// Copyright 2026 Google LLC.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.

// Code generated file. DO NOT EDIT.

// Package privateca provides access to the Certificate Authority API.
//
// For product documentation, see: https://cloud.google.com/
//
// # Library status
//
// These client libraries are officially supported by Google. However, this
// library is considered complete and is in maintenance mode. This means
// that we will address critical bugs and security issues but will not add
// any new features.
//
// When possible, we recommend using our newer
// [Cloud Client Libraries for Go](https://pkg.go.dev/cloud.google.com/go)
// that are still actively being worked and iterated on.
//
// # Creating a client
//
// Usage example:
//
//	import "google.golang.org/api/privateca/v1"
//	...
//	ctx := context.Background()
//	privatecaService, err := privateca.NewService(ctx)
//
// In this example, Google Application Default Credentials are used for
// authentication. For information on how to create and obtain Application
// Default Credentials, see https://developers.google.com/identity/protocols/application-default-credentials.
//
// # Other authentication options
//
// To use an API key for authentication (note: some APIs do not support API
// keys), use [google.golang.org/api/option.WithAPIKey]:
//
//	privatecaService, err := privateca.NewService(ctx, option.WithAPIKey("AIza..."))
//
// To use an OAuth token (e.g., a user token obtained via a three-legged OAuth
// flow, use [google.golang.org/api/option.WithTokenSource]:
//
//	config := &oauth2.Config{...}
//	// ...
//	token, err := config.Exchange(ctx, ...)
//	privatecaService, err := privateca.NewService(ctx, option.WithTokenSource(config.TokenSource(ctx, token)))
//
// See [google.golang.org/api/option.ClientOption] for details on options.
package privateca // import "google.golang.org/api/privateca/v1"

import (
	"bytes"
	"context"
	"encoding/json"
	"errors"
	"fmt"
	"io"
	"log/slog"
	"net/http"
	"net/url"
	"strconv"
	"strings"

	"github.com/googleapis/gax-go/v2/internallog"
	googleapi "google.golang.org/api/googleapi"
	internal "google.golang.org/api/internal"
	gensupport "google.golang.org/api/internal/gensupport"
	option "google.golang.org/api/option"
	internaloption "google.golang.org/api/option/internaloption"
	htransport "google.golang.org/api/transport/http"
)

// Always reference these packages, just in case the auto-generated code
// below doesn't.
var _ = bytes.NewBuffer
var _ = strconv.Itoa
var _ = fmt.Sprintf
var _ = json.NewDecoder
var _ = io.Copy
var _ = url.Parse
var _ = gensupport.MarshalJSON
var _ = googleapi.Version
var _ = errors.New
var _ = strings.Replace
var _ = context.Canceled
var _ = internaloption.WithDefaultEndpoint
var _ = internal.Version
var _ = internallog.New

const apiId = "privateca:v1"
const apiName = "privateca"
const apiVersion = "v1"
const basePath = "https://privateca.googleapis.com/"
const basePathTemplate = "https://privateca.UNIVERSE_DOMAIN/"
const mtlsBasePath = "https://privateca.mtls.googleapis.com/"

// OAuth2 scopes used by this API.
const (
	// See, edit, configure, and delete your Google Cloud data and see the email
	// address for your Google Account.
	CloudPlatformScope = "https://www.googleapis.com/auth/cloud-platform"
)

// NewService creates a new Service.
func NewService(ctx context.Context, opts ...option.ClientOption) (*Service, error) {
	scopesOption := internaloption.WithDefaultScopes(
		"https://www.googleapis.com/auth/cloud-platform",
	)
	// NOTE: prepend, so we don't override user-specified scopes.
	opts = append([]option.ClientOption{scopesOption}, opts...)
	opts = append(opts, internaloption.WithDefaultEndpoint(basePath))
	opts = append(opts, internaloption.WithDefaultEndpointTemplate(basePathTemplate))
	opts = append(opts, internaloption.WithDefaultMTLSEndpoint(mtlsBasePath))
	opts = append(opts, internaloption.EnableNewAuthLibrary())
	client, endpoint, err := htransport.NewClient(ctx, opts...)
	if err != nil {
		return nil, err
	}
	s := &Service{client: client, BasePath: basePath, logger: internaloption.GetLogger(opts)}
	s.Projects = NewProjectsService(s)
	if endpoint != "" {
		s.BasePath = endpoint
	}
	return s, nil
}

// New creates a new Service. It uses the provided http.Client for requests.
//
// Deprecated: please use NewService instead.
// To provide a custom HTTP client, use option.WithHTTPClient.
// If you are using google.golang.org/api/googleapis/transport.APIKey, use option.WithAPIKey with NewService instead.
func New(client *http.Client) (*Service, error) {
	if client == nil {
		return nil, errors.New("client is nil")
	}
	return NewService(context.TODO(), option.WithHTTPClient(client))
}

type Service struct {
	client    *http.Client
	logger    *slog.Logger
	BasePath  string // API endpoint base URL
	UserAgent string // optional additional User-Agent fragment

	Projects *ProjectsService
}

func (s *Service) userAgent() string {
	if s.UserAgent == "" {
		return googleapi.UserAgent
	}
	return googleapi.UserAgent + " " + s.UserAgent
}

func NewProjectsService(s *Service) *ProjectsService {
	rs := &ProjectsService{s: s}
	rs.Locations = NewProjectsLocationsService(s)
	return rs
}

type ProjectsService struct {
	s *Service

	Locations *ProjectsLocationsService
}

func NewProjectsLocationsService(s *Service) *ProjectsLocationsService {
	rs := &ProjectsLocationsService{s: s}
	rs.CaPools = NewProjectsLocationsCaPoolsService(s)
	rs.CertificateTemplates = NewProjectsLocationsCertificateTemplatesService(s)
	rs.Operations = NewProjectsLocationsOperationsService(s)
	return rs
}

type ProjectsLocationsService struct {
	s *Service

	CaPools *ProjectsLocationsCaPoolsService

	CertificateTemplates *ProjectsLocationsCertificateTemplatesService

	Operations *ProjectsLocationsOperationsService
}

func NewProjectsLocationsCaPoolsService(s *Service) *ProjectsLocationsCaPoolsService {
	rs := &ProjectsLocationsCaPoolsService{s: s}
	rs.CertificateAuthorities = NewProjectsLocationsCaPoolsCertificateAuthoritiesService(s)
	rs.Certificates = NewProjectsLocationsCaPoolsCertificatesService(s)
	return rs
}

type ProjectsLocationsCaPoolsService struct {
	s *Service

	CertificateAuthorities *ProjectsLocationsCaPoolsCertificateAuthoritiesService

	Certificates *ProjectsLocationsCaPoolsCertificatesService
}

func NewProjectsLocationsCaPoolsCertificateAuthoritiesService(s *Service) *ProjectsLocationsCaPoolsCertificateAuthoritiesService {
	rs := &ProjectsLocationsCaPoolsCertificateAuthoritiesService{s: s}
	rs.CertificateRevocationLists = NewProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsService(s)
	return rs
}

type ProjectsLocationsCaPoolsCertificateAuthoritiesService struct {
	s *Service

	CertificateRevocationLists *ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsService
}

func NewProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsService(s *Service) *ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsService {
	rs := &ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsService{s: s}
	return rs
}

type ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsService struct {
	s *Service
}

func NewProjectsLocationsCaPoolsCertificatesService(s *Service) *ProjectsLocationsCaPoolsCertificatesService {
	rs := &ProjectsLocationsCaPoolsCertificatesService{s: s}
	return rs
}

type ProjectsLocationsCaPoolsCertificatesService struct {
	s *Service
}

func NewProjectsLocationsCertificateTemplatesService(s *Service) *ProjectsLocationsCertificateTemplatesService {
	rs := &ProjectsLocationsCertificateTemplatesService{s: s}
	return rs
}

type ProjectsLocationsCertificateTemplatesService struct {
	s *Service
}

func NewProjectsLocationsOperationsService(s *Service) *ProjectsLocationsOperationsService {
	rs := &ProjectsLocationsOperationsService{s: s}
	return rs
}

type ProjectsLocationsOperationsService struct {
	s *Service
}

// AccessUrls: URLs where a CertificateAuthority will publish content.
type AccessUrls struct {
	// CaCertificateAccessUrl: The URL where this CertificateAuthority's CA
	// certificate is published. This will only be set for CAs that have been
	// activated.
	CaCertificateAccessUrl string `json:"caCertificateAccessUrl,omitempty"`
	// CrlAccessUrls: The URLs where this CertificateAuthority's CRLs are
	// published. This will only be set for CAs that have been activated.
	CrlAccessUrls []string `json:"crlAccessUrls,omitempty"`
	// ForceSendFields is a list of field names (e.g. "CaCertificateAccessUrl") to
	// unconditionally include in API requests. By default, fields with empty or
	// default values are omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
	// details.
	ForceSendFields []string `json:"-"`
	// NullFields is a list of field names (e.g. "CaCertificateAccessUrl") to
	// include in API requests with the JSON null value. By default, fields with
	// empty values are omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
	NullFields []string `json:"-"`
}

func (s AccessUrls) MarshalJSON() ([]byte, error) {
	type NoMethod AccessUrls
	return gensupport.MarshalJSON(NoMethod(s), s.ForceSendFields, s.NullFields)
}

// ActivateCertificateAuthorityRequest: Request message for
// CertificateAuthorityService.ActivateCertificateAuthority.
type ActivateCertificateAuthorityRequest struct {
	// PemCaCertificate: Required. The signed CA certificate issued from
	// FetchCertificateAuthorityCsrResponse.pem_csr.
	PemCaCertificate string `json:"pemCaCertificate,omitempty"`
	// RequestId: Optional. An ID to identify requests. Specify a unique request ID
	// so that if you must retry your request, the server will know to ignore the
	// request if it has already been completed. The server will guarantee that for
	// at least 60 minutes since the first request. For example, consider a
	// situation where you make an initial request and the request times out. If
	// you make the request again with the same request ID, the server can check if
	// original operation with the same request ID was received, and if so, will
	// ignore the second request. This prevents clients from accidentally creating
	// duplicate commitments. The request ID must be a valid UUID with the
	// exception that zero UUID is not supported
	// (00000000-0000-0000-0000-000000000000).
	RequestId string `json:"requestId,omitempty"`
	// SubordinateConfig: Required. Must include information about the issuer of
	// 'pem_ca_certificate', and any further issuers until the self-signed CA.
	SubordinateConfig *SubordinateConfig `json:"subordinateConfig,omitempty"`
	// ForceSendFields is a list of field names (e.g. "PemCaCertificate") to
	// unconditionally include in API requests. By default, fields with empty or
	// default values are omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
	// details.
	ForceSendFields []string `json:"-"`
	// NullFields is a list of field names (e.g. "PemCaCertificate") to include in
	// API requests with the JSON null value. By default, fields with empty values
	// are omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
	NullFields []string `json:"-"`
}

func (s ActivateCertificateAuthorityRequest) MarshalJSON() ([]byte, error) {
	type NoMethod ActivateCertificateAuthorityRequest
	return gensupport.MarshalJSON(NoMethod(s), s.ForceSendFields, s.NullFields)
}

// AllowedKeyType: Describes a "type" of key that may be used in a Certificate
// issued from a CaPool. Note that a single AllowedKeyType may refer to either
// a fully-qualified key algorithm, such as RSA 4096, or a family of key
// algorithms, such as any RSA key.
type AllowedKeyType struct {
	// EllipticCurve: Represents an allowed Elliptic Curve key type.
	EllipticCurve *EcKeyType `json:"ellipticCurve,omitempty"`
	// Rsa: Represents an allowed RSA key type.
	Rsa *RsaKeyType `json:"rsa,omitempty"`
	// ForceSendFields is a list of field names (e.g. "EllipticCurve") to
	// unconditionally include in API requests. By default, fields with empty or
	// default values are omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
	// details.
	ForceSendFields []string `json:"-"`
	// NullFields is a list of field names (e.g. "EllipticCurve") to include in API
	// requests with the JSON null value. By default, fields with empty values are
	// omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
	NullFields []string `json:"-"`
}

func (s AllowedKeyType) MarshalJSON() ([]byte, error) {
	type NoMethod AllowedKeyType
	return gensupport.MarshalJSON(NoMethod(s), s.ForceSendFields, s.NullFields)
}

// AttributeTypeAndValue: AttributeTypeAndValue specifies an attribute type and
// value. It can use either a OID or enum value to specify the attribute type.
type AttributeTypeAndValue struct {
	// ObjectId: Object ID for an attribute type of an attribute and value pair.
	ObjectId *ObjectId `json:"objectId,omitempty"`
	// Type: The attribute type of the attribute and value pair.
	//
	// Possible values:
	//   "ATTRIBUTE_TYPE_UNSPECIFIED" - Attribute type is unspecified.
	//   "COMMON_NAME" - The "common name" of the subject.
	//   "COUNTRY_CODE" - The country code of the subject.
	//   "ORGANIZATION" - The organization of the subject.
	//   "ORGANIZATIONAL_UNIT" - The organizational unit of the subject.
	//   "LOCALITY" - The locality or city of the subject.
	//   "PROVINCE" - The province, territory, or regional state of the subject.
	//   "STREET_ADDRESS" - The street address of the subject.
	//   "POSTAL_CODE" - The postal code of the subject.
	Type string `json:"type,omitempty"`
	// Value: The value for the attribute type.
	Value string `json:"value,omitempty"`
	// ForceSendFields is a list of field names (e.g. "ObjectId") to
	// unconditionally include in API requests. By default, fields with empty or
	// default values are omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
	// details.
	ForceSendFields []string `json:"-"`
	// NullFields is a list of field names (e.g. "ObjectId") to include in API
	// requests with the JSON null value. By default, fields with empty values are
	// omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
	NullFields []string `json:"-"`
}

func (s AttributeTypeAndValue) MarshalJSON() ([]byte, error) {
	type NoMethod AttributeTypeAndValue
	return gensupport.MarshalJSON(NoMethod(s), s.ForceSendFields, s.NullFields)
}

// AuditConfig: Specifies the audit configuration for a service. The
// configuration determines which permission types are logged, and what
// identities, if any, are exempted from logging. An AuditConfig must have one
// or more AuditLogConfigs. If there are AuditConfigs for both `allServices`
// and a specific service, the union of the two AuditConfigs is used for that
// service: the log_types specified in each AuditConfig are enabled, and the
// exempted_members in each AuditLogConfig are exempted. Example Policy with
// multiple AuditConfigs: { "audit_configs": [ { "service": "allServices",
// "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [
// "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type":
// "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com",
// "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type":
// "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For
// sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
// logging. It also exempts `jose@example.com` from DATA_READ logging, and
// `aliya@example.com` from DATA_WRITE logging.
type AuditConfig struct {
	// AuditLogConfigs: The configuration for logging of each type of permission.
	AuditLogConfigs []*AuditLogConfig `json:"auditLogConfigs,omitempty"`
	// Service: Specifies a service that will be enabled for audit logging. For
	// example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices`
	// is a special value that covers all services.
	Service string `json:"service,omitempty"`
	// ForceSendFields is a list of field names (e.g. "AuditLogConfigs") to
	// unconditionally include in API requests. By default, fields with empty or
	// default values are omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
	// details.
	ForceSendFields []string `json:"-"`
	// NullFields is a list of field names (e.g. "AuditLogConfigs") to include in
	// API requests with the JSON null value. By default, fields with empty values
	// are omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
	NullFields []string `json:"-"`
}

func (s AuditConfig) MarshalJSON() ([]byte, error) {
	type NoMethod AuditConfig
	return gensupport.MarshalJSON(NoMethod(s), s.ForceSendFields, s.NullFields)
}

// AuditLogConfig: Provides the configuration for logging a type of
// permissions. Example: { "audit_log_configs": [ { "log_type": "DATA_READ",
// "exempted_members": [ "user:jose@example.com" ] }, { "log_type":
// "DATA_WRITE" } ] } This enables 'DATA_READ' and 'DATA_WRITE' logging, while
// exempting jose@example.com from DATA_READ logging.
type AuditLogConfig struct {
	// ExemptedMembers: Specifies the identities that do not cause logging for this
	// type of permission. Follows the same format of Binding.members.
	ExemptedMembers []string `json:"exemptedMembers,omitempty"`
	// LogType: The log type that this config enables.
	//
	// Possible values:
	//   "LOG_TYPE_UNSPECIFIED" - Default case. Should never be this.
	//   "ADMIN_READ" - Admin reads. Example: CloudIAM getIamPolicy
	//   "DATA_WRITE" - Data writes. Example: CloudSQL Users create
	//   "DATA_READ" - Data reads. Example: CloudSQL Users list
	LogType string `json:"logType,omitempty"`
	// ForceSendFields is a list of field names (e.g. "ExemptedMembers") to
	// unconditionally include in API requests. By default, fields with empty or
	// default values are omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
	// details.
	ForceSendFields []string `json:"-"`
	// NullFields is a list of field names (e.g. "ExemptedMembers") to include in
	// API requests with the JSON null value. By default, fields with empty values
	// are omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
	NullFields []string `json:"-"`
}

func (s AuditLogConfig) MarshalJSON() ([]byte, error) {
	type NoMethod AuditLogConfig
	return gensupport.MarshalJSON(NoMethod(s), s.ForceSendFields, s.NullFields)
}

// Binding: Associates `members`, or principals, with a `role`.
type Binding struct {
	// Condition: The condition that is associated with this binding. If the
	// condition evaluates to `true`, then this binding applies to the current
	// request. If the condition evaluates to `false`, then this binding does not
	// apply to the current request. However, a different role binding might grant
	// the same role to one or more of the principals in this binding. To learn
	// which resources support conditions in their IAM policies, see the IAM
	// documentation
	// (https://cloud.google.com/iam/help/conditions/resource-policies).
	Condition *Expr `json:"condition,omitempty"`
	// Members: Specifies the principals requesting access for a Google Cloud
	// resource. `members` can have the following values: * `allUsers`: A special
	// identifier that represents anyone who is on the internet; with or without a
	// Google account. * `allAuthenticatedUsers`: A special identifier that
	// represents anyone who is authenticated with a Google account or a service
	// account. Does not include identities that come from external identity
	// providers (IdPs) through identity federation. * `user:{emailid}`: An email
	// address that represents a specific Google account. For example,
	// `alice@example.com` . * `serviceAccount:{emailid}`: An email address that
	// represents a Google service account. For example,
	// `my-other-app@appspot.gserviceaccount.com`. *
	// `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An
	// identifier for a Kubernetes service account
	// (https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts).
	// For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. *
	// `group:{emailid}`: An email address that represents a Google group. For
	// example, `admins@example.com`. * `domain:{domain}`: The G Suite domain
	// (primary) that represents all the users of that domain. For example,
	// `google.com` or `example.com`. *
	// `principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/sub
	// ject/{subject_attribute_value}`: A single identity in a workforce identity
	// pool. *
	// `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/
	// group/{group_id}`: All workforce identities in a group. *
	// `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/
	// attribute.{attribute_name}/{attribute_value}`: All workforce identities with
	// a specific attribute value. *
	// `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/
	// *`: All identities in a workforce identity pool. *
	// `principal://iam.googleapis.com/projects/{project_number}/locations/global/wo
	// rkloadIdentityPools/{pool_id}/subject/{subject_attribute_value}`: A single
	// identity in a workload identity pool. *
	// `principalSet://iam.googleapis.com/projects/{project_number}/locations/global
	// /workloadIdentityPools/{pool_id}/group/{group_id}`: A workload identity pool
	// group. *
	// `principalSet://iam.googleapis.com/projects/{project_number}/locations/global
	// /workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{attribute_value}
	// `: All identities in a workload identity pool with a certain attribute. *
	// `principalSet://iam.googleapis.com/projects/{project_number}/locations/global
	// /workloadIdentityPools/{pool_id}/*`: All identities in a workload identity
	// pool. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus
	// unique identifier) representing a user that has been recently deleted. For
	// example, `alice@example.com?uid=123456789012345678901`. If the user is
	// recovered, this value reverts to `user:{emailid}` and the recovered user
	// retains the role in the binding. *
	// `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus
	// unique identifier) representing a service account that has been recently
	// deleted. For example,
	// `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the
	// service account is undeleted, this value reverts to
	// `serviceAccount:{emailid}` and the undeleted service account retains the
	// role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email
	// address (plus unique identifier) representing a Google group that has been
	// recently deleted. For example,
	// `admins@example.com?uid=123456789012345678901`. If the group is recovered,
	// this value reverts to `group:{emailid}` and the recovered group retains the
	// role in the binding. *
	// `deleted:principal://iam.googleapis.com/locations/global/workforcePools/{pool
	// _id}/subject/{subject_attribute_value}`: Deleted single identity in a
	// workforce identity pool. For example,
	// `deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-po
	// ol-id/subject/my-subject-attribute-value`.
	Members []string `json:"members,omitempty"`
	// Role: Role that is assigned to the list of `members`, or principals. For
	// example, `roles/viewer`, `roles/editor`, or `roles/owner`. For an overview
	// of the IAM roles and permissions, see the IAM documentation
	// (https://cloud.google.com/iam/docs/roles-overview). For a list of the
	// available pre-defined roles, see here
	// (https://cloud.google.com/iam/docs/understanding-roles).
	Role string `json:"role,omitempty"`
	// ForceSendFields is a list of field names (e.g. "Condition") to
	// unconditionally include in API requests. By default, fields with empty or
	// default values are omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
	// details.
	ForceSendFields []string `json:"-"`
	// NullFields is a list of field names (e.g. "Condition") to include in API
	// requests with the JSON null value. By default, fields with empty values are
	// omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
	NullFields []string `json:"-"`
}

func (s Binding) MarshalJSON() ([]byte, error) {
	type NoMethod Binding
	return gensupport.MarshalJSON(NoMethod(s), s.ForceSendFields, s.NullFields)
}

// CaOptions: Describes the X.509 basic constraints extension, per RFC 5280
// section 4.2.1.9 (https://tools.ietf.org/html/rfc5280#section-4.2.1.9)
type CaOptions struct {
	// IsCa: Optional. Refers to the "CA" boolean field in the X.509 extension.
	// When this value is missing, the basic constraints extension will be omitted
	// from the certificate.
	IsCa bool `json:"isCa,omitempty"`
	// MaxIssuerPathLength: Optional. Refers to the path length constraint field in
	// the X.509 extension. For a CA certificate, this value describes the depth of
	// subordinate CA certificates that are allowed. If this value is less than 0,
	// the request will fail. If this value is missing, the max path length will be
	// omitted from the certificate.
	MaxIssuerPathLength int64 `json:"maxIssuerPathLength,omitempty"`
	// ForceSendFields is a list of field names (e.g. "IsCa") to unconditionally
	// include in API requests. By default, fields with empty or default values are
	// omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
	// details.
	ForceSendFields []string `json:"-"`
	// NullFields is a list of field names (e.g. "IsCa") to include in API requests
	// with the JSON null value. By default, fields with empty values are omitted
	// from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
	NullFields []string `json:"-"`
}

func (s CaOptions) MarshalJSON() ([]byte, error) {
	type NoMethod CaOptions
	return gensupport.MarshalJSON(NoMethod(s), s.ForceSendFields, s.NullFields)
}

