or run

npx @tessl/cli init
Log in

Version

Tile

Overview

Evals

Files

docs

ca-pool-management.mdcertificate-authority-operations.mdcertificate-management.mdcertificate-revocation-lists.mdcertificate-templates.mdindex.md
tile.json

tessl/pypi-google-cloud-private-ca

Google Cloud Private Certificate Authority API client library for certificate lifecycle management

Workspace
tessl
Visibility
Public
Created
Last updated
Describes
pypipkg:pypi/google-cloud-private-ca@1.15.x

To install, run

npx @tessl/cli install tessl/pypi-google-cloud-private-ca@1.15.0

index.mddocs/

Google Cloud Private Certificate Authority

A comprehensive Python client library for Google Cloud Certificate Authority Service (Private CA), which simplifies the deployment and management of private Certificate Authorities without managing infrastructure. The library enables developers to programmatically create, manage, and revoke digital certificates through a comprehensive API that supports certificate lifecycle management, certificate authority operations, and security policy enforcement.

Package Information

  • Package Name: google-cloud-private-ca
  • Language: Python
  • Installation: pip install google-cloud-private-ca
  • Version: 1.15.0

Core Imports

from google.cloud.security.privateca import (
    CertificateAuthorityServiceClient,
    CertificateAuthorityServiceAsyncClient
)

Import specific types:

from google.cloud.security.privateca import (
    Certificate,
    CertificateAuthority,
    CaPool,
    CertificateTemplate,
    CertificateRevocationList
)

Import pagers for list operations:

from google.cloud.security.privateca_v1.services.certificate_authority_service import pagers

Common request and response types:

from google.cloud.security.privateca import (
    CreateCertificateRequest,
    GetCertificateRequest,
    ListCertificatesRequest,
    RevokeCertificateRequest,
    UpdateCertificateRequest,
    CreateCertificateAuthorityRequest,
    ActivateCertificateAuthorityRequest,
    GetCertificateAuthorityRequest,
    ListCertificateAuthoritiesRequest,
    CreateCaPoolRequest,
    GetCaPoolRequest,
    ListCaPoolsRequest,
    FetchCaCertsRequest,
    FetchCaCertsResponse,
    CreateCertificateTemplateRequest,
    GetCertificateTemplateRequest,
    ListCertificateTemplatesRequest,
    GetCertificateRevocationListRequest,
    ListCertificateRevocationListsRequest
)

Basic Usage

from google.cloud.security.privateca import CertificateAuthorityServiceClient

# Initialize the client
client = CertificateAuthorityServiceClient()

# Create a certificate authority pool
ca_pool_request = {
    "parent": "projects/my-project/locations/us-central1",
    "ca_pool_id": "my-ca-pool",
    "ca_pool": {
        "tier": "ENTERPRISE",
    }
}
operation = client.create_ca_pool(ca_pool_request)
ca_pool = operation.result()

# List certificates in a pool
parent = "projects/my-project/locations/us-central1/caPools/my-ca-pool"
certificates = client.list_certificates(parent=parent)
for certificate in certificates:
    print(f"Certificate: {certificate.name}")

Architecture

The Google Cloud Private CA library follows a service-oriented architecture:

  • CertificateAuthorityServiceClient: Main synchronous client for all Private CA operations
  • CertificateAuthorityServiceAsyncClient: Asynchronous version for concurrent operations
  • Resource Types: Structured data classes representing certificates, CAs, pools, and templates
  • Request/Response Types: Typed request and response objects for all API operations
  • Path Helpers: Utility methods for constructing proper resource paths
  • Transport Layer: Supports gRPC and REST protocols with automatic retry and authentication

Capabilities

Certificate Management

Core certificate lifecycle operations including creation, retrieval, listing, revocation, and metadata updates. Supports X.509 certificates with comprehensive configuration options.

def create_certificate(request: CreateCertificateRequest) -> Certificate: ...
def get_certificate(request: GetCertificateRequest) -> Certificate: ...
def list_certificates(request: ListCertificatesRequest) -> pagers.ListCertificatesPager: ...
def revoke_certificate(request: RevokeCertificateRequest) -> Certificate: ...
def update_certificate(request: UpdateCertificateRequest) -> Certificate: ...

Certificate Management

Certificate Authority Operations

Complete certificate authority lifecycle management including creation, activation, disabling, enabling, and deletion. Supports both root and subordinate certificate authorities.

def create_certificate_authority(request: CreateCertificateAuthorityRequest) -> Operation: ...
def activate_certificate_authority(request: ActivateCertificateAuthorityRequest) -> Operation: ...
def disable_certificate_authority(request: DisableCertificateAuthorityRequest) -> Operation: ...
def enable_certificate_authority(request: EnableCertificateAuthorityRequest) -> Operation: ...
def get_certificate_authority(request: GetCertificateAuthorityRequest) -> CertificateAuthority: ...
def list_certificate_authorities(request: ListCertificateAuthoritiesRequest) -> pagers.ListCertificateAuthoritiesPager: ...
def update_certificate_authority(request: UpdateCertificateAuthorityRequest) -> Operation: ...
def delete_certificate_authority(request: DeleteCertificateAuthorityRequest) -> Operation: ...
def undelete_certificate_authority(request: UndeleteCertificateAuthorityRequest) -> Operation: ...
def fetch_certificate_authority_csr(request: FetchCertificateAuthorityCsrRequest) -> FetchCertificateAuthorityCsrResponse: ...

