Google Certificate Authority Service V1 Client - Class CertificateAuthorityServiceClient (1.2.2)

Reference documentation and code samples for the Google Certificate Authority Service V1 Client class CertificateAuthorityServiceClient.

Service Description: Certificate Authority Service manages private certificate authorities and issued certificates.

This class provides the ability to make remote calls to the backing service through method calls that map to API methods. Sample code to get started:

$certificateAuthorityServiceClient = new CertificateAuthorityServiceClient();
try {
    $formattedName = $certificateAuthorityServiceClient->certificateAuthorityName('[PROJECT]', '[LOCATION]', '[CA_POOL]', '[CERTIFICATE_AUTHORITY]');
    $pemCaCertificate = 'pem_ca_certificate';
    $subordinateConfig = new SubordinateConfig();
    $operationResponse = $certificateAuthorityServiceClient->activateCertificateAuthority($formattedName, $pemCaCertificate, $subordinateConfig);
    $operationResponse->pollUntilComplete();
    if ($operationResponse->operationSucceeded()) {
        $result = $operationResponse->getResult();
    // doSomethingWith($result)
    } else {
        $error = $operationResponse->getError();
        // handleError($error)
    }
    // Alternatively:
    // start the operation, keep the operation name, and resume later
    $operationResponse = $certificateAuthorityServiceClient->activateCertificateAuthority($formattedName, $pemCaCertificate, $subordinateConfig);
    $operationName = $operationResponse->getName();
    // ... do other work
    $newOperationResponse = $certificateAuthorityServiceClient->resumeOperation($operationName, 'activateCertificateAuthority');
    while (!$newOperationResponse->isDone()) {
        // ... do other work
        $newOperationResponse->reload();
    }
    if ($newOperationResponse->operationSucceeded()) {
        $result = $newOperationResponse->getResult();
    // doSomethingWith($result)
    } else {
        $error = $newOperationResponse->getError();
        // handleError($error)
    }
} finally {
    $certificateAuthorityServiceClient->close();
}

Many parameters require resource names to be formatted in a particular way. To assist with these names, this class includes a format method for each type of name, and additionally a parseName method to extract the individual identifiers contained within formatted names that are returned by the API.

Methods

caPoolName

Formats a string containing the fully-qualified path to represent a ca_pool resource.

Parameters
NameDescription
project string
location string
caPool string
Returns
TypeDescription
stringThe formatted ca_pool resource.

certificateName

Formats a string containing the fully-qualified path to represent a certificate resource.

Parameters
NameDescription
project string
location string
caPool string
certificate string
Returns
TypeDescription
stringThe formatted certificate resource.

certificateAuthorityName

Formats a string containing the fully-qualified path to represent a certificate_authority resource.

Parameters
NameDescription
project string
location string
caPool string
certificateAuthority string
Returns
TypeDescription
stringThe formatted certificate_authority resource.

certificateRevocationListName

Formats a string containing the fully-qualified path to represent a certificate_revocation_list resource.

Parameters
NameDescription
project string
location string
caPool string
certificateAuthority string
certificateRevocationList string
Returns
TypeDescription
stringThe formatted certificate_revocation_list resource.

certificateTemplateName

Formats a string containing the fully-qualified path to represent a certificate_template resource.

Parameters
NameDescription
project string
location string
certificateTemplate string
Returns
TypeDescription
stringThe formatted certificate_template resource.

locationName

Formats a string containing the fully-qualified path to represent a location resource.

Parameters
NameDescription
project string
location string
Returns
TypeDescription
stringThe formatted location resource.

parseName

Parses a formatted name string and returns an associative array of the components in the name.

The following name formats are supported: Template: Pattern

  • caPool: projects/{project}/locations/{location}/caPools/{ca_pool}
  • certificate: projects/{project}/locations/{location}/caPools/{ca_pool}/certificates/{certificate}
  • certificateAuthority: projects/{project}/locations/{location}/caPools/{ca_pool}/certificateAuthorities/{certificate_authority}
  • certificateRevocationList: projects/{project}/locations/{location}/caPools/{ca_pool}/certificateAuthorities/{certificate_authority}/certificateRevocationLists/{certificate_revocation_list}
  • certificateTemplate: projects/{project}/locations/{location}/certificateTemplates/{certificate_template}
  • location: projects/{project}/locations/{location}

The optional $template argument can be supplied to specify a particular pattern, and must match one of the templates listed above. If no $template argument is provided, or if the $template argument does not match one of the templates listed, then parseName will check each of the supported templates, and return the first match.

Parameters
NameDescription
formattedName string

The formatted name string

template string

Optional name of template to match

Returns
TypeDescription
arrayAn associative array from name component IDs to component values.

getOperationsClient

Return an OperationsClient object with the same endpoint as $this.

Returns
TypeDescription
Google\ApiCore\LongRunning\OperationsClient

resumeOperation

Resume an existing long running operation that was previously started by a long running API method. If $methodName is not provided, or does not match a long running API method, then the operation can still be resumed, but the OperationResponse object will not deserialize the final response.

Parameters
NameDescription
operationName string

The name of the long running operation

methodName string

The name of the method used to start the operation

Returns
TypeDescription
Google\ApiCore\OperationResponse

__construct

Constructor.

Parameters
NameDescription
options array

Optional. Options for configuring the service API wrapper.

↳ apiEndpoint string

The address of the API remote host. May optionally include the port, formatted as "

↳ credentials string|array|FetchAuthTokenInterface|CredentialsWrapper

The credentials to be used by the client to authorize API calls. This option accepts either a path to a credentials file, or a decoded credentials file as a PHP array. Advanced usage: In addition, this option can also accept a pre-constructed Google\Auth\FetchAuthTokenInterface object or Google\ApiCore\CredentialsWrapper object. Note that when one of these objects are provided, any settings in $credentialsConfig will be ignored.

↳ credentialsConfig array

Options used to configure credentials, including auth token caching, for the client. For a full list of supporting configuration options, see Google\ApiCore\CredentialsWrapper::build() .

↳ disableRetries bool

Determines whether or not retries defined by the client configuration should be disabled. Defaults to false.

↳ clientConfig string|array

Client method configuration, including retry settings. This option can be either a path to a JSON file, or a PHP array containing the decoded JSON data. By default this settings points to the default client config file, which is provided in the resources folder.

↳ transport string|TransportInterface

The transport used for executing network requests. May be either the string rest or grpc. Defaults to grpc if gRPC support is detected on the system. Advanced usage: Additionally, it is possible to pass in an already instantiated Google\ApiCore\Transport\TransportInterface object. Note that when this object is provided, any settings in $transportConfig, and any $apiEndpoint setting, will be ignored.

↳ transportConfig array

Configuration options that will be used to construct the transport. Options for each supported transport type should be passed in a key for that transport. For example: $transportConfig = [ 'grpc' => [...], 'rest' => [...], ]; See the Google\ApiCore\Transport\GrpcTransport::build() and Google\ApiCore\Transport\RestTransport::build() methods for the supported options.

↳ clientCertSource callable

A callable which returns the client cert as a string. This can be used to provide a certificate and private key to the transport layer for mTLS.

activateCertificateAuthority

Activate a CertificateAuthority that is in state AWAITING_USER_ACTIVATION and is of type SUBORDINATE.

After the parent Certificate Authority signs a certificate signing request from FetchCertificateAuthorityCsr, this method can complete the activation process.

Parameters
NameDescription
name string

Required. The resource name for this CertificateAuthority in the format projects/*/locations/*/caPools/*/certificateAuthorities/*.

pemCaCertificate string

Required. The signed CA certificate issued from FetchCertificateAuthorityCsrResponse.pem_csr.

subordinateConfig Google\Cloud\Security\PrivateCA\V1\SubordinateConfig

Required. Must include information about the issuer of 'pem_ca_certificate', and any further issuers until the self-signed CA.

optionalArgs array

Optional.

