"SrSSKJr SSKJr SSKJr SSKJr SSKJr SSK Jr SSK J r SSK J r SS K Jr SS K Jr SS K Jr SS K Jr SS K Jr SSK Jr SSKJr SSKJr SSKJr SSKJr SSKJr \R:\R<"\R>R@5"SS\RB555r"g)z(Create a new root certificate authority.)absolute_import)division)unicode_literals)base) request_utils)deps) create_utils)flags)iam) operations)p4sa) resource_args)storage) labels_util)concept_parsers)presentation_specs)log) console_iocN^\rSrSrSrU4Sjr\S5rSrSr Sr Sr U=r $) Create'aDCreate a new root certificate authority. TIP: Consider setting a [project lien](https://cloud.google.com/resource-manager/docs/project-liens) on the project to prevent it from accidental deletion. ## EXAMPLES To create a root CA that supports one layer of subordinates: $ {command} prod-root \ --location=us-west1 --pool=my-pool \ --kms-key-version="projects/my-project-pki/locations/us-west1/keyRings/kr1/cryptoKeys/k1/cryptoKeyVersions/1" \ --subject="CN=Example Production Root CA, O=Google" \ --max-chain-length=1 To create a root CA that is based on an existing CA: $ {command} prod-root \ --location=us-west1 --pool=my-pool \ --kms-key-version="projects/my-project-pki/locations/us-west1/keyRings/kr1/cryptoKeys/k1/cryptoKeyVersions/1" \ --from-ca=source-root c>[[U] "U0UD6 [R"SS9Ul[R "SS9Ulg)Nv1 api_version)superr__init__privateca_baseGetClientInstanceclientGetMessagesModulemessages)selfargskwargs __class__s %lib/surface/privateca/roots/create.pyrCreate.__init__As; &$ $1&1 22tDDK"44FDMcURSSS9nURSSSS9n[R"[R"S[ R "S5S SS 9[R"S [ R"5S US 9[R"S[ R "S[R"S5[ R/[R"S5/S9SSSSS.SS9/5RU5 [R"USS9 [R"USS9 [R"USSSS9 [ R""U5 [R$"U5 [R&"U5 [R("USSS9 [R*"U5 [R,"U5 [R."U5 g)NTz^The key configuration used for the CA certificate. Defaults to a managed key if not specified.)mutexhelpFz4The X.509 configuration used for the CA certificate.)r+requiredr,CERTIFICATE_AUTHORITYzCertificate Authorityz"The name of the root CA to create.)r-z--kms-key-versionz,An existing KMS key version to back this CA.)groupz --from-caz source CAz --locationz--pool)location_fallthroughspool_id_fallthroughszAn existing CA from which to copy configuration values for the new CA. You can still override any of those values by explicitly providing the appropriate flags. The specified existing CA must be part of the same pool as the one being created.)projectlocationpool)flag_name_overridesprefixes)subject_requiredzrsa-pkcs1-4096-sha256)defaultCAP10Yz10 years) resource_name default_valuedefault_value_text) is_ca_commanddefault_max_chain_length) add_groupr ConceptParserrResourcePresentationSpecrCreateCertAuthorityResourceSpecCreateKmsKeyVersionResourceSpecrArgFallthroughLOCATION_PROPERTY_FALLTHROUGH AddToParserr AddSubjectFlagsAddKeyAlgorithmFlagAddValidityFlagrAddCreateLabelsFlags AddBucketFlagAddUsePresetProfilesFlagAddInlineX509ParametersFlagsAddAutoEnableFlagAddSubjectKeyIdFlagAddUserDefinedAccessUrlsFlags)parserkey_spec_groupx509_config_groups r'Args Create.ArgsFs%%(&)N(( C)E !!33 #  9 9' ) 0   33   9 9 ; :  " 33   9 9'' 5!??''