Certificate Authority Operations

CA Pool Management

Certificate Authority pool operations for organizing and managing multiple CAs. Pools provide organizational structure and shared configuration for certificate authorities.

def create_ca_pool(request: CreateCaPoolRequest) -> Operation: ...
def get_ca_pool(request: GetCaPoolRequest) -> CaPool: ...
def list_ca_pools(request: ListCaPoolsRequest) -> pagers.ListCaPoolsPager: ...
def update_ca_pool(request: UpdateCaPoolRequest) -> Operation: ...
def delete_ca_pool(request: DeleteCaPoolRequest) -> Operation: ...
def fetch_ca_certs(request: FetchCaCertsRequest) -> FetchCaCertsResponse: ...

CA Pool Management

Certificate Templates

Template-based certificate issuance with predefined configurations, constraints, and policies. Templates standardize certificate properties and simplify bulk certificate operations.

def create_certificate_template(request: CreateCertificateTemplateRequest) -> Operation: ...
def get_certificate_template(request: GetCertificateTemplateRequest) -> CertificateTemplate: ...
def list_certificate_templates(request: ListCertificateTemplatesRequest) -> pagers.ListCertificateTemplatesPager: ...
def update_certificate_template(request: UpdateCertificateTemplateRequest) -> Operation: ...
def delete_certificate_template(request: DeleteCertificateTemplateRequest) -> Operation: ...

Certificate Templates

Certificate Revocation Lists

Certificate Revocation List (CRL) management for publishing and maintaining lists of revoked certificates. Supports automatic CRL generation and custom update schedules.

def get_certificate_revocation_list(request: GetCertificateRevocationListRequest) -> CertificateRevocationList: ...
def list_certificate_revocation_lists(request: ListCertificateRevocationListsRequest) -> pagers.ListCertificateRevocationListsPager: ...
def update_certificate_revocation_list(request: UpdateCertificateRevocationListRequest) -> Operation: ...

Certificate Revocation Lists

Operations and IAM Management

Long-running operation management and Identity and Access Management (IAM) operations for controlling access to Private CA resources.

def list_operations(request: ListOperationsRequest) -> pagers.ListOperationsPager: ...
def get_operation(request: GetOperationRequest) -> Operation: ...
def delete_operation(request: DeleteOperationRequest) -> None: ...
def cancel_operation(request: CancelOperationRequest) -> None: ...
def set_iam_policy(request: SetIamPolicyRequest) -> Policy: ...
def get_iam_policy(request: GetIamPolicyRequest) -> Policy: ...
def test_iam_permissions(request: TestIamPermissionsRequest) -> TestIamPermissionsResponse: ...
def get_location(request: GetLocationRequest) -> Location: ...
def list_locations(request: ListLocationsRequest) -> pagers.ListLocationsPager: ...

Core Types

class CertificateAuthorityServiceClient:
    """Synchronous client for Certificate Authority Service."""
    
    def __init__(
        self,
        *,
        credentials: Optional[ga_credentials.Credentials] = None,
        transport: Optional[Union[str, CertificateAuthorityServiceTransport]] = None,
        client_options: Optional[Union[client_options_lib.ClientOptions, dict]] = None,
        client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
    ) -> None: ...

class CertificateAuthorityServiceAsyncClient:
    """Asynchronous client for Certificate Authority Service."""
    
    def __init__(
        self,
        *,
        credentials: Optional[ga_credentials.Credentials] = None,
        transport: Optional[Union[str, CertificateAuthorityServiceTransport]] = None,
        client_options: Optional[Union[client_options_lib.ClientOptions, dict]] = None,
        client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
    ) -> None: ...

    # Path Helper Methods
    @staticmethod
    def ca_pool_path(project: str, location: str, ca_pool: str) -> str: ...
    @staticmethod
    def certificate_path(project: str, location: str, ca_pool: str, certificate: str) -> str: ...
    @staticmethod
    def certificate_authority_path(project: str, location: str, ca_pool: str, certificate_authority: str) -> str: ...
    @staticmethod
    def certificate_template_path(project: str, location: str, certificate_template: str) -> str: ...
    @staticmethod
    def parse_ca_pool_path(path: str) -> Dict[str, str]: ...
    @staticmethod
    def parse_certificate_path(path: str) -> Dict[str, str]: ...