↳ requestId string

Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\ApiCore\OperationResponse
Example
use Google\ApiCore\ApiException;
use Google\ApiCore\OperationResponse;
use Google\Cloud\Security\PrivateCA\V1\CertificateAuthority;
use Google\Cloud\Security\PrivateCA\V1\CertificateAuthorityServiceClient;
use Google\Cloud\Security\PrivateCA\V1\SubordinateConfig;
use Google\Rpc\Status;

/**
 * @param string $formattedName                                  The resource name for this
 *                                                               [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
 *                                                               in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`. Please see
 *                                                               {@see CertificateAuthorityServiceClient::certificateAuthorityName()} for help formatting this field.
 * @param string $pemCaCertificate                               The signed CA certificate issued from
 *                                                               [FetchCertificateAuthorityCsrResponse.pem_csr][google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrResponse.pem_csr].
 * @param string $formattedSubordinateConfigCertificateAuthority This can refer to a
 *                                                               [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
 *                                                               that was used to create a subordinate
 *                                                               [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
 *                                                               This field is used for information and usability purposes only. The
 *                                                               resource name is in the format
 *                                                               `projects/*/locations/*/caPools/*/certificateAuthorities/*`. Please see
 *                                                               {@see CertificateAuthorityServiceClient::certificateAuthorityName()} for help formatting this field.
 */
function activate_certificate_authority_sample(
    string $formattedName,
    string $pemCaCertificate,
    string $formattedSubordinateConfigCertificateAuthority
): void {
    // Create a client.
    $certificateAuthorityServiceClient = new CertificateAuthorityServiceClient();

    // Prepare any non-scalar elements to be passed along with the request.
    $subordinateConfig = (new SubordinateConfig())
        ->setCertificateAuthority($formattedSubordinateConfigCertificateAuthority);

    // Call the API and handle any network failures.
    try {
        /** @var OperationResponse $response */
        $response = $certificateAuthorityServiceClient->activateCertificateAuthority(
            $formattedName,
            $pemCaCertificate,
            $subordinateConfig
        );
        $response->pollUntilComplete();

        if ($response->operationSucceeded()) {
            /** @var CertificateAuthority $result */
            $result = $response->getResult();
            printf('Operation successful with response data: %s' . PHP_EOL, $result->serializeToJsonString());
        } else {
            /** @var Status $error */
            $error = $response->getError();
            printf('Operation failed with error data: %s' . PHP_EOL, $error->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedName = CertificateAuthorityServiceClient::certificateAuthorityName(
        '[PROJECT]',
        '[LOCATION]',
        '[CA_POOL]',
        '[CERTIFICATE_AUTHORITY]'
    );
    $pemCaCertificate = '[PEM_CA_CERTIFICATE]';
    $formattedSubordinateConfigCertificateAuthority = CertificateAuthorityServiceClient::certificateAuthorityName(
        '[PROJECT]',
        '[LOCATION]',
        '[CA_POOL]',
        '[CERTIFICATE_AUTHORITY]'
    );

    activate_certificate_authority_sample(
        $formattedName,
        $pemCaCertificate,
        $formattedSubordinateConfigCertificateAuthority
    );
}

createCaPool

Create a CaPool.

Parameters
NameDescription
parent string

Required. The resource name of the location associated with the CaPool, in the format projects/*/locations/*.

caPoolId string

Required. It must be unique within a location and match the regular expression [a-zA-Z0-9_-]{1,63}

caPool Google\Cloud\Security\PrivateCA\V1\CaPool

Required. A CaPool with initial field values.

optionalArgs array

Optional.

↳ requestId string

Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\ApiCore\OperationResponse
Example
use Google\ApiCore\ApiException;
use Google\ApiCore\OperationResponse;
use Google\Cloud\Security\PrivateCA\V1\CaPool;
use Google\Cloud\Security\PrivateCA\V1\CaPool\Tier;
use Google\Cloud\Security\PrivateCA\V1\CertificateAuthorityServiceClient;
use Google\Rpc\Status;

/**
 * @param string $formattedParent The resource name of the location associated with the
 *                                [CaPool][google.cloud.security.privateca.v1.CaPool], in the format
 *                                `projects/*/locations/*`. Please see
 *                                {@see CertificateAuthorityServiceClient::locationName()} for help formatting this field.
 * @param string $caPoolId        It must be unique within a location and match the regular
 *                                expression `[a-zA-Z0-9_-]{1,63}`
 * @param int    $caPoolTier      Immutable. The
 *                                [Tier][google.cloud.security.privateca.v1.CaPool.Tier] of this
 *                                [CaPool][google.cloud.security.privateca.v1.CaPool].
 */
function create_ca_pool_sample(string $formattedParent, string $caPoolId, int $caPoolTier): void
{
    // Create a client.
    $certificateAuthorityServiceClient = new CertificateAuthorityServiceClient();

    // Prepare any non-scalar elements to be passed along with the request.
    $caPool = (new CaPool())
        ->setTier($caPoolTier);

    // Call the API and handle any network failures.
    try {
        /** @var OperationResponse $response */
        $response = $certificateAuthorityServiceClient->createCaPool($formattedParent, $caPoolId, $caPool);
        $response->pollUntilComplete();

        if ($response->operationSucceeded()) {
            /** @var CaPool $result */
            $result = $response->getResult();
            printf('Operation successful with response data: %s' . PHP_EOL, $result->serializeToJsonString());
        } else {
            /** @var Status $error */
            $error = $response->getError();
            printf('Operation failed with error data: %s' . PHP_EOL, $error->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedParent = CertificateAuthorityServiceClient::locationName('[PROJECT]', '[LOCATION]');
    $caPoolId = '[CA_POOL_ID]';
    $caPoolTier = Tier::TIER_UNSPECIFIED;

    create_ca_pool_sample($formattedParent, $caPoolId, $caPoolTier);
}

createCertificate

Create a new Certificate in a given Project, Location from a particular CaPool.

Parameters
NameDescription
parent string

Required. The resource name of the CaPool associated with the Certificate, in the format projects/*/locations/*/caPools/*.

certificate Google\Cloud\Security\PrivateCA\V1\Certificate

Required. A Certificate with initial field values.

optionalArgs array

Optional.

↳ certificateId string

Optional. It must be unique within a location and match the regular expression [a-zA-Z0-9_-]{1,63}. This field is required when using a CertificateAuthority in the Enterprise CertificateAuthority.Tier, but is optional and its value is ignored otherwise.

↳ requestId string

Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).

↳ validateOnly bool

Optional. If this is true, no Certificate resource will be persisted regardless of the CaPool's tier, and the returned Certificate will not contain the pem_certificate field.

↳ issuingCertificateAuthorityId string

Optional. The resource ID of the CertificateAuthority that should issue the certificate. This optional field will ignore the load-balancing scheme of the Pool and directly issue the certificate from the CA with the specified ID, contained in the same CaPool referenced by parent. Per-CA quota rules apply. If left empty, a CertificateAuthority will be chosen from the CaPool by the service. For example, to issue a Certificate from a Certificate Authority with resource name "projects/my-project/locations/us-central1/caPools/my-pool/certificateAuthorities/my-ca", you can set the parent to "projects/my-project/locations/us-central1/caPools/my-pool" and the issuing_certificate_authority_id to "my-ca".

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\Cloud\Security\PrivateCA\V1\Certificate
Example
use Google\ApiCore\ApiException;
use Google\Cloud\Security\PrivateCA\V1\Certificate;
use Google\Cloud\Security\PrivateCA\V1\CertificateAuthorityServiceClient;
use Google\Protobuf\Duration;

/**
 * @param string $formattedParent The resource name of the
 *                                [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
 *                                [Certificate][google.cloud.security.privateca.v1.Certificate], in the
 *                                format `projects/*/locations/*/caPools/*`. Please see
 *                                {@see CertificateAuthorityServiceClient::caPoolName()} for help formatting this field.
 */
function create_certificate_sample(string $formattedParent): void
{
    // Create a client.
    $certificateAuthorityServiceClient = new CertificateAuthorityServiceClient();

    // Prepare any non-scalar elements to be passed along with the request.
    $certificateLifetime = new Duration();
    $certificate = (new Certificate())
        ->setLifetime($certificateLifetime);

    // Call the API and handle any network failures.
    try {
        /** @var Certificate $response */
        $response = $certificateAuthorityServiceClient->createCertificate($formattedParent, $certificate);
        printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedParent = CertificateAuthorityServiceClient::caPoolName(
        '[PROJECT]',
        '[LOCATION]',
        '[CA_POOL]'
    );

    create_certificate_sample($formattedParent);
}

createCertificateAuthority

Create a new CertificateAuthority in a given Project and Location.

Parameters
NameDescription
parent string

Required. The resource name of the CaPool associated with the CertificateAuthorities, in the format projects/*/locations/*/caPools/*.

certificateAuthorityId string

Required. It must be unique within a location and match the regular expression [a-zA-Z0-9_-]{1,63}

certificateAuthority Google\Cloud\Security\PrivateCA\V1\CertificateAuthority

Required. A CertificateAuthority with initial field values.

optionalArgs array

Optional.

