Skip to main content
← back to extensions

@swamp/gcp/privateca

v2026.04.23.1

Google Cloud privateca infrastructure models

Repository

https://github.com/systeminit/swamp-extensions

Platforms

linux-x86_64linux-aarch64darwin-x86_64darwin-aarch64

Labels

gcpgoogle-cloudprivatecacloudinfrastructure

Contents

models

Quality score

Verified by Swamp

How well-documented and verifiable this extension is.

100%

Grade A

  • Has README or module doc2/2earned
  • README has a code example1/1earned
  • README is substantive1/1earned
  • Most symbols documented1/1earned
  • No slow types1/1earned
  • Has description1/1earned
  • At least one platform tag (or universal)1/1earned
  • Two or more platform tags (or universal)1/1earned
  • License declared1/1earned
  • Verified public repository2/2earned

Install

$ swamp extension pull @swamp/gcp/privateca

@swamp/gcp/privateca/capoolsv2026.04.23.1capools.ts

Global Arguments

ArgumentTypeDescription
encryptionSpec?objectThe configuration used for encrypting data at rest.
issuancePolicy?objectDefines controls over all certificate issuance within a CaPool.
labels?recordOptional. Labels with user-defined metadata.
name?stringIdentifier. The resource name for this CaPool in the format `projects/*/locations/*/caPools/*`.
publishingOptions?objectOptions relating to the publication of each CertificateAuthority's CA certificate and CRLs and their inclusion as extensions in issued Certificates. The options set here apply to certificates issued by any CertificateAuthority in the CaPool.
tier?enumRequired. Immutable. The Tier of this CaPool.
caPoolId?stringRequired. It must be unique within a location and match the regular expression `[a-zA-Z0-9_-]{1,63}`
requestId?stringOptional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and
location?stringThe location for this resource (e.g., 'us', 'us-central1', 'europe-west1')
createCreate a caPools
getGet a caPools
ArgumentTypeDescription
identifierstringThe name of the caPools
updateUpdate caPools attributes
deleteDelete the caPools
ArgumentTypeDescription
identifierstringThe name of the caPools
syncSync caPools state from GCP
fetch_ca_certsfetch ca certs
ArgumentTypeDescription
requestId?any

Resources

state(infinite)— A CaPool represents a group of CertificateAuthorities that form a trust ancho...
@swamp/gcp/privateca/capools-certificateauthoritiesv2026.04.23.1capools_certificateauthorities.ts

Global Arguments

ArgumentTypeDescription
accessUrls?objectURLs where a CertificateAuthority will publish content.
config?objectA CertificateConfig describes an X.509 certificate or CSR that is to be created, as an alternative to using ASN.1.
gcsBucket?stringImmutable. The name of a Cloud Storage bucket where this CertificateAuthority will publish content, such as the CA certificate and CRLs. This must be a bucket name, without any prefixes (such as `gs://`) or suffixes (such as `.googleapis.com`). For example, to use a bucket named `my-bucket`, you would simply specify `my-bucket`. If not specified, a managed bucket will be created.
keySpec?objectA Cloud KMS key configuration that a CertificateAuthority will use.
labels?recordOptional. Labels with user-defined metadata.
lifetime?stringRequired. Immutable. The desired lifetime of the CA certificate. Used to create the "not_before_time" and "not_after_time" fields inside an X.509 certificate.
name?stringIdentifier. The resource name for this CertificateAuthority in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
subordinateConfig?objectDescribes a subordinate CA's issuers. This is either a resource name to a known issuing CertificateAuthority, or a PEM issuer certificate chain.
type?enumRequired. Immutable. The Type of this CertificateAuthority.
userDefinedAccessUrls?objectUser-defined URLs for accessing content published by this CertificateAuthority.
certificateAuthorityId?stringRequired. It must be unique within a location and match the regular expression `[a-zA-Z0-9_-]{1,63}`
requestId?stringOptional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and
location?stringThe location for this resource (e.g., 'us', 'us-central1', 'europe-west1')
createCreate a certificateAuthorities
ArgumentTypeDescription
waitForReady?booleanWait for the resource to reach a ready state after creation (default: true)
getGet a certificateAuthorities
ArgumentTypeDescription
identifierstringThe name of the certificateAuthorities
updateUpdate certificateAuthorities attributes
ArgumentTypeDescription
waitForReady?booleanWait for the resource to reach a ready state after update (default: true)
deleteDelete the certificateAuthorities
ArgumentTypeDescription
identifierstringThe name of the certificateAuthorities
syncSync certificateAuthorities state from GCP
activateactivate
ArgumentTypeDescription
pemCaCertificate?any
requestId?any
subordinateConfig?any
disabledisable
ArgumentTypeDescription
ignoreDependentResources?any
requestId?any
enableenable
ArgumentTypeDescription
requestId?any
fetchfetch
undeleteundelete
ArgumentTypeDescription
requestId?any

Resources

state(infinite)— A CertificateAuthority represents an individual Certificate Authority. A Cert...
@swamp/gcp/privateca/capools-certificateauthorities-certificaterevocationlistsv2026.04.23.1capools_certificateauthorities_certificaterevocationlists.ts

