CertificateService

Calls CertificateService
Get
List
Create
Update
Delete
RequestNew
ListOperations
ListAccessBindings
SetAccessBindings
UpdateAccessBindings

A set of methods for managing certificates.

Call	Description
Get	Returns the specified certificate.
List	Returns the list of certificates in the specified folder.
Create	Creates a certificate in the specified folder.
Update	Updates the specified certificate.
Delete	Deletes the specified certificate.
RequestNew	Request a certificate in the specified folder.
ListOperations	Lists operations for the specified certificate.
ListAccessBindings	Lists existing access bindings for the specified certificate.
SetAccessBindings	Sets access bindings for the certificate.
UpdateAccessBindings	Updates access bindings for the specified certificate.

Calls CertificateService

Get

Returns the specified certificate.
To get the list of available certificates, make a List request.

rpc Get (GetCertificateRequest) returns (Certificate)

GetCertificateRequest

Field	Description
certificate_id	string Required. ID of the certificate to return. To get the ID of a certificate use a CertificateService.List request. The maximum string length in characters is 50.
view	enum CertificateView The output type of the certificate. `BASIC`: Output basic information about the certificate. `FULL`: Output full information about the certificate including domain challenges.

Certificate

Field	Description
id	string ID of the certificate. Generated at creation time.
folder_id	string ID of the folder that the certificate belongs to.
created_at	google.protobuf.Timestamp Creation timestamp.
name	string Name of the certificate. The name is unique within the folder.
description	string Description of the certificate.
labels	map<string,string> Certificate labels as `key:value` pairs.
type	enum CertificateType Type of the certificate. `IMPORTED`: The certificate is imported by user. `MANAGED`: The certificate is created by service.
domains[]	string Fully qualified domain names of the certificate.
status	enum Status Status of the certificate. `VALIDATING`: The certificate domains validation are required. Used only for managed certificates. `INVALID`: The certificate issuance is failed. Used only for managed certificates. `ISSUED`: The certificate is issued. `REVOKED`: The certificate is revoked. `RENEWING`: The certificate renewal is started. Used only for managed certificates. `RENEWAL_FAILED`: The certificate renewal is failed. Used only for managed certificates.
issuer	string Distinguished Name of the certificate authority that issued the certificate.
subject	string Distinguished Name of the entity that is associated with the public key contained in the certificate.
serial	string Serial number of the certificate.
updated_at	google.protobuf.Timestamp Time when the certificate is updated.
issued_at	google.protobuf.Timestamp Time when the certificate is issued.
not_after	google.protobuf.Timestamp Time after which the certificate is not valid.
not_before	google.protobuf.Timestamp Time before which the certificate is not valid.
challenges[]	Challenge Domains validation challenges of the certificate. Used only for managed certificates.

Challenge

Field	Description
domain	string Domain of the challenge.
type	enum ChallengeType Type of the challenge. `DNS`: Domain validation type that using DNS-records. `HTTP`: Domain validation type that using HTTP-files.
created_at	google.protobuf.Timestamp Time when the challenge is created.
updated_at	google.protobuf.Timestamp Time when the challenge is updated.
status	enum Status Status of the challenge. `PENDING`: The challenge is waiting to be completed. `PROCESSING`: The challenge is awaiting approval from Let's Encrypt. `VALID`: The challenge is complete. `INVALID`: The rights check for a specific domain failed or the one-week period allocated for the check expired.
message	string Description of the challenge.
error	string Error of the challenge.
challenge	oneof: `dns_challenge` or `http_challenge` Data of the challenge.
dns_challenge	DnsRecord DNS-record.
http_challenge	HttpFile HTTP-file.

DnsRecord

Field	Description
name	string Name of the DNS record.
type	string Type of the DNS-record.
value	string Value of the DNS-record.

HttpFile

Field	Description
url	string Location of the HTTP file.
content	string Content of the HTTP file.

List

Returns the list of certificates in the specified folder.

rpc List (ListCertificatesRequest) returns (ListCertificatesResponse)

ListCertificatesRequest

Field	Description
folder_id	string Required. ID of the folder to list certificate in. The maximum string length in characters is 50.
page_size	int64 The maximum number of results per page to return. If the number of available results is larger than `page_size`, the service returns a ListCertificatesResponse.next_page_token that can be used to get the next page of results in subsequent list requests. Default value: 100. The maximum value is 1000.
page_token	string Page token. To get the next page of results, set `page_token` to the ListCertificatesResponse.next_page_token returned by a previous list request. The maximum string length in characters is 100.
view	enum CertificateView The output type of the certificate. `BASIC`: Output basic information about the certificate. `FULL`: Output full information about the certificate including domain challenges.