// CaPool: A CaPool represents a group of CertificateAuthorities that form a
// trust anchor. A CaPool can be used to manage issuance policies for one or
// more CertificateAuthority resources and to rotate CA certificates in and out
// of the trust anchor.
type CaPool struct {
	// EncryptionSpec: Optional. When EncryptionSpec is provided, the Subject,
	// SubjectAltNames, and the PEM-encoded certificate fields will be encrypted at
	// rest.
	EncryptionSpec *EncryptionSpec `json:"encryptionSpec,omitempty"`
	// IssuancePolicy: Optional. The IssuancePolicy to control how Certificates
	// will be issued from this CaPool.
	IssuancePolicy *IssuancePolicy `json:"issuancePolicy,omitempty"`
	// Labels: Optional. Labels with user-defined metadata.
	Labels map[string]string `json:"labels,omitempty"`
	// Name: Identifier. The resource name for this CaPool in the format
	// `projects/*/locations/*/caPools/*`.
	Name string `json:"name,omitempty"`
	// PublishingOptions: Optional. The PublishingOptions to follow when issuing
	// Certificates from any CertificateAuthority in this CaPool.
	PublishingOptions *PublishingOptions `json:"publishingOptions,omitempty"`
	// Tier: Required. Immutable. The Tier of this CaPool.
	//
	// Possible values:
	//   "TIER_UNSPECIFIED" - Not specified.
	//   "ENTERPRISE" - Enterprise tier.
	//   "DEVOPS" - DevOps tier.
	Tier string `json:"tier,omitempty"`

	// ServerResponse contains the HTTP response code and headers from the server.
	googleapi.ServerResponse `json:"-"`
	// ForceSendFields is a list of field names (e.g. "EncryptionSpec") to
	// unconditionally include in API requests. By default, fields with empty or
	// default values are omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
	// details.
	ForceSendFields []string `json:"-"`
	// NullFields is a list of field names (e.g. "EncryptionSpec") to include in
	// API requests with the JSON null value. By default, fields with empty values
	// are omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
	NullFields []string `json:"-"`
}

func (s CaPool) MarshalJSON() ([]byte, error) {
	type NoMethod CaPool
	return gensupport.MarshalJSON(NoMethod(s), s.ForceSendFields, s.NullFields)
}

// CancelOperationRequest: The request message for Operations.CancelOperation.
type CancelOperationRequest struct {
}

type CertChain struct {
	// Certificates: The certificates that form the CA chain, from leaf to root
	// order.
	Certificates []string `json:"certificates,omitempty"`
	// ForceSendFields is a list of field names (e.g. "Certificates") to
	// unconditionally include in API requests. By default, fields with empty or
	// default values are omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
	// details.
	ForceSendFields []string `json:"-"`
	// NullFields is a list of field names (e.g. "Certificates") to include in API
	// requests with the JSON null value. By default, fields with empty values are
	// omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
	NullFields []string `json:"-"`
}

func (s CertChain) MarshalJSON() ([]byte, error) {
	type NoMethod CertChain
	return gensupport.MarshalJSON(NoMethod(s), s.ForceSendFields, s.NullFields)
}

// Certificate: A Certificate corresponds to a signed X.509 certificate issued
// by a CertificateAuthority.
type Certificate struct {
	// CertificateDescription: Output only. A structured description of the issued
	// X.509 certificate.
	CertificateDescription *CertificateDescription `json:"certificateDescription,omitempty"`
	// CertificateTemplate: Immutable. The resource name for a CertificateTemplate
	// used to issue this certificate, in the format
	// `projects/*/locations/*/certificateTemplates/*`. If this is specified, the
	// caller must have the necessary permission to use this template. If this is
	// omitted, no template will be used. This template must be in the same
	// location as the Certificate.
	CertificateTemplate string `json:"certificateTemplate,omitempty"`
	// Config: Immutable. A description of the certificate and key that does not
	// require X.509 or ASN.1.
	Config *CertificateConfig `json:"config,omitempty"`
	// CreateTime: Output only. The time at which this Certificate was created.
	CreateTime string `json:"createTime,omitempty"`
	// IssuerCertificateAuthority: Output only. The resource name of the issuing
	// CertificateAuthority in the format
	// `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
	IssuerCertificateAuthority string `json:"issuerCertificateAuthority,omitempty"`
	// Labels: Optional. Labels with user-defined metadata.
	Labels map[string]string `json:"labels,omitempty"`
	// Lifetime: Required. Immutable. The desired lifetime of a certificate. Used
	// to create the "not_before_time" and "not_after_time" fields inside an X.509
	// certificate. Note that the lifetime may be truncated if it would extend past
	// the life of any certificate authority in the issuing chain.
	Lifetime string `json:"lifetime,omitempty"`
	// Name: Identifier. The resource name for this Certificate in the format
	// `projects/*/locations/*/caPools/*/certificates/*`.
	Name string `json:"name,omitempty"`
	// PemCertificate: Output only. The pem-encoded, signed X.509 certificate.
	PemCertificate string `json:"pemCertificate,omitempty"`
	// PemCertificateChain: Output only. The chain that may be used to verify the
	// X.509 certificate. Expected to be in issuer-to-root order according to RFC
	// 5246.
	PemCertificateChain []string `json:"pemCertificateChain,omitempty"`
	// PemCsr: Immutable. A pem-encoded X.509 certificate signing request (CSR).
	PemCsr string `json:"pemCsr,omitempty"`
	// RevocationDetails: Output only. Details regarding the revocation of this
	// Certificate. This Certificate is considered revoked if and only if this
	// field is present.
	RevocationDetails *RevocationDetails `json:"revocationDetails,omitempty"`
	// SubjectMode: Immutable. Specifies how the Certificate's identity fields are
	// to be decided. If this is omitted, the `DEFAULT` subject mode will be used.
	//
	// Possible values:
	//   "SUBJECT_REQUEST_MODE_UNSPECIFIED" - Not specified.
	//   "DEFAULT" - The default mode used in most cases. Indicates that the
	// certificate's Subject and/or SubjectAltNames are specified in the
	// certificate request. This mode requires the caller to have the
	// `privateca.certificates.create` permission.
	//   "RDN_SEQUENCE" - A mode used to get an accurate representation of the
	// Subject field's distinguished name. Indicates that the certificate's Subject
	// and/or SubjectAltNames are specified in the certificate request. When
	// parsing a PEM CSR this mode will maintain the sequence of RDNs found in the
	// CSR's subject field in the issued Certificate. This mode requires the caller
	// to have the `privateca.certificates.create` permission.
	//   "REFLECTED_SPIFFE" - A mode reserved for special cases. Indicates that the
	// certificate should have one SPIFFE SubjectAltNames set by the service based
	// on the caller's identity. This mode will ignore any explicitly specified
	// Subject and/or SubjectAltNames in the certificate request. This mode
	// requires the caller to have the `privateca.certificates.createForSelf`
	// permission.
	SubjectMode string `json:"subjectMode,omitempty"`
	// UpdateTime: Output only. The time at which this Certificate was updated.
	UpdateTime string `json:"updateTime,omitempty"`

	// ServerResponse contains the HTTP response code and headers from the server.
	googleapi.ServerResponse `json:"-"`
	// ForceSendFields is a list of field names (e.g. "CertificateDescription") to
	// unconditionally include in API requests. By default, fields with empty or
	// default values are omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
	// details.
	ForceSendFields []string `json:"-"`
	// NullFields is a list of field names (e.g. "CertificateDescription") to
	// include in API requests with the JSON null value. By default, fields with
	// empty values are omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
	NullFields []string `json:"-"`
}

func (s Certificate) MarshalJSON() ([]byte, error) {
	type NoMethod Certificate
	return gensupport.MarshalJSON(NoMethod(s), s.ForceSendFields, s.NullFields)
}

// CertificateAuthority: A CertificateAuthority represents an individual
// Certificate Authority. A CertificateAuthority can be used to create
// Certificates.
type CertificateAuthority struct {
	// AccessUrls: Output only. URLs for accessing content published by this CA,
	// such as the CA certificate and CRLs.
	AccessUrls *AccessUrls `json:"accessUrls,omitempty"`
	// CaCertificateDescriptions: Output only. A structured description of this
	// CertificateAuthority's CA certificate and its issuers. Ordered as
	// self-to-root.
	CaCertificateDescriptions []*CertificateDescription `json:"caCertificateDescriptions,omitempty"`
	// Config: Required. Immutable. The config used to create a self-signed X.509
	// certificate or CSR.
	Config *CertificateConfig `json:"config,omitempty"`
	// CreateTime: Output only. The time at which this CertificateAuthority was
	// created.
	CreateTime string `json:"createTime,omitempty"`
	// DeleteTime: Output only. The time at which this CertificateAuthority was
	// soft deleted, if it is in the DELETED state.
	DeleteTime string `json:"deleteTime,omitempty"`
	// ExpireTime: Output only. The time at which this CertificateAuthority will be
	// permanently purged, if it is in the DELETED state.
	ExpireTime string `json:"expireTime,omitempty"`
	// GcsBucket: Immutable. The name of a Cloud Storage bucket where this
	// CertificateAuthority will publish content, such as the CA certificate and
	// CRLs. This must be a bucket name, without any prefixes (such as `gs://`) or
	// suffixes (such as `.googleapis.com`). For example, to use a bucket named
	// `my-bucket`, you would simply specify `my-bucket`. If not specified, a
	// managed bucket will be created.
	GcsBucket string `json:"gcsBucket,omitempty"`
	// KeySpec: Required. Immutable. Used when issuing certificates for this
	// CertificateAuthority. If this CertificateAuthority is a self-signed
	// CertificateAuthority, this key is also used to sign the self-signed CA
	// certificate. Otherwise, it is used to sign a CSR.
	KeySpec *KeyVersionSpec `json:"keySpec,omitempty"`
	// Labels: Optional. Labels with user-defined metadata.
	Labels map[string]string `json:"labels,omitempty"`
	// Lifetime: Required. Immutable. The desired lifetime of the CA certificate.
	// Used to create the "not_before_time" and "not_after_time" fields inside an
	// X.509 certificate.
	Lifetime string `json:"lifetime,omitempty"`
	// Name: Identifier. The resource name for this CertificateAuthority in the
	// format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
	Name string `json:"name,omitempty"`
	// PemCaCertificates: Output only. This CertificateAuthority's certificate
	// chain, including the current CertificateAuthority's certificate. Ordered
	// such that the root issuer is the final element (consistent with RFC 5246).
	// For a self-signed CA, this will only list the current CertificateAuthority's
	// certificate.
	PemCaCertificates []string `json:"pemCaCertificates,omitempty"`
	// SatisfiesPzi: Output only. Reserved for future use.
	SatisfiesPzi bool `json:"satisfiesPzi,omitempty"`
	// SatisfiesPzs: Output only. Reserved for future use.
	SatisfiesPzs bool `json:"satisfiesPzs,omitempty"`
	// State: Output only. The State for this CertificateAuthority.
	//
	// Possible values:
	//   "STATE_UNSPECIFIED" - Not specified.
	//   "ENABLED" - Certificates can be issued from this CA. CRLs will be
	// generated for this CA. The CA will be part of the CaPool's trust anchor, and
	// will be used to issue certificates from the CaPool.
	//   "DISABLED" - Certificates cannot be issued from this CA. CRLs will still
	// be generated. The CA will be part of the CaPool's trust anchor, but will not
	// be used to issue certificates from the CaPool.
	//   "STAGED" - Certificates can be issued from this CA. CRLs will be generated
	// for this CA. The CA will be part of the CaPool's trust anchor, but will not
	// be used to issue certificates from the CaPool.
	//   "AWAITING_USER_ACTIVATION" - Certificates cannot be issued from this CA.
	// CRLs will not be generated. The CA will not be part of the CaPool's trust
	// anchor, and will not be used to issue certificates from the CaPool.
	//   "DELETED" - Certificates cannot be issued from this CA. CRLs will not be
	// generated. The CA may still be recovered by calling
	// CertificateAuthorityService.UndeleteCertificateAuthority before expire_time.
	// The CA will not be part of the CaPool's trust anchor, and will not be used
	// to issue certificates from the CaPool.
	State string `json:"state,omitempty"`
	// SubordinateConfig: Optional. If this is a subordinate CertificateAuthority,
	// this field will be set with the subordinate configuration, which describes
	// its issuers. This may be updated, but this CertificateAuthority must
	// continue to validate.
	SubordinateConfig *SubordinateConfig `json:"subordinateConfig,omitempty"`
	// Tier: Output only. The CaPool.Tier of the CaPool that includes this
	// CertificateAuthority.
	//
	// Possible values:
	//   "TIER_UNSPECIFIED" - Not specified.
	//   "ENTERPRISE" - Enterprise tier.
	//   "DEVOPS" - DevOps tier.
	Tier string `json:"tier,omitempty"`
	// Type: Required. Immutable. The Type of this CertificateAuthority.
	//
	// Possible values:
	//   "TYPE_UNSPECIFIED" - Not specified.
	//   "SELF_SIGNED" - Self-signed CA.
	//   "SUBORDINATE" - Subordinate CA. Could be issued by a Private CA
	// CertificateAuthority or an unmanaged CA.
	Type string `json:"type,omitempty"`
	// UpdateTime: Output only. The time at which this CertificateAuthority was
	// last updated.
	UpdateTime string `json:"updateTime,omitempty"`
	// UserDefinedAccessUrls: Optional. User-defined URLs for CA certificate and
	// CRLs. The service does not publish content to these URLs. It is up to the
	// user to mirror content to these URLs.
	UserDefinedAccessUrls *UserDefinedAccessUrls `json:"userDefinedAccessUrls,omitempty"`

	// ServerResponse contains the HTTP response code and headers from the server.
	googleapi.ServerResponse `json:"-"`
	// ForceSendFields is a list of field names (e.g. "AccessUrls") to
	// unconditionally include in API requests. By default, fields with empty or
	// default values are omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
	// details.
	ForceSendFields []string `json:"-"`
	// NullFields is a list of field names (e.g. "AccessUrls") to include in API
	// requests with the JSON null value. By default, fields with empty values are
	// omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
	NullFields []string `json:"-"`
}

func (s CertificateAuthority) MarshalJSON() ([]byte, error) {
	type NoMethod CertificateAuthority
	return gensupport.MarshalJSON(NoMethod(s), s.ForceSendFields, s.NullFields)
}

// CertificateConfig: A CertificateConfig describes an X.509 certificate or CSR
// that is to be created, as an alternative to using ASN.1.
type CertificateConfig struct {
	// PublicKey: Optional. The public key that corresponds to this config. This
	// is, for example, used when issuing Certificates, but not when creating a
	// self-signed CertificateAuthority or CertificateAuthority CSR.
	PublicKey *PublicKey `json:"publicKey,omitempty"`
	// SubjectConfig: Required. Specifies some of the values in a certificate that
	// are related to the subject.
	SubjectConfig *SubjectConfig `json:"subjectConfig,omitempty"`
	// SubjectKeyId: Optional. When specified this provides a custom SKI to be used
	// in the certificate. This should only be used to maintain a SKI of an
	// existing CA originally created outside CA service, which was not generated
	// using method (1) described in RFC 5280 section 4.2.1.2.
	SubjectKeyId *CertificateConfigKeyId `json:"subjectKeyId,omitempty"`
	// X509Config: Required. Describes how some of the technical X.509 fields in a
	// certificate should be populated.
	X509Config *X509Parameters `json:"x509Config,omitempty"`
	// ForceSendFields is a list of field names (e.g. "PublicKey") to
	// unconditionally include in API requests. By default, fields with empty or
	// default values are omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
	// details.
	ForceSendFields []string `json:"-"`
	// NullFields is a list of field names (e.g. "PublicKey") to include in API
	// requests with the JSON null value. By default, fields with empty values are
	// omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
	NullFields []string `json:"-"`
}

func (s CertificateConfig) MarshalJSON() ([]byte, error) {
	type NoMethod CertificateConfig
	return gensupport.MarshalJSON(NoMethod(s), s.ForceSendFields, s.NullFields)
}

// CertificateConfigKeyId: A KeyId identifies a specific public key, usually by
// hashing the public key.
type CertificateConfigKeyId struct {
	// KeyId: Required. The value of this KeyId encoded in lowercase hexadecimal.
	// This is most likely the 160 bit SHA-1 hash of the public key.
	KeyId string `json:"keyId,omitempty"`
	// ForceSendFields is a list of field names (e.g. "KeyId") to unconditionally
	// include in API requests. By default, fields with empty or default values are
	// omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
	// details.
	ForceSendFields []string `json:"-"`
	// NullFields is a list of field names (e.g. "KeyId") to include in API
	// requests with the JSON null value. By default, fields with empty values are
	// omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
	NullFields []string `json:"-"`
}

func (s CertificateConfigKeyId) MarshalJSON() ([]byte, error) {
	type NoMethod CertificateConfigKeyId
	return gensupport.MarshalJSON(NoMethod(s), s.ForceSendFields, s.NullFields)
}

// CertificateDescription: A CertificateDescription describes an X.509
// certificate or CSR that has been issued, as an alternative to using ASN.1 /
// X.509.
type CertificateDescription struct {
	// AiaIssuingCertificateUrls: Describes lists of issuer CA certificate URLs
	// that appear in the "Authority Information Access" extension in the
	// certificate.
	AiaIssuingCertificateUrls []string `json:"aiaIssuingCertificateUrls,omitempty"`
	// AuthorityKeyId: Identifies the subject_key_id of the parent certificate, per
	// https://tools.ietf.org/html/rfc5280#section-4.2.1.1
	AuthorityKeyId *KeyId `json:"authorityKeyId,omitempty"`
	// CertFingerprint: The hash of the x.509 certificate.
	CertFingerprint *CertificateFingerprint `json:"certFingerprint,omitempty"`
	// CrlDistributionPoints: Describes a list of locations to obtain CRL
	// information, i.e. the DistributionPoint.fullName described by
	// https://tools.ietf.org/html/rfc5280#section-4.2.1.13
	CrlDistributionPoints []string `json:"crlDistributionPoints,omitempty"`
	// PublicKey: The public key that corresponds to an issued certificate.
	PublicKey *PublicKey `json:"publicKey,omitempty"`
	// SubjectDescription: Describes some of the values in a certificate that are
	// related to the subject and lifetime.
	SubjectDescription *SubjectDescription `json:"subjectDescription,omitempty"`
	// SubjectKeyId: Provides a means of identifiying certificates that contain a
	// particular public key, per
	// https://tools.ietf.org/html/rfc5280#section-4.2.1.2.
	SubjectKeyId *KeyId `json:"subjectKeyId,omitempty"`
	// TbsCertificateDigest: The hash of the pre-signed certificate, which will be
	// signed by the CA. Corresponds to the TBS Certificate in
	// https://tools.ietf.org/html/rfc5280#section-4.1.2. The field will always be
	// populated.
	TbsCertificateDigest string `json:"tbsCertificateDigest,omitempty"`
	// X509Description: Describes some of the technical X.509 fields in a
	// certificate.
	X509Description *X509Parameters `json:"x509Description,omitempty"`
	// ForceSendFields is a list of field names (e.g. "AiaIssuingCertificateUrls")
	// to unconditionally include in API requests. By default, fields with empty or
	// default values are omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
	// details.
	ForceSendFields []string `json:"-"`
	// NullFields is a list of field names (e.g. "AiaIssuingCertificateUrls") to
	// include in API requests with the JSON null value. By default, fields with
	// empty values are omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
	NullFields []string `json:"-"`
}

func (s CertificateDescription) MarshalJSON() ([]byte, error) {
	type NoMethod CertificateDescription
	return gensupport.MarshalJSON(NoMethod(s), s.ForceSendFields, s.NullFields)
}

// CertificateExtensionConstraints: Describes a set of X.509 extensions that
// may be part of some certificate issuance controls.
type CertificateExtensionConstraints struct {
	// AdditionalExtensions: Optional. A set of ObjectIds identifying custom X.509
	// extensions. Will be combined with known_extensions to determine the full set
	// of X.509 extensions.
	AdditionalExtensions []*ObjectId `json:"additionalExtensions,omitempty"`
	// KnownExtensions: Optional. A set of named X.509 extensions. Will be combined
	// with additional_extensions to determine the full set of X.509 extensions.
	//
	// Possible values:
	//   "KNOWN_CERTIFICATE_EXTENSION_UNSPECIFIED" - Not specified.
	//   "BASE_KEY_USAGE" - Refers to a certificate's Key Usage extension, as
	// described in [RFC 5280 section
	// 4.2.1.3](https://tools.ietf.org/html/rfc5280#section-4.2.1.3). This
	// corresponds to the KeyUsage.base_key_usage field.
	//   "EXTENDED_KEY_USAGE" - Refers to a certificate's Extended Key Usage
	// extension, as described in [RFC 5280 section
	// 4.2.1.12](https://tools.ietf.org/html/rfc5280#section-4.2.1.12). This
	// corresponds to the KeyUsage.extended_key_usage message.
	//   "CA_OPTIONS" - Refers to a certificate's Basic Constraints extension, as
	// described in [RFC 5280 section
	// 4.2.1.9](https://tools.ietf.org/html/rfc5280#section-4.2.1.9). This
	// corresponds to the X509Parameters.ca_options field.
	//   "POLICY_IDS" - Refers to a certificate's Policy object identifiers, as
	// described in [RFC 5280 section
	// 4.2.1.4](https://tools.ietf.org/html/rfc5280#section-4.2.1.4). This
	// corresponds to the X509Parameters.policy_ids field.
	//   "AIA_OCSP_SERVERS" - Refers to OCSP servers in a certificate's Authority
	// Information Access extension, as described in [RFC 5280 section
	// 4.2.2.1](https://tools.ietf.org/html/rfc5280#section-4.2.2.1), This
	// corresponds to the X509Parameters.aia_ocsp_servers field.
	//   "NAME_CONSTRAINTS" - Refers to Name Constraints extension as described in
	// [RFC 5280 section
	// 4.2.1.10](https://tools.ietf.org/html/rfc5280#section-4.2.1.10)
	KnownExtensions []string `json:"knownExtensions,omitempty"`
	// ForceSendFields is a list of field names (e.g. "AdditionalExtensions") to
	// unconditionally include in API requests. By default, fields with empty or
	// default values are omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
	// details.
	ForceSendFields []string `json:"-"`
	// NullFields is a list of field names (e.g. "AdditionalExtensions") to include
	// in API requests with the JSON null value. By default, fields with empty
	// values are omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
	NullFields []string `json:"-"`
}

func (s CertificateExtensionConstraints) MarshalJSON() ([]byte, error) {
	type NoMethod CertificateExtensionConstraints
	return gensupport.MarshalJSON(NoMethod(s), s.ForceSendFields, s.NullFields)
}