↳ requestId string

Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\ApiCore\OperationResponse
Example
use Google\ApiCore\ApiException;
use Google\ApiCore\OperationResponse;
use Google\Cloud\Security\PrivateCA\V1\CertificateAuthority;
use Google\Cloud\Security\PrivateCA\V1\CertificateAuthorityServiceClient;
use Google\Cloud\Security\PrivateCA\V1\CertificateAuthority\KeyVersionSpec;
use Google\Cloud\Security\PrivateCA\V1\CertificateAuthority\Type;
use Google\Cloud\Security\PrivateCA\V1\CertificateConfig;
use Google\Cloud\Security\PrivateCA\V1\CertificateConfig\SubjectConfig;
use Google\Cloud\Security\PrivateCA\V1\Subject;
use Google\Cloud\Security\PrivateCA\V1\X509Parameters;
use Google\Protobuf\Duration;
use Google\Rpc\Status;

/**
 * @param string $formattedParent          The resource name of the
 *                                         [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
 *                                         [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority],
 *                                         in the format `projects/*/locations/*/caPools/*`. Please see
 *                                         {@see CertificateAuthorityServiceClient::caPoolName()} for help formatting this field.
 * @param string $certificateAuthorityId   It must be unique within a location and match the regular
 *                                         expression `[a-zA-Z0-9_-]{1,63}`
 * @param int    $certificateAuthorityType Immutable. The
 *                                         [Type][google.cloud.security.privateca.v1.CertificateAuthority.Type] of
 *                                         this
 *                                         [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
 */
function create_certificate_authority_sample(
    string $formattedParent,
    string $certificateAuthorityId,
    int $certificateAuthorityType
): void {
    // Create a client.
    $certificateAuthorityServiceClient = new CertificateAuthorityServiceClient();

    // Prepare any non-scalar elements to be passed along with the request.
    $certificateAuthorityConfigSubjectConfigSubject = new Subject();
    $certificateAuthorityConfigSubjectConfig = (new SubjectConfig())
        ->setSubject($certificateAuthorityConfigSubjectConfigSubject);
    $certificateAuthorityConfigX509Config = new X509Parameters();
    $certificateAuthorityConfig = (new CertificateConfig())
        ->setSubjectConfig($certificateAuthorityConfigSubjectConfig)
        ->setX509Config($certificateAuthorityConfigX509Config);
    $certificateAuthorityLifetime = new Duration();
    $certificateAuthorityKeySpec = new KeyVersionSpec();
    $certificateAuthority = (new CertificateAuthority())
        ->setType($certificateAuthorityType)
        ->setConfig($certificateAuthorityConfig)
        ->setLifetime($certificateAuthorityLifetime)
        ->setKeySpec($certificateAuthorityKeySpec);

    // Call the API and handle any network failures.
    try {
        /** @var OperationResponse $response */
        $response = $certificateAuthorityServiceClient->createCertificateAuthority(
            $formattedParent,
            $certificateAuthorityId,
            $certificateAuthority
        );
        $response->pollUntilComplete();

        if ($response->operationSucceeded()) {
            /** @var CertificateAuthority $result */
            $result = $response->getResult();
            printf('Operation successful with response data: %s' . PHP_EOL, $result->serializeToJsonString());
        } else {
            /** @var Status $error */
            $error = $response->getError();
            printf('Operation failed with error data: %s' . PHP_EOL, $error->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedParent = CertificateAuthorityServiceClient::caPoolName(
        '[PROJECT]',
        '[LOCATION]',
        '[CA_POOL]'
    );
    $certificateAuthorityId = '[CERTIFICATE_AUTHORITY_ID]';
    $certificateAuthorityType = Type::TYPE_UNSPECIFIED;

    create_certificate_authority_sample(
        $formattedParent,
        $certificateAuthorityId,
        $certificateAuthorityType
    );
}

createCertificateTemplate

Create a new CertificateTemplate in a given Project and Location.

Parameters
NameDescription
parent string

Required. The resource name of the location associated with the CertificateTemplate, in the format projects/*/locations/*.

certificateTemplateId string

Required. It must be unique within a location and match the regular expression [a-zA-Z0-9_-]{1,63}

certificateTemplate Google\Cloud\Security\PrivateCA\V1\CertificateTemplate

Required. A CertificateTemplate with initial field values.

optionalArgs array

Optional.

↳ requestId string

Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\ApiCore\OperationResponse
Example
use Google\ApiCore\ApiException;
use Google\ApiCore\OperationResponse;
use Google\Cloud\Security\PrivateCA\V1\CertificateAuthorityServiceClient;
use Google\Cloud\Security\PrivateCA\V1\CertificateTemplate;
use Google\Rpc\Status;

/**
 * @param string $formattedParent       The resource name of the location associated with the
 *                                      [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate],
 *                                      in the format `projects/*/locations/*`. Please see
 *                                      {@see CertificateAuthorityServiceClient::locationName()} for help formatting this field.
 * @param string $certificateTemplateId It must be unique within a location and match the regular
 *                                      expression `[a-zA-Z0-9_-]{1,63}`
 */
function create_certificate_template_sample(
    string $formattedParent,
    string $certificateTemplateId
): void {
    // Create a client.
    $certificateAuthorityServiceClient = new CertificateAuthorityServiceClient();

    // Prepare any non-scalar elements to be passed along with the request.
    $certificateTemplate = new CertificateTemplate();

    // Call the API and handle any network failures.
    try {
        /** @var OperationResponse $response */
        $response = $certificateAuthorityServiceClient->createCertificateTemplate(
            $formattedParent,
            $certificateTemplateId,
            $certificateTemplate
        );
        $response->pollUntilComplete();

        if ($response->operationSucceeded()) {
            /** @var CertificateTemplate $result */
            $result = $response->getResult();
            printf('Operation successful with response data: %s' . PHP_EOL, $result->serializeToJsonString());
        } else {
            /** @var Status $error */
            $error = $response->getError();
            printf('Operation failed with error data: %s' . PHP_EOL, $error->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedParent = CertificateAuthorityServiceClient::locationName('[PROJECT]', '[LOCATION]');
    $certificateTemplateId = '[CERTIFICATE_TEMPLATE_ID]';

    create_certificate_template_sample($formattedParent, $certificateTemplateId);
}

deleteCaPool

Delete a CaPool.

Parameters
NameDescription
name string

Required. The resource name for this CaPool in the format projects/*/locations/*/caPools/*.

optionalArgs array

Optional.

↳ requestId string

Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).

↳ ignoreDependentResources bool

Optional. This field allows this pool to be deleted even if it's being depended on by another resource. However, doing so may result in unintended and unrecoverable effects on any dependent resource(s) since the pool will no longer be able to issue certificates.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\ApiCore\OperationResponse
Example
use Google\ApiCore\ApiException;
use Google\ApiCore\OperationResponse;
use Google\Cloud\Security\PrivateCA\V1\CertificateAuthorityServiceClient;
use Google\Rpc\Status;

/**
 * @param string $formattedName The resource name for this
 *                              [CaPool][google.cloud.security.privateca.v1.CaPool] in the format
 *                              `projects/*/locations/*/caPools/*`. Please see
 *                              {@see CertificateAuthorityServiceClient::caPoolName()} for help formatting this field.
 */
function delete_ca_pool_sample(string $formattedName): void
{
    // Create a client.
    $certificateAuthorityServiceClient = new CertificateAuthorityServiceClient();

    // Call the API and handle any network failures.
    try {
        /** @var OperationResponse $response */
        $response = $certificateAuthorityServiceClient->deleteCaPool($formattedName);
        $response->pollUntilComplete();

        if ($response->operationSucceeded()) {
            printf('Operation completed successfully.' . PHP_EOL);
        } else {
            /** @var Status $error */
            $error = $response->getError();
            printf('Operation failed with error data: %s' . PHP_EOL, $error->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedName = CertificateAuthorityServiceClient::caPoolName(
        '[PROJECT]',
        '[LOCATION]',
        '[CA_POOL]'
    );

    delete_ca_pool_sample($formattedName);
}

deleteCertificateAuthority

Delete a CertificateAuthority.

Parameters
NameDescription
name string

Required. The resource name for this CertificateAuthority in the format projects/*/locations/*/caPools/*/certificateAuthorities/*.

optionalArgs array

Optional.

↳ requestId string

Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).

↳ ignoreActiveCertificates bool

Optional. This field allows the CA to be deleted even if the CA has active certs. Active certs include both unrevoked and unexpired certs.

↳ skipGracePeriod bool

Optional. If this flag is set, the Certificate Authority will be deleted as soon as possible without a 30-day grace period where undeletion would have been allowed. If you proceed, there will be no way to recover this CA.

↳ ignoreDependentResources bool

Optional. This field allows this ca to be deleted even if it's being depended on by another resource. However, doing so may result in unintended and unrecoverable effects on any dependent resource(s) since the CA will no longer be able to issue certificates.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\ApiCore\OperationResponse
Example
use Google\ApiCore\ApiException;
use Google\ApiCore\OperationResponse;
use Google\Cloud\Security\PrivateCA\V1\CertificateAuthority;
use Google\Cloud\Security\PrivateCA\V1\CertificateAuthorityServiceClient;
use Google\Rpc\Status;

/**
 * @param string $formattedName The resource name for this
 *                              [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
 *                              in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`. Please see
 *                              {@see CertificateAuthorityServiceClient::certificateAuthorityName()} for help formatting this field.
 */
function delete_certificate_authority_sample(string $formattedName): void
{
    // Create a client.
    $certificateAuthorityServiceClient = new CertificateAuthorityServiceClient();

    // Call the API and handle any network failures.
    try {
        /** @var OperationResponse $response */
        $response = $certificateAuthorityServiceClient->deleteCertificateAuthority($formattedName);
        $response->pollUntilComplete();

        if ($response->operationSucceeded()) {
            /** @var CertificateAuthority $result */
            $result = $response->getResult();
            printf('Operation successful with response data: %s' . PHP_EOL, $result->serializeToJsonString());
        } else {
            /** @var Status $error */
            $error = $response->getError();
            printf('Operation failed with error data: %s' . PHP_EOL, $error->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedName = CertificateAuthorityServiceClient::certificateAuthorityName(
        '[PROJECT]',
        '[LOCATION]',
        '[CA_POOL]',
        '[CERTIFICATE_AUTHORITY]'
    );

    delete_certificate_authority_sample($formattedName);
}

deleteCertificateTemplate

DeleteCertificateTemplate deletes a CertificateTemplate.