ListCertificatesResponse

Field Description

certificates[] Certificate
List of certificates in the specified folder.

next_page_token string
This token allows you to get the next page of results for list requests. If the number of results is greater than the specified ListCertificatesRequest.page_size, use the next_page_token as the value for the ListCertificatesRequest.page_token query parameter in the next list request. Each subsequent list request will have its own next_page_token to continue paging through the results.

Field	Description
certificates[]	Certificate List of certificates in the specified folder.
next_page_token	string This token allows you to get the next page of results for list requests. If the number of results is greater than the specified ListCertificatesRequest.page_size, use the `next_page_token` as the value for the ListCertificatesRequest.page_token query parameter in the next list request. Each subsequent list request will have its own `next_page_token` to continue paging through the results.

Certificate

Field	Description
id	string ID of the certificate. Generated at creation time.
folder_id	string ID of the folder that the certificate belongs to.
created_at	google.protobuf.Timestamp Creation timestamp.
name	string Name of the certificate. The name is unique within the folder.
description	string Description of the certificate.
labels	map<string,string> Certificate labels as `key:value` pairs.
type	enum CertificateType Type of the certificate. `IMPORTED`: The certificate is imported by user. `MANAGED`: The certificate is created by service.
domains[]	string Fully qualified domain names of the certificate.
status	enum Status Status of the certificate. `VALIDATING`: The certificate domains validation are required. Used only for managed certificates. `INVALID`: The certificate issuance is failed. Used only for managed certificates. `ISSUED`: The certificate is issued. `REVOKED`: The certificate is revoked. `RENEWING`: The certificate renewal is started. Used only for managed certificates. `RENEWAL_FAILED`: The certificate renewal is failed. Used only for managed certificates.
issuer	string Distinguished Name of the certificate authority that issued the certificate.
subject	string Distinguished Name of the entity that is associated with the public key contained in the certificate.
serial	string Serial number of the certificate.
updated_at	google.protobuf.Timestamp Time when the certificate is updated.
issued_at	google.protobuf.Timestamp Time when the certificate is issued.
not_after	google.protobuf.Timestamp Time after which the certificate is not valid.
not_before	google.protobuf.Timestamp Time before which the certificate is not valid.
challenges[]	Challenge Domains validation challenges of the certificate. Used only for managed certificates.

Challenge

Field	Description
domain	string Domain of the challenge.
type	enum ChallengeType Type of the challenge. `DNS`: Domain validation type that using DNS-records. `HTTP`: Domain validation type that using HTTP-files.
created_at	google.protobuf.Timestamp Time when the challenge is created.
updated_at	google.protobuf.Timestamp Time when the challenge is updated.
status	enum Status Status of the challenge. `PENDING`: The challenge is waiting to be completed. `PROCESSING`: The challenge is awaiting approval from Let's Encrypt. `VALID`: The challenge is complete. `INVALID`: The rights check for a specific domain failed or the one-week period allocated for the check expired.
message	string Description of the challenge.
error	string Error of the challenge.
challenge	oneof: `dns_challenge` or `http_challenge` Data of the challenge.
dns_challenge	DnsRecord DNS-record.
http_challenge	HttpFile HTTP-file.

DnsRecord

Field	Description
name	string Name of the DNS record.
type	string Type of the DNS-record.
value	string Value of the DNS-record.

HttpFile

Field	Description
url	string Location of the HTTP file.
content	string Content of the HTTP file.

Create

Creates a certificate in the specified folder.

rpc Create (CreateCertificateRequest) returns (operation.Operation)

Metadata and response of Operation:

Operation.metadata:CreateCertificateMetadata

Operation.response:Certificate

CreateCertificateRequest

Field	Description
folder_id	string Required. ID of the folder to create a certificate in. The maximum string length in characters is 50.
name	string Name of the certificate. The name must be unique within the folder. Value must match the regular expression `\|[a-z]([-a-z0-9]{0,61}[a-z0-9])?`.
description	string Description of the certificate. The maximum string length in characters is 1024.
labels	map<string,string> Labels for the certificate as `key:value` pairs. No more than 64 per resource. The maximum string length in characters for each value is 63. Each value must match the regular expression `[-_0-9a-z]`. The maximum string length in characters for each key is 63. Each key must match the regular expression `[a-z][-_0-9a-z]`.
certificate	string PEM-encoded certificate content of the certificate. The maximum string length in characters is 32768.
chain	string PEM-encoded certificate chain content of the certificate. The maximum string length in characters is 2097152.
private_key	string Required. PEM-encoded private key content of the certificate. The string length in characters must be 1-524288.

