diff --git a/config/tests/samples/create/harness.go b/config/tests/samples/create/harness.go index 72395d1d8b..575058abe7 100644 --- a/config/tests/samples/create/harness.go +++ b/config/tests/samples/create/harness.go @@ -832,6 +832,7 @@ func MaybeSkip(t *testing.T, name string, resources []*unstructured.Unstructured case schema.GroupKind{Group: "networkservices.cnrm.cloud.google.com", Kind: "NetworkServicesMesh"}: case schema.GroupKind{Group: "privateca.cnrm.cloud.google.com", Kind: "PrivateCACAPool"}: + case schema.GroupKind{Group: "privateca.cnrm.cloud.google.com", Kind: "PrivateCACertificateAuthority"}: case schema.GroupKind{Group: "privilegedaccessmanager.cnrm.cloud.google.com", Kind: "PrivilegedAccessManagerEntitlement"}: diff --git a/mockgcp/mockprivateca/certificateauthority.go b/mockgcp/mockprivateca/certificateauthority.go new file mode 100644 index 0000000000..0b4b77fa8f --- /dev/null +++ b/mockgcp/mockprivateca/certificateauthority.go @@ -0,0 +1,146 @@ +// Copyright 2022 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package mockprivateca + +import ( + "context" + "fmt" + "strings" + "time" + + "google.golang.org/genproto/googleapis/longrunning" + "google.golang.org/grpc/codes" + "google.golang.org/grpc/status" + "google.golang.org/protobuf/proto" + "google.golang.org/protobuf/types/known/emptypb" + "google.golang.org/protobuf/types/known/timestamppb" + + pb "github.com/GoogleCloudPlatform/k8s-config-connector/mockgcp/generated/mockgcp/cloud/security/privateca/v1" +) + +func (s *PrivateCAV1) GetCertificateAuthority(ctx context.Context, req *pb.GetCertificateAuthorityRequest) (*pb.CertificateAuthority, error) { + name, err := s.parseCertificateAuthorityName(req.Name) + if err != nil { + return nil, err + } + + fqn := name.String() + + obj := &pb.CertificateAuthority{} + if err := s.storage.Get(ctx, fqn, obj); err != nil { + if status.Code(err) == codes.NotFound { + return nil, status.Errorf(codes.NotFound, "Resource '%s' was not found", fqn) + } + return nil, err + } + + return obj, nil +} + +func (s *PrivateCAV1) CreateCertificateAuthority(ctx context.Context, req *pb.CreateCertificateAuthorityRequest) (*longrunning.Operation, error) { + reqName := req.Parent + "/certificateAuthorities/" + req.CertificateAuthorityId + name, err := s.parseCertificateAuthorityName(reqName) + if err != nil { + return nil, err + } + + now := time.Now() + + fqn := name.String() + + obj := proto.Clone(req.CertificateAuthority).(*pb.CertificateAuthority) + obj.Name = fqn + + if err := s.storage.Create(ctx, fqn, obj); err != nil { + return nil, err + } + + opMetadata := &pb.OperationMetadata{ + ApiVersion: "v1", + CreateTime: timestamppb.New(now), + Verb: "create", + RequestedCancellation: false, + Target: fqn, + } + opPrefix := fmt.Sprintf("projects/%s/locations/%s", name.Project.ID, name.Location) + return s.operations.StartLRO(ctx, opPrefix, opMetadata, func() (proto.Message, error) { + opMetadata.EndTime = timestamppb.Now() + return obj, nil + }) +} + +func (s *PrivateCAV1) DeleteCertificateAuthority(ctx context.Context, req *pb.DeleteCertificateAuthorityRequest) (*longrunning.Operation, error) { + name, err := s.parseCertificateAuthorityName(req.Name) + if err != nil { + return nil, err + } + + fqn := name.String() + + now := time.Now() + + oldObj := &pb.CertificateAuthority{} + if err := s.storage.Delete(ctx, fqn, oldObj); err != nil { + return nil, err + } + + opMetadata := &pb.OperationMetadata{ + ApiVersion: "v1", + CreateTime: timestamppb.New(now), + Verb: "delete", + RequestedCancellation: false, + Target: fqn, + } + opPrefix := fmt.Sprintf("projects/%s/locations/%s", name.Project.ID, name.Location) + return s.operations.StartLRO(ctx, opPrefix, opMetadata, func() (proto.Message, error) { + opMetadata.EndTime = timestamppb.Now() + return &emptypb.Empty{}, nil + }) +} + +type certificateAuthorityName struct { + caPoolName + CertificateAuthorityID string +} + +func (n *certificateAuthorityName) String() string { + return "projects/" + n.Project.ID + "/locations/" + n.Location + "/caPools/" + n.CAPoolName + "/certificateAuthorities" + n.CertificateAuthorityID +} + +// parseCertificateAuthorityName parses a string into a certificateAuthorityName. +// The expected form is projects//locations//caPools//certificateAuthorities/ +func (s *MockService) parseCertificateAuthorityName(name string) (*certificateAuthorityName, error) { + tokens := strings.Split(name, "/") + + if len(tokens) == 8 && tokens[0] == "projects" && tokens[2] == "locations" && tokens[4] == "caPools" && tokens[6] == "certificateAuthorities" { + project, err := s.Projects.GetProjectByID(tokens[1]) + if err != nil { + return nil, err + } + + name := &certificateAuthorityName{ + caPoolName: caPoolName{ + Project: project, + Location: tokens[3], + CAPoolName: tokens[5], + }, + CertificateAuthorityID: tokens[7], + } + + return name, nil + } else { + return nil, status.Errorf(codes.InvalidArgument, "name %q is not valid", name) + } +} diff --git a/pkg/test/resourcefixture/testdata/basic/privateca/v1beta1/privatecacertificateauthority/_generated_object_privatecacertificateauthority.golden.yaml b/pkg/test/resourcefixture/testdata/basic/privateca/v1beta1/privatecacertificateauthority/_generated_object_privatecacertificateauthority.golden.yaml new file mode 100644 index 0000000000..177c7896f0 --- /dev/null +++ b/pkg/test/resourcefixture/testdata/basic/privateca/v1beta1/privatecacertificateauthority/_generated_object_privatecacertificateauthority.golden.yaml @@ -0,0 +1,52 @@ +apiVersion: privateca.cnrm.cloud.google.com/v1beta1 +kind: PrivateCACertificateAuthority +metadata: + annotations: + cnrm.cloud.google.com/management-conflict-prevention-policy: none + cnrm.cloud.google.com/state-into-spec: absent + finalizers: + - cnrm.cloud.google.com/finalizer + - cnrm.cloud.google.com/deletion-defender + generation: 2 + labels: + cnrm-test: "true" + label-one: value-one + label-two: value-two + name: privatecacertificateauthority-${uniqueId} + namespace: ${uniqueId} +spec: + caPoolRef: + name: privatecacapool-${uniqueId} + config: + subjectConfig: + subject: + commonName: my-certificate-authority + organization: Example + subjectAltName: + dnsNames: + - example.com + x509Config: + caOptions: + isCa: true + keyUsage: + baseKeyUsage: + certSign: true + crlSign: true + extendedKeyUsage: + serverAuth: true + keySpec: + algorithm: RSA_PKCS1_4096_SHA256 + lifetime: 86400s + location: us-central1 + projectRef: + external: projects/${projectId} + resourceID: privatecacertificateauthority-${uniqueId} + type: SELF_SIGNED +status: + conditions: + - lastTransitionTime: "1970-01-01T00:00:00Z" + message: The resource is up to date + reason: UpToDate + status: "True" + type: Ready + observedGeneration: 2 diff --git a/pkg/test/resourcefixture/testdata/basic/privateca/v1beta1/privatecacertificateauthority/_http.log b/pkg/test/resourcefixture/testdata/basic/privateca/v1beta1/privatecacertificateauthority/_http.log new file mode 100644 index 0000000000..a728d1a34c --- /dev/null +++ b/pkg/test/resourcefixture/testdata/basic/privateca/v1beta1/privatecacertificateauthority/_http.log @@ -0,0 +1,672 @@ +GET https://privateca.googleapis.com/v1/projects/${projectId}/locations/us-central1/caPools/privatecacapool-${uniqueId}?alt=json +Content-Type: application/json +User-Agent: kcc/controller-manager DeclarativeClientLib/0.0.1 + +404 Not Found +Cache-Control: private +Content-Type: application/json; charset=UTF-8 +Server: ESF +Vary: Origin +Vary: X-Origin +Vary: Referer +X-Content-Type-Options: nosniff +X-Frame-Options: SAMEORIGIN +X-Xss-Protection: 0 + +{ + "error": { + "code": 404, + "message": "Resource 'projects/${projectId}/locations/us-central1/caPools/privatecacapool-${uniqueId}' was not found", + "status": "NOT_FOUND" + } +} + +--- + +POST https://privateca.googleapis.com/v1/projects/${projectId}/locations/us-central1/caPools?alt=json&caPoolId=privatecacapool-${uniqueId} +Content-Type: application/json +User-Agent: kcc/controller-manager DeclarativeClientLib/0.0.1 + +{ + "issuancePolicy": { + "allowedIssuanceModes": { + "allowConfigBasedIssuance": false, + "allowCsrBasedIssuance": true + }, + "allowedKeyTypes": [ + { + "rsa": { + "maxModulusSize": 128, + "minModulusSize": 64 + } + }, + { + "ellipticCurve": { + "signatureAlgorithm": "ECDSA_P384" + } + } + ], + "baselineValues": { + "additionalExtensions": [ + { + "critical": false, + "objectId": { + "objectIdPath": [ + 1, + 7 + ] + }, + "value": "c3RyaW5nCg==" + } + ], + "aiaOcspServers": [ + "string" + ], + "caOptions": { + "isCa": false, + "maxIssuerPathLength": 7 + }, + "keyUsage": { + "baseKeyUsage": { + "certSign": false, + "contentCommitment": false, + "crlSign": false, + "dataEncipherment": false, + "decipherOnly": false, + "digitalSignature": false, + "encipherOnly": false, + "keyAgreement": false, + "keyEncipherment": false + }, + "extendedKeyUsage": { + "clientAuth": false, + "codeSigning": false, + "emailProtection": false, + "ocspSigning": false, + "serverAuth": false, + "timeStamping": false + }, + "unknownExtendedKeyUsages": [ + { + "objectIdPath": [ + 1, + 7 + ] + } + ] + }, + "policyIds": [ + { + "objectIdPath": [ + 1, + 7 + ] + } + ] + }, + "identityConstraints": { + "allowSubjectAltNamesPassthrough": false, + "allowSubjectPassthrough": false, + "celExpression": { + "description": "Always false", + "expression": "false", + "location": "devops.ca_pool.json", + "title": "Sample expression" + } + }, + "maximumLifetime": "43200s", + "passthroughExtensions": { + "additionalExtensions": [ + { + "objectIdPath": [ + 1, + 7 + ] + } + ], + "knownExtensions": [ + "BASE_KEY_USAGE" + ] + } + }, + "labels": { + "cnrm-test": "true", + "label-two": "value-two", + "managed-by-cnrm": "true" + }, + "name": "projects/${projectId}/locations/us-central1/caPools/privatecacapool-${uniqueId}", + "tier": "ENTERPRISE" +} + +200 OK +Cache-Control: private +Content-Type: application/json; charset=UTF-8 +Server: ESF +Vary: Origin +Vary: X-Origin +Vary: Referer +X-Content-Type-Options: nosniff +X-Frame-Options: SAMEORIGIN +X-Xss-Protection: 0 + +{ + "metadata": { + "@type": "type.googleapis.com/google.cloud.security.privateca.v1.OperationMetadata", + "apiVersion": "v1", + "createTime": "2024-04-01T12:34:56.123456Z", + "target": "projects/${projectId}/locations/us-central1/caPools/privatecacapool-${uniqueId}", + "verb": "create" + }, + "name": "projects/${projectId}/locations/us-central1/operations/${operationID}" +} + +--- + +GET https://privateca.googleapis.com/v1/projects/${projectId}/locations/us-central1/operations/${operationID}?alt=json +Content-Type: application/json +User-Agent: kcc/controller-manager DeclarativeClientLib/0.0.1 + +200 OK +Cache-Control: private +Content-Type: application/json; charset=UTF-8 +Server: ESF +Vary: Origin +Vary: X-Origin +Vary: Referer +X-Content-Type-Options: nosniff +X-Frame-Options: SAMEORIGIN +X-Xss-Protection: 0 + +{ + "done": true, + "metadata": { + "@type": "type.googleapis.com/google.cloud.security.privateca.v1.OperationMetadata", + "apiVersion": "v1", + "createTime": "2024-04-01T12:34:56.123456Z", + "endTime": "2024-04-01T12:34:56.123456Z", + "target": "projects/${projectId}/locations/us-central1/caPools/privatecacapool-${uniqueId}", + "verb": "create" + }, + "name": "projects/${projectId}/locations/us-central1/operations/${operationID}", + "response": { + "@type": "type.googleapis.com/google.cloud.security.privateca.v1.CaPool", + "issuancePolicy": { + "allowedIssuanceModes": { + "allowCsrBasedIssuance": true + }, + "allowedKeyTypes": [ + { + "rsa": { + "maxModulusSize": "128", + "minModulusSize": "64" + } + }, + { + "ellipticCurve": { + "signatureAlgorithm": "ECDSA_P384" + } + } + ], + "baselineValues": { + "additionalExtensions": [ + { + "objectId": { + "objectIdPath": [ + 1, + 7 + ] + }, + "value": "c3RyaW5nCg==" + } + ], + "aiaOcspServers": [ + "string" + ], + "caOptions": { + "isCa": false, + "maxIssuerPathLength": 7 + }, + "keyUsage": { + "unknownExtendedKeyUsages": [ + { + "objectIdPath": [ + 1, + 7 + ] + } + ] + }, + "policyIds": [ + { + "objectIdPath": [ + 1, + 7 + ] + } + ] + }, + "identityConstraints": { + "allowSubjectAltNamesPassthrough": false, + "allowSubjectPassthrough": false, + "celExpression": { + "description": "Always false", + "expression": "false", + "location": "devops.ca_pool.json", + "title": "Sample expression" + } + }, + "maximumLifetime": "43200s", + "passthroughExtensions": { + "additionalExtensions": [ + { + "objectIdPath": [ + 1, + 7 + ] + } + ], + "knownExtensions": [ + "BASE_KEY_USAGE" + ] + } + }, + "labels": { + "cnrm-test": "true", + "label-two": "value-two", + "managed-by-cnrm": "true" + }, + "name": "projects/${projectId}/locations/us-central1/caPools/privatecacapool-${uniqueId}", + "tier": "ENTERPRISE" + } +} + +--- + +GET https://privateca.googleapis.com/v1/projects/${projectId}/locations/us-central1/caPools/privatecacapool-${uniqueId}?alt=json +Content-Type: application/json +User-Agent: kcc/controller-manager DeclarativeClientLib/0.0.1 + +200 OK +Cache-Control: private +Content-Type: application/json; charset=UTF-8 +Server: ESF +Vary: Origin +Vary: X-Origin +Vary: Referer +X-Content-Type-Options: nosniff +X-Frame-Options: SAMEORIGIN +X-Xss-Protection: 0 + +{ + "issuancePolicy": { + "allowedIssuanceModes": { + "allowCsrBasedIssuance": true + }, + "allowedKeyTypes": [ + { + "rsa": { + "maxModulusSize": "128", + "minModulusSize": "64" + } + }, + { + "ellipticCurve": { + "signatureAlgorithm": "ECDSA_P384" + } + } + ], + "baselineValues": { + "additionalExtensions": [ + { + "objectId": { + "objectIdPath": [ + 1, + 7 + ] + }, + "value": "c3RyaW5nCg==" + } + ], + "aiaOcspServers": [ + "string" + ], + "caOptions": { + "isCa": false, + "maxIssuerPathLength": 7 + }, + "keyUsage": { + "unknownExtendedKeyUsages": [ + { + "objectIdPath": [ + 1, + 7 + ] + } + ] + }, + "policyIds": [ + { + "objectIdPath": [ + 1, + 7 + ] + } + ] + }, + "identityConstraints": { + "allowSubjectAltNamesPassthrough": false, + "allowSubjectPassthrough": false, + "celExpression": { + "description": "Always false", + "expression": "false", + "location": "devops.ca_pool.json", + "title": "Sample expression" + } + }, + "maximumLifetime": "43200s", + "passthroughExtensions": { + "additionalExtensions": [ + { + "objectIdPath": [ + 1, + 7 + ] + } + ], + "knownExtensions": [ + "BASE_KEY_USAGE" + ] + } + }, + "labels": { + "cnrm-test": "true", + "label-two": "value-two", + "managed-by-cnrm": "true" + }, + "name": "projects/${projectId}/locations/us-central1/caPools/privatecacapool-${uniqueId}", + "tier": "ENTERPRISE" +} + +--- + +GET https://privateca.googleapis.com/v1/projects/${projectId}/locations/us-central1/caPools/privatecacapool-${uniqueId}/certificateAuthorities/privatecacertificateauthority-${uniqueId}?alt=json +Content-Type: application/json +User-Agent: kcc/controller-manager DeclarativeClientLib/0.0.1 + +404 Not Found +Cache-Control: private +Content-Type: application/json; charset=UTF-8 +Server: ESF +Vary: Origin +Vary: X-Origin +Vary: Referer +X-Content-Type-Options: nosniff +X-Frame-Options: SAMEORIGIN +X-Xss-Protection: 0 + +{ + "error": { + "code": 404, + "message": "Resource 'projects/${projectId}/locations/us-central1/caPools/privatecacapool-${uniqueId}/certificateAuthoritiesprivatecacertificateauthority-${uniqueId}' was not found", + "status": "NOT_FOUND" + } +} + +--- + +POST https://privateca.googleapis.com/v1/projects/${projectId}/locations/us-central1/caPools/privatecacapool-${uniqueId}/certificateAuthorities?alt=json&certificateAuthorityId=privatecacertificateauthority-${uniqueId} +Content-Type: application/json +User-Agent: kcc/controller-manager DeclarativeClientLib/0.0.1 + +{ + "config": { + "subjectConfig": { + "subject": { + "commonName": "my-certificate-authority", + "organization": "Example" + }, + "subjectAltName": { + "dnsNames": [ + "example.com" + ] + } + }, + "x509Config": { + "caOptions": { + "isCa": true + }, + "keyUsage": { + "baseKeyUsage": { + "certSign": true, + "crlSign": true + }, + "extendedKeyUsage": { + "serverAuth": true + } + } + } + }, + "keySpec": { + "algorithm": "RSA_PKCS1_4096_SHA256" + }, + "labels": { + "cnrm-test": "true", + "label-two": "value-two", + "managed-by-cnrm": "true" + }, + "lifetime": "86400s", + "name": "projects/${projectId}/locations/us-central1/caPools/privatecacapool-${uniqueId}/certificateAuthorities/privatecacertificateauthority-${uniqueId}", + "type": "SELF_SIGNED" +} + +200 OK +Cache-Control: private +Content-Type: application/json; charset=UTF-8 +Server: ESF +Vary: Origin +Vary: X-Origin +Vary: Referer +X-Content-Type-Options: nosniff +X-Frame-Options: SAMEORIGIN +X-Xss-Protection: 0 + +{ + "metadata": { + "@type": "type.googleapis.com/google.cloud.security.privateca.v1.OperationMetadata", + "apiVersion": "v1", + "createTime": "2024-04-01T12:34:56.123456Z", + "target": "projects/${projectId}/locations/us-central1/caPools/privatecacapool-${uniqueId}/certificateAuthoritiesprivatecacertificateauthority-${uniqueId}", + "verb": "create" + }, + "name": "projects/${projectId}/locations/us-central1/operations/${operationID}" +} + +--- + +GET https://privateca.googleapis.com/v1/projects/${projectId}/locations/us-central1/operations/${operationID}?alt=json +Content-Type: application/json +User-Agent: kcc/controller-manager DeclarativeClientLib/0.0.1 + +200 OK +Cache-Control: private +Content-Type: application/json; charset=UTF-8 +Server: ESF +Vary: Origin +Vary: X-Origin +Vary: Referer +X-Content-Type-Options: nosniff +X-Frame-Options: SAMEORIGIN +X-Xss-Protection: 0 + +{ + "done": true, + "metadata": { + "@type": "type.googleapis.com/google.cloud.security.privateca.v1.OperationMetadata", + "apiVersion": "v1", + "createTime": "2024-04-01T12:34:56.123456Z", + "endTime": "2024-04-01T12:34:56.123456Z", + "target": "projects/${projectId}/locations/us-central1/caPools/privatecacapool-${uniqueId}/certificateAuthoritiesprivatecacertificateauthority-${uniqueId}", + "verb": "create" + }, + "name": "projects/${projectId}/locations/us-central1/operations/${operationID}", + "response": { + "@type": "type.googleapis.com/google.cloud.security.privateca.v1.CertificateAuthority", + "config": { + "subjectConfig": { + "subject": { + "commonName": "my-certificate-authority", + "organization": "Example" + }, + "subjectAltName": { + "dnsNames": [ + "example.com" + ] + } + }, + "x509Config": { + "caOptions": { + "isCa": true + }, + "keyUsage": { + "baseKeyUsage": { + "certSign": true, + "crlSign": true + }, + "extendedKeyUsage": { + "serverAuth": true + } + } + } + }, + "keySpec": { + "algorithm": "RSA_PKCS1_4096_SHA256" + }, + "labels": { + "cnrm-test": "true", + "label-two": "value-two", + "managed-by-cnrm": "true" + }, + "lifetime": "86400s", + "name": "projects/${projectId}/locations/us-central1/caPools/privatecacapool-${uniqueId}/certificateAuthoritiesprivatecacertificateauthority-${uniqueId}", + "type": "SELF_SIGNED" + } +} + +--- + +GET https://privateca.googleapis.com/v1/projects/${projectId}/locations/us-central1/caPools/privatecacapool-${uniqueId}/certificateAuthorities/privatecacertificateauthority-${uniqueId}?alt=json +Content-Type: application/json +User-Agent: kcc/controller-manager DeclarativeClientLib/0.0.1 + +200 OK +Cache-Control: private +Content-Type: application/json; charset=UTF-8 +Server: ESF +Vary: Origin +Vary: X-Origin +Vary: Referer +X-Content-Type-Options: nosniff +X-Frame-Options: SAMEORIGIN +X-Xss-Protection: 0 + +{ + "config": { + "subjectConfig": { + "subject": { + "commonName": "my-certificate-authority", + "organization": "Example" + }, + "subjectAltName": { + "dnsNames": [ + "example.com" + ] + } + }, + "x509Config": { + "caOptions": { + "isCa": true + }, + "keyUsage": { + "baseKeyUsage": { + "certSign": true, + "crlSign": true + }, + "extendedKeyUsage": { + "serverAuth": true + } + } + } + }, + "keySpec": { + "algorithm": "RSA_PKCS1_4096_SHA256" + }, + "labels": { + "cnrm-test": "true", + "label-two": "value-two", + "managed-by-cnrm": "true" + }, + "lifetime": "86400s", + "name": "projects/${projectId}/locations/us-central1/caPools/privatecacapool-${uniqueId}/certificateAuthoritiesprivatecacertificateauthority-${uniqueId}", + "type": "SELF_SIGNED" +} + +--- + +DELETE