Parameters
NameDescription
name string

Required. The resource name for this CertificateTemplate in the format projects/*/locations/*/certificateTemplates/*.

optionalArgs array

Optional.

↳ requestId string

Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\ApiCore\OperationResponse
Example
use Google\ApiCore\ApiException;
use Google\ApiCore\OperationResponse;
use Google\Cloud\Security\PrivateCA\V1\CertificateAuthorityServiceClient;
use Google\Rpc\Status;

/**
 * @param string $formattedName The resource name for this
 *                              [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
 *                              in the format `projects/*/locations/*/certificateTemplates/*`. Please see
 *                              {@see CertificateAuthorityServiceClient::certificateTemplateName()} for help formatting this field.
 */
function delete_certificate_template_sample(string $formattedName): void
{
    // Create a client.
    $certificateAuthorityServiceClient = new CertificateAuthorityServiceClient();

    // Call the API and handle any network failures.
    try {
        /** @var OperationResponse $response */
        $response = $certificateAuthorityServiceClient->deleteCertificateTemplate($formattedName);
        $response->pollUntilComplete();

        if ($response->operationSucceeded()) {
            printf('Operation completed successfully.' . PHP_EOL);
        } else {
            /** @var Status $error */
            $error = $response->getError();
            printf('Operation failed with error data: %s' . PHP_EOL, $error->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedName = CertificateAuthorityServiceClient::certificateTemplateName(
        '[PROJECT]',
        '[LOCATION]',
        '[CERTIFICATE_TEMPLATE]'
    );

    delete_certificate_template_sample($formattedName);
}

disableCertificateAuthority

Disable a CertificateAuthority.

Parameters
NameDescription
name string

Required. The resource name for this CertificateAuthority in the format projects/*/locations/*/caPools/*/certificateAuthorities/*.

optionalArgs array

Optional.

↳ requestId string

Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).

↳ ignoreDependentResources bool

Optional. This field allows this CA to be disabled even if it's being depended on by another resource. However, doing so may result in unintended and unrecoverable effects on any dependent resource(s) since the CA will no longer be able to issue certificates.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\ApiCore\OperationResponse
Example
use Google\ApiCore\ApiException;
use Google\ApiCore\OperationResponse;
use Google\Cloud\Security\PrivateCA\V1\CertificateAuthority;
use Google\Cloud\Security\PrivateCA\V1\CertificateAuthorityServiceClient;
use Google\Rpc\Status;

/**
 * @param string $formattedName The resource name for this
 *                              [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
 *                              in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`. Please see
 *                              {@see CertificateAuthorityServiceClient::certificateAuthorityName()} for help formatting this field.
 */
function disable_certificate_authority_sample(string $formattedName): void
{
    // Create a client.
    $certificateAuthorityServiceClient = new CertificateAuthorityServiceClient();

    // Call the API and handle any network failures.
    try {
        /** @var OperationResponse $response */
        $response = $certificateAuthorityServiceClient->disableCertificateAuthority($formattedName);
        $response->pollUntilComplete();

        if ($response->operationSucceeded()) {
            /** @var CertificateAuthority $result */
            $result = $response->getResult();
            printf('Operation successful with response data: %s' . PHP_EOL, $result->serializeToJsonString());
        } else {
            /** @var Status $error */
            $error = $response->getError();
            printf('Operation failed with error data: %s' . PHP_EOL, $error->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedName = CertificateAuthorityServiceClient::certificateAuthorityName(
        '[PROJECT]',
        '[LOCATION]',
        '[CA_POOL]',
        '[CERTIFICATE_AUTHORITY]'
    );

    disable_certificate_authority_sample($formattedName);
}

enableCertificateAuthority

Enable a CertificateAuthority.

Parameters
NameDescription
name string

Required. The resource name for this CertificateAuthority in the format projects/*/locations/*/caPools/*/certificateAuthorities/*.

optionalArgs array

Optional.

↳ requestId string

Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\ApiCore\OperationResponse
Example
use Google\ApiCore\ApiException;
use Google\ApiCore\OperationResponse;
use Google\Cloud\Security\PrivateCA\V1\CertificateAuthority;
use Google\Cloud\Security\PrivateCA\V1\CertificateAuthorityServiceClient;
use Google\Rpc\Status;

/**
 * @param string $formattedName The resource name for this
 *                              [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
 *                              in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`. Please see
 *                              {@see CertificateAuthorityServiceClient::certificateAuthorityName()} for help formatting this field.
 */
function enable_certificate_authority_sample(string $formattedName): void
{
    // Create a client.
    $certificateAuthorityServiceClient = new CertificateAuthorityServiceClient();

    // Call the API and handle any network failures.
    try {
        /** @var OperationResponse $response */
        $response = $certificateAuthorityServiceClient->enableCertificateAuthority($formattedName);
        $response->pollUntilComplete();

        if ($response->operationSucceeded()) {
            /** @var CertificateAuthority $result */
            $result = $response->getResult();
            printf('Operation successful with response data: %s' . PHP_EOL, $result->serializeToJsonString());
        } else {
            /** @var Status $error */
            $error = $response->getError();
            printf('Operation failed with error data: %s' . PHP_EOL, $error->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedName = CertificateAuthorityServiceClient::certificateAuthorityName(
        '[PROJECT]',
        '[LOCATION]',
        '[CA_POOL]',
        '[CERTIFICATE_AUTHORITY]'
    );

    enable_certificate_authority_sample($formattedName);
}

fetchCaCerts

FetchCaCerts returns the current trust anchor for the CaPool. This will include CA certificate chains for all ACTIVE CertificateAuthority resources in the CaPool.

Parameters
NameDescription
caPool string

Required. The resource name for the CaPool in the format projects/*/locations/*/caPools/*.

optionalArgs array

Optional.

↳ requestId string

Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\Cloud\Security\PrivateCA\V1\FetchCaCertsResponse
Example
use Google\ApiCore\ApiException;
use Google\Cloud\Security\PrivateCA\V1\CertificateAuthorityServiceClient;
use Google\Cloud\Security\PrivateCA\V1\FetchCaCertsResponse;

/**
 * @param string $formattedCaPool The resource name for the
 *                                [CaPool][google.cloud.security.privateca.v1.CaPool] in the format
 *                                `projects/*/locations/*/caPools/*`. Please see
 *                                {@see CertificateAuthorityServiceClient::caPoolName()} for help formatting this field.
 */
function fetch_ca_certs_sample(string $formattedCaPool): void
{
    // Create a client.
    $certificateAuthorityServiceClient = new CertificateAuthorityServiceClient();

    // Call the API and handle any network failures.
    try {
        /** @var FetchCaCertsResponse $response */
        $response = $certificateAuthorityServiceClient->fetchCaCerts($formattedCaPool);
        printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedCaPool = CertificateAuthorityServiceClient::caPoolName(
        '[PROJECT]',
        '[LOCATION]',
        '[CA_POOL]'
    );

    fetch_ca_certs_sample($formattedCaPool);
}

fetchCertificateAuthorityCsr

Fetch a certificate signing request (CSR) from a CertificateAuthority that is in state AWAITING_USER_ACTIVATION and is of type SUBORDINATE.

The CSR must then be signed by the desired parent Certificate Authority, which could be another CertificateAuthority resource, or could be an on-prem certificate authority. See also ActivateCertificateAuthority.

Parameters
NameDescription
name string

Required. The resource name for this CertificateAuthority in the format projects/*/locations/*/caPools/*/certificateAuthorities/*.

optionalArgs array

Optional.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\Cloud\Security\PrivateCA\V1\FetchCertificateAuthorityCsrResponse
Example
use Google\ApiCore\ApiException;
use Google\Cloud\Security\PrivateCA\V1\CertificateAuthorityServiceClient;
use Google\Cloud\Security\PrivateCA\V1\FetchCertificateAuthorityCsrResponse;

/**
 * @param string $formattedName The resource name for this
 *                              [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
 *                              in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`. Please see
 *                              {@see CertificateAuthorityServiceClient::certificateAuthorityName()} for help formatting this field.
 */
function fetch_certificate_authority_csr_sample(string $formattedName): void
{
    // Create a client.
    $certificateAuthorityServiceClient = new CertificateAuthorityServiceClient();

    // Call the API and handle any network failures.
    try {
        /** @var FetchCertificateAuthorityCsrResponse $response */
        $response = $certificateAuthorityServiceClient->fetchCertificateAuthorityCsr($formattedName);
        printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedName = CertificateAuthorityServiceClient::certificateAuthorityName(
        '[PROJECT]',
        '[LOCATION]',
        '[CA_POOL]',
        '[CERTIFICATE_AUTHORITY]'
    );

    fetch_certificate_authority_csr_sample($formattedName);
}

getCaPool

Returns a CaPool.