Operation

Field	Description
id	string ID of the operation.
description	string Description of the operation. 0-256 characters long.
created_at	google.protobuf.Timestamp Creation timestamp.
created_by	string ID of the user or service account who initiated the operation.
modified_at	google.protobuf.Timestamp The time when the Operation resource was last modified.
done	bool If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
metadata	google.protobuf.Any<CreateCertificateMetadata> Service-specific metadata associated with the operation. It typically contains the ID of the target resource that the operation is performed on. Any method that returns a long-running operation should document the metadata type, if any.
result	oneof: `error` or `response` The operation result. If `done == false` and there was no failure detected, neither `error` nor `response` is set. If `done == false` and there was a failure detected, `error` is set. If `done == true`, exactly one of `error` or `response` is set.
error	google.rpc.Status The error result of the operation in case of failure or cancellation.
response	google.protobuf.Any<Certificate> if operation finished successfully.

CreateCertificateMetadata

Field	Description
certificate_id	string ID of the certificate being created.

Certificate

Field	Description
id	string ID of the certificate. Generated at creation time.
folder_id	string ID of the folder that the certificate belongs to.
created_at	google.protobuf.Timestamp Creation timestamp.
name	string Name of the certificate. The name is unique within the folder.
description	string Description of the certificate.
labels	map<string,string> Certificate labels as `key:value` pairs.
type	enum CertificateType Type of the certificate. `IMPORTED`: The certificate is imported by user. `MANAGED`: The certificate is created by service.
domains[]	string Fully qualified domain names of the certificate.
status	enum Status Status of the certificate. `VALIDATING`: The certificate domains validation are required. Used only for managed certificates. `INVALID`: The certificate issuance is failed. Used only for managed certificates. `ISSUED`: The certificate is issued. `REVOKED`: The certificate is revoked. `RENEWING`: The certificate renewal is started. Used only for managed certificates. `RENEWAL_FAILED`: The certificate renewal is failed. Used only for managed certificates.
issuer	string Distinguished Name of the certificate authority that issued the certificate.
subject	string Distinguished Name of the entity that is associated with the public key contained in the certificate.
serial	string Serial number of the certificate.
updated_at	google.protobuf.Timestamp Time when the certificate is updated.
issued_at	google.protobuf.Timestamp Time when the certificate is issued.
not_after	google.protobuf.Timestamp Time after which the certificate is not valid.
not_before	google.protobuf.Timestamp Time before which the certificate is not valid.
challenges[]	Challenge Domains validation challenges of the certificate. Used only for managed certificates.

Challenge

Field	Description
domain	string Domain of the challenge.
type	enum ChallengeType Type of the challenge. `DNS`: Domain validation type that using DNS-records. `HTTP`: Domain validation type that using HTTP-files.
created_at	google.protobuf.Timestamp Time when the challenge is created.
updated_at	google.protobuf.Timestamp Time when the challenge is updated.
status	enum Status Status of the challenge. `PENDING`: The challenge is waiting to be completed. `PROCESSING`: The challenge is awaiting approval from Let's Encrypt. `VALID`: The challenge is complete. `INVALID`: The rights check for a specific domain failed or the one-week period allocated for the check expired.
message	string Description of the challenge.
error	string Error of the challenge.
challenge	oneof: `dns_challenge` or `http_challenge` Data of the challenge.
dns_challenge	DnsRecord DNS-record.
http_challenge	HttpFile HTTP-file.

DnsRecord

Field	Description
name	string Name of the DNS record.
type	string Type of the DNS-record.
value	string Value of the DNS-record.

HttpFile

Field	Description
url	string Location of the HTTP file.
content	string Content of the HTTP file.

Update

Updates the specified certificate.

rpc Update (UpdateCertificateRequest) returns (operation.Operation)

Metadata and response of Operation:

Operation.metadata:UpdateCertificateMetadata

Operation.response:Certificate

UpdateCertificateRequest

Field	Description
certificate_id	string Required. ID of the certificate to update. To get the ID of a certificate use a CertificateService.List request. The maximum string length in characters is 50.
update_mask	google.protobuf.FieldMask Field mask that specifies which attributes of the certificate are going to be updated.
name	string New name for the certificate. Value must match the regular expression `\|[a-z]([-a-z0-9]{0,61}[a-z0-9])?`.
description	string New description for the certificate. The maximum string length in characters is 1024.
labels	map<string,string> New labels for the certificate as `key:value` pairs. No more than 64 per resource. The maximum string length in characters for each value is 63. Each value must match the regular expression `[-_0-9a-z]`. The maximum string length in characters for each key is 63. Each key must match the regular expression `[a-z][-_0-9a-z]`.
certificate	string New PEM-encoded certificate content for the certificate. Used only for imported certificates. The maximum string length in characters is 32768.
chain	string New PEM-encoded certificate chain content for the certificate. Used only for imported certificates. The maximum string length in characters is 2097152.
private_key	string New PEM-encoded private key content for the certificate. Used only for imported certificates. The maximum string length in characters is 524288.