// CertificateFingerprint: A group of fingerprints for the x509 certificate.
type CertificateFingerprint struct {
	// Sha256Hash: The SHA 256 hash, encoded in hexadecimal, of the DER x509
	// certificate.
	Sha256Hash string `json:"sha256Hash,omitempty"`
	// ForceSendFields is a list of field names (e.g. "Sha256Hash") to
	// unconditionally include in API requests. By default, fields with empty or
	// default values are omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
	// details.
	ForceSendFields []string `json:"-"`
	// NullFields is a list of field names (e.g. "Sha256Hash") to include in API
	// requests with the JSON null value. By default, fields with empty values are
	// omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
	NullFields []string `json:"-"`
}

func (s CertificateFingerprint) MarshalJSON() ([]byte, error) {
	type NoMethod CertificateFingerprint
	return gensupport.MarshalJSON(NoMethod(s), s.ForceSendFields, s.NullFields)
}

// CertificateIdentityConstraints: Describes constraints on a Certificate's
// Subject and SubjectAltNames.
type CertificateIdentityConstraints struct {
	// AllowSubjectAltNamesPassthrough: Required. If this is true, the
	// SubjectAltNames extension may be copied from a certificate request into the
	// signed certificate. Otherwise, the requested SubjectAltNames will be
	// discarded.
	AllowSubjectAltNamesPassthrough bool `json:"allowSubjectAltNamesPassthrough,omitempty"`
	// AllowSubjectPassthrough: Required. If this is true, the Subject field may be
	// copied from a certificate request into the signed certificate. Otherwise,
	// the requested Subject will be discarded.
	AllowSubjectPassthrough bool `json:"allowSubjectPassthrough,omitempty"`
	// CelExpression: Optional. A CEL expression that may be used to validate the
	// resolved X.509 Subject and/or Subject Alternative Name before a certificate
	// is signed. To see the full allowed syntax and some examples, see
	// https://cloud.google.com/certificate-authority-service/docs/using-cel
	CelExpression *Expr `json:"celExpression,omitempty"`
	// ForceSendFields is a list of field names (e.g.
	// "AllowSubjectAltNamesPassthrough") to unconditionally include in API
	// requests. By default, fields with empty or default values are omitted from
	// API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
	// details.
	ForceSendFields []string `json:"-"`
	// NullFields is a list of field names (e.g. "AllowSubjectAltNamesPassthrough")
	// to include in API requests with the JSON null value. By default, fields with
	// empty values are omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
	NullFields []string `json:"-"`
}

func (s CertificateIdentityConstraints) MarshalJSON() ([]byte, error) {
	type NoMethod CertificateIdentityConstraints
	return gensupport.MarshalJSON(NoMethod(s), s.ForceSendFields, s.NullFields)
}

// CertificateRevocationList: A CertificateRevocationList corresponds to a
// signed X.509 certificate Revocation List (CRL). A CRL contains the serial
// numbers of certificates that should no longer be trusted.
type CertificateRevocationList struct {
	// AccessUrl: Output only. The location where 'pem_crl' can be accessed.
	AccessUrl string `json:"accessUrl,omitempty"`
	// CreateTime: Output only. The time at which this CertificateRevocationList
	// was created.
	CreateTime string `json:"createTime,omitempty"`
	// Labels: Optional. Labels with user-defined metadata.
	Labels map[string]string `json:"labels,omitempty"`
	// Name: Identifier. The resource name for this CertificateRevocationList in
	// the format `projects/*/locations/*/caPools/*certificateAuthorities/*/
	// certificateRevocationLists/*`.
	Name string `json:"name,omitempty"`
	// PemCrl: Output only. The PEM-encoded X.509 CRL.
	PemCrl string `json:"pemCrl,omitempty"`
	// RevisionId: Output only. The revision ID of this CertificateRevocationList.
	// A new revision is committed whenever a new CRL is published. The format is
	// an 8-character hexadecimal string.
	RevisionId string `json:"revisionId,omitempty"`
	// RevokedCertificates: Output only. The revoked serial numbers that appear in
	// pem_crl.
	RevokedCertificates []*RevokedCertificate `json:"revokedCertificates,omitempty"`
	// SequenceNumber: Output only. The CRL sequence number that appears in
	// pem_crl.
	SequenceNumber int64 `json:"sequenceNumber,omitempty,string"`
	// State: Output only. The State for this CertificateRevocationList.
	//
	// Possible values:
	//   "STATE_UNSPECIFIED" - Not specified.
	//   "ACTIVE" - The CertificateRevocationList is up to date.
	//   "SUPERSEDED" - The CertificateRevocationList is no longer current.
	State string `json:"state,omitempty"`
	// UpdateTime: Output only. The time at which this CertificateRevocationList
	// was updated.
	UpdateTime string `json:"updateTime,omitempty"`

	// ServerResponse contains the HTTP response code and headers from the server.
	googleapi.ServerResponse `json:"-"`
	// ForceSendFields is a list of field names (e.g. "AccessUrl") to
	// unconditionally include in API requests. By default, fields with empty or
	// default values are omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
	// details.
	ForceSendFields []string `json:"-"`
	// NullFields is a list of field names (e.g. "AccessUrl") to include in API
	// requests with the JSON null value. By default, fields with empty values are
	// omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
	NullFields []string `json:"-"`
}

func (s CertificateRevocationList) MarshalJSON() ([]byte, error) {
	type NoMethod CertificateRevocationList
	return gensupport.MarshalJSON(NoMethod(s), s.ForceSendFields, s.NullFields)
}

// CertificateTemplate: A CertificateTemplate refers to a managed template for
// certificate issuance.
type CertificateTemplate struct {
	// CreateTime: Output only. The time at which this CertificateTemplate was
	// created.
	CreateTime string `json:"createTime,omitempty"`
	// Description: Optional. A human-readable description of scenarios this
	// template is intended for.
	Description string `json:"description,omitempty"`
	// IdentityConstraints: Optional. Describes constraints on identities that may
	// be appear in Certificates issued using this template. If this is omitted,
	// then this template will not add restrictions on a certificate's identity.
	IdentityConstraints *CertificateIdentityConstraints `json:"identityConstraints,omitempty"`
	// Labels: Optional. Labels with user-defined metadata.
	Labels map[string]string `json:"labels,omitempty"`
	// MaximumLifetime: Optional. The maximum lifetime allowed for issued
	// Certificates that use this template. If the issuing CaPool resource's
	// IssuancePolicy specifies a maximum_lifetime the minimum of the two durations
	// will be the maximum lifetime for issued Certificates. Note that if the
	// issuing CertificateAuthority expires before a Certificate's requested
	// maximum_lifetime, the effective lifetime will be explicitly truncated to
	// match it.
	MaximumLifetime string `json:"maximumLifetime,omitempty"`
	// Name: Identifier. The resource name for this CertificateTemplate in the
	// format `projects/*/locations/*/certificateTemplates/*`.
	Name string `json:"name,omitempty"`
	// PassthroughExtensions: Optional. Describes the set of X.509 extensions that
	// may appear in a Certificate issued using this CertificateTemplate. If a
	// certificate request sets extensions that don't appear in the
	// passthrough_extensions, those extensions will be dropped. If the issuing
	// CaPool's IssuancePolicy defines baseline_values that don't appear here, the
	// certificate issuance request will fail. If this is omitted, then this
	// template will not add restrictions on a certificate's X.509 extensions.
	// These constraints do not apply to X.509 extensions set in this
	// CertificateTemplate's predefined_values.
	PassthroughExtensions *CertificateExtensionConstraints `json:"passthroughExtensions,omitempty"`
	// PredefinedValues: Optional. A set of X.509 values that will be applied to
	// all issued certificates that use this template. If the certificate request
	// includes conflicting values for the same properties, they will be
	// overwritten by the values defined here. If the issuing CaPool's
	// IssuancePolicy defines conflicting baseline_values for the same properties,
	// the certificate issuance request will fail.
	PredefinedValues *X509Parameters `json:"predefinedValues,omitempty"`
	// UpdateTime: Output only. The time at which this CertificateTemplate was
	// updated.
	UpdateTime string `json:"updateTime,omitempty"`

	// ServerResponse contains the HTTP response code and headers from the server.
	googleapi.ServerResponse `json:"-"`
	// ForceSendFields is a list of field names (e.g. "CreateTime") to
	// unconditionally include in API requests. By default, fields with empty or
	// default values are omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
	// details.
	ForceSendFields []string `json:"-"`
	// NullFields is a list of field names (e.g. "CreateTime") to include in API
	// requests with the JSON null value. By default, fields with empty values are
	// omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
	NullFields []string `json:"-"`
}

func (s CertificateTemplate) MarshalJSON() ([]byte, error) {
	type NoMethod CertificateTemplate
	return gensupport.MarshalJSON(NoMethod(s), s.ForceSendFields, s.NullFields)
}

// DisableCertificateAuthorityRequest: Request message for
// CertificateAuthorityService.DisableCertificateAuthority.
type DisableCertificateAuthorityRequest struct {
	// IgnoreDependentResources: Optional. This field allows this CA to be disabled
	// even if it's being depended on by another resource. However, doing so may
	// result in unintended and unrecoverable effects on any dependent resources
	// since the CA will no longer be able to issue certificates.
	IgnoreDependentResources bool `json:"ignoreDependentResources,omitempty"`
	// RequestId: Optional. An ID to identify requests. Specify a unique request ID
	// so that if you must retry your request, the server will know to ignore the
	// request if it has already been completed. The server will guarantee that for
	// at least 60 minutes since the first request. For example, consider a
	// situation where you make an initial request and the request times out. If
	// you make the request again with the same request ID, the server can check if
	// original operation with the same request ID was received, and if so, will
	// ignore the second request. This prevents clients from accidentally creating
	// duplicate commitments. The request ID must be a valid UUID with the
	// exception that zero UUID is not supported
	// (00000000-0000-0000-0000-000000000000).
	RequestId string `json:"requestId,omitempty"`
	// ForceSendFields is a list of field names (e.g. "IgnoreDependentResources")
	// to unconditionally include in API requests. By default, fields with empty or
	// default values are omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
	// details.
	ForceSendFields []string `json:"-"`
	// NullFields is a list of field names (e.g. "IgnoreDependentResources") to
	// include in API requests with the JSON null value. By default, fields with
	// empty values are omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
	NullFields []string `json:"-"`
}

func (s DisableCertificateAuthorityRequest) MarshalJSON() ([]byte, error) {
	type NoMethod DisableCertificateAuthorityRequest
	return gensupport.MarshalJSON(NoMethod(s), s.ForceSendFields, s.NullFields)
}

// EcKeyType: Describes an Elliptic Curve key that may be used in a Certificate
// issued from a CaPool.
type EcKeyType struct {
	// SignatureAlgorithm: Optional. A signature algorithm that must be used. If
	// this is omitted, any EC-based signature algorithm will be allowed.
	//
	// Possible values:
	//   "EC_SIGNATURE_ALGORITHM_UNSPECIFIED" - Not specified. Signifies that any
	// signature algorithm may be used.
	//   "ECDSA_P256" - Refers to the Elliptic Curve Digital Signature Algorithm
	// over the NIST P-256 curve.
	//   "ECDSA_P384" - Refers to the Elliptic Curve Digital Signature Algorithm
	// over the NIST P-384 curve.
	//   "EDDSA_25519" - Refers to the Edwards-curve Digital Signature Algorithm
	// over curve 25519, as described in RFC 8410.
	SignatureAlgorithm string `json:"signatureAlgorithm,omitempty"`
	// ForceSendFields is a list of field names (e.g. "SignatureAlgorithm") to
	// unconditionally include in API requests. By default, fields with empty or
	// default values are omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
	// details.
	ForceSendFields []string `json:"-"`
	// NullFields is a list of field names (e.g. "SignatureAlgorithm") to include
	// in API requests with the JSON null value. By default, fields with empty
	// values are omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
	NullFields []string `json:"-"`
}

func (s EcKeyType) MarshalJSON() ([]byte, error) {
	type NoMethod EcKeyType
	return gensupport.MarshalJSON(NoMethod(s), s.ForceSendFields, s.NullFields)
}

// Empty: A generic empty message that you can re-use to avoid defining
// duplicated empty messages in your APIs. A typical example is to use it as
// the request or the response type of an API method. For instance: service Foo
// { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); }
type Empty struct {
	// ServerResponse contains the HTTP response code and headers from the server.
	googleapi.ServerResponse `json:"-"`
}

// EnableCertificateAuthorityRequest: Request message for
// CertificateAuthorityService.EnableCertificateAuthority.
type EnableCertificateAuthorityRequest struct {
	// RequestId: Optional. An ID to identify requests. Specify a unique request ID
	// so that if you must retry your request, the server will know to ignore the
	// request if it has already been completed. The server will guarantee that for
	// at least 60 minutes since the first request. For example, consider a
	// situation where you make an initial request and the request times out. If
	// you make the request again with the same request ID, the server can check if
	// original operation with the same request ID was received, and if so, will
	// ignore the second request. This prevents clients from accidentally creating
	// duplicate commitments. The request ID must be a valid UUID with the
	// exception that zero UUID is not supported
	// (00000000-0000-0000-0000-000000000000).
	RequestId string `json:"requestId,omitempty"`
	// ForceSendFields is a list of field names (e.g. "RequestId") to
	// unconditionally include in API requests. By default, fields with empty or
	// default values are omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
	// details.
	ForceSendFields []string `json:"-"`
	// NullFields is a list of field names (e.g. "RequestId") to include in API
	// requests with the JSON null value. By default, fields with empty values are
	// omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
	NullFields []string `json:"-"`
}

func (s EnableCertificateAuthorityRequest) MarshalJSON() ([]byte, error) {
	type NoMethod EnableCertificateAuthorityRequest
	return gensupport.MarshalJSON(NoMethod(s), s.ForceSendFields, s.NullFields)
}

// EncryptionSpec: The configuration used for encrypting data at rest.
type EncryptionSpec struct {
	// CloudKmsKey: The resource name for a Cloud KMS key in the format
	// `projects/*/locations/*/keyRings/*/cryptoKeys/*`.
	CloudKmsKey string `json:"cloudKmsKey,omitempty"`
	// ForceSendFields is a list of field names (e.g. "CloudKmsKey") to
	// unconditionally include in API requests. By default, fields with empty or
	// default values are omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
	// details.
	ForceSendFields []string `json:"-"`
	// NullFields is a list of field names (e.g. "CloudKmsKey") to include in API
	// requests with the JSON null value. By default, fields with empty values are
	// omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
	NullFields []string `json:"-"`
}

func (s EncryptionSpec) MarshalJSON() ([]byte, error) {
	type NoMethod EncryptionSpec
	return gensupport.MarshalJSON(NoMethod(s), s.ForceSendFields, s.NullFields)
}

// Expr: Represents a textual expression in the Common Expression Language
// (CEL) syntax. CEL is a C-like expression language. The syntax and semantics
// of CEL are documented at https://github.com/google/cel-spec. Example
// (Comparison): title: "Summary size limit" description: "Determines if a
// summary is less than 100 chars" expression: "document.summary.size() < 100"
// Example (Equality): title: "Requestor is owner" description: "Determines if
// requestor is the document owner" expression: "document.owner ==
// request.auth.claims.email" Example (Logic): title: "Public documents"
// description: "Determine whether the document should be publicly visible"
// expression: "document.type != 'private' && document.type != 'internal'"
// Example (Data Manipulation): title: "Notification string" description:
// "Create a notification string with a timestamp." expression: "'New message
// received at ' + string(document.create_time)" The exact variables and
// functions that may be referenced within an expression are determined by the
// service that evaluates it. See the service documentation for additional
// information.
type Expr struct {
	// Description: Optional. Description of the expression. This is a longer text
	// which describes the expression, e.g. when hovered over it in a UI.
	Description string `json:"description,omitempty"`
	// Expression: Textual representation of an expression in Common Expression
	// Language syntax.
	Expression string `json:"expression,omitempty"`
	// Location: Optional. String indicating the location of the expression for
	// error reporting, e.g. a file name and a position in the file.
	Location string `json:"location,omitempty"`
	// Title: Optional. Title for the expression, i.e. a short string describing
	// its purpose. This can be used e.g. in UIs which allow to enter the
	// expression.
	Title string `json:"title,omitempty"`
	// ForceSendFields is a list of field names (e.g. "Description") to
	// unconditionally include in API requests. By default, fields with empty or
	// default values are omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
	// details.
	ForceSendFields []string `json:"-"`
	// NullFields is a list of field names (e.g. "Description") to include in API
	// requests with the JSON null value. By default, fields with empty values are
	// omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
	NullFields []string `json:"-"`
}

func (s Expr) MarshalJSON() ([]byte, error) {
	type NoMethod Expr
	return gensupport.MarshalJSON(NoMethod(s), s.ForceSendFields, s.NullFields)
}

// ExtendedKeyUsageOptions: KeyUsage.ExtendedKeyUsageOptions has fields that
// correspond to certain common OIDs that could be specified as an extended key
// usage value.
type ExtendedKeyUsageOptions struct {
	// ClientAuth: Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as
	// "TLS WWW client authentication", though regularly used for non-WWW TLS.
	ClientAuth bool `json:"clientAuth,omitempty"`
	// CodeSigning: Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as
	// "Signing of downloadable executable code client authentication".
	CodeSigning bool `json:"codeSigning,omitempty"`
	// EmailProtection: Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described
	// as "Email protection".
	EmailProtection bool `json:"emailProtection,omitempty"`
	// OcspSigning: Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as
	// "Signing OCSP responses".
	OcspSigning bool `json:"ocspSigning,omitempty"`
	// ServerAuth: Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as
	// "TLS WWW server authentication", though regularly used for non-WWW TLS.
	ServerAuth bool `json:"serverAuth,omitempty"`
	// TimeStamping: Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as
	// "Binding the hash of an object to a time".
	TimeStamping bool `json:"timeStamping,omitempty"`
	// ForceSendFields is a list of field names (e.g. "ClientAuth") to
	// unconditionally include in API requests. By default, fields with empty or
	// default values are omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
	// details.
	ForceSendFields []string `json:"-"`
	// NullFields is a list of field names (e.g. "ClientAuth") to include in API
	// requests with the JSON null value. By default, fields with empty values are
	// omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
	NullFields []string `json:"-"`
}

func (s ExtendedKeyUsageOptions) MarshalJSON() ([]byte, error) {
	type NoMethod ExtendedKeyUsageOptions
	return gensupport.MarshalJSON(NoMethod(s), s.ForceSendFields, s.NullFields)
}

// FetchCaCertsRequest: Request message for
// CertificateAuthorityService.FetchCaCerts.
type FetchCaCertsRequest struct {
	// RequestId: Optional. An ID to identify requests. Specify a unique request ID
	// so that if you must retry your request, the server will know to ignore the
	// request if it has already been completed. The server will guarantee that for
	// at least 60 minutes since the first request. For example, consider a
	// situation where you make an initial request and the request times out. If
	// you make the request again with the same request ID, the server can check if
	// original operation with the same request ID was received, and if so, will
	// ignore the second request. This prevents clients from accidentally creating
	// duplicate commitments. The request ID must be a valid UUID with the
	// exception that zero UUID is not supported
	// (00000000-0000-0000-0000-000000000000).
	RequestId string `json:"requestId,omitempty"`
	// ForceSendFields is a list of field names (e.g. "RequestId") to
	// unconditionally include in API requests. By default, fields with empty or
	// default values are omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
	// details.
	ForceSendFields []string `json:"-"`
	// NullFields is a list of field names (e.g. "RequestId") to include in API
	// requests with the JSON null value. By default, fields with empty values are
	// omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
	NullFields []string `json:"-"`
}

func (s FetchCaCertsRequest) MarshalJSON() ([]byte, error) {
	type NoMethod FetchCaCertsRequest
	return gensupport.MarshalJSON(NoMethod(s), s.ForceSendFields, s.NullFields)
}

// FetchCaCertsResponse: Response message for
// CertificateAuthorityService.FetchCaCerts.
type FetchCaCertsResponse struct {
	// CaCerts: The PEM encoded CA certificate chains of all certificate
	// authorities in this CaPool in the ENABLED, DISABLED, or STAGED states.
	CaCerts []*CertChain `json:"caCerts,omitempty"`

	// ServerResponse contains the HTTP response code and headers from the server.
	googleapi.ServerResponse `json:"-"`
	// ForceSendFields is a list of field names (e.g. "CaCerts") to unconditionally
	// include in API requests. By default, fields with empty or default values are
	// omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
	// details.
	ForceSendFields []string `json:"-"`
	// NullFields is a list of field names (e.g. "CaCerts") to include in API
	// requests with the JSON null value. By default, fields with empty values are
	// omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
	NullFields []string `json:"-"`
}

func (s FetchCaCertsResponse) MarshalJSON() ([]byte, error) {
	type NoMethod FetchCaCertsResponse
	return gensupport.MarshalJSON(NoMethod(s), s.ForceSendFields, s.NullFields)
}

// FetchCertificateAuthorityCsrResponse: Response message for
// CertificateAuthorityService.FetchCertificateAuthorityCsr.
type FetchCertificateAuthorityCsrResponse struct {
	// PemCsr: Output only. The PEM-encoded signed certificate signing request
	// (CSR).
	PemCsr string `json:"pemCsr,omitempty"`

	// ServerResponse contains the HTTP response code and headers from the server.
	googleapi.ServerResponse `json:"-"`
	// ForceSendFields is a list of field names (e.g. "PemCsr") to unconditionally
	// include in API requests. By default, fields with empty or default values are
	// omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
	// details.
	ForceSendFields []string `json:"-"`
	// NullFields is a list of field names (e.g. "PemCsr") to include in API
	// requests with the JSON null value. By default, fields with empty values are
	// omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
	NullFields []string `json:"-"`
}

func (s FetchCertificateAuthorityCsrResponse) MarshalJSON() ([]byte, error) {
	type NoMethod FetchCertificateAuthorityCsrResponse
	return gensupport.MarshalJSON(NoMethod(s), s.ForceSendFields, s.NullFields)
}

