param string $formattedName The [name][google.cloud.security.privateca.v1.CaPool.name] of the [CaPool][google.cloud.security.privateca.v1.CaPool] to get. Please see
+ * @param string $formattedName The [name][google.cloud.security.privateca.v1.CaPool.name] of the
+ *                              [CaPool][google.cloud.security.privateca.v1.CaPool] to get. Please see
  *                              {@see CertificateAuthorityServiceClient::caPoolName()} for help formatting this field.
  */
 function get_ca_pool_sample(string $formattedName): void

SecurityPrivateCa/samples/V1/CertificateAuthorityServiceClient/get_certificate.php

@@ -30,7 +30,9 @@
 /**
  * Returns a [Certificate][google.cloud.security.privateca.v1.Certificate].
  *
- * @param string $formattedName The [name][google.cloud.security.privateca.v1.Certificate.name] of the [Certificate][google.cloud.security.privateca.v1.Certificate] to get. Please see
+ * @param string $formattedName The [name][google.cloud.security.privateca.v1.Certificate.name]
+ *                              of the [Certificate][google.cloud.security.privateca.v1.Certificate] to
+ *                              get. Please see
  *                              {@see CertificateAuthorityServiceClient::certificateName()} for help formatting this field.
  */
 function get_certificate_sample(string $formattedName): void