Operation

Field	Description
id	string ID of the operation.
description	string Description of the operation. 0-256 characters long.
created_at	google.protobuf.Timestamp Creation timestamp.
created_by	string ID of the user or service account who initiated the operation.
modified_at	google.protobuf.Timestamp The time when the Operation resource was last modified.
done	bool If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
metadata	google.protobuf.Any<UpdateCertificateMetadata> Service-specific metadata associated with the operation. It typically contains the ID of the target resource that the operation is performed on. Any method that returns a long-running operation should document the metadata type, if any.
result	oneof: `error` or `response` The operation result. If `done == false` and there was no failure detected, neither `error` nor `response` is set. If `done == false` and there was a failure detected, `error` is set. If `done == true`, exactly one of `error` or `response` is set.
error	google.rpc.Status The error result of the operation in case of failure or cancellation.
response	google.protobuf.Any<Certificate> if operation finished successfully.

UpdateCertificateMetadata

Field	Description
certificate_id	string ID of the certificate being updated.

Certificate

Field	Description
id	string ID of the certificate. Generated at creation time.
folder_id	string ID of the folder that the certificate belongs to.
created_at	google.protobuf.Timestamp Creation timestamp.
name	string Name of the certificate. The name is unique within the folder.
description	string Description of the certificate.
labels	map<string,string> Certificate labels as `key:value` pairs.
type	enum CertificateType Type of the certificate. `IMPORTED`: The certificate is imported by user. `MANAGED`: The certificate is created by service.
domains[]	string Fully qualified domain names of the certificate.
status	enum Status Status of the certificate. `VALIDATING`: The certificate domains validation are required. Used only for managed certificates. `INVALID`: The certificate issuance is failed. Used only for managed certificates. `ISSUED`: The certificate is issued. `REVOKED`: The certificate is revoked. `RENEWING`: The certificate renewal is started. Used only for managed certificates. `RENEWAL_FAILED`: The certificate renewal is failed. Used only for managed certificates.
issuer	string Distinguished Name of the certificate authority that issued the certificate.
subject	string Distinguished Name of the entity that is associated with the public key contained in the certificate.
serial	string Serial number of the certificate.
updated_at	google.protobuf.Timestamp Time when the certificate is updated.
issued_at	google.protobuf.Timestamp Time when the certificate is issued.
not_after	google.protobuf.Timestamp Time after which the certificate is not valid.
not_before	google.protobuf.Timestamp Time before which the certificate is not valid.
challenges[]	Challenge Domains validation challenges of the certificate. Used only for managed certificates.

Challenge

Field	Description
domain	string Domain of the challenge.
type	enum ChallengeType Type of the challenge. `DNS`: Domain validation type that using DNS-records. `HTTP`: Domain validation type that using HTTP-files.
created_at	google.protobuf.Timestamp Time when the challenge is created.
updated_at	google.protobuf.Timestamp Time when the challenge is updated.
status	enum Status Status of the challenge. `PENDING`: The challenge is waiting to be completed. `PROCESSING`: The challenge is awaiting approval from Let's Encrypt. `VALID`: The challenge is complete. `INVALID`: The rights check for a specific domain failed or the one-week period allocated for the check expired.
message	string Description of the challenge.
error	string Error of the challenge.
challenge	oneof: `dns_challenge` or `http_challenge` Data of the challenge.
dns_challenge	DnsRecord DNS-record.
http_challenge	HttpFile HTTP-file.

DnsRecord

Field	Description
name	string Name of the DNS record.
type	string Type of the DNS-record.
value	string Value of the DNS-record.

HttpFile

Field	Description
url	string Location of the HTTP file.
content	string Content of the HTTP file.

Delete

Deletes the specified certificate.

rpc Delete (DeleteCertificateRequest) returns (operation.Operation)

Metadata and response of Operation:

Operation.metadata:DeleteCertificateMetadata

Operation.response:Certificate

DeleteCertificateRequest

Field	Description
certificate_id	string Required. ID of the certificate to be deleted. The maximum string length in characters is 50.

Operation

Field	Description
id	string ID of the operation.
description	string Description of the operation. 0-256 characters long.
created_at	google.protobuf.Timestamp Creation timestamp.
created_by	string ID of the user or service account who initiated the operation.
modified_at	google.protobuf.Timestamp The time when the Operation resource was last modified.
done	bool If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
metadata	google.protobuf.Any<DeleteCertificateMetadata> Service-specific metadata associated with the operation. It typically contains the ID of the target resource that the operation is performed on. Any method that returns a long-running operation should document the metadata type, if any.
result	oneof: `error` or `response` The operation result. If `done == false` and there was no failure detected, neither `error` nor `response` is set. If `done == false` and there was a failure detected, `error` is set. If `done == true`, exactly one of `error` or `response` is set.
error	google.rpc.Status The error result of the operation in case of failure or cancellation.
response	google.protobuf.Any<Certificate> if operation finished successfully.