// IssuanceModes: IssuanceModes specifies the allowed ways in which
// Certificates may be requested from this CaPool.
type IssuanceModes struct {
	// AllowConfigBasedIssuance: Optional. When true, allows callers to create
	// Certificates by specifying a CertificateConfig.
	AllowConfigBasedIssuance bool `json:"allowConfigBasedIssuance,omitempty"`
	// AllowCsrBasedIssuance: Optional. When true, allows callers to create
	// Certificates by specifying a CSR.
	AllowCsrBasedIssuance bool `json:"allowCsrBasedIssuance,omitempty"`
	// ForceSendFields is a list of field names (e.g. "AllowConfigBasedIssuance")
	// to unconditionally include in API requests. By default, fields with empty or
	// default values are omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
	// details.
	ForceSendFields []string `json:"-"`
	// NullFields is a list of field names (e.g. "AllowConfigBasedIssuance") to
	// include in API requests with the JSON null value. By default, fields with
	// empty values are omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
	NullFields []string `json:"-"`
}

func (s IssuanceModes) MarshalJSON() ([]byte, error) {
	type NoMethod IssuanceModes
	return gensupport.MarshalJSON(NoMethod(s), s.ForceSendFields, s.NullFields)
}

// IssuancePolicy: Defines controls over all certificate issuance within a
// CaPool.
type IssuancePolicy struct {
	// AllowedIssuanceModes: Optional. If specified, then only methods allowed in
	// the IssuanceModes may be used to issue Certificates.
	AllowedIssuanceModes *IssuanceModes `json:"allowedIssuanceModes,omitempty"`
	// AllowedKeyTypes: Optional. If any AllowedKeyType is specified, then the
	// certificate request's public key must match one of the key types listed
	// here. Otherwise, any key may be used.
	AllowedKeyTypes []*AllowedKeyType `json:"allowedKeyTypes,omitempty"`
	// BackdateDuration: Optional. If set, all certificates issued from this CaPool
	// will be backdated by this duration. The 'not_before_time' will be the
	// issuance time minus this backdate_duration, and the 'not_after_time' will be
	// adjusted to preserve the requested lifetime. The maximum duration that a
	// certificate can be backdated with these options is 48 hours in the past.
	// This option cannot be set if allow_requester_specified_not_before_time is
	// set.
	BackdateDuration string `json:"backdateDuration,omitempty"`
	// BaselineValues: Optional. A set of X.509 values that will be applied to all
	// certificates issued through this CaPool. If a certificate request includes
	// conflicting values for the same properties, they will be overwritten by the
	// values defined here. If a certificate request uses a CertificateTemplate
	// that defines conflicting predefined_values for the same properties, the
	// certificate issuance request will fail.
	BaselineValues *X509Parameters `json:"baselineValues,omitempty"`
	// IdentityConstraints: Optional. Describes constraints on identities that may
	// appear in Certificates issued through this CaPool. If this is omitted, then
	// this CaPool will not add restrictions on a certificate's identity.
	IdentityConstraints *CertificateIdentityConstraints `json:"identityConstraints,omitempty"`
	// MaximumLifetime: Optional. The maximum lifetime allowed for issued
	// Certificates. Note that if the issuing CertificateAuthority expires before a
	// Certificate resource's requested maximum_lifetime, the effective lifetime
	// will be explicitly truncated to match it.
	MaximumLifetime string `json:"maximumLifetime,omitempty"`
	// PassthroughExtensions: Optional. Describes the set of X.509 extensions that
	// may appear in a Certificate issued through this CaPool. If a certificate
	// request sets extensions that don't appear in the passthrough_extensions,
	// those extensions will be dropped. If a certificate request uses a
	// CertificateTemplate with predefined_values that don't appear here, the
	// certificate issuance request will fail. If this is omitted, then this CaPool
	// will not add restrictions on a certificate's X.509 extensions. These
	// constraints do not apply to X.509 extensions set in this CaPool's
	// baseline_values.
	PassthroughExtensions *CertificateExtensionConstraints `json:"passthroughExtensions,omitempty"`
	// ForceSendFields is a list of field names (e.g. "AllowedIssuanceModes") to
	// unconditionally include in API requests. By default, fields with empty or
	// default values are omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
	// details.
	ForceSendFields []string `json:"-"`
	// NullFields is a list of field names (e.g. "AllowedIssuanceModes") to include
	// in API requests with the JSON null value. By default, fields with empty
	// values are omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
	NullFields []string `json:"-"`
}

func (s IssuancePolicy) MarshalJSON() ([]byte, error) {
	type NoMethod IssuancePolicy
	return gensupport.MarshalJSON(NoMethod(s), s.ForceSendFields, s.NullFields)
}

// KeyId: A KeyId identifies a specific public key, usually by hashing the
// public key.
type KeyId struct {
	// KeyId: Optional. The value of this KeyId encoded in lowercase hexadecimal.
	// This is most likely the 160 bit SHA-1 hash of the public key.
	KeyId string `json:"keyId,omitempty"`
	// ForceSendFields is a list of field names (e.g. "KeyId") to unconditionally
	// include in API requests. By default, fields with empty or default values are
	// omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
	// details.
	ForceSendFields []string `json:"-"`
	// NullFields is a list of field names (e.g. "KeyId") to include in API
	// requests with the JSON null value. By default, fields with empty values are
	// omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
	NullFields []string `json:"-"`
}

func (s KeyId) MarshalJSON() ([]byte, error) {
	type NoMethod KeyId
	return gensupport.MarshalJSON(NoMethod(s), s.ForceSendFields, s.NullFields)
}

// KeyUsage: A KeyUsage describes key usage values that may appear in an X.509
// certificate.
type KeyUsage struct {
	// BaseKeyUsage: Describes high-level ways in which a key may be used.
	BaseKeyUsage *KeyUsageOptions `json:"baseKeyUsage,omitempty"`
	// ExtendedKeyUsage: Detailed scenarios in which a key may be used.
	ExtendedKeyUsage *ExtendedKeyUsageOptions `json:"extendedKeyUsage,omitempty"`
	// UnknownExtendedKeyUsages: Used to describe extended key usages that are not
	// listed in the KeyUsage.ExtendedKeyUsageOptions message.
	UnknownExtendedKeyUsages []*ObjectId `json:"unknownExtendedKeyUsages,omitempty"`
	// ForceSendFields is a list of field names (e.g. "BaseKeyUsage") to
	// unconditionally include in API requests. By default, fields with empty or
	// default values are omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
	// details.
	ForceSendFields []string `json:"-"`
	// NullFields is a list of field names (e.g. "BaseKeyUsage") to include in API
	// requests with the JSON null value. By default, fields with empty values are
	// omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
	NullFields []string `json:"-"`
}

func (s KeyUsage) MarshalJSON() ([]byte, error) {
	type NoMethod KeyUsage
	return gensupport.MarshalJSON(NoMethod(s), s.ForceSendFields, s.NullFields)
}

// KeyUsageOptions: KeyUsage.KeyUsageOptions corresponds to the key usage
// values described in https://tools.ietf.org/html/rfc5280#section-4.2.1.3.
type KeyUsageOptions struct {
	// CertSign: The key may be used to sign certificates.
	CertSign bool `json:"certSign,omitempty"`
	// ContentCommitment: The key may be used for cryptographic commitments. Note
	// that this may also be referred to as "non-repudiation".
	ContentCommitment bool `json:"contentCommitment,omitempty"`
	// CrlSign: The key may be used sign certificate revocation lists.
	CrlSign bool `json:"crlSign,omitempty"`
	// DataEncipherment: The key may be used to encipher data.
	DataEncipherment bool `json:"dataEncipherment,omitempty"`
	// DecipherOnly: The key may be used to decipher only.
	DecipherOnly bool `json:"decipherOnly,omitempty"`
	// DigitalSignature: The key may be used for digital signatures.
	DigitalSignature bool `json:"digitalSignature,omitempty"`
	// EncipherOnly: The key may be used to encipher only.
	EncipherOnly bool `json:"encipherOnly,omitempty"`
	// KeyAgreement: The key may be used in a key agreement protocol.
	KeyAgreement bool `json:"keyAgreement,omitempty"`
	// KeyEncipherment: The key may be used to encipher other keys.
	KeyEncipherment bool `json:"keyEncipherment,omitempty"`
	// ForceSendFields is a list of field names (e.g. "CertSign") to
	// unconditionally include in API requests. By default, fields with empty or
	// default values are omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
	// details.
	ForceSendFields []string `json:"-"`
	// NullFields is a list of field names (e.g. "CertSign") to include in API
	// requests with the JSON null value. By default, fields with empty values are
	// omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
	NullFields []string `json:"-"`
}

func (s KeyUsageOptions) MarshalJSON() ([]byte, error) {
	type NoMethod KeyUsageOptions
	return gensupport.MarshalJSON(NoMethod(s), s.ForceSendFields, s.NullFields)
}

// KeyVersionSpec: A Cloud KMS key configuration that a CertificateAuthority
// will use.
type KeyVersionSpec struct {
	// Algorithm: The algorithm to use for creating a managed Cloud KMS key for a
	// for a simplified experience. All managed keys will be have their
	// ProtectionLevel as `HSM`.
	//
	// Possible values:
	//   "SIGN_HASH_ALGORITHM_UNSPECIFIED" - Not specified.
	//   "RSA_PSS_2048_SHA256" - maps to
	// CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_2048_SHA256
	//   "RSA_PSS_3072_SHA256" - maps to CryptoKeyVersionAlgorithm.
	// RSA_SIGN_PSS_3072_SHA256
	//   "RSA_PSS_4096_SHA256" - maps to
	// CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_4096_SHA256
	//   "RSA_PKCS1_2048_SHA256" - maps to
	// CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_2048_SHA256
	//   "RSA_PKCS1_3072_SHA256" - maps to
	// CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_3072_SHA256
	//   "RSA_PKCS1_4096_SHA256" - maps to
	// CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_4096_SHA256
	//   "EC_P256_SHA256" - maps to CryptoKeyVersionAlgorithm.EC_SIGN_P256_SHA256
	//   "EC_P384_SHA384" - maps to CryptoKeyVersionAlgorithm.EC_SIGN_P384_SHA384
	Algorithm string `json:"algorithm,omitempty"`
	// CloudKmsKeyVersion: The resource name for an existing Cloud KMS
	// CryptoKeyVersion in the format
	// `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`. This
	// option enables full flexibility in the key's capabilities and properties.
	CloudKmsKeyVersion string `json:"cloudKmsKeyVersion,omitempty"`
	// ForceSendFields is a list of field names (e.g. "Algorithm") to
	// unconditionally include in API requests. By default, fields with empty or
	// default values are omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
	// details.
	ForceSendFields []string `json:"-"`
	// NullFields is a list of field names (e.g. "Algorithm") to include in API
	// requests with the JSON null value. By default, fields with empty values are
	// omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
	NullFields []string `json:"-"`
}

func (s KeyVersionSpec) MarshalJSON() ([]byte, error) {
	type NoMethod KeyVersionSpec
	return gensupport.MarshalJSON(NoMethod(s), s.ForceSendFields, s.NullFields)
}

// ListCaPoolsResponse: Response message for
// CertificateAuthorityService.ListCaPools.
type ListCaPoolsResponse struct {
	// CaPools: The list of CaPools.
	CaPools []*CaPool `json:"caPools,omitempty"`
	// NextPageToken: A token to retrieve next page of results. Pass this value in
	// ListCertificateAuthoritiesRequest.page_token to retrieve the next page of
	// results.
	NextPageToken string `json:"nextPageToken,omitempty"`
	// Unreachable: A list of locations (e.g. "us-west1") that could not be
	// reached.
	Unreachable []string `json:"unreachable,omitempty"`

	// ServerResponse contains the HTTP response code and headers from the server.
	googleapi.ServerResponse `json:"-"`
	// ForceSendFields is a list of field names (e.g. "CaPools") to unconditionally
	// include in API requests. By default, fields with empty or default values are
	// omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
	// details.
	ForceSendFields []string `json:"-"`
	// NullFields is a list of field names (e.g. "CaPools") to include in API
	// requests with the JSON null value. By default, fields with empty values are
	// omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
	NullFields []string `json:"-"`
}

func (s ListCaPoolsResponse) MarshalJSON() ([]byte, error) {
	type NoMethod ListCaPoolsResponse
	return gensupport.MarshalJSON(NoMethod(s), s.ForceSendFields, s.NullFields)
}

// ListCertificateAuthoritiesResponse: Response message for
// CertificateAuthorityService.ListCertificateAuthorities.
type ListCertificateAuthoritiesResponse struct {
	// CertificateAuthorities: The list of CertificateAuthorities.
	CertificateAuthorities []*CertificateAuthority `json:"certificateAuthorities,omitempty"`
	// NextPageToken: A token to retrieve next page of results. Pass this value in
	// ListCertificateAuthoritiesRequest.page_token to retrieve the next page of
	// results.
	NextPageToken string `json:"nextPageToken,omitempty"`
	// Unreachable: A list of locations (e.g. "us-west1") that could not be
	// reached.
	Unreachable []string `json:"unreachable,omitempty"`

	// ServerResponse contains the HTTP response code and headers from the server.
	googleapi.ServerResponse `json:"-"`
	// ForceSendFields is a list of field names (e.g. "CertificateAuthorities") to
	// unconditionally include in API requests. By default, fields with empty or
	// default values are omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
	// details.
	ForceSendFields []string `json:"-"`
	// NullFields is a list of field names (e.g. "CertificateAuthorities") to
	// include in API requests with the JSON null value. By default, fields with
	// empty values are omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
	NullFields []string `json:"-"`
}

func (s ListCertificateAuthoritiesResponse) MarshalJSON() ([]byte, error) {
	type NoMethod ListCertificateAuthoritiesResponse
	return gensupport.MarshalJSON(NoMethod(s), s.ForceSendFields, s.NullFields)
}

// ListCertificateRevocationListsResponse: Response message for
// CertificateAuthorityService.ListCertificateRevocationLists.
type ListCertificateRevocationListsResponse struct {
	// CertificateRevocationLists: The list of CertificateRevocationLists.
	CertificateRevocationLists []*CertificateRevocationList `json:"certificateRevocationLists,omitempty"`
	// NextPageToken: A token to retrieve next page of results. Pass this value in
	// ListCertificateRevocationListsRequest.page_token to retrieve the next page
	// of results.
	NextPageToken string `json:"nextPageToken,omitempty"`
	// Unreachable: A list of locations (e.g. "us-west1") that could not be
	// reached.
	Unreachable []string `json:"unreachable,omitempty"`

	// ServerResponse contains the HTTP response code and headers from the server.
	googleapi.ServerResponse `json:"-"`
	// ForceSendFields is a list of field names (e.g. "CertificateRevocationLists")
	// to unconditionally include in API requests. By default, fields with empty or
	// default values are omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
	// details.
	ForceSendFields []string `json:"-"`
	// NullFields is a list of field names (e.g. "CertificateRevocationLists") to
	// include in API requests with the JSON null value. By default, fields with
	// empty values are omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
	NullFields []string `json:"-"`
}

func (s ListCertificateRevocationListsResponse) MarshalJSON() ([]byte, error) {
	type NoMethod ListCertificateRevocationListsResponse
	return gensupport.MarshalJSON(NoMethod(s), s.ForceSendFields, s.NullFields)
}

// ListCertificateTemplatesResponse: Response message for
// CertificateAuthorityService.ListCertificateTemplates.
type ListCertificateTemplatesResponse struct {
	// CertificateTemplates: The list of CertificateTemplates.
	CertificateTemplates []*CertificateTemplate `json:"certificateTemplates,omitempty"`
	// NextPageToken: A token to retrieve next page of results. Pass this value in
	// ListCertificateTemplatesRequest.page_token to retrieve the next page of
	// results.
	NextPageToken string `json:"nextPageToken,omitempty"`
	// Unreachable: A list of locations (e.g. "us-west1") that could not be
	// reached.
	Unreachable []string `json:"unreachable,omitempty"`

	// ServerResponse contains the HTTP response code and headers from the server.
	googleapi.ServerResponse `json:"-"`
	// ForceSendFields is a list of field names (e.g. "CertificateTemplates") to
	// unconditionally include in API requests. By default, fields with empty or
	// default values are omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
	// details.
	ForceSendFields []string `json:"-"`
	// NullFields is a list of field names (e.g. "CertificateTemplates") to include
	// in API requests with the JSON null value. By default, fields with empty
	// values are omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
	NullFields []string `json:"-"`
}

func (s ListCertificateTemplatesResponse) MarshalJSON() ([]byte, error) {
	type NoMethod ListCertificateTemplatesResponse
	return gensupport.MarshalJSON(NoMethod(s), s.ForceSendFields, s.NullFields)
}

// ListCertificatesResponse: Response message for
// CertificateAuthorityService.ListCertificates.
type ListCertificatesResponse struct {
	// Certificates: The list of Certificates.
	Certificates []*Certificate `json:"certificates,omitempty"`
	// NextPageToken: A token to retrieve next page of results. Pass this value in
	// ListCertificatesRequest.page_token to retrieve the next page of results.
	NextPageToken string `json:"nextPageToken,omitempty"`
	// Unreachable: A list of locations (e.g. "us-west1") that could not be
	// reached.
	Unreachable []string `json:"unreachable,omitempty"`

	// ServerResponse contains the HTTP response code and headers from the server.
	googleapi.ServerResponse `json:"-"`
	// ForceSendFields is a list of field names (e.g. "Certificates") to
	// unconditionally include in API requests. By default, fields with empty or
	// default values are omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
	// details.
	ForceSendFields []string `json:"-"`
	// NullFields is a list of field names (e.g. "Certificates") to include in API
	// requests with the JSON null value. By default, fields with empty values are
	// omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
	NullFields []string `json:"-"`
}

func (s ListCertificatesResponse) MarshalJSON() ([]byte, error) {
	type NoMethod ListCertificatesResponse
	return gensupport.MarshalJSON(NoMethod(s), s.ForceSendFields, s.NullFields)
}

// ListLocationsResponse: The response message for Locations.ListLocations.
type ListLocationsResponse struct {
	// Locations: A list of locations that matches the specified filter in the
	// request.
	Locations []*Location `json:"locations,omitempty"`
	// NextPageToken: The standard List next-page token.
	NextPageToken string `json:"nextPageToken,omitempty"`

	// ServerResponse contains the HTTP response code and headers from the server.
	googleapi.ServerResponse `json:"-"`
	// ForceSendFields is a list of field names (e.g. "Locations") to
	// unconditionally include in API requests. By default, fields with empty or
	// default values are omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
	// details.
	ForceSendFields []string `json:"-"`
	// NullFields is a list of field names (e.g. "Locations") to include in API
	// requests with the JSON null value. By default, fields with empty values are
	// omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
	NullFields []string `json:"-"`
}

func (s ListLocationsResponse) MarshalJSON() ([]byte, error) {
	type NoMethod ListLocationsResponse
	return gensupport.MarshalJSON(NoMethod(s), s.ForceSendFields, s.NullFields)
}

// ListOperationsResponse: The response message for Operations.ListOperations.
type ListOperationsResponse struct {
	// NextPageToken: The standard List next-page token.
	NextPageToken string `json:"nextPageToken,omitempty"`
	// Operations: A list of operations that matches the specified filter in the
	// request.
	Operations []*Operation `json:"operations,omitempty"`
	// Unreachable: Unordered list. Unreachable resources. Populated when the
	// request sets `ListOperationsRequest.return_partial_success` and reads across
	// collections. For example, when attempting to list all resources across all
	// supported locations.
	Unreachable []string `json:"unreachable,omitempty"`

	// ServerResponse contains the HTTP response code and headers from the server.
	googleapi.ServerResponse `json:"-"`
	// ForceSendFields is a list of field names (e.g. "NextPageToken") to
	// unconditionally include in API requests. By default, fields with empty or
	// default values are omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
	// details.
	ForceSendFields []string `json:"-"`
	// NullFields is a list of field names (e.g. "NextPageToken") to include in API
	// requests with the JSON null value. By default, fields with empty values are
	// omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
	NullFields []string `json:"-"`
}

func (s ListOperationsResponse) MarshalJSON() ([]byte, error) {
	type NoMethod ListOperationsResponse
	return gensupport.MarshalJSON(NoMethod(s), s.ForceSendFields, s.NullFields)
}

// Location: A resource that represents a Google Cloud location.
type Location struct {
	// DisplayName: The friendly name for this location, typically a nearby city
	// name. For example, "Tokyo".
	DisplayName string `json:"displayName,omitempty"`
	// Labels: Cross-service attributes for the location. For example
	// {"cloud.googleapis.com/region": "us-east1"}
	Labels map[string]string `json:"labels,omitempty"`
	// LocationId: The canonical id for this location. For example: "us-east1".
	LocationId string `json:"locationId,omitempty"`
	// Metadata: Service-specific metadata. For example the available capacity at
	// the given location.
	Metadata googleapi.RawMessage `json:"metadata,omitempty"`
	// Name: Resource name for the location, which may vary between
	// implementations. For example:
	// "projects/example-project/locations/us-east1"
	Name string `json:"name,omitempty"`

	// ServerResponse contains the HTTP response code and headers from the server.
	googleapi.ServerResponse `json:"-"`
	// ForceSendFields is a list of field names (e.g. "DisplayName") to
	// unconditionally include in API requests. By default, fields with empty or
	// default values are omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
	// details.
	ForceSendFields []string `json:"-"`
	// NullFields is a list of field names (e.g. "DisplayName") to include in API
	// requests with the JSON null value. By default, fields with empty values are
	// omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
	NullFields []string `json:"-"`
}

func (s Location) MarshalJSON() ([]byte, error) {
	type NoMethod Location
	return gensupport.MarshalJSON(NoMethod(s), s.ForceSendFields, s.NullFields)
}

