Update Certificate Authority Label

import com.google.api.core.ApiFuture;
import com.google.cloud.security.privateca.v1.CertificateAuthority;
import com.google.cloud.security.privateca.v1.CertificateAuthorityName;
import com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient;
import com.google.cloud.security.privateca.v1.UpdateCertificateAuthorityRequest;
import com.google.longrunning.Operation;
import com.google.protobuf.FieldMask;
import java.io.IOException;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.TimeoutException;

public class UpdateCertificateAuthority {

  public static void main(String[] args)
      throws IOException, ExecutionException, InterruptedException, TimeoutException {
    // TODO(developer): Replace these variables before running the sample.
    // location: For a list of locations, see:
    // https://cloud.google.com/certificate-authority-service/docs/locations
    // poolId: Set it to the CA Pool under which the CA should be created.
    // certificateAuthorityName: Unique name for the CA.
    String project = "your-project-id";
    String location = "ca-location";
    String poolId = "ca-pool-id";
    String certificateAuthorityName = "certificate-authority-name";

    updateCaLabel(project, location, poolId, certificateAuthorityName);
  }

  // Updates the labels in a certificate authority.
  public static void updateCaLabel(
      String project, String location, String poolId, String certificateAuthorityName)
      throws IOException, ExecutionException, InterruptedException, TimeoutException {
    /* Initialize client that will be used to send requests. This client only needs to be created
    once, and can be reused for multiple requests. After completing all of your requests, call
    the `certificateAuthorityServiceClient.close()` method on the client to safely
    clean up any remaining background resources. */
    try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
        CertificateAuthorityServiceClient.create()) {

      // Set the parent path and the new labels.
      String certificateAuthorityParent =
          CertificateAuthorityName.of(project, location, poolId, certificateAuthorityName)
              .toString();
      CertificateAuthority certificateAuthority =
          CertificateAuthority.newBuilder()
              .setName(certificateAuthorityParent)
              .putLabels("env", "test")
              .build();

      // Create a request to update the CA.
      UpdateCertificateAuthorityRequest request =
          UpdateCertificateAuthorityRequest.newBuilder()
              .setCertificateAuthority(certificateAuthority)
              .setUpdateMask(FieldMask.newBuilder().addPaths("labels").build())
              .build();

      // Update the CA and wait for the operation to complete.
      ApiFuture<Operation> futureCall =
          certificateAuthorityServiceClient
              .updateCertificateAuthorityCallable()
              .futureCall(request);
      Operation operation = futureCall.get(60, TimeUnit.SECONDS);

      // Check for errors.
      if (operation.hasError()) {
        System.out.println("Error in updating labels ! " + operation.getError());
      }

      // Get the updated CA and check if it contains the new label.
      CertificateAuthority response =
          certificateAuthorityServiceClient.getCertificateAuthority(certificateAuthorityParent);
      if (response.getLabelsMap().containsKey("env")
          && response.getLabelsMap().get("env").equalsIgnoreCase("test")) {
        System.out.println("Successfully updated the labels ! ");
      }
    }
  }
}

import google.cloud.security.privateca_v1 as privateca_v1
from google.protobuf import field_mask_pb2


def update_ca_label(
    project_id: str,
    location: str,
    ca_pool_name: str,
    ca_name: str,
) -> None:
    """
    Update the labels in a certificate authority.

    Args:
        project_id: project ID or project number of the Cloud project you want to use.
        location: location you want to use. For a list of locations, see: https://cloud.google.com/certificate-authority-service/docs/locations.
        ca_pool_name: set it to the CA Pool under which the CA should be updated.
        ca_name: unique name for the CA.
    """

    caServiceClient = privateca_v1.CertificateAuthorityServiceClient()

    # Set the parent path and the new labels.
    ca_parent = caServiceClient.certificate_authority_path(
        project_id, location, ca_pool_name, ca_name
    )
    certificate_authority = privateca_v1.CertificateAuthority(
        name=ca_parent,
        labels={"env": "test"},
    )

    # Create a request to update the CA.
    request = privateca_v1.UpdateCertificateAuthorityRequest(
        certificate_authority=certificate_authority,
        update_mask=field_mask_pb2.FieldMask(paths=["labels"]),
    )

    operation = caServiceClient.update_certificate_authority(request=request)
    result = operation.result()

    print("Operation result:", result)

    # Get the updated CA and check if it contains the new label.

    certificate_authority = caServiceClient.get_certificate_authority(name=ca_parent)

    if (
        "env" in certificate_authority.labels
        and certificate_authority.labels["env"] == "test"
    ):
        print("Successfully updated the labels !")