DeleteCertificateMetadata

Field	Description
certificate_id	string ID of the certificate being deleted.

Certificate

Field	Description
id	string ID of the certificate. Generated at creation time.
folder_id	string ID of the folder that the certificate belongs to.
created_at	google.protobuf.Timestamp Creation timestamp.
name	string Name of the certificate. The name is unique within the folder.
description	string Description of the certificate.
labels	map<string,string> Certificate labels as `key:value` pairs.
type	enum CertificateType Type of the certificate. `IMPORTED`: The certificate is imported by user. `MANAGED`: The certificate is created by service.
domains[]	string Fully qualified domain names of the certificate.
status	enum Status Status of the certificate. `VALIDATING`: The certificate domains validation are required. Used only for managed certificates. `INVALID`: The certificate issuance is failed. Used only for managed certificates. `ISSUED`: The certificate is issued. `REVOKED`: The certificate is revoked. `RENEWING`: The certificate renewal is started. Used only for managed certificates. `RENEWAL_FAILED`: The certificate renewal is failed. Used only for managed certificates.
issuer	string Distinguished Name of the certificate authority that issued the certificate.
subject	string Distinguished Name of the entity that is associated with the public key contained in the certificate.
serial	string Serial number of the certificate.
updated_at	google.protobuf.Timestamp Time when the certificate is updated.
issued_at	google.protobuf.Timestamp Time when the certificate is issued.
not_after	google.protobuf.Timestamp Time after which the certificate is not valid.
not_before	google.protobuf.Timestamp Time before which the certificate is not valid.
challenges[]	Challenge Domains validation challenges of the certificate. Used only for managed certificates.

Challenge

Field	Description
domain	string Domain of the challenge.
type	enum ChallengeType Type of the challenge. `DNS`: Domain validation type that using DNS-records. `HTTP`: Domain validation type that using HTTP-files.
created_at	google.protobuf.Timestamp Time when the challenge is created.
updated_at	google.protobuf.Timestamp Time when the challenge is updated.
status	enum Status Status of the challenge. `PENDING`: The challenge is waiting to be completed. `PROCESSING`: The challenge is awaiting approval from Let's Encrypt. `VALID`: The challenge is complete. `INVALID`: The rights check for a specific domain failed or the one-week period allocated for the check expired.
message	string Description of the challenge.
error	string Error of the challenge.
challenge	oneof: `dns_challenge` or `http_challenge` Data of the challenge.
dns_challenge	DnsRecord DNS-record.
http_challenge	HttpFile HTTP-file.

DnsRecord

Field	Description
name	string Name of the DNS record.
type	string Type of the DNS-record.
value	string Value of the DNS-record.

HttpFile

Field	Description
url	string Location of the HTTP file.
content	string Content of the HTTP file.

RequestNew

Request a certificate in the specified folder.

rpc RequestNew (RequestNewCertificateRequest) returns (operation.Operation)

Metadata and response of Operation:

Operation.metadata:RequestNewCertificateMetadata

Operation.response:Certificate

RequestNewCertificateRequest

Field	Description
folder_id	string Required. ID of the folder to create a certificate in. The maximum string length in characters is 50.
name	string Name of the certificate. Value must match the regular expression `\|[a-z]([-a-z0-9]{0,61}[a-z0-9])?`.
description	string Description of the certificate. The maximum string length in characters is 1024.
labels	map<string,string> Labels for the certificate as `key:value` pairs. No more than 64 per resource. The maximum string length in characters for each value is 63. Each value must match the regular expression `[-_0-9a-z]`. The maximum string length in characters for each key is 63. Each key must match the regular expression `[a-z][-_0-9a-z]`.
domains[]	string Fully qualified domain names of the certificate.
challenge_type	enum ChallengeType Type of the domain validation challenge. `DNS`: Domain validation type that using DNS-records. `HTTP`: Domain validation type that using HTTP-files.

Operation

Field	Description
id	string ID of the operation.
description	string Description of the operation. 0-256 characters long.
created_at	google.protobuf.Timestamp Creation timestamp.
created_by	string ID of the user or service account who initiated the operation.
modified_at	google.protobuf.Timestamp The time when the Operation resource was last modified.
done	bool If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
metadata	google.protobuf.Any<RequestNewCertificateMetadata> Service-specific metadata associated with the operation. It typically contains the ID of the target resource that the operation is performed on. Any method that returns a long-running operation should document the metadata type, if any.
result	oneof: `error` or `response` The operation result. If `done == false` and there was no failure detected, neither `error` nor `response` is set. If `done == false` and there was a failure detected, `error` is set. If `done == true`, exactly one of `error` or `response` is set.
error	google.rpc.Status The error result of the operation in case of failure or cancellation.
response	google.protobuf.Any<Certificate> if operation finished successfully.