// NameConstraints: Describes the X.509 name constraints extension, per
// https://tools.ietf.org/html/rfc5280#section-4.2.1.10
type NameConstraints struct {
	// Critical: Indicates whether or not the name constraints are marked critical.
	Critical bool `json:"critical,omitempty"`
	// ExcludedDnsNames: Contains excluded DNS names. Any DNS name that can be
	// constructed by simply adding zero or more labels to the left-hand side of
	// the name satisfies the name constraint. For example, `example.com`,
	// `www.example.com`, `www.sub.example.com` would satisfy `example.com` while
	// `example1.com` does not.
	ExcludedDnsNames []string `json:"excludedDnsNames,omitempty"`
	// ExcludedEmailAddresses: Contains the excluded email addresses. The value can
	// be a particular email address, a hostname to indicate all email addresses on
	// that host or a domain with a leading period (e.g. `.example.com`) to
	// indicate all email addresses in that domain.
	ExcludedEmailAddresses []string `json:"excludedEmailAddresses,omitempty"`
	// ExcludedIpRanges: Contains the excluded IP ranges. For IPv4 addresses, the
	// ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6
	// addresses, the ranges are expressed in similar encoding as IPv4 addresses.
	ExcludedIpRanges []string `json:"excludedIpRanges,omitempty"`
	// ExcludedUris: Contains the excluded URIs that apply to the host part of the
	// name. The value can be a hostname or a domain with a leading period (like
	// `.example.com`)
	ExcludedUris []string `json:"excludedUris,omitempty"`
	// PermittedDnsNames: Contains permitted DNS names. Any DNS name that can be
	// constructed by simply adding zero or more labels to the left-hand side of
	// the name satisfies the name constraint. For example, `example.com`,
	// `www.example.com`, `www.sub.example.com` would satisfy `example.com` while
	// `example1.com` does not.
	PermittedDnsNames []string `json:"permittedDnsNames,omitempty"`
	// PermittedEmailAddresses: Contains the permitted email addresses. The value
	// can be a particular email address, a hostname to indicate all email
	// addresses on that host or a domain with a leading period (e.g.
	// `.example.com`) to indicate all email addresses in that domain.
	PermittedEmailAddresses []string `json:"permittedEmailAddresses,omitempty"`
	// PermittedIpRanges: Contains the permitted IP ranges. For IPv4 addresses, the
	// ranges are expressed using CIDR notation as specified in RFC 4632. For IPv6
	// addresses, the ranges are expressed in similar encoding as IPv4 addresses.
	PermittedIpRanges []string `json:"permittedIpRanges,omitempty"`
	// PermittedUris: Contains the permitted URIs that apply to the host part of
	// the name. The value can be a hostname or a domain with a leading period
	// (like `.example.com`)
	PermittedUris []string `json:"permittedUris,omitempty"`
	// ForceSendFields is a list of field names (e.g. "Critical") to
	// unconditionally include in API requests. By default, fields with empty or
	// default values are omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
	// details.
	ForceSendFields []string `json:"-"`
	// NullFields is a list of field names (e.g. "Critical") to include in API
	// requests with the JSON null value. By default, fields with empty values are
	// omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
	NullFields []string `json:"-"`
}

func (s NameConstraints) MarshalJSON() ([]byte, error) {
	type NoMethod NameConstraints
	return gensupport.MarshalJSON(NoMethod(s), s.ForceSendFields, s.NullFields)
}

// ObjectId: An ObjectId specifies an object identifier (OID). These provide
// context and describe types in ASN.1 messages.
type ObjectId struct {
	// ObjectIdPath: Required. The parts of an OID path. The most significant parts
	// of the path come first.
	ObjectIdPath []int64 `json:"objectIdPath,omitempty"`
	// ForceSendFields is a list of field names (e.g. "ObjectIdPath") to
	// unconditionally include in API requests. By default, fields with empty or
	// default values are omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
	// details.
	ForceSendFields []string `json:"-"`
	// NullFields is a list of field names (e.g. "ObjectIdPath") to include in API
	// requests with the JSON null value. By default, fields with empty values are
	// omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
	NullFields []string `json:"-"`
}

func (s ObjectId) MarshalJSON() ([]byte, error) {
	type NoMethod ObjectId
	return gensupport.MarshalJSON(NoMethod(s), s.ForceSendFields, s.NullFields)
}

// Operation: This resource represents a long-running operation that is the
// result of a network API call.
type Operation struct {
	// Done: If the value is `false`, it means the operation is still in progress.
	// If `true`, the operation is completed, and either `error` or `response` is
	// available.
	Done bool `json:"done,omitempty"`
	// Error: The error result of the operation in case of failure or cancellation.
	Error *Status `json:"error,omitempty"`
	// Metadata: Service-specific metadata associated with the operation. It
	// typically contains progress information and common metadata such as create
	// time. Some services might not provide such metadata. Any method that returns
	// a long-running operation should document the metadata type, if any.
	Metadata googleapi.RawMessage `json:"metadata,omitempty"`
	// Name: The server-assigned name, which is only unique within the same service
	// that originally returns it. If you use the default HTTP mapping, the `name`
	// should be a resource name ending with `operations/{unique_id}`.
	Name string `json:"name,omitempty"`
	// Response: The normal, successful response of the operation. If the original
	// method returns no data on success, such as `Delete`, the response is
	// `google.protobuf.Empty`. If the original method is standard
	// `Get`/`Create`/`Update`, the response should be the resource. For other
	// methods, the response should have the type `XxxResponse`, where `Xxx` is the
	// original method name. For example, if the original method name is
	// `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
	Response googleapi.RawMessage `json:"response,omitempty"`

	// ServerResponse contains the HTTP response code and headers from the server.
	googleapi.ServerResponse `json:"-"`
	// ForceSendFields is a list of field names (e.g. "Done") to unconditionally
	// include in API requests. By default, fields with empty or default values are
	// omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
	// details.
	ForceSendFields []string `json:"-"`
	// NullFields is a list of field names (e.g. "Done") to include in API requests
	// with the JSON null value. By default, fields with empty values are omitted
	// from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
	NullFields []string `json:"-"`
}

func (s Operation) MarshalJSON() ([]byte, error) {
	type NoMethod Operation
	return gensupport.MarshalJSON(NoMethod(s), s.ForceSendFields, s.NullFields)
}

// OperationMetadata: Represents the metadata of the long-running operation.
type OperationMetadata struct {
	// ApiVersion: Output only. API version used to start the operation.
	ApiVersion string `json:"apiVersion,omitempty"`
	// CreateTime: Output only. The time the operation was created.
	CreateTime string `json:"createTime,omitempty"`
	// EndTime: Output only. The time the operation finished running.
	EndTime string `json:"endTime,omitempty"`
	// RequestedCancellation: Output only. Identifies whether the user has
	// requested cancellation of the operation. Operations that have successfully
	// been cancelled have google.longrunning.Operation.error value with a
	// google.rpc.Status.code of 1, corresponding to `Code.CANCELLED`.
	RequestedCancellation bool `json:"requestedCancellation,omitempty"`
	// StatusMessage: Output only. Human-readable status of the operation, if any.
	StatusMessage string `json:"statusMessage,omitempty"`
	// Target: Output only. Server-defined resource path for the target of the
	// operation.
	Target string `json:"target,omitempty"`
	// Verb: Output only. Name of the verb executed by the operation.
	Verb string `json:"verb,omitempty"`
	// ForceSendFields is a list of field names (e.g. "ApiVersion") to
	// unconditionally include in API requests. By default, fields with empty or
	// default values are omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
	// details.
	ForceSendFields []string `json:"-"`
	// NullFields is a list of field names (e.g. "ApiVersion") to include in API
	// requests with the JSON null value. By default, fields with empty values are
	// omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
	NullFields []string `json:"-"`
}

func (s OperationMetadata) MarshalJSON() ([]byte, error) {
	type NoMethod OperationMetadata
	return gensupport.MarshalJSON(NoMethod(s), s.ForceSendFields, s.NullFields)
}

// Policy: An Identity and Access Management (IAM) policy, which specifies
// access controls for Google Cloud resources. A `Policy` is a collection of
// `bindings`. A `binding` binds one or more `members`, or principals, to a
// single `role`. Principals can be user accounts, service accounts, Google
// groups, and domains (such as G Suite). A `role` is a named list of
// permissions; each `role` can be an IAM predefined role or a user-created
// custom role. For some types of Google Cloud resources, a `binding` can also
// specify a `condition`, which is a logical expression that allows access to a
// resource only if the expression evaluates to `true`. A condition can add
// constraints based on attributes of the request, the resource, or both. To
// learn which resources support conditions in their IAM policies, see the IAM
// documentation
// (https://cloud.google.com/iam/help/conditions/resource-policies). **JSON
// example:** ``` { "bindings": [ { "role":
// "roles/resourcemanager.organizationAdmin", "members": [
// "user:mike@example.com", "group:admins@example.com", "domain:google.com",
// "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role":
// "roles/resourcemanager.organizationViewer", "members": [
// "user:eve@example.com" ], "condition": { "title": "expirable access",
// "description": "Does not grant access after Sep 2020", "expression":
// "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag":
// "BwWWja0YfJA=", "version": 3 } ``` **YAML example:** ``` bindings: -
// members: - user:mike@example.com - group:admins@example.com -
// domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com
// role: roles/resourcemanager.organizationAdmin - members: -
// user:eve@example.com role: roles/resourcemanager.organizationViewer
// condition: title: expirable access description: Does not grant access after
// Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z')
// etag: BwWWja0YfJA= version: 3 ``` For a description of IAM and its features,
// see the IAM documentation (https://cloud.google.com/iam/docs/).
type Policy struct {
	// AuditConfigs: Specifies cloud audit logging configuration for this policy.
	AuditConfigs []*AuditConfig `json:"auditConfigs,omitempty"`
	// Bindings: Associates a list of `members`, or principals, with a `role`.
	// Optionally, may specify a `condition` that determines how and when the
	// `bindings` are applied. Each of the `bindings` must contain at least one
	// principal. The `bindings` in a `Policy` can refer to up to 1,500 principals;
	// up to 250 of these principals can be Google groups. Each occurrence of a
	// principal counts towards these limits. For example, if the `bindings` grant
	// 50 different roles to `user:alice@example.com`, and not to any other
	// principal, then you can add another 1,450 principals to the `bindings` in
	// the `Policy`.
	Bindings []*Binding `json:"bindings,omitempty"`
	// Etag: `etag` is used for optimistic concurrency control as a way to help
	// prevent simultaneous updates of a policy from overwriting each other. It is
	// strongly suggested that systems make use of the `etag` in the
	// read-modify-write cycle to perform policy updates in order to avoid race
	// conditions: An `etag` is returned in the response to `getIamPolicy`, and
	// systems are expected to put that etag in the request to `setIamPolicy` to
	// ensure that their change will be applied to the same version of the policy.
	// **Important:** If you use IAM Conditions, you must include the `etag` field
	// whenever you call `setIamPolicy`. If you omit this field, then IAM allows
	// you to overwrite a version `3` policy with a version `1` policy, and all of
	// the conditions in the version `3` policy are lost.
	Etag string `json:"etag,omitempty"`
	// Version: Specifies the format of the policy. Valid values are `0`, `1`, and
	// `3`. Requests that specify an invalid value are rejected. Any operation that
	// affects conditional role bindings must specify version `3`. This requirement
	// applies to the following operations: * Getting a policy that includes a
	// conditional role binding * Adding a conditional role binding to a policy *
	// Changing a conditional role binding in a policy * Removing any role binding,
	// with or without a condition, from a policy that includes conditions
	// **Important:** If you use IAM Conditions, you must include the `etag` field
	// whenever you call `setIamPolicy`. If you omit this field, then IAM allows
	// you to overwrite a version `3` policy with a version `1` policy, and all of
	// the conditions in the version `3` policy are lost. If a policy does not
	// include any conditions, operations on that policy may specify any valid
	// version or leave the field unset. To learn which resources support
	// conditions in their IAM policies, see the IAM documentation
	// (https://cloud.google.com/iam/help/conditions/resource-policies).
	Version int64 `json:"version,omitempty"`

	// ServerResponse contains the HTTP response code and headers from the server.
	googleapi.ServerResponse `json:"-"`
	// ForceSendFields is a list of field names (e.g. "AuditConfigs") to
	// unconditionally include in API requests. By default, fields with empty or
	// default values are omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
	// details.
	ForceSendFields []string `json:"-"`
	// NullFields is a list of field names (e.g. "AuditConfigs") to include in API
	// requests with the JSON null value. By default, fields with empty values are
	// omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
	NullFields []string `json:"-"`
}

func (s Policy) MarshalJSON() ([]byte, error) {
	type NoMethod Policy
	return gensupport.MarshalJSON(NoMethod(s), s.ForceSendFields, s.NullFields)
}

// PublicKey: A PublicKey describes a public key.
type PublicKey struct {
	// Format: Required. The format of the public key.
	//
	// Possible values:
	//   "KEY_FORMAT_UNSPECIFIED" - Default unspecified value.
	//   "PEM" - The key is PEM-encoded as defined in [RFC
	// 7468](https://tools.ietf.org/html/rfc7468). It can be any of the following:
	// a PEM-encoded PKCS#1/RFC 3447 RSAPublicKey structure, an RFC 5280
	// [SubjectPublicKeyInfo](https://tools.ietf.org/html/rfc5280#section-4.1) or a
	// PEM-encoded X.509 certificate signing request (CSR). If a
	// [SubjectPublicKeyInfo](https://tools.ietf.org/html/rfc5280#section-4.1) is
	// specified, it can contain a A PEM-encoded PKCS#1/RFC 3447 RSAPublicKey or a
	// NIST P-256/secp256r1/prime256v1 or P-384 key. If a CSR is specified, it will
	// used solely for the purpose of extracting the public key. When generated by
	// the service, it will always be an RFC 5280
	// [SubjectPublicKeyInfo](https://tools.ietf.org/html/rfc5280#section-4.1)
	// structure containing an algorithm identifier and a key.
	Format string `json:"format,omitempty"`
	// Key: Required. A public key. The padding and encoding must match with the
	// `KeyFormat` value specified for the `format` field.
	Key string `json:"key,omitempty"`
	// ForceSendFields is a list of field names (e.g. "Format") to unconditionally
	// include in API requests. By default, fields with empty or default values are
	// omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
	// details.
	ForceSendFields []string `json:"-"`
	// NullFields is a list of field names (e.g. "Format") to include in API
	// requests with the JSON null value. By default, fields with empty values are
	// omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
	NullFields []string `json:"-"`
}

func (s PublicKey) MarshalJSON() ([]byte, error) {
	type NoMethod PublicKey
	return gensupport.MarshalJSON(NoMethod(s), s.ForceSendFields, s.NullFields)
}

// PublishingOptions: Options relating to the publication of each
// CertificateAuthority's CA certificate and CRLs and their inclusion as
// extensions in issued Certificates. The options set here apply to
// certificates issued by any CertificateAuthority in the CaPool.
type PublishingOptions struct {
	// EncodingFormat: Optional. Specifies the encoding format of each
	// CertificateAuthority resource's CA certificate and CRLs. If this is omitted,
	// CA certificates and CRLs will be published in PEM.
	//
	// Possible values:
	//   "ENCODING_FORMAT_UNSPECIFIED" - Not specified. By default, PEM format will
	// be used.
	//   "PEM" - The CertificateAuthority's CA certificate and CRLs will be
	// published in PEM format.
	//   "DER" - The CertificateAuthority's CA certificate and CRLs will be
	// published in DER format.
	EncodingFormat string `json:"encodingFormat,omitempty"`
	// PublishCaCert: Optional. When true, publishes each CertificateAuthority's CA
	// certificate and includes its URL in the "Authority Information Access" X.509
	// extension in all issued Certificates. If this is false, the CA certificate
	// will not be published and the corresponding X.509 extension will not be
	// written in issued certificates.
	PublishCaCert bool `json:"publishCaCert,omitempty"`
	// PublishCrl: Optional. When true, publishes each CertificateAuthority's CRL
	// and includes its URL in the "CRL Distribution Points" X.509 extension in all
	// issued Certificates. If this is false, CRLs will not be published and the
	// corresponding X.509 extension will not be written in issued certificates.
	// CRLs will expire 7 days from their creation. However, we will rebuild daily.
	// CRLs are also rebuilt shortly after a certificate is revoked.
	PublishCrl bool `json:"publishCrl,omitempty"`
	// ForceSendFields is a list of field names (e.g. "EncodingFormat") to
	// unconditionally include in API requests. By default, fields with empty or
	// default values are omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
	// details.
	ForceSendFields []string `json:"-"`
	// NullFields is a list of field names (e.g. "EncodingFormat") to include in
	// API requests with the JSON null value. By default, fields with empty values
	// are omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
	NullFields []string `json:"-"`
}

func (s PublishingOptions) MarshalJSON() ([]byte, error) {
	type NoMethod PublishingOptions
	return gensupport.MarshalJSON(NoMethod(s), s.ForceSendFields, s.NullFields)
}

// RelativeDistinguishedName: RelativeDistinguishedName specifies a relative
// distinguished name which will be used to build a distinguished name.
type RelativeDistinguishedName struct {
	// Attributes: Attributes describes the attribute value assertions in the RDN.
	Attributes []*AttributeTypeAndValue `json:"attributes,omitempty"`
	// ForceSendFields is a list of field names (e.g. "Attributes") to
	// unconditionally include in API requests. By default, fields with empty or
	// default values are omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
	// details.
	ForceSendFields []string `json:"-"`
	// NullFields is a list of field names (e.g. "Attributes") to include in API
	// requests with the JSON null value. By default, fields with empty values are
	// omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
	NullFields []string `json:"-"`
}

func (s RelativeDistinguishedName) MarshalJSON() ([]byte, error) {
	type NoMethod RelativeDistinguishedName
	return gensupport.MarshalJSON(NoMethod(s), s.ForceSendFields, s.NullFields)
}

// RevocationDetails: Describes fields that are relavent to the revocation of a
// Certificate.
type RevocationDetails struct {
	// RevocationState: Indicates why a Certificate was revoked.
	//
	// Possible values:
	//   "REVOCATION_REASON_UNSPECIFIED" - Default unspecified value. This value
	// does indicate that a Certificate has been revoked, but that a reason has not
	// been recorded.
	//   "KEY_COMPROMISE" - Key material for this Certificate may have leaked.
	//   "CERTIFICATE_AUTHORITY_COMPROMISE" - The key material for a certificate
	// authority in the issuing path may have leaked.
	//   "AFFILIATION_CHANGED" - The subject or other attributes in this
	// Certificate have changed.
	//   "SUPERSEDED" - This Certificate has been superseded.
	//   "CESSATION_OF_OPERATION" - This Certificate or entities in the issuing
	// path have ceased to operate.
	//   "CERTIFICATE_HOLD" - This Certificate should not be considered valid, it
	// is expected that it may become valid in the future.
	//   "PRIVILEGE_WITHDRAWN" - This Certificate no longer has permission to
	// assert the listed attributes.
	//   "ATTRIBUTE_AUTHORITY_COMPROMISE" - The authority which determines
	// appropriate attributes for a Certificate may have been compromised.
	RevocationState string `json:"revocationState,omitempty"`
	// RevocationTime: The time at which this Certificate was revoked.
	RevocationTime string `json:"revocationTime,omitempty"`
	// ForceSendFields is a list of field names (e.g. "RevocationState") to
	// unconditionally include in API requests. By default, fields with empty or
	// default values are omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
	// details.
	ForceSendFields []string `json:"-"`
	// NullFields is a list of field names (e.g. "RevocationState") to include in
	// API requests with the JSON null value. By default, fields with empty values
	// are omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
	NullFields []string `json:"-"`
}

func (s RevocationDetails) MarshalJSON() ([]byte, error) {
	type NoMethod RevocationDetails
	return gensupport.MarshalJSON(NoMethod(s), s.ForceSendFields, s.NullFields)
}

// RevokeCertificateRequest: Request message for
// CertificateAuthorityService.RevokeCertificate.
type RevokeCertificateRequest struct {
	// Reason: Required. The RevocationReason for revoking this certificate.
	//
	// Possible values:
	//   "REVOCATION_REASON_UNSPECIFIED" - Default unspecified value. This value
	// does indicate that a Certificate has been revoked, but that a reason has not
	// been recorded.
	//   "KEY_COMPROMISE" - Key material for this Certificate may have leaked.
	//   "CERTIFICATE_AUTHORITY_COMPROMISE" - The key material for a certificate
	// authority in the issuing path may have leaked.
	//   "AFFILIATION_CHANGED" - The subject or other attributes in this
	// Certificate have changed.
	//   "SUPERSEDED" - This Certificate has been superseded.
	//   "CESSATION_OF_OPERATION" - This Certificate or entities in the issuing
	// path have ceased to operate.
	//   "CERTIFICATE_HOLD" - This Certificate should not be considered valid, it
	// is expected that it may become valid in the future.
	//   "PRIVILEGE_WITHDRAWN" - This Certificate no longer has permission to
	// assert the listed attributes.
	//   "ATTRIBUTE_AUTHORITY_COMPROMISE" - The authority which determines
	// appropriate attributes for a Certificate may have been compromised.
	Reason string `json:"reason,omitempty"`
	// RequestId: Optional. An ID to identify requests. Specify a unique request ID
	// so that if you must retry your request, the server will know to ignore the
	// request if it has already been completed. The server will guarantee that for
	// at least 60 minutes since the first request. For example, consider a
	// situation where you make an initial request and the request times out. If
	// you make the request again with the same request ID, the server can check if
	// original operation with the same request ID was received, and if so, will
	// ignore the second request. This prevents clients from accidentally creating
	// duplicate commitments. The request ID must be a valid UUID with the
	// exception that zero UUID is not supported
	// (00000000-0000-0000-0000-000000000000).
	RequestId string `json:"requestId,omitempty"`
	// ForceSendFields is a list of field names (e.g. "Reason") to unconditionally
	// include in API requests. By default, fields with empty or default values are
	// omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
	// details.
	ForceSendFields []string `json:"-"`
	// NullFields is a list of field names (e.g. "Reason") to include in API
	// requests with the JSON null value. By default, fields with empty values are
	// omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
	NullFields []string `json:"-"`
}

func (s RevokeCertificateRequest) MarshalJSON() ([]byte, error) {
	type NoMethod RevokeCertificateRequest
	return gensupport.MarshalJSON(NoMethod(s), s.ForceSendFields, s.NullFields)
}

// RevokedCertificate: Describes a revoked Certificate.
type RevokedCertificate struct {
	// Certificate: The resource name for the Certificate in the format
	// `projects/*/locations/*/caPools/*/certificates/*`.
	Certificate string `json:"certificate,omitempty"`
	// HexSerialNumber: The serial number of the Certificate.
	HexSerialNumber string `json:"hexSerialNumber,omitempty"`
	// RevocationReason: The reason the Certificate was revoked.
	//
	// Possible values:
	//   "REVOCATION_REASON_UNSPECIFIED" - Default unspecified value. This value
	// does indicate that a Certificate has been revoked, but that a reason has not
	// been recorded.
	//   "KEY_COMPROMISE" - Key material for this Certificate may have leaked.
	//   "CERTIFICATE_AUTHORITY_COMPROMISE" - The key material for a certificate
	// authority in the issuing path may have leaked.
	//   "AFFILIATION_CHANGED" - The subject or other attributes in this
	// Certificate have changed.
	//   "SUPERSEDED" - This Certificate has been superseded.
	//   "CESSATION_OF_OPERATION" - This Certificate or entities in the issuing
	// path have ceased to operate.
	//   "CERTIFICATE_HOLD" - This Certificate should not be considered valid, it
	// is expected that it may become valid in the future.
	//   "PRIVILEGE_WITHDRAWN" - This Certificate no longer has permission to
	// assert the listed attributes.
	//   "ATTRIBUTE_AUTHORITY_COMPROMISE" - The authority which determines
	// appropriate attributes for a Certificate may have been compromised.
	RevocationReason string `json:"revocationReason,omitempty"`
	// ForceSendFields is a list of field names (e.g. "Certificate") to
	// unconditionally include in API requests. By default, fields with empty or
	// default values are omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
	// details.
	ForceSendFields []string `json:"-"`
	// NullFields is a list of field names (e.g. "Certificate") to include in API
	// requests with the JSON null value. By default, fields with empty values are
	// omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
	NullFields []string `json:"-"`
}

func (s RevokedCertificate) MarshalJSON() ([]byte, error) {
	type NoMethod RevokedCertificate
	return gensupport.MarshalJSON(NoMethod(s), s.ForceSendFields, s.NullFields)
}