Parameters
NameDescription
name string

Required. The name of the CaPool to get.

optionalArgs array

Optional.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\Cloud\Security\PrivateCA\V1\CaPool
Example
use Google\ApiCore\ApiException;
use Google\Cloud\Security\PrivateCA\V1\CaPool;
use Google\Cloud\Security\PrivateCA\V1\CertificateAuthorityServiceClient;

/**
 * @param string $formattedName The [name][google.cloud.security.privateca.v1.CaPool.name] of the
 *                              [CaPool][google.cloud.security.privateca.v1.CaPool] to get. Please see
 *                              {@see CertificateAuthorityServiceClient::caPoolName()} for help formatting this field.
 */
function get_ca_pool_sample(string $formattedName): void
{
    // Create a client.
    $certificateAuthorityServiceClient = new CertificateAuthorityServiceClient();

    // Call the API and handle any network failures.
    try {
        /** @var CaPool $response */
        $response = $certificateAuthorityServiceClient->getCaPool($formattedName);
        printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedName = CertificateAuthorityServiceClient::caPoolName(
        '[PROJECT]',
        '[LOCATION]',
        '[CA_POOL]'
    );

    get_ca_pool_sample($formattedName);
}

getCertificate

Returns a Certificate.

Parameters
NameDescription
name string

Required. The name of the Certificate to get.

optionalArgs array

Optional.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\Cloud\Security\PrivateCA\V1\Certificate
Example
use Google\ApiCore\ApiException;
use Google\Cloud\Security\PrivateCA\V1\Certificate;
use Google\Cloud\Security\PrivateCA\V1\CertificateAuthorityServiceClient;

/**
 * @param string $formattedName The [name][google.cloud.security.privateca.v1.Certificate.name]
 *                              of the [Certificate][google.cloud.security.privateca.v1.Certificate] to
 *                              get. Please see
 *                              {@see CertificateAuthorityServiceClient::certificateName()} for help formatting this field.
 */
function get_certificate_sample(string $formattedName): void
{
    // Create a client.
    $certificateAuthorityServiceClient = new CertificateAuthorityServiceClient();

    // Call the API and handle any network failures.
    try {
        /** @var Certificate $response */
        $response = $certificateAuthorityServiceClient->getCertificate($formattedName);
        printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedName = CertificateAuthorityServiceClient::certificateName(
        '[PROJECT]',
        '[LOCATION]',
        '[CA_POOL]',
        '[CERTIFICATE]'
    );

    get_certificate_sample($formattedName);
}

getCertificateAuthority

Returns a CertificateAuthority.

Parameters
NameDescription
name string

Required. The name of the CertificateAuthority to get.

optionalArgs array

Optional.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\Cloud\Security\PrivateCA\V1\CertificateAuthority
Example
use Google\ApiCore\ApiException;
use Google\Cloud\Security\PrivateCA\V1\CertificateAuthority;
use Google\Cloud\Security\PrivateCA\V1\CertificateAuthorityServiceClient;

/**
 * @param string $formattedName The
 *                              [name][google.cloud.security.privateca.v1.CertificateAuthority.name] of the
 *                              [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
 *                              to get. Please see
 *                              {@see CertificateAuthorityServiceClient::certificateAuthorityName()} for help formatting this field.
 */
function get_certificate_authority_sample(string $formattedName): void
{
    // Create a client.
    $certificateAuthorityServiceClient = new CertificateAuthorityServiceClient();

    // Call the API and handle any network failures.
    try {
        /** @var CertificateAuthority $response */
        $response = $certificateAuthorityServiceClient->getCertificateAuthority($formattedName);
        printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedName = CertificateAuthorityServiceClient::certificateAuthorityName(
        '[PROJECT]',
        '[LOCATION]',
        '[CA_POOL]',
        '[CERTIFICATE_AUTHORITY]'
    );

    get_certificate_authority_sample($formattedName);
}

getCertificateRevocationList

Returns a CertificateRevocationList.

Parameters
NameDescription
name string

Required. The name of the CertificateRevocationList to get.

optionalArgs array

Optional.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\Cloud\Security\PrivateCA\V1\CertificateRevocationList
Example
use Google\ApiCore\ApiException;
use Google\Cloud\Security\PrivateCA\V1\CertificateAuthorityServiceClient;
use Google\Cloud\Security\PrivateCA\V1\CertificateRevocationList;

/**
 * @param string $formattedName The
 *                              [name][google.cloud.security.privateca.v1.CertificateRevocationList.name]
 *                              of the
 *                              [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
 *                              to get. Please see
 *                              {@see CertificateAuthorityServiceClient::certificateRevocationListName()} for help formatting this field.
 */
function get_certificate_revocation_list_sample(string $formattedName): void
{
    // Create a client.
    $certificateAuthorityServiceClient = new CertificateAuthorityServiceClient();

    // Call the API and handle any network failures.
    try {
        /** @var CertificateRevocationList $response */
        $response = $certificateAuthorityServiceClient->getCertificateRevocationList($formattedName);
        printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedName = CertificateAuthorityServiceClient::certificateRevocationListName(
        '[PROJECT]',
        '[LOCATION]',
        '[CA_POOL]',
        '[CERTIFICATE_AUTHORITY]',
        '[CERTIFICATE_REVOCATION_LIST]'
    );

    get_certificate_revocation_list_sample($formattedName);
}

getCertificateTemplate

Returns a CertificateTemplate.

Parameters
NameDescription
name string

Required. The name of the CertificateTemplate to get.

optionalArgs array

Optional.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\Cloud\Security\PrivateCA\V1\CertificateTemplate
Example
use Google\ApiCore\ApiException;
use Google\Cloud\Security\PrivateCA\V1\CertificateAuthorityServiceClient;
use Google\Cloud\Security\PrivateCA\V1\CertificateTemplate;

/**
 * @param string $formattedName The
 *                              [name][google.cloud.security.privateca.v1.CertificateTemplate.name] of the
 *                              [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
 *                              to get. Please see
 *                              {@see CertificateAuthorityServiceClient::certificateTemplateName()} for help formatting this field.
 */
function get_certificate_template_sample(string $formattedName): void
{
    // Create a client.
    $certificateAuthorityServiceClient = new CertificateAuthorityServiceClient();

    // Call the API and handle any network failures.
    try {
        /** @var CertificateTemplate $response */
        $response = $certificateAuthorityServiceClient->getCertificateTemplate($formattedName);
        printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedName = CertificateAuthorityServiceClient::certificateTemplateName(
        '[PROJECT]',
        '[LOCATION]',
        '[CERTIFICATE_TEMPLATE]'
    );

    get_certificate_template_sample($formattedName);
}

listCaPools

Lists CaPools.

Parameters
NameDescription
parent string

Required. The resource name of the location associated with the CaPools, in the format projects/*/locations/*.

optionalArgs array

Optional.

↳ pageSize int

The maximum number of resources contained in the underlying API response. The API may return fewer values in a page, even if there are additional values to be retrieved.

↳ pageToken string

A page token is used to specify a page of values to be returned. If no page token is specified (the default), the first page of values will be returned. Any page token used here must have been generated by a previous call to the API.

↳ filter string

Optional. Only include resources that match the filter in the response.

↳ orderBy string

Optional. Specify how the results should be sorted.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\ApiCore\PagedListResponse
Example
use Google\ApiCore\ApiException;
use Google\ApiCore\PagedListResponse;
use Google\Cloud\Security\PrivateCA\V1\CaPool;
use Google\Cloud\Security\PrivateCA\V1\CertificateAuthorityServiceClient;

/**
 * @param string $formattedParent The resource name of the location associated with the
 *                                [CaPools][google.cloud.security.privateca.v1.CaPool], in the format
 *                                `projects/*/locations/*`. Please see
 *                                {@see CertificateAuthorityServiceClient::locationName()} for help formatting this field.
 */
function list_ca_pools_sample(string $formattedParent): void
{
    // Create a client.
    $certificateAuthorityServiceClient = new CertificateAuthorityServiceClient();

    // Call the API and handle any network failures.
    try {
        /** @var PagedListResponse $response */
        $response = $certificateAuthorityServiceClient->listCaPools($formattedParent);

        /** @var CaPool $element */
        foreach ($response as $element) {
            printf('Element data: %s' . PHP_EOL, $element->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedParent = CertificateAuthorityServiceClient::locationName('[PROJECT]', '[LOCATION]');

    list_ca_pools_sample($formattedParent);
}

listCertificateAuthorities

Lists CertificateAuthorities.

Parameters
NameDescription
parent string

Required. The resource name of the CaPool associated with the CertificateAuthorities, in the format projects/*/locations/*/caPools/*.

optionalArgs array

Optional.

↳ pageSize int

The maximum number of resources contained in the underlying API response. The API may return fewer values in a page, even if there are additional values to be retrieved.

↳ pageToken string

A page token is used to specify a page of values to be returned. If no page token is specified (the default), the first page of values will be returned. Any page token used here must have been generated by a previous call to the API.

↳ filter string

Optional. Only include resources that match the filter in the response.