RequestNewCertificateMetadata

Field	Description
certificate_id	string ID of the certificate that is being requested.

Certificate

Field	Description
id	string ID of the certificate. Generated at creation time.
folder_id	string ID of the folder that the certificate belongs to.
created_at	google.protobuf.Timestamp Creation timestamp.
name	string Name of the certificate. The name is unique within the folder.
description	string Description of the certificate.
labels	map<string,string> Certificate labels as `key:value` pairs.
type	enum CertificateType Type of the certificate. `IMPORTED`: The certificate is imported by user. `MANAGED`: The certificate is created by service.
domains[]	string Fully qualified domain names of the certificate.
status	enum Status Status of the certificate. `VALIDATING`: The certificate domains validation are required. Used only for managed certificates. `INVALID`: The certificate issuance is failed. Used only for managed certificates. `ISSUED`: The certificate is issued. `REVOKED`: The certificate is revoked. `RENEWING`: The certificate renewal is started. Used only for managed certificates. `RENEWAL_FAILED`: The certificate renewal is failed. Used only for managed certificates.
issuer	string Distinguished Name of the certificate authority that issued the certificate.
subject	string Distinguished Name of the entity that is associated with the public key contained in the certificate.
serial	string Serial number of the certificate.
updated_at	google.protobuf.Timestamp Time when the certificate is updated.
issued_at	google.protobuf.Timestamp Time when the certificate is issued.
not_after	google.protobuf.Timestamp Time after which the certificate is not valid.
not_before	google.protobuf.Timestamp Time before which the certificate is not valid.
challenges[]	Challenge Domains validation challenges of the certificate. Used only for managed certificates.

Challenge

Field	Description
domain	string Domain of the challenge.
type	enum ChallengeType Type of the challenge. `DNS`: Domain validation type that using DNS-records. `HTTP`: Domain validation type that using HTTP-files.
created_at	google.protobuf.Timestamp Time when the challenge is created.
updated_at	google.protobuf.Timestamp Time when the challenge is updated.
status	enum Status Status of the challenge. `PENDING`: The challenge is waiting to be completed. `PROCESSING`: The challenge is awaiting approval from Let's Encrypt. `VALID`: The challenge is complete. `INVALID`: The rights check for a specific domain failed or the one-week period allocated for the check expired.
message	string Description of the challenge.
error	string Error of the challenge.
challenge	oneof: `dns_challenge` or `http_challenge` Data of the challenge.
dns_challenge	DnsRecord DNS-record.
http_challenge	HttpFile HTTP-file.

DnsRecord

Field	Description
name	string Name of the DNS record.
type	string Type of the DNS-record.
value	string Value of the DNS-record.

HttpFile

Field	Description
url	string Location of the HTTP file.
content	string Content of the HTTP file.

ListOperations

Lists operations for the specified certificate.

rpc ListOperations (ListCertificateOperationsRequest) returns (ListCertificateOperationsResponse)

ListCertificateOperationsRequest

Field	Description
certificate_id	string Required. ID of the certificate to list operations for. To get the certificate ID, use a CertificateService.List request. The maximum string length in characters is 50.
page_size	int64 The maximum number of results per page that should be returned. If the number of available results is larger than `page_size`, the service returns a ListCertificateOperationsResponse.next_page_token that can be used to get the next page of results in subsequent list requests. Default value: 100. The maximum value is 1000.
page_token	string Page token. To get the next page of results, set `page_token` to the ListCertificateOperationsResponse.next_page_token returned by a previous list request. The maximum string length in characters is 100.

ListCertificateOperationsResponse

Field Description

operations[] operation.Operation
List of operations for the specified certificate.

next_page_token string
This token allows you to get the next page of results for list requests. If the number of results is larger than ListCertificateOperationsRequest.page_size, use the next_page_token as the value for the ListCertificateOperationsRequest.page_token query parameter in the next list request. Each subsequent list request will have its own next_page_token to continue paging through the results.

Field	Description
operations[]	operation.Operation List of operations for the specified certificate.
next_page_token	string This token allows you to get the next page of results for list requests. If the number of results is larger than ListCertificateOperationsRequest.page_size, use the `next_page_token` as the value for the ListCertificateOperationsRequest.page_token query parameter in the next list request. Each subsequent list request will have its own `next_page_token` to continue paging through the results.