// RsaKeyType: Describes an RSA key that may be used in a Certificate issued
// from a CaPool.
type RsaKeyType struct {
	// MaxModulusSize: Optional. The maximum allowed RSA modulus size (inclusive),
	// in bits. If this is not set, or if set to zero, the service will not enforce
	// an explicit upper bound on RSA modulus sizes.
	MaxModulusSize int64 `json:"maxModulusSize,omitempty,string"`
	// MinModulusSize: Optional. The minimum allowed RSA modulus size (inclusive),
	// in bits. If this is not set, or if set to zero, the service-level min RSA
	// modulus size will continue to apply.
	MinModulusSize int64 `json:"minModulusSize,omitempty,string"`
	// ForceSendFields is a list of field names (e.g. "MaxModulusSize") to
	// unconditionally include in API requests. By default, fields with empty or
	// default values are omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
	// details.
	ForceSendFields []string `json:"-"`
	// NullFields is a list of field names (e.g. "MaxModulusSize") to include in
	// API requests with the JSON null value. By default, fields with empty values
	// are omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
	NullFields []string `json:"-"`
}

func (s RsaKeyType) MarshalJSON() ([]byte, error) {
	type NoMethod RsaKeyType
	return gensupport.MarshalJSON(NoMethod(s), s.ForceSendFields, s.NullFields)
}

// SetIamPolicyRequest: Request message for `SetIamPolicy` method.
type SetIamPolicyRequest struct {
	// Policy: REQUIRED: The complete policy to be applied to the `resource`. The
	// size of the policy is limited to a few 10s of KB. An empty policy is a valid
	// policy but certain Google Cloud services (such as Projects) might reject
	// them.
	Policy *Policy `json:"policy,omitempty"`
	// UpdateMask: OPTIONAL: A FieldMask specifying which fields of the policy to
	// modify. Only the fields in the mask will be modified. If no mask is
	// provided, the following default mask is used: `paths: "bindings, etag"
	UpdateMask string `json:"updateMask,omitempty"`
	// ForceSendFields is a list of field names (e.g. "Policy") to unconditionally
	// include in API requests. By default, fields with empty or default values are
	// omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
	// details.
	ForceSendFields []string `json:"-"`
	// NullFields is a list of field names (e.g. "Policy") to include in API
	// requests with the JSON null value. By default, fields with empty values are
	// omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
	NullFields []string `json:"-"`
}

func (s SetIamPolicyRequest) MarshalJSON() ([]byte, error) {
	type NoMethod SetIamPolicyRequest
	return gensupport.MarshalJSON(NoMethod(s), s.ForceSendFields, s.NullFields)
}

// Status: The `Status` type defines a logical error model that is suitable for
// different programming environments, including REST APIs and RPC APIs. It is
// used by gRPC (https://github.com/grpc). Each `Status` message contains three
// pieces of data: error code, error message, and error details. You can find
// out more about this error model and how to work with it in the API Design
// Guide (https://cloud.google.com/apis/design/errors).
type Status struct {
	// Code: The status code, which should be an enum value of google.rpc.Code.
	Code int64 `json:"code,omitempty"`
	// Details: A list of messages that carry the error details. There is a common
	// set of message types for APIs to use.
	Details []googleapi.RawMessage `json:"details,omitempty"`
	// Message: A developer-facing error message, which should be in English. Any
	// user-facing error message should be localized and sent in the
	// google.rpc.Status.details field, or localized by the client.
	Message string `json:"message,omitempty"`
	// ForceSendFields is a list of field names (e.g. "Code") to unconditionally
	// include in API requests. By default, fields with empty or default values are
	// omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
	// details.
	ForceSendFields []string `json:"-"`
	// NullFields is a list of field names (e.g. "Code") to include in API requests
	// with the JSON null value. By default, fields with empty values are omitted
	// from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
	NullFields []string `json:"-"`
}

func (s Status) MarshalJSON() ([]byte, error) {
	type NoMethod Status
	return gensupport.MarshalJSON(NoMethod(s), s.ForceSendFields, s.NullFields)
}

// Subject: Subject describes parts of a distinguished name that, in turn,
// describes the subject of the certificate.
type Subject struct {
	// CommonName: The "common name" of the subject.
	CommonName string `json:"commonName,omitempty"`
	// CountryCode: The country code of the subject.
	CountryCode string `json:"countryCode,omitempty"`
	// Locality: The locality or city of the subject.
	Locality string `json:"locality,omitempty"`
	// Organization: The organization of the subject.
	Organization string `json:"organization,omitempty"`
	// OrganizationalUnit: The organizational_unit of the subject.
	OrganizationalUnit string `json:"organizationalUnit,omitempty"`
	// PostalCode: The postal code of the subject.
	PostalCode string `json:"postalCode,omitempty"`
	// Province: The province, territory, or regional state of the subject.
	Province string `json:"province,omitempty"`
	// RdnSequence: This field can be used in place of the named subject fields.
	RdnSequence []*RelativeDistinguishedName `json:"rdnSequence,omitempty"`
	// StreetAddress: The street address of the subject.
	StreetAddress string `json:"streetAddress,omitempty"`
	// ForceSendFields is a list of field names (e.g. "CommonName") to
	// unconditionally include in API requests. By default, fields with empty or
	// default values are omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
	// details.
	ForceSendFields []string `json:"-"`
	// NullFields is a list of field names (e.g. "CommonName") to include in API
	// requests with the JSON null value. By default, fields with empty values are
	// omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
	NullFields []string `json:"-"`
}

func (s Subject) MarshalJSON() ([]byte, error) {
	type NoMethod Subject
	return gensupport.MarshalJSON(NoMethod(s), s.ForceSendFields, s.NullFields)
}

// SubjectAltNames: SubjectAltNames corresponds to a more modern way of listing
// what the asserted identity is in a certificate (i.e., compared to the
// "common name" in the distinguished name).
type SubjectAltNames struct {
	// CustomSans: Contains additional subject alternative name values. For each
	// custom_san, the `value` field must contain an ASN.1 encoded UTF8String.
	CustomSans []*X509Extension `json:"customSans,omitempty"`
	// DnsNames: Contains only valid, fully-qualified host names.
	DnsNames []string `json:"dnsNames,omitempty"`
	// EmailAddresses: Contains only valid RFC 2822 E-mail addresses.
	EmailAddresses []string `json:"emailAddresses,omitempty"`
	// IpAddresses: Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6
	// addresses.
	IpAddresses []string `json:"ipAddresses,omitempty"`
	// Uris: Contains only valid RFC 3986 URIs.
	Uris []string `json:"uris,omitempty"`
	// ForceSendFields is a list of field names (e.g. "CustomSans") to
	// unconditionally include in API requests. By default, fields with empty or
	// default values are omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
	// details.
	ForceSendFields []string `json:"-"`
	// NullFields is a list of field names (e.g. "CustomSans") to include in API
	// requests with the JSON null value. By default, fields with empty values are
	// omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
	NullFields []string `json:"-"`
}

func (s SubjectAltNames) MarshalJSON() ([]byte, error) {
	type NoMethod SubjectAltNames
	return gensupport.MarshalJSON(NoMethod(s), s.ForceSendFields, s.NullFields)
}

// SubjectConfig: These values are used to create the distinguished name and
// subject alternative name fields in an X.509 certificate.
type SubjectConfig struct {
	// Subject: Optional. Contains distinguished name fields such as the common
	// name, location and organization.
	Subject *Subject `json:"subject,omitempty"`
	// SubjectAltName: Optional. The subject alternative name fields.
	SubjectAltName *SubjectAltNames `json:"subjectAltName,omitempty"`
	// ForceSendFields is a list of field names (e.g. "Subject") to unconditionally
	// include in API requests. By default, fields with empty or default values are
	// omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
	// details.
	ForceSendFields []string `json:"-"`
	// NullFields is a list of field names (e.g. "Subject") to include in API
	// requests with the JSON null value. By default, fields with empty values are
	// omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
	NullFields []string `json:"-"`
}

func (s SubjectConfig) MarshalJSON() ([]byte, error) {
	type NoMethod SubjectConfig
	return gensupport.MarshalJSON(NoMethod(s), s.ForceSendFields, s.NullFields)
}

// SubjectDescription: These values describe fields in an issued X.509
// certificate such as the distinguished name, subject alternative names,
// serial number, and lifetime.
type SubjectDescription struct {
	// HexSerialNumber: The serial number encoded in lowercase hexadecimal.
	HexSerialNumber string `json:"hexSerialNumber,omitempty"`
	// Lifetime: For convenience, the actual lifetime of an issued certificate.
	Lifetime string `json:"lifetime,omitempty"`
	// NotAfterTime: The time after which the certificate is expired. Per RFC 5280,
	// the validity period for a certificate is the period of time from
	// not_before_time through not_after_time, inclusive. Corresponds to
	// 'not_before_time' + 'lifetime' - 1 second.
	NotAfterTime string `json:"notAfterTime,omitempty"`
	// NotBeforeTime: The time at which the certificate becomes valid.
	NotBeforeTime string `json:"notBeforeTime,omitempty"`
	// Subject: Contains distinguished name fields such as the common name,
	// location and / organization.
	Subject *Subject `json:"subject,omitempty"`
	// SubjectAltName: The subject alternative name fields.
	SubjectAltName *SubjectAltNames `json:"subjectAltName,omitempty"`
	// ForceSendFields is a list of field names (e.g. "HexSerialNumber") to
	// unconditionally include in API requests. By default, fields with empty or
	// default values are omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
	// details.
	ForceSendFields []string `json:"-"`
	// NullFields is a list of field names (e.g. "HexSerialNumber") to include in
	// API requests with the JSON null value. By default, fields with empty values
	// are omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
	NullFields []string `json:"-"`
}

func (s SubjectDescription) MarshalJSON() ([]byte, error) {
	type NoMethod SubjectDescription
	return gensupport.MarshalJSON(NoMethod(s), s.ForceSendFields, s.NullFields)
}

// SubordinateConfig: Describes a subordinate CA's issuers. This is either a
// resource name to a known issuing CertificateAuthority, or a PEM issuer
// certificate chain.
type SubordinateConfig struct {
	// CertificateAuthority: Required. This can refer to a CertificateAuthority
	// that was used to create a subordinate CertificateAuthority. This field is
	// used for information and usability purposes only. The resource name is in
	// the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
	CertificateAuthority string `json:"certificateAuthority,omitempty"`
	// PemIssuerChain: Required. Contains the PEM certificate chain for the issuers
	// of this CertificateAuthority, but not pem certificate for this CA itself.
	PemIssuerChain *SubordinateConfigChain `json:"pemIssuerChain,omitempty"`
	// ForceSendFields is a list of field names (e.g. "CertificateAuthority") to
	// unconditionally include in API requests. By default, fields with empty or
	// default values are omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
	// details.
	ForceSendFields []string `json:"-"`
	// NullFields is a list of field names (e.g. "CertificateAuthority") to include
	// in API requests with the JSON null value. By default, fields with empty
	// values are omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
	NullFields []string `json:"-"`
}

func (s SubordinateConfig) MarshalJSON() ([]byte, error) {
	type NoMethod SubordinateConfig
	return gensupport.MarshalJSON(NoMethod(s), s.ForceSendFields, s.NullFields)
}

// SubordinateConfigChain: This message describes a subordinate CA's issuer
// certificate chain. This wrapper exists for compatibility reasons.
type SubordinateConfigChain struct {
	// PemCertificates: Required. Expected to be in leaf-to-root order according to
	// RFC 5246.
	PemCertificates []string `json:"pemCertificates,omitempty"`
	// ForceSendFields is a list of field names (e.g. "PemCertificates") to
	// unconditionally include in API requests. By default, fields with empty or
	// default values are omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
	// details.
	ForceSendFields []string `json:"-"`
	// NullFields is a list of field names (e.g. "PemCertificates") to include in
	// API requests with the JSON null value. By default, fields with empty values
	// are omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
	NullFields []string `json:"-"`
}

func (s SubordinateConfigChain) MarshalJSON() ([]byte, error) {
	type NoMethod SubordinateConfigChain
	return gensupport.MarshalJSON(NoMethod(s), s.ForceSendFields, s.NullFields)
}

// TestIamPermissionsRequest: Request message for `TestIamPermissions` method.
type TestIamPermissionsRequest struct {
	// Permissions: The set of permissions to check for the `resource`. Permissions
	// with wildcards (such as `*` or `storage.*`) are not allowed. For more
	// information see IAM Overview
	// (https://cloud.google.com/iam/docs/overview#permissions).
	Permissions []string `json:"permissions,omitempty"`
	// ForceSendFields is a list of field names (e.g. "Permissions") to
	// unconditionally include in API requests. By default, fields with empty or
	// default values are omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
	// details.
	ForceSendFields []string `json:"-"`
	// NullFields is a list of field names (e.g. "Permissions") to include in API
	// requests with the JSON null value. By default, fields with empty values are
	// omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
	NullFields []string `json:"-"`
}

func (s TestIamPermissionsRequest) MarshalJSON() ([]byte, error) {
	type NoMethod TestIamPermissionsRequest
	return gensupport.MarshalJSON(NoMethod(s), s.ForceSendFields, s.NullFields)
}

// TestIamPermissionsResponse: Response message for `TestIamPermissions`
// method.
type TestIamPermissionsResponse struct {
	// Permissions: A subset of `TestPermissionsRequest.permissions` that the
	// caller is allowed.
	Permissions []string `json:"permissions,omitempty"`

	// ServerResponse contains the HTTP response code and headers from the server.
	googleapi.ServerResponse `json:"-"`
	// ForceSendFields is a list of field names (e.g. "Permissions") to
	// unconditionally include in API requests. By default, fields with empty or
	// default values are omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
	// details.
	ForceSendFields []string `json:"-"`
	// NullFields is a list of field names (e.g. "Permissions") to include in API
	// requests with the JSON null value. By default, fields with empty values are
	// omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
	NullFields []string `json:"-"`
}

func (s TestIamPermissionsResponse) MarshalJSON() ([]byte, error) {
	type NoMethod TestIamPermissionsResponse
	return gensupport.MarshalJSON(NoMethod(s), s.ForceSendFields, s.NullFields)
}

// UndeleteCertificateAuthorityRequest: Request message for
// CertificateAuthorityService.UndeleteCertificateAuthority.
type UndeleteCertificateAuthorityRequest struct {
	// RequestId: Optional. An ID to identify requests. Specify a unique request ID
	// so that if you must retry your request, the server will know to ignore the
	// request if it has already been completed. The server will guarantee that for
	// at least 60 minutes since the first request. For example, consider a
	// situation where you make an initial request and the request times out. If
	// you make the request again with the same request ID, the server can check if
	// original operation with the same request ID was received, and if so, will
	// ignore the second request. This prevents clients from accidentally creating
	// duplicate commitments. The request ID must be a valid UUID with the
	// exception that zero UUID is not supported
	// (00000000-0000-0000-0000-000000000000).
	RequestId string `json:"requestId,omitempty"`
	// ForceSendFields is a list of field names (e.g. "RequestId") to
	// unconditionally include in API requests. By default, fields with empty or
	// default values are omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
	// details.
	ForceSendFields []string `json:"-"`
	// NullFields is a list of field names (e.g. "RequestId") to include in API
	// requests with the JSON null value. By default, fields with empty values are
	// omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
	NullFields []string `json:"-"`
}

func (s UndeleteCertificateAuthorityRequest) MarshalJSON() ([]byte, error) {
	type NoMethod UndeleteCertificateAuthorityRequest
	return gensupport.MarshalJSON(NoMethod(s), s.ForceSendFields, s.NullFields)
}

// UserDefinedAccessUrls: User-defined URLs for accessing content published by
// this CertificateAuthority.
type UserDefinedAccessUrls struct {
	// AiaIssuingCertificateUrls: Optional. A list of URLs where the issuer CA
	// certificate may be downloaded, which appears in the "Authority Information
	// Access" extension in the certificate. If specified, the default Cloud
	// Storage URLs will be omitted.
	AiaIssuingCertificateUrls []string `json:"aiaIssuingCertificateUrls,omitempty"`
	// CrlAccessUrls: Optional. A list of URLs where to obtain CRL information,
	// i.e. the DistributionPoint.fullName described by
	// https://tools.ietf.org/html/rfc5280#section-4.2.1.13. If specified, the
	// default Cloud Storage URLs will be omitted.
	CrlAccessUrls []string `json:"crlAccessUrls,omitempty"`
	// ForceSendFields is a list of field names (e.g. "AiaIssuingCertificateUrls")
	// to unconditionally include in API requests. By default, fields with empty or
	// default values are omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
	// details.
	ForceSendFields []string `json:"-"`
	// NullFields is a list of field names (e.g. "AiaIssuingCertificateUrls") to
	// include in API requests with the JSON null value. By default, fields with
	// empty values are omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
	NullFields []string `json:"-"`
}

func (s UserDefinedAccessUrls) MarshalJSON() ([]byte, error) {
	type NoMethod UserDefinedAccessUrls
	return gensupport.MarshalJSON(NoMethod(s), s.ForceSendFields, s.NullFields)
}

// X509Extension: An X509Extension specifies an X.509 extension, which may be
// used in different parts of X.509 objects like certificates, CSRs, and CRLs.
type X509Extension struct {
	// Critical: Optional. Indicates whether or not this extension is critical
	// (i.e., if the client does not know how to handle this extension, the client
	// should consider this to be an error).
	Critical bool `json:"critical,omitempty"`
	// ObjectId: Required. The OID for this X.509 extension.
	ObjectId *ObjectId `json:"objectId,omitempty"`
	// Value: Required. The value of this X.509 extension.
	Value string `json:"value,omitempty"`
	// ForceSendFields is a list of field names (e.g. "Critical") to
	// unconditionally include in API requests. By default, fields with empty or
	// default values are omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
	// details.
	ForceSendFields []string `json:"-"`
	// NullFields is a list of field names (e.g. "Critical") to include in API
	// requests with the JSON null value. By default, fields with empty values are
	// omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
	NullFields []string `json:"-"`
}

func (s X509Extension) MarshalJSON() ([]byte, error) {
	type NoMethod X509Extension
	return gensupport.MarshalJSON(NoMethod(s), s.ForceSendFields, s.NullFields)
}

// X509Parameters: An X509Parameters is used to describe certain fields of an
// X.509 certificate, such as the key usage fields, fields specific to CA
// certificates, certificate policy extensions and custom extensions.
type X509Parameters struct {
	// AdditionalExtensions: Optional. Describes custom X.509 extensions.
	AdditionalExtensions []*X509Extension `json:"additionalExtensions,omitempty"`
	// AiaOcspServers: Optional. Describes Online Certificate Status Protocol
	// (OCSP) endpoint addresses that appear in the "Authority Information Access"
	// extension in the certificate.
	AiaOcspServers []string `json:"aiaOcspServers,omitempty"`
	// CaOptions: Optional. Describes options in this X509Parameters that are
	// relevant in a CA certificate. If not specified, a default basic constraints
	// extension with `is_ca=false` will be added for leaf certificates.
	CaOptions *CaOptions `json:"caOptions,omitempty"`
	// KeyUsage: Optional. Indicates the intended use for keys that correspond to a
	// certificate.
	KeyUsage *KeyUsage `json:"keyUsage,omitempty"`
	// NameConstraints: Optional. Describes the X.509 name constraints extension.
	NameConstraints *NameConstraints `json:"nameConstraints,omitempty"`
	// PolicyIds: Optional. Describes the X.509 certificate policy object
	// identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
	PolicyIds []*ObjectId `json:"policyIds,omitempty"`
	// ForceSendFields is a list of field names (e.g. "AdditionalExtensions") to
	// unconditionally include in API requests. By default, fields with empty or
	// default values are omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
	// details.
	ForceSendFields []string `json:"-"`
	// NullFields is a list of field names (e.g. "AdditionalExtensions") to include
	// in API requests with the JSON null value. By default, fields with empty
	// values are omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
	NullFields []string `json:"-"`
}

func (s X509Parameters) MarshalJSON() ([]byte, error) {
	type NoMethod X509Parameters
	return gensupport.MarshalJSON(NoMethod(s), s.ForceSendFields, s.NullFields)
}

type ProjectsLocationsGetCall struct {
	s            *Service
	name         string
	urlParams_   gensupport.URLParams
	ifNoneMatch_ string
	ctx_         context.Context
	header_      http.Header
}

// Get: Gets information about a location.
//
// - name: Resource name for the location.
func (r *ProjectsLocationsService) Get(name string) *ProjectsLocationsGetCall {
	c := &ProjectsLocationsGetCall{s: r.s, urlParams_: make(gensupport.URLParams)}
	c.name = name
	return c
}

// Fields allows partial responses to be retrieved. See
// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
// details.
func (c *ProjectsLocationsGetCall) Fields(s ...googleapi.Field) *ProjectsLocationsGetCall {
	c.urlParams_.Set("fields", googleapi.CombineFields(s))
	return c
}

// IfNoneMatch sets an optional parameter which makes the operation fail if the
// object's ETag matches the given value. This is useful for getting updates
// only after the object has changed since the last request.
func (c *ProjectsLocationsGetCall) IfNoneMatch(entityTag string) *ProjectsLocationsGetCall {
	c.ifNoneMatch_ = entityTag
	return c
}

// Context sets the context to be used in this call's Do method.
func (c *ProjectsLocationsGetCall) Context(ctx context.Context) *ProjectsLocationsGetCall {
	c.ctx_ = ctx
	return c
}

// Header returns a http.Header that can be modified by the caller to add
// headers to the request.
func (c *ProjectsLocationsGetCall) Header() http.Header {
	if c.header_ == nil {
		c.header_ = make(http.Header)
	}
	return c.header_
}

func (c *ProjectsLocationsGetCall) doRequest(alt string) (*http.Response, error) {
	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "", c.header_)
	if c.ifNoneMatch_ != "" {
		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
	}
	c.urlParams_.Set("alt", alt)
	c.urlParams_.Set("prettyPrint", "false")
	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}")
	urls += "?" + c.urlParams_.Encode()
	req, err := http.NewRequest("GET", urls, nil)
	if err != nil {
		return nil, err
	}
	req.Header = reqHeaders
	googleapi.Expand(req.URL, map[string]string{
		"name": c.name,
	})
	c.s.logger.DebugContext(c.ctx_, "api request", "serviceName", apiName, "rpcName", "privateca.projects.locations.get", "request", internallog.HTTPRequest(req, nil))
	return gensupport.SendRequest(c.ctx_, c.s.client, req)
}