https://privateca.googleapis.com/v1/projects/${projectId}/locations/us-central1/caPools/privatecacapool-${uniqueId}/certificateAuthorities/privatecacertificateauthority-${uniqueId}?alt=json&ignoreActiveCertificates=true +Content-Type: application/json +User-Agent: kcc/controller-manager DeclarativeClientLib/0.0.1 + +200 OK +Cache-Control: private +Content-Type: application/json; charset=UTF-8 +Server: ESF +Vary: Origin +Vary: X-Origin +Vary: Referer +X-Content-Type-Options: nosniff +X-Frame-Options: SAMEORIGIN +X-Xss-Protection: 0 + +{ + "metadata": { + "@type": "type.googleapis.com/google.cloud.security.privateca.v1.OperationMetadata", + "apiVersion": "v1", + "createTime": "2024-04-01T12:34:56.123456Z", + "target": "projects/${projectId}/locations/us-central1/caPools/privatecacapool-${uniqueId}/certificateAuthoritiesprivatecacertificateauthority-${uniqueId}", + "verb": "delete" + }, + "name": "projects/${projectId}/locations/us-central1/operations/${operationID}" +} + +--- + +GET https://privateca.googleapis.com/v1/projects/${projectId}/locations/us-central1/operations/${operationID}?alt=json +Content-Type: application/json +User-Agent: kcc/controller-manager DeclarativeClientLib/0.0.1 + +200 OK +Cache-Control: private +Content-Type: application/json; charset=UTF-8 +Server: ESF +Vary: Origin +Vary: X-Origin +Vary: Referer +X-Content-Type-Options: nosniff +X-Frame-Options: SAMEORIGIN +X-Xss-Protection: 0 + +{ + "done": true, + "metadata": { + "@type": "type.googleapis.com/google.cloud.security.privateca.v1.OperationMetadata", + "apiVersion": "v1", + "createTime": "2024-04-01T12:34:56.123456Z", + "endTime": "2024-04-01T12:34:56.123456Z", + "target": "projects/${projectId}/locations/us-central1/caPools/privatecacapool-${uniqueId}/certificateAuthoritiesprivatecacertificateauthority-${uniqueId}", + "verb": "delete" + }, + "name": "projects/${projectId}/locations/us-central1/operations/${operationID}", + "response": { + "@type": "type.googleapis.com/google.protobuf.Empty" + } +} \ No newline at end of file diff --git a/pkg/test/resourcefixture/testdata/basic/privateca/v1beta1/privatecacertificateauthority/create.yaml b/pkg/test/resourcefixture/testdata/basic/privateca/v1beta1/privatecacertificateauthority/create.yaml index 129678ddba..f26ea55a42 100644 --- a/pkg/test/resourcefixture/testdata/basic/privateca/v1beta1/privatecacertificateauthority/create.yaml +++ b/pkg/test/resourcefixture/testdata/basic/privateca/v1beta1/privatecacertificateauthority/create.yaml @@ -41,7 +41,7 @@ spec: baseKeyUsage: certSign: true crlSign: true - extendedKeyUsage: - serverAuth: true + extendedKeyUsage: + serverAuth: true keySpec: algorithm: RSA_PKCS1_4096_SHA256 diff --git a/pkg/test/resourcefixture/testdata/basic/privateca/v1beta1/privatecacertificateauthority/update.yaml b/pkg/test/resourcefixture/testdata/basic/privateca/v1beta1/privatecacertificateauthority/update.yaml index 4787f9a995..dbc5561b63 100644 --- a/pkg/test/resourcefixture/testdata/basic/privateca/v1beta1/privatecacertificateauthority/update.yaml +++ b/pkg/test/resourcefixture/testdata/basic/privateca/v1beta1/privatecacertificateauthority/update.yaml @@ -41,7 +41,7 @@ spec: baseKeyUsage: certSign: true crlSign: true - extendedKeyUsage: - serverAuth: true + extendedKeyUsage: + serverAuth: true keySpec: algorithm: RSA_PKCS1_4096_SHA256