Operation

Field	Description
id	string ID of the operation.
description	string Description of the operation. 0-256 characters long.
created_at	google.protobuf.Timestamp Creation timestamp.
created_by	string ID of the user or service account who initiated the operation.
modified_at	google.protobuf.Timestamp The time when the Operation resource was last modified.
done	bool If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
metadata	google.protobuf.Any Service-specific metadata associated with the operation. It typically contains the ID of the target resource that the operation is performed on. Any method that returns a long-running operation should document the metadata type, if any.
result	oneof: `error` or `response` The operation result. If `done == false` and there was no failure detected, neither `error` nor `response` is set. If `done == false` and there was a failure detected, `error` is set. If `done == true`, exactly one of `error` or `response` is set.
error	google.rpc.Status The error result of the operation in case of failure or cancellation.
response	google.protobuf.Any The normal response of the operation in case of success. If the original method returns no data on success, such as Delete, the response is google.protobuf.Empty. If the original method is the standard Create/Update, the response should be the target resource of the operation. Any method that returns a long-running operation should document the response type, if any.

ListAccessBindings

Lists existing access bindings for the specified certificate.

rpc ListAccessBindings (ListAccessBindingsRequest) returns (ListAccessBindingsResponse)

ListAccessBindingsRequest

Field	Description
resource_id	string Required. ID of the resource to list access bindings for. To get the resource ID, use a corresponding List request. For example, use the yandex.cloud.resourcemanager.v1.CloudService.List request to get the Cloud resource ID.
page_size	int64 The maximum number of results per page that should be returned. If the number of available results is larger than `page_size`, the service returns a ListAccessBindingsResponse.next_page_token that can be used to get the next page of results in subsequent list requests. Default value: 100. The maximum value is 1000.
page_token	string Page token. Set `page_token` to the ListAccessBindingsResponse.next_page_token returned by a previous list request to get the next page of results. The maximum string length in characters is 100.

ListAccessBindingsResponse

Field	Description
access_bindings[]	AccessBinding List of access bindings for the specified resource.
next_page_token	string This token allows you to get the next page of results for list requests. If the number of results is larger than ListAccessBindingsRequest.page_size, use the `next_page_token` as the value for the ListAccessBindingsRequest.page_token query parameter in the next list request. Each subsequent list request will have its own `next_page_token` to continue paging through the results.

AccessBinding

Field	Description
role_id	string ID of the `yandex.cloud.iam.v1.Role` that is assigned to the `subject`. The maximum string length in characters is 50.
subject	Subject Required. Identity for which access binding is being created. It can represent an account with a unique ID or several accounts with a system identifier.

Subject

Field Description

Field	Description
id	string `allAuthenticatedUsers`: A special system identifier that represents anyone `allUsers`: A special system identifier that represents anyone. No authentication is required. `<cloud generated id>`: An identifier that represents a user account. The maximum string length in characters is 50.
type	string `userAccount`: An account on Yandex or Yandex.Connect(https://connect.yandex.com), added to Yandex.Cloud. `serviceAccount`: A service account. This type represents the `yandex.cloud.iam.v1.ServiceAccount` resource. `federatedUser`: A federated account. This type represents a user from an identity federation, like Active Directory. `system`: System group. This type represents several accounts with a common system identifier.

string

allAuthenticatedUsers: A special system identifier that represents anyone
allUsers: A special system identifier that represents anyone. No authentication is required.
<cloud generated id>: An identifier that represents a user account.

The maximum string length in characters is 50.

type

string

userAccount: An account on Yandex or Yandex.Connect(https://connect.yandex.com), added to Yandex.Cloud.
serviceAccount: A service account. This type represents the yandex.cloud.iam.v1.ServiceAccount resource.
federatedUser: A federated account. This type represents a user from an identity federation, like Active Directory.
system: System group. This type represents several accounts with a common system identifier.

SetAccessBindings

Sets access bindings for the certificate.

rpc SetAccessBindings (SetAccessBindingsRequest) returns (operation.Operation)

Metadata and response of Operation:

Operation.metadata:SetAccessBindingsMetadata

Operation.response:google.protobuf.Empty

SetAccessBindingsRequest

Field	Description
resource_id	string Required. ID of the resource for which access bindings are being set. To get the resource ID, use a corresponding List request.
access_bindings[]	AccessBinding Required. Access bindings to be set. For more information, see Access Bindings.

AccessBinding

Field	Description
role_id	string ID of the `yandex.cloud.iam.v1.Role` that is assigned to the `subject`. The maximum string length in characters is 50.
subject	Subject Required. Identity for which access binding is being created. It can represent an account with a unique ID or several accounts with a system identifier.