Global Arguments

ArgumentTypeDescription
accessUrl?stringOutput only. The location where 'pem_crl' can be accessed.
createTime?stringOutput only. The time at which this CertificateRevocationList was created.
labels?recordOptional. Labels with user-defined metadata.
name?stringIdentifier. The resource name for this CertificateRevocationList in the format `projects/*/locations/*/caPools/*certificateAuthorities/*/ certificateRevocationLists/*`.
pemCrl?stringOutput only. The PEM-encoded X.509 CRL.
revisionId?stringOutput only. The revision ID of this CertificateRevocationList. A new revision is committed whenever a new CRL is published. The format is an 8-character hexadecimal string.
revokedCertificates?arrayOutput only. The revoked serial numbers that appear in pem_crl.
sequenceNumber?stringOutput only. The CRL sequence number that appears in pem_crl.
state?enumOutput only. The State for this CertificateRevocationList.
updateTime?stringOutput only. The time at which this CertificateRevocationList was updated.
location?stringThe location for this resource (e.g., 'us', 'us-central1', 'europe-west1')
getGet a certificateRevocationLists
ArgumentTypeDescription
identifierstringThe name of the certificateRevocationLists
updateUpdate certificateRevocationLists attributes
ArgumentTypeDescription
waitForReady?booleanWait for the resource to reach a ready state after update (default: true)
syncSync certificateRevocationLists state from GCP

Resources

state(infinite)— A CertificateRevocationList corresponds to a signed X.509 certificate Revocat...
@swamp/gcp/privateca/capools-certificatesv2026.04.23.1capools_certificates.ts

Global Arguments

ArgumentTypeDescription
certificateDescription?objectA CertificateDescription describes an X.509 certificate or CSR that has been issued, as an alternative to using ASN.1 / X.509.
certificateTemplate?stringImmutable. The resource name for a CertificateTemplate used to issue this certificate, in the format `projects/*/locations/*/certificateTemplates/*`. If this is specified, the caller must have the necessary permission to use this template. If this is omitted, no template will be used. This template must be in the same location as the Certificate.
config?objectA CertificateConfig describes an X.509 certificate or CSR that is to be created, as an alternative to using ASN.1.
labels?recordOptional. Labels with user-defined metadata.
lifetime?stringRequired. Immutable. The desired lifetime of a certificate. Used to create the "not_before_time" and "not_after_time" fields inside an X.509 certificate. Note that the lifetime may be truncated if it would extend past the life of any certificate authority in the issuing chain.
name?stringIdentifier. The resource name for this Certificate in the format `projects/*/locations/*/caPools/*/certificates/*`.
pemCsr?stringImmutable. A pem-encoded X.509 certificate signing request (CSR).
revocationDetails?objectDescribes fields that are relavent to the revocation of a Certificate.
subjectMode?enumImmutable. Specifies how the Certificate's identity fields are to be decided. If this is omitted, the `DEFAULT` subject mode will be used.
certificateId?stringOptional. It must be unique within a location and match the regular expression `[a-zA-Z0-9_-]{1,63}`. This field is required when using a CertificateAuthority in the Enterprise CertificateAuthority.tier, but is optional and its value is ignored otherwise.
issuingCertificateAuthorityId?stringOptional. The resource ID of the CertificateAuthority that should issue the certificate. This optional field will ignore the load-balancing scheme of the Pool and directly issue the certificate from the CA with the specified ID, contained in the same CaPool referenced by `parent`. Per-CA quota rules apply. If left empty, a CertificateAuthority will be chosen from the CaPool by the service. For example, to issue a Certificate from a Certificate Authority with resource name "projects/my-project/lo
requestId?stringOptional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and
location?stringThe location for this resource (e.g., 'us', 'us-central1', 'europe-west1')
createCreate a certificates
getGet a certificates
ArgumentTypeDescription
identifierstringThe name of the certificates
updateUpdate certificates attributes
syncSync certificates state from GCP
revokerevoke
ArgumentTypeDescription
reason?any
requestId?any

Resources

state(infinite)— A Certificate corresponds to a signed X.509 certificate issued by a Certifica...
@swamp/gcp/privateca/certificatetemplatesv2026.04.23.1certificatetemplates.ts

Global Arguments

ArgumentTypeDescription
description?stringOptional. A human-readable description of scenarios this template is intended for.
identityConstraints?objectDescribes constraints on a Certificate's Subject and SubjectAltNames.
labels?recordOptional. Labels with user-defined metadata.
maximumLifetime?stringOptional. The maximum lifetime allowed for issued Certificates that use this template. If the issuing CaPool resource's IssuancePolicy specifies a maximum_lifetime the minimum of the two durations will be the maximum lifetime for issued Certificates. Note that if the issuing CertificateAuthority expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.
name?stringIdentifier. The resource name for this CertificateTemplate in the format `projects/*/locations/*/certificateTemplates/*`.
passthroughExtensions?objectDescribes a set of X.509 extensions that may be part of some certificate issuance controls.
predefinedValues?objectAn X509Parameters is used to describe certain fields of an X.509 certificate, such as the key usage fields, fields specific to CA certificates, certificate policy extensions and custom extensions.
certificateTemplateId?stringRequired. It must be unique within a location and match the regular expression `[a-zA-Z0-9_-]{1,63}`
requestId?stringOptional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and
location?stringThe location for this resource (e.g., 'us', 'us-central1', 'europe-west1')
createCreate a certificateTemplates
getGet a certificateTemplates
ArgumentTypeDescription
identifierstringThe name of the certificateTemplates
updateUpdate certificateTemplates attributes
deleteDelete the certificateTemplates
ArgumentTypeDescription
identifierstringThe name of the certificateTemplates
syncSync certificateTemplates state from GCP

Resources

state(infinite)— A CertificateTemplate refers to a managed template for certificate issuance.
@swamp/gcp/privateca/locationsv2026.04.23.1locations.ts

Global Arguments

ArgumentTypeDescription
namestringInstance name for this resource (used as the unique identifier in the factory pattern)
getGet a locations
ArgumentTypeDescription
identifierstringThe name of the locations
syncSync locations state from GCP

Resources

state(infinite)— A resource that represents a Google Cloud location.