// Do executes the "privateca.projects.locations.get" call.
// Any non-2xx status code is an error. Response headers are in either
// *Location.ServerResponse.Header or (if a response was returned at all) in
// error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
// whether the returned error was because http.StatusNotModified was returned.
func (c *ProjectsLocationsGetCall) Do(opts ...googleapi.CallOption) (*Location, error) {
	gensupport.SetOptions(c.urlParams_, opts...)
	res, err := c.doRequest("json")
	if res != nil && res.StatusCode == http.StatusNotModified {
		if res.Body != nil {
			res.Body.Close()
		}
		return nil, gensupport.WrapError(&googleapi.Error{
			Code:   res.StatusCode,
			Header: res.Header,
		})
	}
	if err != nil {
		return nil, err
	}
	defer googleapi.CloseBody(res)
	if err := googleapi.CheckResponse(res); err != nil {
		return nil, gensupport.WrapError(err)
	}
	ret := &Location{
		ServerResponse: googleapi.ServerResponse{
			Header:         res.Header,
			HTTPStatusCode: res.StatusCode,
		},
	}
	target := &ret
	b, err := gensupport.DecodeResponseBytes(target, res)
	if err != nil {
		return nil, err
	}
	c.s.logger.DebugContext(c.ctx_, "api response", "serviceName", apiName, "rpcName", "privateca.projects.locations.get", "response", internallog.HTTPResponse(res, b))
	return ret, nil
}

type ProjectsLocationsListCall struct {
	s            *Service
	name         string
	urlParams_   gensupport.URLParams
	ifNoneMatch_ string
	ctx_         context.Context
	header_      http.Header
}

// List: Lists information about the supported locations for this service. This
// method lists locations based on the resource scope provided in the
// [ListLocationsRequest.name] field: * **Global locations**: If `name` is
// empty, the method lists the public locations available to all projects. *
// **Project-specific locations**: If `name` follows the format
// `projects/{project}`, the method lists locations visible to that specific
// project. This includes public, private, or other project-specific locations
// enabled for the project. For gRPC and client library implementations, the
// resource name is passed as the `name` field. For direct service calls, the
// resource name is incorporated into the request path based on the specific
// service implementation and version.
//
// - name: The resource that owns the locations collection, if applicable.
func (r *ProjectsLocationsService) List(name string) *ProjectsLocationsListCall {
	c := &ProjectsLocationsListCall{s: r.s, urlParams_: make(gensupport.URLParams)}
	c.name = name
	return c
}

// ExtraLocationTypes sets the optional parameter "extraLocationTypes": Do not
// use this field. It is unsupported and is ignored unless explicitly
// documented otherwise. This is primarily for internal usage.
func (c *ProjectsLocationsListCall) ExtraLocationTypes(extraLocationTypes ...string) *ProjectsLocationsListCall {
	c.urlParams_.SetMulti("extraLocationTypes", append([]string{}, extraLocationTypes...))
	return c
}

// Filter sets the optional parameter "filter": A filter to narrow down results
// to a preferred subset. The filtering language accepts strings like
// "displayName=tokyo", and is documented in more detail in AIP-160
// (https://google.aip.dev/160).
func (c *ProjectsLocationsListCall) Filter(filter string) *ProjectsLocationsListCall {
	c.urlParams_.Set("filter", filter)
	return c
}

// PageSize sets the optional parameter "pageSize": The maximum number of
// results to return. If not set, the service selects a default.
func (c *ProjectsLocationsListCall) PageSize(pageSize int64) *ProjectsLocationsListCall {
	c.urlParams_.Set("pageSize", fmt.Sprint(pageSize))
	return c
}

// PageToken sets the optional parameter "pageToken": A page token received
// from the `next_page_token` field in the response. Send that page token to
// receive the subsequent page.
func (c *ProjectsLocationsListCall) PageToken(pageToken string) *ProjectsLocationsListCall {
	c.urlParams_.Set("pageToken", pageToken)
	return c
}

// Fields allows partial responses to be retrieved. See
// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
// details.
func (c *ProjectsLocationsListCall) Fields(s ...googleapi.Field) *ProjectsLocationsListCall {
	c.urlParams_.Set("fields", googleapi.CombineFields(s))
	return c
}

// IfNoneMatch sets an optional parameter which makes the operation fail if the
// object's ETag matches the given value. This is useful for getting updates
// only after the object has changed since the last request.
func (c *ProjectsLocationsListCall) IfNoneMatch(entityTag string) *ProjectsLocationsListCall {
	c.ifNoneMatch_ = entityTag
	return c
}

// Context sets the context to be used in this call's Do method.
func (c *ProjectsLocationsListCall) Context(ctx context.Context) *ProjectsLocationsListCall {
	c.ctx_ = ctx
	return c
}

// Header returns a http.Header that can be modified by the caller to add
// headers to the request.
func (c *ProjectsLocationsListCall) Header() http.Header {
	if c.header_ == nil {
		c.header_ = make(http.Header)
	}
	return c.header_
}

func (c *ProjectsLocationsListCall) doRequest(alt string) (*http.Response, error) {
	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "", c.header_)
	if c.ifNoneMatch_ != "" {
		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
	}
	c.urlParams_.Set("alt", alt)
	c.urlParams_.Set("prettyPrint", "false")
	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}/locations")
	urls += "?" + c.urlParams_.Encode()
	req, err := http.NewRequest("GET", urls, nil)
	if err != nil {
		return nil, err
	}
	req.Header = reqHeaders
	googleapi.Expand(req.URL, map[string]string{
		"name": c.name,
	})
	c.s.logger.DebugContext(c.ctx_, "api request", "serviceName", apiName, "rpcName", "privateca.projects.locations.list", "request", internallog.HTTPRequest(req, nil))
	return gensupport.SendRequest(c.ctx_, c.s.client, req)
}

// Do executes the "privateca.projects.locations.list" call.
// Any non-2xx status code is an error. Response headers are in either
// *ListLocationsResponse.ServerResponse.Header or (if a response was returned
// at all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
// check whether the returned error was because http.StatusNotModified was
// returned.
func (c *ProjectsLocationsListCall) Do(opts ...googleapi.CallOption) (*ListLocationsResponse, error) {
	gensupport.SetOptions(c.urlParams_, opts...)
	res, err := c.doRequest("json")
	if res != nil && res.StatusCode == http.StatusNotModified {
		if res.Body != nil {
			res.Body.Close()
		}
		return nil, gensupport.WrapError(&googleapi.Error{
			Code:   res.StatusCode,
			Header: res.Header,
		})
	}
	if err != nil {
		return nil, err
	}
	defer googleapi.CloseBody(res)
	if err := googleapi.CheckResponse(res); err != nil {
		return nil, gensupport.WrapError(err)
	}
	ret := &ListLocationsResponse{
		ServerResponse: googleapi.ServerResponse{
			Header:         res.Header,
			HTTPStatusCode: res.StatusCode,
		},
	}
	target := &ret
	b, err := gensupport.DecodeResponseBytes(target, res)
	if err != nil {
		return nil, err
	}
	c.s.logger.DebugContext(c.ctx_, "api response", "serviceName", apiName, "rpcName", "privateca.projects.locations.list", "response", internallog.HTTPResponse(res, b))
	return ret, nil
}

// Pages invokes f for each page of results.
// A non-nil error returned from f will halt the iteration.
// The provided context supersedes any context provided to the Context method.
func (c *ProjectsLocationsListCall) Pages(ctx context.Context, f func(*ListLocationsResponse) error) error {
	c.ctx_ = ctx
	defer c.PageToken(c.urlParams_.Get("pageToken"))
	for {
		x, err := c.Do()
		if err != nil {
			return err
		}
		if err := f(x); err != nil {
			return err
		}
		if x.NextPageToken == "" {
			return nil
		}
		c.PageToken(x.NextPageToken)
	}
}

type ProjectsLocationsCaPoolsCreateCall struct {
	s          *Service
	parent     string
	capool     *CaPool
	urlParams_ gensupport.URLParams
	ctx_       context.Context
	header_    http.Header
}

// Create: Create a CaPool.
//
//   - parent: The resource name of the location associated with the CaPool, in
//     the format `projects/*/locations/*`.
func (r *ProjectsLocationsCaPoolsService) Create(parent string, capool *CaPool) *ProjectsLocationsCaPoolsCreateCall {
	c := &ProjectsLocationsCaPoolsCreateCall{s: r.s, urlParams_: make(gensupport.URLParams)}
	c.parent = parent
	c.capool = capool
	return c
}

// CaPoolId sets the optional parameter "caPoolId": Required. It must be unique
// within a location and match the regular expression `[a-zA-Z0-9_-]{1,63}`
func (c *ProjectsLocationsCaPoolsCreateCall) CaPoolId(caPoolId string) *ProjectsLocationsCaPoolsCreateCall {
	c.urlParams_.Set("caPoolId", caPoolId)
	return c
}

// RequestId sets the optional parameter "requestId": An ID to identify
// requests. Specify a unique request ID so that if you must retry your
// request, the server will know to ignore the request if it has already been
// completed. The server will guarantee that for at least 60 minutes since the
// first request. For example, consider a situation where you make an initial
// request and the request times out. If you make the request again with the
// same request ID, the server can check if original operation with the same
// request ID was received, and if so, will ignore the second request. This
// prevents clients from accidentally creating duplicate commitments. The
// request ID must be a valid UUID with the exception that zero UUID is not
// supported (00000000-0000-0000-0000-000000000000).
func (c *ProjectsLocationsCaPoolsCreateCall) RequestId(requestId string) *ProjectsLocationsCaPoolsCreateCall {
	c.urlParams_.Set("requestId", requestId)
	return c
}

// Fields allows partial responses to be retrieved. See
// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
// details.
func (c *ProjectsLocationsCaPoolsCreateCall) Fields(s ...googleapi.Field) *ProjectsLocationsCaPoolsCreateCall {
	c.urlParams_.Set("fields", googleapi.CombineFields(s))
	return c
}

// Context sets the context to be used in this call's Do method.
func (c *ProjectsLocationsCaPoolsCreateCall) Context(ctx context.Context) *ProjectsLocationsCaPoolsCreateCall {
	c.ctx_ = ctx
	return c
}

// Header returns a http.Header that can be modified by the caller to add
// headers to the request.
func (c *ProjectsLocationsCaPoolsCreateCall) Header() http.Header {
	if c.header_ == nil {
		c.header_ = make(http.Header)
	}
	return c.header_
}

func (c *ProjectsLocationsCaPoolsCreateCall) doRequest(alt string) (*http.Response, error) {
	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "application/json", c.header_)
	body, err := googleapi.WithoutDataWrapper.JSONBuffer(c.capool)
	if err != nil {
		return nil, err
	}
	c.urlParams_.Set("alt", alt)
	c.urlParams_.Set("prettyPrint", "false")
	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+parent}/caPools")
	urls += "?" + c.urlParams_.Encode()
	req, err := http.NewRequest("POST", urls, body)
	if err != nil {
		return nil, err
	}
	req.Header = reqHeaders
	googleapi.Expand(req.URL, map[string]string{
		"parent": c.parent,
	})
	c.s.logger.DebugContext(c.ctx_, "api request", "serviceName", apiName, "rpcName", "privateca.projects.locations.caPools.create", "request", internallog.HTTPRequest(req, body.Bytes()))
	return gensupport.SendRequest(c.ctx_, c.s.client, req)
}

// Do executes the "privateca.projects.locations.caPools.create" call.
// Any non-2xx status code is an error. Response headers are in either
// *Operation.ServerResponse.Header or (if a response was returned at all) in
// error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
// whether the returned error was because http.StatusNotModified was returned.
func (c *ProjectsLocationsCaPoolsCreateCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
	gensupport.SetOptions(c.urlParams_, opts...)
	res, err := c.doRequest("json")
	if res != nil && res.StatusCode == http.StatusNotModified {
		if res.Body != nil {
			res.Body.Close()
		}
		return nil, gensupport.WrapError(&googleapi.Error{
			Code:   res.StatusCode,
			Header: res.Header,
		})
	}
	if err != nil {
		return nil, err
	}
	defer googleapi.CloseBody(res)
	if err := googleapi.CheckResponse(res); err != nil {
		return nil, gensupport.WrapError(err)
	}
	ret := &Operation{
		ServerResponse: googleapi.ServerResponse{
			Header:         res.Header,
			HTTPStatusCode: res.StatusCode,
		},
	}
	target := &ret
	b, err := gensupport.DecodeResponseBytes(target, res)
	if err != nil {
		return nil, err
	}
	c.s.logger.DebugContext(c.ctx_, "api response", "serviceName", apiName, "rpcName", "privateca.projects.locations.caPools.create", "response", internallog.HTTPResponse(res, b))
	return ret, nil
}

type ProjectsLocationsCaPoolsDeleteCall struct {
	s          *Service
	name       string
	urlParams_ gensupport.URLParams
	ctx_       context.Context
	header_    http.Header
}

// Delete: Delete a CaPool.
//
//   - name: The resource name for this CaPool in the format
//     `projects/*/locations/*/caPools/*`.
func (r *ProjectsLocationsCaPoolsService) Delete(name string) *ProjectsLocationsCaPoolsDeleteCall {
	c := &ProjectsLocationsCaPoolsDeleteCall{s: r.s, urlParams_: make(gensupport.URLParams)}
	c.name = name
	return c
}

// IgnoreDependentResources sets the optional parameter
// "ignoreDependentResources": This field allows this pool to be deleted even
// if it's being depended on by another resource. However, doing so may result
// in unintended and unrecoverable effects on any dependent resources since the
// pool will no longer be able to issue certificates.
func (c *ProjectsLocationsCaPoolsDeleteCall) IgnoreDependentResources(ignoreDependentResources bool) *ProjectsLocationsCaPoolsDeleteCall {
	c.urlParams_.Set("ignoreDependentResources", fmt.Sprint(ignoreDependentResources))
	return c
}

// RequestId sets the optional parameter "requestId": An ID to identify
// requests. Specify a unique request ID so that if you must retry your
// request, the server will know to ignore the request if it has already been
// completed. The server will guarantee that for at least 60 minutes since the
// first request. For example, consider a situation where you make an initial
// request and the request times out. If you make the request again with the
// same request ID, the server can check if original operation with the same
// request ID was received, and if so, will ignore the second request. This
// prevents clients from accidentally creating duplicate commitments. The
// request ID must be a valid UUID with the exception that zero UUID is not
// supported (00000000-0000-0000-0000-000000000000).
func (c *ProjectsLocationsCaPoolsDeleteCall) RequestId(requestId string) *ProjectsLocationsCaPoolsDeleteCall {
	c.urlParams_.Set("requestId", requestId)
	return c
}

// Fields allows partial responses to be retrieved. See
// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
// details.
func (c *ProjectsLocationsCaPoolsDeleteCall) Fields(s ...googleapi.Field) *ProjectsLocationsCaPoolsDeleteCall {
	c.urlParams_.Set("fields", googleapi.CombineFields(s))
	return c
}

// Context sets the context to be used in this call's Do method.
func (c *ProjectsLocationsCaPoolsDeleteCall) Context(ctx context.Context) *ProjectsLocationsCaPoolsDeleteCall {
	c.ctx_ = ctx
	return c
}

// Header returns a http.Header that can be modified by the caller to add
// headers to the request.
func (c *ProjectsLocationsCaPoolsDeleteCall) Header() http.Header {
	if c.header_ == nil {
		c.header_ = make(http.Header)
	}
	return c.header_
}

func (c *ProjectsLocationsCaPoolsDeleteCall) doRequest(alt string) (*http.Response, error) {
	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "", c.header_)
	c.urlParams_.Set("alt", alt)
	c.urlParams_.Set("prettyPrint", "false")
	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}")
	urls += "?" + c.urlParams_.Encode()
	req, err := http.NewRequest("DELETE", urls, nil)
	if err != nil {
		return nil, err
	}
	req.Header = reqHeaders
	googleapi.Expand(req.URL, map[string]string{
		"name": c.name,
	})
	c.s.logger.DebugContext(c.ctx_, "api request", "serviceName", apiName, "rpcName", "privateca.projects.locations.caPools.delete", "request", internallog.HTTPRequest(req, nil))
	return gensupport.SendRequest(c.ctx_, c.s.client, req)
}

// Do executes the "privateca.projects.locations.caPools.delete" call.
// Any non-2xx status code is an error. Response headers are in either
// *Operation.ServerResponse.Header or (if a response was returned at all) in
// error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
// whether the returned error was because http.StatusNotModified was returned.
func (c *ProjectsLocationsCaPoolsDeleteCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
	gensupport.SetOptions(c.urlParams_, opts...)
	res, err := c.doRequest("json")
	if res != nil && res.StatusCode == http.StatusNotModified {
		if res.Body != nil {
			res.Body.Close()
		}
		return nil, gensupport.WrapError(&googleapi.Error{
			Code:   res.StatusCode,
			Header: res.Header,
		})
	}
	if err != nil {
		return nil, err
	}
	defer googleapi.CloseBody(res)
	if err := googleapi.CheckResponse(res); err != nil {
		return nil, gensupport.WrapError(err)
	}
	ret := &Operation{
		ServerResponse: googleapi.ServerResponse{
			Header:         res.Header,
			HTTPStatusCode: res.StatusCode,
		},
	}
	target := &ret
	b, err := gensupport.DecodeResponseBytes(target, res)
	if err != nil {
		return nil, err
	}
	c.s.logger.DebugContext(c.ctx_, "api response", "serviceName", apiName, "rpcName", "privateca.projects.locations.caPools.delete", "response", internallog.HTTPResponse(res, b))
	return ret, nil
}

type ProjectsLocationsCaPoolsFetchCaCertsCall struct {
	s                   *Service
	caPool              string
	fetchcacertsrequest *FetchCaCertsRequest
	urlParams_          gensupport.URLParams
	ctx_                context.Context
	header_             http.Header
}

// FetchCaCerts: FetchCaCerts returns the current trust anchor for the CaPool.
// This will include CA certificate chains for all certificate authorities in
// the ENABLED, DISABLED, or STAGED states.
//
//   - caPool: The resource name for the CaPool in the format
//     `projects/*/locations/*/caPools/*`.
func (r *ProjectsLocationsCaPoolsService) FetchCaCerts(caPool string, fetchcacertsrequest *FetchCaCertsRequest) *ProjectsLocationsCaPoolsFetchCaCertsCall {
	c := &ProjectsLocationsCaPoolsFetchCaCertsCall{s: r.s, urlParams_: make(gensupport.URLParams)}
	c.caPool = caPool
	c.fetchcacertsrequest = fetchcacertsrequest
	return c
}

// Fields allows partial responses to be retrieved. See
// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
// details.
func (c *ProjectsLocationsCaPoolsFetchCaCertsCall) Fields(s ...googleapi.Field) *ProjectsLocationsCaPoolsFetchCaCertsCall {
	c.urlParams_.Set("fields", googleapi.CombineFields(s))
	return c
}

// Context sets the context to be used in this call's Do method.
func (c *ProjectsLocationsCaPoolsFetchCaCertsCall) Context(ctx context.Context) *ProjectsLocationsCaPoolsFetchCaCertsCall {
	c.ctx_ = ctx
	return c
}

// Header returns a http.Header that can be modified by the caller to add
// headers to the request.
func (c *ProjectsLocationsCaPoolsFetchCaCertsCall) Header() http.Header {
	if c.header_ == nil {
		c.header_ = make(http.Header)
	}
	return c.header_
}

func (c *ProjectsLocationsCaPoolsFetchCaCertsCall) doRequest(alt string) (*http.Response, error) {
	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "application/json", c.header_)
	body, err := googleapi.WithoutDataWrapper.JSONBuffer(c.fetchcacertsrequest)
	if err != nil {
		return nil, err
	}
	c.urlParams_.Set("alt", alt)
	c.urlParams_.Set("prettyPrint", "false")
	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+caPool}:fetchCaCerts")
	urls += "?" + c.urlParams_.Encode()
	req, err := http.NewRequest("POST", urls, body)
	if err != nil {
		return nil, err
	}
	req.Header = reqHeaders
	googleapi.Expand(req.URL, map[string]string{
		"caPool": c.caPool,
	})
	c.s.logger.DebugContext(c.ctx_, "api request", "serviceName", apiName, "rpcName", "privateca.projects.locations.caPools.fetchCaCerts", "request", internallog.HTTPRequest(req, body.Bytes()))
	return gensupport.SendRequest(c.ctx_, c.s.client, req)
}

// Do executes the "privateca.projects.locations.caPools.fetchCaCerts" call.
// Any non-2xx status code is an error. Response headers are in either
// *FetchCaCertsResponse.ServerResponse.Header or (if a response was returned
// at all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
// check whether the returned error was because http.StatusNotModified was
// returned.
func (c *ProjectsLocationsCaPoolsFetchCaCertsCall) Do(opts ...googleapi.CallOption) (*FetchCaCertsResponse, error) {
	gensupport.SetOptions(c.urlParams_, opts...)
	res, err := c.doRequest("json")
	if res != nil && res.StatusCode == http.StatusNotModified {
		if res.Body != nil {
			res.Body.Close()
		}
		return nil, gensupport.WrapError(&googleapi.Error{
			Code:   res.StatusCode,
			Header: res.Header,
		})
	}
	if err != nil {
		return nil, err
	}
	defer googleapi.CloseBody(res)
	if err := googleapi.CheckResponse(res); err != nil {
		return nil, gensupport.WrapError(err)
	}
	ret := &FetchCaCertsResponse{
		ServerResponse: googleapi.ServerResponse{
			Header:         res.Header,
			HTTPStatusCode: res.StatusCode,
		},
	}
	target := &ret
	b, err := gensupport.DecodeResponseBytes(target, res)
	if err != nil {
		return nil, err
	}
	c.s.logger.DebugContext(c.ctx_, "api response", "serviceName", apiName, "rpcName", "privateca.projects.locations.caPools.fetchCaCerts", "response", internallog.HTTPResponse(res, b))
	return ret, nil
}

type ProjectsLocationsCaPoolsGetCall struct {
	s            *Service
	name         string
	urlParams_   gensupport.URLParams
	ifNoneMatch_ string
	ctx_         context.Context
	header_      http.Header
}

// Get: Returns a CaPool.
//
// - name: The name of the CaPool to get.
func (r *ProjectsLocationsCaPoolsService) Get(name string) *ProjectsLocationsCaPoolsGetCall {
	c := &ProjectsLocationsCaPoolsGetCall{s: r.s, urlParams_: make(gensupport.URLParams)}
	c.name = name
	return c
}