+&9&9(&C%D  F 6 ! % #>{6 &59  79 % ' $$V,  ""#45 &&N F# f% ''/r)cURRUURR[R"5S9S9nUR R RU5n[R"USSS9$)zEnables the given CA.) requestId)name!enableCertificateAuthorityRequestz Enabling CA.rr) r"DPrivatecaProjectsLocationsCaPoolsCertificateAuthoritiesEnableRequest!EnableCertificateAuthorityRequestrGenerateRequestIdr 1projects_locations_caPools_certificateAuthoritiesEnabler Await)r#ca_nameenable_request operations r'_EnableCertificateAuthority"Create._EnableCertificateAuthoritysv]]gg *.-- * *#557 + 9h:N  MMTTI   I~4 HHr)cUR(agUR5R5nURRR UR RUS95n[R"URUR 5(ag[R"SRUR5R55SS9$)z3Determines whether the CA should be enabled or not.T)parentFzThe CaPool [{}] has no enabled CAs and cannot issue any certificates until at least one CA is enabled. Would you like to also enable this CA?)messager9) auto_enableParent RelativeNamer r_Listr"BPrivatecaProjectsLocationsCaPoolsCertificateAuthoritiesListRequestr HasEnabledCacertificateAuthoritiesrPromptContinueformatName)r#r$ca_ref ca_pool_name list_responses r'_ShouldEnableCaCreate._ShouldEnableCas  ==?//1LKKQQVV K K L !"M  ,,dmm==   $ $%vfmmo&:&:&<=u NNr)c [R"USS9up#nUR5nUR5R5nURRR 5nU(aUR5OSn[ R"Xh5 Sn URS5(a1[R"UR5n U RUl U (dU(a+[R"[R"U5X5 UR R"R%UR&R)UUR+5UR-5[.R0"5S95n [2R4"U SSS9n [2R6"U UR&R85n [:R<R?SRAU RB55 [:R<R?S 5 UREX5(a URGUR-55 gg) NF)is_subordinatebucket)certificateAuthoritycertificateAuthorityIdrhrYzCreating Certificate Authority.rrz#Created Certificate Authority [{}].zTIP: To avoid accidental deletion, please consider adding a project lien on this project. To find out more, see the following doc: https://cloud.google.com/resource-manager/docs/project-liens.)$r CreateCAFromArgsrkCONCEPTSkms_key_versionParser *CheckCreateCertificateAuthorityPermissions IsSpecifiedr%ValidateBucketForCertificateAuthorityr{ gcsBucketr AddResourceRoleBindings GetOrCreater r_rr"DPrivatecaProjectsLocationsCaPoolsCertificateAuthoritiesCreateRequestrsrlrr^r raGetMessageFromResponseCertificateAuthorityrstatusPrintrrrZrwre) r#r$new_cart_pool_ref project_refkey_version_ref kms_key_ref bucket_refrd ca_responsecas r'Run Create.Runs$55 U$FA}}H//#**,Kmm3399;O.=/((*4K22;LJ !!@@Mj#**f[ ""   ; 'B MMTT M M!'#);;=((*#557 N 9:I""9.O]abK  * *;+/==+M+M OBJJ:AA"''JKJJ H D)) &&v':':'<=*r))r r") __name__ __module__ __qualname____firstlineno____doc__r staticmethodrVrerwr__static_attributes__ __classcell__)r&s@r'rr's9,G ;0;0z IN*)>)>r)rN)#r __future__rrr googlecloudsdk.api_lib.privatecarrrgooglecloudsdk.calliope googlecloudsdk.calliope.conceptsr$googlecloudsdk.command_lib.privatecar r r r r rr$googlecloudsdk.command_lib.util.argsr(googlecloudsdk.command_lib.util.conceptsrrgooglecloudsdk.corergooglecloudsdk.core.consolerDefaultUniverseOnly ReleaseTracks ReleaseTrackGA CreateCommandrr)r'rs/&'C:(1=64;5>8<DG#2D%%(()d>T  d>*d>r)