Subject

Field Description

Field	Description
id	string `allAuthenticatedUsers`: A special system identifier that represents anyone `allUsers`: A special system identifier that represents anyone. No authentication is required. `<cloud generated id>`: An identifier that represents a user account. The maximum string length in characters is 50.
type	string `userAccount`: An account on Yandex or Yandex.Connect(https://connect.yandex.com), added to Yandex.Cloud. `serviceAccount`: A service account. This type represents the `yandex.cloud.iam.v1.ServiceAccount` resource. `federatedUser`: A federated account. This type represents a user from an identity federation, like Active Directory. `system`: System group. This type represents several accounts with a common system identifier.

string

allAuthenticatedUsers: A special system identifier that represents anyone
allUsers: A special system identifier that represents anyone. No authentication is required.
<cloud generated id>: An identifier that represents a user account.

The maximum string length in characters is 50.

type

string

userAccount: An account on Yandex or Yandex.Connect(https://connect.yandex.com), added to Yandex.Cloud.
serviceAccount: A service account. This type represents the yandex.cloud.iam.v1.ServiceAccount resource.
federatedUser: A federated account. This type represents a user from an identity federation, like Active Directory.
system: System group. This type represents several accounts with a common system identifier.

Operation

Field	Description
id	string ID of the operation.
description	string Description of the operation. 0-256 characters long.
created_at	google.protobuf.Timestamp Creation timestamp.
created_by	string ID of the user or service account who initiated the operation.
modified_at	google.protobuf.Timestamp The time when the Operation resource was last modified.
done	bool If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
metadata	google.protobuf.Any<SetAccessBindingsMetadata> Service-specific metadata associated with the operation. It typically contains the ID of the target resource that the operation is performed on. Any method that returns a long-running operation should document the metadata type, if any.
result	oneof: `error` or `response` The operation result. If `done == false` and there was no failure detected, neither `error` nor `response` is set. If `done == false` and there was a failure detected, `error` is set. If `done == true`, exactly one of `error` or `response` is set.
error	google.rpc.Status The error result of the operation in case of failure or cancellation.
response	google.protobuf.Any<google.protobuf.Empty> if operation finished successfully.

SetAccessBindingsMetadata

Field	Description
resource_id	string ID of the resource for which access bindings are being set.

UpdateAccessBindings

Updates access bindings for the specified certificate.

rpc UpdateAccessBindings (UpdateAccessBindingsRequest) returns (operation.Operation)

Metadata and response of Operation:

Operation.metadata:UpdateAccessBindingsMetadata

Operation.response:google.protobuf.Empty

UpdateAccessBindingsRequest

Field	Description
resource_id	string Required. ID of the resource for which access bindings are being updated.
access_binding_deltas[]	AccessBindingDelta Required. Updates to access bindings.

AccessBindingDelta

Field	Description
action	enum AccessBindingAction Required. The action that is being performed on an access binding. `ADD`: Addition of an access binding. `REMOVE`: Removal of an access binding.
access_binding	AccessBinding Required. Access binding. For more information, see Access Bindings.

AccessBinding

Field	Description
role_id	string ID of the `yandex.cloud.iam.v1.Role` that is assigned to the `subject`. The maximum string length in characters is 50.
subject	Subject Required. Identity for which access binding is being created. It can represent an account with a unique ID or several accounts with a system identifier.

Subject

Field Description

string

allAuthenticatedUsers: A special system identifier that represents anyone
allUsers: A special system identifier that represents anyone. No authentication is required.
<cloud generated id>: An identifier that represents a user account.

The maximum string length in characters is 50.

type

string

userAccount: An account on Yandex or Yandex.Connect(https://connect.yandex.com), added to Yandex.Cloud.
serviceAccount: A service account. This type represents the yandex.cloud.iam.v1.ServiceAccount resource.
federatedUser: A federated account. This type represents a user from an identity federation, like Active Directory.
system: System group. This type represents several accounts with a common system identifier.

Operation

Field	Description
id	string ID of the operation.
description	string Description of the operation. 0-256 characters long.
created_at	google.protobuf.Timestamp Creation timestamp.
created_by	string ID of the user or service account who initiated the operation.
modified_at	google.protobuf.Timestamp The time when the Operation resource was last modified.
done	bool If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
metadata	google.protobuf.Any<UpdateAccessBindingsMetadata> Service-specific metadata associated with the operation. It typically contains the ID of the target resource that the operation is performed on. Any method that returns a long-running operation should document the metadata type, if any.
result	oneof: `error` or `response` The operation result. If `done == false` and there was no failure detected, neither `error` nor `response` is set. If `done == false` and there was a failure detected, `error` is set. If `done == true`, exactly one of `error` or `response` is set.
error	google.rpc.Status The error result of the operation in case of failure or cancellation.
response	google.protobuf.Any<google.protobuf.Empty> if operation finished successfully.

UpdateAccessBindingsMetadata

Field	Description
resource_id	string ID of the resource for which access bindings are being updated.