↳ orderBy string

Optional. Specify how the results should be sorted.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\ApiCore\PagedListResponse
Example
use Google\ApiCore\ApiException;
use Google\ApiCore\PagedListResponse;
use Google\Cloud\Security\PrivateCA\V1\CertificateAuthority;
use Google\Cloud\Security\PrivateCA\V1\CertificateAuthorityServiceClient;

/**
 * @param string $formattedParent The resource name of the
 *                                [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
 *                                [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority],
 *                                in the format `projects/*/locations/*/caPools/*`. Please see
 *                                {@see CertificateAuthorityServiceClient::caPoolName()} for help formatting this field.
 */
function list_certificate_authorities_sample(string $formattedParent): void
{
    // Create a client.
    $certificateAuthorityServiceClient = new CertificateAuthorityServiceClient();

    // Call the API and handle any network failures.
    try {
        /** @var PagedListResponse $response */
        $response = $certificateAuthorityServiceClient->listCertificateAuthorities($formattedParent);

        /** @var CertificateAuthority $element */
        foreach ($response as $element) {
            printf('Element data: %s' . PHP_EOL, $element->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedParent = CertificateAuthorityServiceClient::caPoolName(
        '[PROJECT]',
        '[LOCATION]',
        '[CA_POOL]'
    );

    list_certificate_authorities_sample($formattedParent);
}

listCertificateRevocationLists

Lists CertificateRevocationLists.

Parameters
NameDescription
parent string

Required. The resource name of the location associated with the CertificateRevocationLists, in the format projects/*/locations/*/caPools/*/certificateAuthorities/*.

optionalArgs array

Optional.

↳ pageSize int

The maximum number of resources contained in the underlying API response. The API may return fewer values in a page, even if there are additional values to be retrieved.

↳ pageToken string

A page token is used to specify a page of values to be returned. If no page token is specified (the default), the first page of values will be returned. Any page token used here must have been generated by a previous call to the API.

↳ filter string

Optional. Only include resources that match the filter in the response.

↳ orderBy string

Optional. Specify how the results should be sorted.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\ApiCore\PagedListResponse
Example
use Google\ApiCore\ApiException;
use Google\ApiCore\PagedListResponse;
use Google\Cloud\Security\PrivateCA\V1\CertificateAuthorityServiceClient;
use Google\Cloud\Security\PrivateCA\V1\CertificateRevocationList;

/**
 * @param string $formattedParent The resource name of the location associated with the
 *                                [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList],
 *                                in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`. Please see
 *                                {@see CertificateAuthorityServiceClient::certificateAuthorityName()} for help formatting this field.
 */
function list_certificate_revocation_lists_sample(string $formattedParent): void
{
    // Create a client.
    $certificateAuthorityServiceClient = new CertificateAuthorityServiceClient();

    // Call the API and handle any network failures.
    try {
        /** @var PagedListResponse $response */
        $response = $certificateAuthorityServiceClient->listCertificateRevocationLists($formattedParent);

        /** @var CertificateRevocationList $element */
        foreach ($response as $element) {
            printf('Element data: %s' . PHP_EOL, $element->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedParent = CertificateAuthorityServiceClient::certificateAuthorityName(
        '[PROJECT]',
        '[LOCATION]',
        '[CA_POOL]',
        '[CERTIFICATE_AUTHORITY]'
    );

    list_certificate_revocation_lists_sample($formattedParent);
}

listCertificateTemplates

Lists CertificateTemplates.

Parameters
NameDescription
parent string

Required. The resource name of the location associated with the CertificateTemplates, in the format projects/*/locations/*.

optionalArgs array

Optional.

↳ pageSize int

The maximum number of resources contained in the underlying API response. The API may return fewer values in a page, even if there are additional values to be retrieved.

↳ pageToken string

A page token is used to specify a page of values to be returned. If no page token is specified (the default), the first page of values will be returned. Any page token used here must have been generated by a previous call to the API.

↳ filter string

Optional. Only include resources that match the filter in the response.

↳ orderBy string

Optional. Specify how the results should be sorted.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\ApiCore\PagedListResponse
Example
use Google\ApiCore\ApiException;
use Google\ApiCore\PagedListResponse;
use Google\Cloud\Security\PrivateCA\V1\CertificateAuthorityServiceClient;
use Google\Cloud\Security\PrivateCA\V1\CertificateTemplate;

/**
 * @param string $formattedParent The resource name of the location associated with the
 *                                [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate],
 *                                in the format `projects/*/locations/*`. Please see
 *                                {@see CertificateAuthorityServiceClient::locationName()} for help formatting this field.
 */
function list_certificate_templates_sample(string $formattedParent): void
{
    // Create a client.
    $certificateAuthorityServiceClient = new CertificateAuthorityServiceClient();

    // Call the API and handle any network failures.
    try {
        /** @var PagedListResponse $response */
        $response = $certificateAuthorityServiceClient->listCertificateTemplates($formattedParent);

        /** @var CertificateTemplate $element */
        foreach ($response as $element) {
            printf('Element data: %s' . PHP_EOL, $element->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedParent = CertificateAuthorityServiceClient::locationName('[PROJECT]', '[LOCATION]');

    list_certificate_templates_sample($formattedParent);
}

listCertificates

Lists Certificates.

Parameters
NameDescription
parent string

Required. The resource name of the location associated with the Certificates, in the format projects/*/locations/*/caPools/*.

optionalArgs array

Optional.

↳ pageSize int

The maximum number of resources contained in the underlying API response. The API may return fewer values in a page, even if there are additional values to be retrieved.

↳ pageToken string

A page token is used to specify a page of values to be returned. If no page token is specified (the default), the first page of values will be returned. Any page token used here must have been generated by a previous call to the API.

↳ filter string

Optional. Only include resources that match the filter in the response. For details on supported filters and syntax, see Certificates Filtering documentation.

↳ orderBy string

Optional. Specify how the results should be sorted. For details on supported fields and syntax, see Certificates Sorting documentation.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\ApiCore\PagedListResponse
Example
use Google\ApiCore\ApiException;
use Google\ApiCore\PagedListResponse;
use Google\Cloud\Security\PrivateCA\V1\Certificate;
use Google\Cloud\Security\PrivateCA\V1\CertificateAuthorityServiceClient;

/**
 * @param string $formattedParent The resource name of the location associated with the
 *                                [Certificates][google.cloud.security.privateca.v1.Certificate], in the
 *                                format `projects/*/locations/*/caPools/*`. Please see
 *                                {@see CertificateAuthorityServiceClient::caPoolName()} for help formatting this field.
 */
function list_certificates_sample(string $formattedParent): void
{
    // Create a client.
    $certificateAuthorityServiceClient = new CertificateAuthorityServiceClient();

    // Call the API and handle any network failures.
    try {
        /** @var PagedListResponse $response */
        $response = $certificateAuthorityServiceClient->listCertificates($formattedParent);

        /** @var Certificate $element */
        foreach ($response as $element) {
            printf('Element data: %s' . PHP_EOL, $element->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedParent = CertificateAuthorityServiceClient::caPoolName(
        '[PROJECT]',
        '[LOCATION]',
        '[CA_POOL]'
    );

    list_certificates_sample($formattedParent);
}

revokeCertificate

Revoke a Certificate.

Parameters
NameDescription
name string

Required. The resource name for this Certificate in the format projects/*/locations/*/caPools/*/certificates/*.

reason int

Required. The RevocationReason for revoking this certificate. For allowed values, use constants defined on {@see \Google\Cloud\Security\PrivateCA\V1\RevocationReason}

optionalArgs array

Optional.

↳ requestId string

Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\Cloud\Security\PrivateCA\V1\Certificate
Example
use Google\ApiCore\ApiException;
use Google\Cloud\Security\PrivateCA\V1\Certificate;
use Google\Cloud\Security\PrivateCA\V1\CertificateAuthorityServiceClient;
use Google\Cloud\Security\PrivateCA\V1\RevocationReason;

/**
 * @param string $formattedName The resource name for this
 *                              [Certificate][google.cloud.security.privateca.v1.Certificate] in the format
 *                              `projects/*/locations/*/caPools/*/certificates/*`. Please see
 *                              {@see CertificateAuthorityServiceClient::certificateName()} for help formatting this field.
 * @param int    $reason        The
 *                              [RevocationReason][google.cloud.security.privateca.v1.RevocationReason] for
 *                              revoking this certificate.
 */
function revoke_certificate_sample(string $formattedName, int $reason): void
{
    // Create a client.
    $certificateAuthorityServiceClient = new CertificateAuthorityServiceClient();

    // Call the API and handle any network failures.
    try {
        /** @var Certificate $response */
        $response = $certificateAuthorityServiceClient->revokeCertificate($formattedName, $reason);
        printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedName = CertificateAuthorityServiceClient::certificateName(
        '[PROJECT]',
        '[LOCATION]',
        '[CA_POOL]',
        '[CERTIFICATE]'
    );
    $reason = RevocationReason::REVOCATION_REASON_UNSPECIFIED;

    revoke_certificate_sample($formattedName, $reason);
}

undeleteCertificateAuthority

Undelete a CertificateAuthority that has been deleted.

Parameters
NameDescription
name string

Required. The resource name for this CertificateAuthority in the format projects/*/locations/*/caPools/*/certificateAuthorities/*.

optionalArgs array

Optional.

↳ requestId string

Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\ApiCore\OperationResponse
Example
use Google\ApiCore\ApiException;
use Google\ApiCore\OperationResponse;
use Google\Cloud\Security\PrivateCA\V1\CertificateAuthority;
use Google\Cloud\Security\PrivateCA\V1\CertificateAuthorityServiceClient;
use Google\Rpc\Status;

/**
 * @param string $formattedName The resource name for this
 *                              [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
 *                              in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`. Please see
 *                              {@see CertificateAuthorityServiceClient::certificateAuthorityName()} for help formatting this field.
 */
function undelete_certificate_authority_sample(string $formattedName): void
{
    // Create a client.
    $certificateAuthorityServiceClient = new CertificateAuthorityServiceClient();

    // Call the API and handle any network failures.
    try {
        /** @var OperationResponse $response */
        $response = $certificateAuthorityServiceClient->undeleteCertificateAuthority($formattedName);
        $response->pollUntilComplete();

        if ($response->operationSucceeded()) {
            /** @var CertificateAuthority $result */
            $result = $response->getResult();
            printf('Operation successful with response data: %s' . PHP_EOL, $result->serializeToJsonString());
        } else {
            /** @var Status $error */
            $error = $response->getError();
            printf('Operation failed with error data: %s' . PHP_EOL, $error->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedName = CertificateAuthorityServiceClient::certificateAuthorityName(
        '[PROJECT]',
        '[LOCATION]',
        '[CA_POOL]',
        '[CERTIFICATE_AUTHORITY]'
    );

    undelete_certificate_authority_sample($formattedName);
}

updateCaPool

Update a CaPool.

Parameters
NameDescription
caPool Google\Cloud\Security\PrivateCA\V1\CaPool

Required. CaPool with updated values.

updateMask Google\Protobuf\FieldMask

Required. A list of fields to be updated in this request.

optionalArgs array

Optional.

↳ requestId string

Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\ApiCore\OperationResponse
Example
use Google\ApiCore\ApiException;
use Google\ApiCore\OperationResponse;
use Google\Cloud\Security\PrivateCA\V1\CaPool;
use Google\Cloud\Security\PrivateCA\V1\CaPool\Tier;
use Google\Cloud\Security\PrivateCA\V1\CertificateAuthorityServiceClient;
use Google\Protobuf\FieldMask;
use Google\Rpc\Status;

/**
 * @param int $caPoolTier Immutable. The
 *                        [Tier][google.cloud.security.privateca.v1.CaPool.Tier] of this
 *                        [CaPool][google.cloud.security.privateca.v1.CaPool].
 */
function update_ca_pool_sample(int $caPoolTier): void
{
    // Create a client.
    $certificateAuthorityServiceClient = new CertificateAuthorityServiceClient();

    // Prepare any non-scalar elements to be passed along with the request.
    $caPool = (new CaPool())
        ->setTier($caPoolTier);
    $updateMask = new FieldMask();

    // Call the API and handle any network failures.
    try {
        /** @var OperationResponse $response */
        $response = $certificateAuthorityServiceClient->updateCaPool($caPool, $updateMask);
        $response->pollUntilComplete();

        if ($response->operationSucceeded()) {
            /** @var CaPool $result */
            $result = $response->getResult();
            printf('Operation successful with response data: %s' . PHP_EOL, $result->serializeToJsonString());
        } else {
            /** @var Status $error */
            $error = $response->getError();
            printf('Operation failed with error data: %s' . PHP_EOL, $error->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $caPoolTier = Tier::TIER_UNSPECIFIED;

    update_ca_pool_sample($caPoolTier);
}

updateCertificate

Update a Certificate.

Currently, the only field you can update is the labels field.

Parameters
NameDescription
certificate Google\Cloud\Security\PrivateCA\V1\Certificate

Required. Certificate with updated values.

updateMask Google\Protobuf\FieldMask

Required. A list of fields to be updated in this request.

optionalArgs array

Optional.

↳ requestId string

Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\Cloud\Security\PrivateCA\V1\Certificate
Example
use Google\ApiCore\ApiException;
use Google\Cloud\Security\PrivateCA\V1\Certificate;
use Google\Cloud\Security\PrivateCA\V1\CertificateAuthorityServiceClient;
use Google\Protobuf\Duration;
use Google\Protobuf\FieldMask;

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function update_certificate_sample(): void
{
    // Create a client.
    $certificateAuthorityServiceClient = new CertificateAuthorityServiceClient();

    // Prepare any non-scalar elements to be passed along with the request.
    $certificateLifetime = new Duration();
    $certificate = (new Certificate())
        ->setLifetime($certificateLifetime);
    $updateMask = new FieldMask();

    // Call the API and handle any network failures.
    try {
        /** @var Certificate $response */
        $response = $certificateAuthorityServiceClient->updateCertificate($certificate, $updateMask);
        printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

updateCertificateAuthority

Update a CertificateAuthority.

Parameters
NameDescription
certificateAuthority Google\Cloud\Security\PrivateCA\V1\CertificateAuthority

Required. CertificateAuthority with updated values.

updateMask Google\Protobuf\FieldMask

Required. A list of fields to be updated in this request.

optionalArgs array

Optional.

↳ requestId string

Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\ApiCore\OperationResponse
Example
use Google\ApiCore\ApiException;
use Google\ApiCore\OperationResponse;
use Google\Cloud\Security\PrivateCA\V1\CertificateAuthority;
use Google\Cloud\Security\PrivateCA\V1\CertificateAuthorityServiceClient;
use Google\Cloud\Security\PrivateCA\V1\CertificateAuthority\KeyVersionSpec;
use Google\Cloud\Security\PrivateCA\V1\CertificateAuthority\Type;
use Google\Cloud\Security\PrivateCA\V1\CertificateConfig;
use Google\Cloud\Security\PrivateCA\V1\CertificateConfig\SubjectConfig;
use Google\Cloud\Security\PrivateCA\V1\Subject;
use Google\Cloud\Security\PrivateCA\V1\X509Parameters;
use Google\Protobuf\Duration;
use Google\Protobuf\FieldMask;
use Google\Rpc\Status;

/**
 * @param int $certificateAuthorityType Immutable. The
 *                                      [Type][google.cloud.security.privateca.v1.CertificateAuthority.Type] of
 *                                      this
 *                                      [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
 */
function update_certificate_authority_sample(int $certificateAuthorityType): void
{
    // Create a client.
    $certificateAuthorityServiceClient = new CertificateAuthorityServiceClient();

    // Prepare any non-scalar elements to be passed along with the request.
    $certificateAuthorityConfigSubjectConfigSubject = new Subject();
    $certificateAuthorityConfigSubjectConfig = (new SubjectConfig())
        ->setSubject($certificateAuthorityConfigSubjectConfigSubject);
    $certificateAuthorityConfigX509Config = new X509Parameters();
    $certificateAuthorityConfig = (new CertificateConfig())
        ->setSubjectConfig($certificateAuthorityConfigSubjectConfig)
        ->setX509Config($certificateAuthorityConfigX509Config);
    $certificateAuthorityLifetime = new Duration();
    $certificateAuthorityKeySpec = new KeyVersionSpec();
    $certificateAuthority = (new CertificateAuthority())
        ->setType($certificateAuthorityType)
        ->setConfig($certificateAuthorityConfig)
        ->setLifetime($certificateAuthorityLifetime)
        ->setKeySpec($certificateAuthorityKeySpec);
    $updateMask = new FieldMask();

    // Call the API and handle any network failures.
    try {
        /** @var OperationResponse $response */
        $response = $certificateAuthorityServiceClient->updateCertificateAuthority(
            $certificateAuthority,
            $updateMask
        );
        $response->pollUntilComplete();

        if ($response->operationSucceeded()) {
            /** @var CertificateAuthority $result */
            $result = $response->getResult();
            printf('Operation successful with response data: %s' . PHP_EOL, $result->serializeToJsonString());
        } else {
            /** @var Status $error */
            $error = $response->getError();
            printf('Operation failed with error data: %s' . PHP_EOL, $error->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $certificateAuthorityType = Type::TYPE_UNSPECIFIED;

    update_certificate_authority_sample($certificateAuthorityType);
}

updateCertificateRevocationList

Update a CertificateRevocationList.

Parameters
NameDescription
certificateRevocationList Google\Cloud\Security\PrivateCA\V1\CertificateRevocationList

Required. CertificateRevocationList with updated values.

updateMask Google\Protobuf\FieldMask

Required. A list of fields to be updated in this request.

optionalArgs array

Optional.

↳ requestId string

Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\ApiCore\OperationResponse
Example
use Google\ApiCore\ApiException;
use Google\ApiCore\OperationResponse;
use Google\Cloud\Security\PrivateCA\V1\CertificateAuthorityServiceClient;
use Google\Cloud\Security\PrivateCA\V1\CertificateRevocationList;
use Google\Protobuf\FieldMask;
use Google\Rpc\Status;

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function update_certificate_revocation_list_sample(): void
{
    // Create a client.
    $certificateAuthorityServiceClient = new CertificateAuthorityServiceClient();

    // Prepare any non-scalar elements to be passed along with the request.
    $certificateRevocationList = new CertificateRevocationList();
    $updateMask = new FieldMask();

    // Call the API and handle any network failures.
    try {
        /** @var OperationResponse $response */
        $response = $certificateAuthorityServiceClient->updateCertificateRevocationList(
            $certificateRevocationList,
            $updateMask
        );
        $response->pollUntilComplete();

        if ($response->operationSucceeded()) {
            /** @var CertificateRevocationList $result */
            $result = $response->getResult();
            printf('Operation successful with response data: %s' . PHP_EOL, $result->serializeToJsonString());
        } else {
            /** @var Status $error */
            $error = $response->getError();
            printf('Operation failed with error data: %s' . PHP_EOL, $error->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

updateCertificateTemplate

Update a CertificateTemplate.

Parameters
NameDescription
certificateTemplate Google\Cloud\Security\PrivateCA\V1\CertificateTemplate

Required. CertificateTemplate with updated values.

updateMask Google\Protobuf\FieldMask

Required. A list of fields to be updated in this request.

optionalArgs array

Optional.

↳ requestId string

Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\ApiCore\OperationResponse
Example
use Google\ApiCore\ApiException;
use Google\ApiCore\OperationResponse;
use Google\Cloud\Security\PrivateCA\V1\CertificateAuthorityServiceClient;
use Google\Cloud\Security\PrivateCA\V1\CertificateTemplate;
use Google\Protobuf\FieldMask;
use Google\Rpc\Status;

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function update_certificate_template_sample(): void
{
    // Create a client.
    $certificateAuthorityServiceClient = new CertificateAuthorityServiceClient();

    // Prepare any non-scalar elements to be passed along with the request.
    $certificateTemplate = new CertificateTemplate();
    $updateMask = new FieldMask();

    // Call the API and handle any network failures.
    try {
        /** @var OperationResponse $response */
        $response = $certificateAuthorityServiceClient->updateCertificateTemplate(
            $certificateTemplate,
            $updateMask
        );
        $response->pollUntilComplete();

        if ($response->operationSucceeded()) {
            /** @var CertificateTemplate $result */
            $result = $response->getResult();
            printf('Operation successful with response data: %s' . PHP_EOL, $result->serializeToJsonString());
        } else {
            /** @var Status $error */
            $error = $response->getError();
            printf('Operation failed with error data: %s' . PHP_EOL, $error->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

getLocation

Gets information about a location.

Parameters
NameDescription
optionalArgs array

Optional.

↳ name string

Resource name for the location.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\Cloud\Location\Location
Example
use Google\ApiCore\ApiException;
use Google\Cloud\Location\Location;
use Google\Cloud\Security\PrivateCA\V1\CertificateAuthorityServiceClient;

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function get_location_sample(): void
{
    // Create a client.
    $certificateAuthorityServiceClient = new CertificateAuthorityServiceClient();

    // Call the API and handle any network failures.
    try {
        /** @var Location $response */
        $response = $certificateAuthorityServiceClient->getLocation();
        printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

listLocations

Lists information about the supported locations for this service.

Parameters
NameDescription
optionalArgs array

Optional.

↳ name string

The resource that owns the locations collection, if applicable.

↳ filter string

The standard list filter.

↳ pageSize int

The maximum number of resources contained in the underlying API response. The API may return fewer values in a page, even if there are additional values to be retrieved.

↳ pageToken string

A page token is used to specify a page of values to be returned. If no page token is specified (the default), the first page of values will be returned. Any page token used here must have been generated by a previous call to the API.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\ApiCore\PagedListResponse
Example
use Google\ApiCore\ApiException;
use Google\ApiCore\PagedListResponse;
use Google\Cloud\Location\Location;
use Google\Cloud\Security\PrivateCA\V1\CertificateAuthorityServiceClient;

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function list_locations_sample(): void
{
    // Create a client.
    $certificateAuthorityServiceClient = new CertificateAuthorityServiceClient();

    // Call the API and handle any network failures.
    try {
        /** @var PagedListResponse $response */
        $response = $certificateAuthorityServiceClient->listLocations();

        /** @var Location $element */
        foreach ($response as $element) {
            printf('Element data: %s' . PHP_EOL, $element->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

getIamPolicy

Gets the access control policy for a resource. Returns an empty policy if the resource exists and does not have a policy set.

Parameters
NameDescription
resource string

REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field.

optionalArgs array

Optional.

↳ options GetPolicyOptions

OPTIONAL: A GetPolicyOptions object for specifying options to GetIamPolicy.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\Cloud\Iam\V1\Policy
Example
use Google\ApiCore\ApiException;
use Google\Cloud\Iam\V1\Policy;
use Google\Cloud\Security\PrivateCA\V1\CertificateAuthorityServiceClient;

/**
 * @param string $resource REQUIRED: The resource for which the policy is being requested.
 *                         See the operation documentation for the appropriate value for this field.
 */
function get_iam_policy_sample(string $resource): void
{
    // Create a client.
    $certificateAuthorityServiceClient = new CertificateAuthorityServiceClient();

    // Call the API and handle any network failures.
    try {
        /** @var Policy $response */
        $response = $certificateAuthorityServiceClient->getIamPolicy($resource);
        printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $resource = '[RESOURCE]';

    get_iam_policy_sample($resource);
}

setIamPolicy

Sets the access control policy on the specified resource. Replaces any existing policy.

Can return NOT_FOUND, INVALID_ARGUMENT, and PERMISSION_DENIED errors.

Parameters
NameDescription
resource string

REQUIRED: The resource for which the policy is being specified. See the operation documentation for the appropriate value for this field.

policy Google\Cloud\Iam\V1\Policy

REQUIRED: The complete policy to be applied to the resource. The size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Cloud Platform services (such as Projects) might reject them.

optionalArgs array

Optional.

↳ updateMask FieldMask

OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only the fields in the mask will be modified. If no mask is provided, the following default mask is used: paths: "bindings, etag"

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\Cloud\Iam\V1\Policy
Example
use Google\ApiCore\ApiException;
use Google\Cloud\Iam\V1\Policy;
use Google\Cloud\Security\PrivateCA\V1\CertificateAuthorityServiceClient;

/**
 * @param string $resource REQUIRED: The resource for which the policy is being specified.
 *                         See the operation documentation for the appropriate value for this field.
 */
function set_iam_policy_sample(string $resource): void
{
    // Create a client.
    $certificateAuthorityServiceClient = new CertificateAuthorityServiceClient();

    // Prepare any non-scalar elements to be passed along with the request.
    $policy = new Policy();

    // Call the API and handle any network failures.
    try {
        /** @var Policy $response */
        $response = $certificateAuthorityServiceClient->setIamPolicy($resource, $policy);
        printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $resource = '[RESOURCE]';

    set_iam_policy_sample($resource);
}

testIamPermissions

Returns permissions that a caller has on the specified resource. If the resource does not exist, this will return an empty set of permissions, not a NOT_FOUND error.

Note: This operation is designed to be used for building permission-aware UIs and command-line tools, not for authorization checking. This operation may "fail open" without warning.

Parameters
NameDescription
resource string

REQUIRED: The resource for which the policy detail is being requested. See the operation documentation for the appropriate value for this field.

permissions string[]

The set of permissions to check for the resource. Permissions with wildcards (such as '' or 'storage.') are not allowed. For more information see IAM Overview.

optionalArgs array

Optional.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\Cloud\Iam\V1\TestIamPermissionsResponse
Example
use Google\ApiCore\ApiException;
use Google\Cloud\Iam\V1\TestIamPermissionsResponse;
use Google\Cloud\Security\PrivateCA\V1\CertificateAuthorityServiceClient;

/**
 * @param string $resource           REQUIRED: The resource for which the policy detail is being requested.
 *                                   See the operation documentation for the appropriate value for this field.
 * @param string $permissionsElement The set of permissions to check for the `resource`. Permissions with
 *                                   wildcards (such as '*' or 'storage.*') are not allowed. For more
 *                                   information see
 *                                   [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions).
 */
function test_iam_permissions_sample(string $resource, string $permissionsElement): void
{
    // Create a client.
    $certificateAuthorityServiceClient = new CertificateAuthorityServiceClient();

    // Prepare any non-scalar elements to be passed along with the request.
    $permissions = [$permissionsElement,];

    // Call the API and handle any network failures.
    try {
        /** @var TestIamPermissionsResponse $response */
        $response = $certificateAuthorityServiceClient->testIamPermissions($resource, $permissions);
        printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $resource = '[RESOURCE]';
    $permissionsElement = '[PERMISSIONS]';

    test_iam_permissions_sample($resource, $permissionsElement);
}

Constants

SERVICE_NAME

Value: 'google.cloud.security.privateca.v1.CertificateAuthorityService'

The name of the service.

SERVICE_ADDRESS

Value: 'privateca.googleapis.com'

The default address of the service.

DEFAULT_SERVICE_PORT

Value: 443

The default port of the service.

CODEGEN_NAME

Value: 'gapic'

The name of the code generator, to be included in the agent header.