// Fields allows partial responses to be retrieved. See
// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
// details.
func (c *ProjectsLocationsCaPoolsGetCall) Fields(s ...googleapi.Field) *ProjectsLocationsCaPoolsGetCall {
	c.urlParams_.Set("fields", googleapi.CombineFields(s))
	return c
}

// IfNoneMatch sets an optional parameter which makes the operation fail if the
// object's ETag matches the given value. This is useful for getting updates
// only after the object has changed since the last request.
func (c *ProjectsLocationsCaPoolsGetCall) IfNoneMatch(entityTag string) *ProjectsLocationsCaPoolsGetCall {
	c.ifNoneMatch_ = entityTag
	return c
}

// Context sets the context to be used in this call's Do method.
func (c *ProjectsLocationsCaPoolsGetCall) Context(ctx context.Context) *ProjectsLocationsCaPoolsGetCall {
	c.ctx_ = ctx
	return c
}

// Header returns a http.Header that can be modified by the caller to add
// headers to the request.
func (c *ProjectsLocationsCaPoolsGetCall) Header() http.Header {
	if c.header_ == nil {
		c.header_ = make(http.Header)
	}
	return c.header_
}

func (c *ProjectsLocationsCaPoolsGetCall) doRequest(alt string) (*http.Response, error) {
	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "", c.header_)
	if c.ifNoneMatch_ != "" {
		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
	}
	c.urlParams_.Set("alt", alt)
	c.urlParams_.Set("prettyPrint", "false")
	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}")
	urls += "?" + c.urlParams_.Encode()
	req, err := http.NewRequest("GET", urls, nil)
	if err != nil {
		return nil, err
	}
	req.Header = reqHeaders
	googleapi.Expand(req.URL, map[string]string{
		"name": c.name,
	})
	c.s.logger.DebugContext(c.ctx_, "api request", "serviceName", apiName, "rpcName", "privateca.projects.locations.caPools.get", "request", internallog.HTTPRequest(req, nil))
	return gensupport.SendRequest(c.ctx_, c.s.client, req)
}

// Do executes the "privateca.projects.locations.caPools.get" call.
// Any non-2xx status code is an error. Response headers are in either
// *CaPool.ServerResponse.Header or (if a response was returned at all) in
// error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
// whether the returned error was because http.StatusNotModified was returned.
func (c *ProjectsLocationsCaPoolsGetCall) Do(opts ...googleapi.CallOption) (*CaPool, error) {
	gensupport.SetOptions(c.urlParams_, opts...)
	res, err := c.doRequest("json")
	if res != nil && res.StatusCode == http.StatusNotModified {
		if res.Body != nil {
			res.Body.Close()
		}
		return nil, gensupport.WrapError(&googleapi.Error{
			Code:   res.StatusCode,
			Header: res.Header,
		})
	}
	if err != nil {
		return nil, err
	}
	defer googleapi.CloseBody(res)
	if err := googleapi.CheckResponse(res); err != nil {
		return nil, gensupport.WrapError(err)
	}
	ret := &CaPool{
		ServerResponse: googleapi.ServerResponse{
			Header:         res.Header,
			HTTPStatusCode: res.StatusCode,
		},
	}
	target := &ret
	b, err := gensupport.DecodeResponseBytes(target, res)
	if err != nil {
		return nil, err
	}
	c.s.logger.DebugContext(c.ctx_, "api response", "serviceName", apiName, "rpcName", "privateca.projects.locations.caPools.get", "response", internallog.HTTPResponse(res, b))
	return ret, nil
}

type ProjectsLocationsCaPoolsGetIamPolicyCall struct {
	s            *Service
	resource     string
	urlParams_   gensupport.URLParams
	ifNoneMatch_ string
	ctx_         context.Context
	header_      http.Header
}

// GetIamPolicy: Gets the access control policy for a resource. Returns an
// empty policy if the resource exists and does not have a policy set.
//
//   - resource: REQUIRED: The resource for which the policy is being requested.
//     See Resource names (https://cloud.google.com/apis/design/resource_names)
//     for the appropriate value for this field.
func (r *ProjectsLocationsCaPoolsService) GetIamPolicy(resource string) *ProjectsLocationsCaPoolsGetIamPolicyCall {
	c := &ProjectsLocationsCaPoolsGetIamPolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)}
	c.resource = resource
	return c
}

// OptionsRequestedPolicyVersion sets the optional parameter
// "options.requestedPolicyVersion": The maximum policy version that will be
// used to format the policy. Valid values are 0, 1, and 3. Requests specifying
// an invalid value will be rejected. Requests for policies with any
// conditional role bindings must specify version 3. Policies with no
// conditional role bindings may specify any valid value or leave the field
// unset. The policy in the response might use the policy version that you
// specified, or it might use a lower policy version. For example, if you
// specify version 3, but the policy has no conditional role bindings, the
// response uses version 1. To learn which resources support conditions in
// their IAM policies, see the IAM documentation
// (https://cloud.google.com/iam/help/conditions/resource-policies).
func (c *ProjectsLocationsCaPoolsGetIamPolicyCall) OptionsRequestedPolicyVersion(optionsRequestedPolicyVersion int64) *ProjectsLocationsCaPoolsGetIamPolicyCall {
	c.urlParams_.Set("options.requestedPolicyVersion", fmt.Sprint(optionsRequestedPolicyVersion))
	return c
}

// Fields allows partial responses to be retrieved. See
// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
// details.
func (c *ProjectsLocationsCaPoolsGetIamPolicyCall) Fields(s ...googleapi.Field) *ProjectsLocationsCaPoolsGetIamPolicyCall {
	c.urlParams_.Set("fields", googleapi.CombineFields(s))
	return c
}

// IfNoneMatch sets an optional parameter which makes the operation fail if the
// object's ETag matches the given value. This is useful for getting updates
// only after the object has changed since the last request.
func (c *ProjectsLocationsCaPoolsGetIamPolicyCall) IfNoneMatch(entityTag string) *ProjectsLocationsCaPoolsGetIamPolicyCall {
	c.ifNoneMatch_ = entityTag
	return c
}

// Context sets the context to be used in this call's Do method.
func (c *ProjectsLocationsCaPoolsGetIamPolicyCall) Context(ctx context.Context) *ProjectsLocationsCaPoolsGetIamPolicyCall {
	c.ctx_ = ctx
	return c
}

// Header returns a http.Header that can be modified by the caller to add
// headers to the request.
func (c *ProjectsLocationsCaPoolsGetIamPolicyCall) Header() http.Header {
	if c.header_ == nil {
		c.header_ = make(http.Header)
	}
	return c.header_
}

func (c *ProjectsLocationsCaPoolsGetIamPolicyCall) doRequest(alt string) (*http.Response, error) {
	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "", c.header_)
	if c.ifNoneMatch_ != "" {
		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
	}
	c.urlParams_.Set("alt", alt)
	c.urlParams_.Set("prettyPrint", "false")
	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+resource}:getIamPolicy")
	urls += "?" + c.urlParams_.Encode()
	req, err := http.NewRequest("GET", urls, nil)
	if err != nil {
		return nil, err
	}
	req.Header = reqHeaders
	googleapi.Expand(req.URL, map[string]string{
		"resource": c.resource,
	})
	c.s.logger.DebugContext(c.ctx_, "api request", "serviceName", apiName, "rpcName", "privateca.projects.locations.caPools.getIamPolicy", "request", internallog.HTTPRequest(req, nil))
	return gensupport.SendRequest(c.ctx_, c.s.client, req)
}

// Do executes the "privateca.projects.locations.caPools.getIamPolicy" call.
// Any non-2xx status code is an error. Response headers are in either
// *Policy.ServerResponse.Header or (if a response was returned at all) in
// error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
// whether the returned error was because http.StatusNotModified was returned.
func (c *ProjectsLocationsCaPoolsGetIamPolicyCall) Do(opts ...googleapi.CallOption) (*Policy, error) {
	gensupport.SetOptions(c.urlParams_, opts...)
	res, err := c.doRequest("json")
	if res != nil && res.StatusCode == http.StatusNotModified {
		if res.Body != nil {
			res.Body.Close()
		}
		return nil, gensupport.WrapError(&googleapi.Error{
			Code:   res.StatusCode,
			Header: res.Header,
		})
	}
	if err != nil {
		return nil, err
	}
	defer googleapi.CloseBody(res)
	if err := googleapi.CheckResponse(res); err != nil {
		return nil, gensupport.WrapError(err)
	}
	ret := &Policy{
		ServerResponse: googleapi.ServerResponse{
			Header:         res.Header,
			HTTPStatusCode: res.StatusCode,
		},
	}
	target := &ret
	b, err := gensupport.DecodeResponseBytes(target, res)
	if err != nil {
		return nil, err
	}
	c.s.logger.DebugContext(c.ctx_, "api response", "serviceName", apiName, "rpcName", "privateca.projects.locations.caPools.getIamPolicy", "response", internallog.HTTPResponse(res, b))
	return ret, nil
}

type ProjectsLocationsCaPoolsListCall struct {
	s            *Service
	parent       string
	urlParams_   gensupport.URLParams
	ifNoneMatch_ string
	ctx_         context.Context
	header_      http.Header
}

// List: Lists CaPools.
//
//   - parent: The resource name of the location associated with the CaPools, in
//     the format `projects/*/locations/*`.
func (r *ProjectsLocationsCaPoolsService) List(parent string) *ProjectsLocationsCaPoolsListCall {
	c := &ProjectsLocationsCaPoolsListCall{s: r.s, urlParams_: make(gensupport.URLParams)}
	c.parent = parent
	return c
}

// Filter sets the optional parameter "filter": Only include resources that
// match the filter in the response.
func (c *ProjectsLocationsCaPoolsListCall) Filter(filter string) *ProjectsLocationsCaPoolsListCall {
	c.urlParams_.Set("filter", filter)
	return c
}

// OrderBy sets the optional parameter "orderBy": Specify how the results
// should be sorted.
func (c *ProjectsLocationsCaPoolsListCall) OrderBy(orderBy string) *ProjectsLocationsCaPoolsListCall {
	c.urlParams_.Set("orderBy", orderBy)
	return c
}

// PageSize sets the optional parameter "pageSize": Limit on the number of
// CaPools to include in the response. Further CaPools can subsequently be
// obtained by including the ListCaPoolsResponse.next_page_token in a
// subsequent request. If unspecified, the server will pick an appropriate
// default.
func (c *ProjectsLocationsCaPoolsListCall) PageSize(pageSize int64) *ProjectsLocationsCaPoolsListCall {
	c.urlParams_.Set("pageSize", fmt.Sprint(pageSize))
	return c
}

// PageToken sets the optional parameter "pageToken": Pagination token,
// returned earlier via ListCaPoolsResponse.next_page_token.
func (c *ProjectsLocationsCaPoolsListCall) PageToken(pageToken string) *ProjectsLocationsCaPoolsListCall {
	c.urlParams_.Set("pageToken", pageToken)
	return c
}

// Fields allows partial responses to be retrieved. See
// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
// details.
func (c *ProjectsLocationsCaPoolsListCall) Fields(s ...googleapi.Field) *ProjectsLocationsCaPoolsListCall {
	c.urlParams_.Set("fields", googleapi.CombineFields(s))
	return c
}

// IfNoneMatch sets an optional parameter which makes the operation fail if the
// object's ETag matches the given value. This is useful for getting updates
// only after the object has changed since the last request.
func (c *ProjectsLocationsCaPoolsListCall) IfNoneMatch(entityTag string) *ProjectsLocationsCaPoolsListCall {
	c.ifNoneMatch_ = entityTag
	return c
}

// Context sets the context to be used in this call's Do method.
func (c *ProjectsLocationsCaPoolsListCall) Context(ctx context.Context) *ProjectsLocationsCaPoolsListCall {
	c.ctx_ = ctx
	return c
}

// Header returns a http.Header that can be modified by the caller to add
// headers to the request.
func (c *ProjectsLocationsCaPoolsListCall) Header() http.Header {
	if c.header_ == nil {
		c.header_ = make(http.Header)
	}
	return c.header_
}

func (c *ProjectsLocationsCaPoolsListCall) doRequest(alt string) (*http.Response, error) {
	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "", c.header_)
	if c.ifNoneMatch_ != "" {
		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
	}
	c.urlParams_.Set("alt", alt)
	c.urlParams_.Set("prettyPrint", "false")
	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+parent}/caPools")
	urls += "?" + c.urlParams_.Encode()
	req, err := http.NewRequest("GET", urls, nil)
	if err != nil {
		return nil, err
	}
	req.Header = reqHeaders
	googleapi.Expand(req.URL, map[string]string{
		"parent": c.parent,
	})
	c.s.logger.DebugContext(c.ctx_, "api request", "serviceName", apiName, "rpcName", "privateca.projects.locations.caPools.list", "request", internallog.HTTPRequest(req, nil))
	return gensupport.SendRequest(c.ctx_, c.s.client, req)
}

// Do executes the "privateca.projects.locations.caPools.list" call.
// Any non-2xx status code is an error. Response headers are in either
// *ListCaPoolsResponse.ServerResponse.Header or (if a response was returned at
// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
// check whether the returned error was because http.StatusNotModified was
// returned.
func (c *ProjectsLocationsCaPoolsListCall) Do(opts ...googleapi.CallOption) (*ListCaPoolsResponse, error) {
	gensupport.SetOptions(c.urlParams_, opts...)
	res, err := c.doRequest("json")
	if res != nil && res.StatusCode == http.StatusNotModified {
		if res.Body != nil {
			res.Body.Close()
		}
		return nil, gensupport.WrapError(&googleapi.Error{
			Code:   res.StatusCode,
			Header: res.Header,
		})
	}
	if err != nil {
		return nil, err
	}
	defer googleapi.CloseBody(res)
	if err := googleapi.CheckResponse(res); err != nil {
		return nil, gensupport.WrapError(err)
	}
	ret := &ListCaPoolsResponse{
		ServerResponse: googleapi.ServerResponse{
			Header:         res.Header,
			HTTPStatusCode: res.StatusCode,
		},
	}
	target := &ret
	b, err := gensupport.DecodeResponseBytes(target, res)
	if err != nil {
		return nil, err
	}
	c.s.logger.DebugContext(c.ctx_, "api response", "serviceName", apiName, "rpcName", "privateca.projects.locations.caPools.list", "response", internallog.HTTPResponse(res, b))
	return ret, nil
}

// Pages invokes f for each page of results.
// A non-nil error returned from f will halt the iteration.
// The provided context supersedes any context provided to the Context method.
func (c *ProjectsLocationsCaPoolsListCall) Pages(ctx context.Context, f func(*ListCaPoolsResponse) error) error {
	c.ctx_ = ctx
	defer c.PageToken(c.urlParams_.Get("pageToken"))
	for {
		x, err := c.Do()
		if err != nil {
			return err
		}
		if err := f(x); err != nil {
			return err
		}
		if x.NextPageToken == "" {
			return nil
		}
		c.PageToken(x.NextPageToken)
	}
}

type ProjectsLocationsCaPoolsPatchCall struct {
	s          *Service
	name       string
	capool     *CaPool
	urlParams_ gensupport.URLParams
	ctx_       context.Context
	header_    http.Header
}

// Patch: Update a CaPool.
//
//   - name: Identifier. The resource name for this CaPool in the format
//     `projects/*/locations/*/caPools/*`.
func (r *ProjectsLocationsCaPoolsService) Patch(name string, capool *CaPool) *ProjectsLocationsCaPoolsPatchCall {
	c := &ProjectsLocationsCaPoolsPatchCall{s: r.s, urlParams_: make(gensupport.URLParams)}
	c.name = name
	c.capool = capool
	return c
}

// RequestId sets the optional parameter "requestId": An ID to identify
// requests. Specify a unique request ID so that if you must retry your
// request, the server will know to ignore the request if it has already been
// completed. The server will guarantee that for at least 60 minutes since the
// first request. For example, consider a situation where you make an initial
// request and the request times out. If you make the request again with the
// same request ID, the server can check if original operation with the same
// request ID was received, and if so, will ignore the second request. This
// prevents clients from accidentally creating duplicate commitments. The
// request ID must be a valid UUID with the exception that zero UUID is not
// supported (00000000-0000-0000-0000-000000000000).
func (c *ProjectsLocationsCaPoolsPatchCall) RequestId(requestId string) *ProjectsLocationsCaPoolsPatchCall {
	c.urlParams_.Set("requestId", requestId)
	return c
}

// UpdateMask sets the optional parameter "updateMask": Required. A list of
// fields to be updated in this request.
func (c *ProjectsLocationsCaPoolsPatchCall) UpdateMask(updateMask string) *ProjectsLocationsCaPoolsPatchCall {
	c.urlParams_.Set("updateMask", updateMask)
	return c
}

// Fields allows partial responses to be retrieved. See
// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
// details.
func (c *ProjectsLocationsCaPoolsPatchCall) Fields(s ...googleapi.Field) *ProjectsLocationsCaPoolsPatchCall {
	c.urlParams_.Set("fields", googleapi.CombineFields(s))
	return c
}

// Context sets the context to be used in this call's Do method.
func (c *ProjectsLocationsCaPoolsPatchCall) Context(ctx context.Context) *ProjectsLocationsCaPoolsPatchCall {
	c.ctx_ = ctx
	return c
}

// Header returns a http.Header that can be modified by the caller to add
// headers to the request.
func (c *ProjectsLocationsCaPoolsPatchCall) Header() http.Header {
	if c.header_ == nil {
		c.header_ = make(http.Header)
	}
	return c.header_
}

func (c *ProjectsLocationsCaPoolsPatchCall) doRequest(alt string) (*http.Response, error) {
	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "application/json", c.header_)
	body, err := googleapi.WithoutDataWrapper.JSONBuffer(c.capool)
	if err != nil {
		return nil, err
	}
	c.urlParams_.Set("alt", alt)
	c.urlParams_.Set("prettyPrint", "false")
	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}")
	urls += "?" + c.urlParams_.Encode()
	req, err := http.NewRequest("PATCH", urls, body)
	if err != nil {
		return nil, err
	}
	req.Header = reqHeaders
	googleapi.Expand(req.URL, map[string]string{
		"name": c.name,
	})
	c.s.logger.DebugContext(c.ctx_, "api request", "serviceName", apiName, "rpcName", "privateca.projects.locations.caPools.patch", "request", internallog.HTTPRequest(req, body.Bytes()))
	return gensupport.SendRequest(c.ctx_, c.s.client, req)
}

// Do executes the "privateca.projects.locations.caPools.patch" call.
// Any non-2xx status code is an error. Response headers are in either
// *Operation.ServerResponse.Header or (if a response was returned at all) in
// error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
// whether the returned error was because http.StatusNotModified was returned.
func (c *ProjectsLocationsCaPoolsPatchCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
	gensupport.SetOptions(c.urlParams_, opts...)
	res, err := c.doRequest("json")
	if res != nil && res.StatusCode == http.StatusNotModified {
		if res.Body != nil {
			res.Body.Close()
		}
		return nil, gensupport.WrapError(&googleapi.Error{
			Code:   res.StatusCode,
			Header: res.Header,
		})
	}
	if err != nil {
		return nil, err
	}
	defer googleapi.CloseBody(res)
	if err := googleapi.CheckResponse(res); err != nil {
		return nil, gensupport.WrapError(err)
	}
	ret := &Operation{
		ServerResponse: googleapi.ServerResponse{
			Header:         res.Header,
			HTTPStatusCode: res.StatusCode,
		},
	}
	target := &ret
	b, err := gensupport.DecodeResponseBytes(target, res)
	if err != nil {
		return nil, err
	}
	c.s.logger.DebugContext(c.ctx_, "api response", "serviceName", apiName, "rpcName", "privateca.projects.locations.caPools.patch", "response", internallog.HTTPResponse(res, b))
	return ret, nil
}

type ProjectsLocationsCaPoolsSetIamPolicyCall struct {
	s                   *Service
	resource            string
	setiampolicyrequest *SetIamPolicyRequest
	urlParams_          gensupport.URLParams
	ctx_                context.Context
	header_             http.Header
}

// SetIamPolicy: Sets the access control policy on the specified resource.
// Replaces any existing policy. Can return `NOT_FOUND`, `INVALID_ARGUMENT`,
// and `PERMISSION_DENIED` errors.
//
//   - resource: REQUIRED: The resource for which the policy is being specified.
//     See Resource names (https://cloud.google.com/apis/design/resource_names)
//     for the appropriate value for this field.
func (r *ProjectsLocationsCaPoolsService) SetIamPolicy(resource string, setiampolicyrequest *SetIamPolicyRequest) *ProjectsLocationsCaPoolsSetIamPolicyCall {
	c := &ProjectsLocationsCaPoolsSetIamPolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)}
	c.resource = resource
	c.setiampolicyrequest = setiampolicyrequest
	return c
}

// Fields allows partial responses to be retrieved. See
// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
// details.
func (c *ProjectsLocationsCaPoolsSetIamPolicyCall) Fields(s ...googleapi.Field) *ProjectsLocationsCaPoolsSetIamPolicyCall {
	c.urlParams_.Set("fields", googleapi.CombineFields(s))
	return c
}

// Context sets the context to be used in this call's Do method.
func (c *ProjectsLocationsCaPoolsSetIamPolicyCall) Context(ctx context.Context) *ProjectsLocationsCaPoolsSetIamPolicyCall {
	c.ctx_ = ctx
	return c
}

// Header returns a http.Header that can be modified by the caller to add
// headers to the request.
func (c *ProjectsLocationsCaPoolsSetIamPolicyCall) Header() http.Header {
	if c.header_ == nil {
		c.header_ = make(http.Header)
	}
	return c.header_
}

func (c *ProjectsLocationsCaPoolsSetIamPolicyCall) doRequest(alt string) (*http.Response, error) {
	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "application/json", c.header_)
	body, err := googleapi.WithoutDataWrapper.JSONBuffer(c.setiampolicyrequest)
	if err != nil {
		return nil, err
	}
	c.urlParams_.Set("alt", alt)
	c.urlParams_.Set("prettyPrint", "false")
	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+resource}:setIamPolicy")
	urls += "?" + c.urlParams_.Encode()
	req, err := http.NewRequest("POST", urls, body)
	if err != nil {
		return nil, err
	}
	req.Header = reqHeaders
	googleapi.Expand(req.URL, map[string]string{
		"resource": c.resource,
	})
	c.s.logger.DebugContext(c.ctx_, "api request", "serviceName", apiName, "rpcName", "privateca.projects.locations.caPools.setIamPolicy", "request", internallog.HTTPRequest(req, body.Bytes()))
	return gensupport.SendRequest(c.ctx_, c.s.client, req)
}

// Do executes the "privateca.projects.locations.caPools.setIamPolicy" call.
// Any non-2xx status code is an error. Response headers are in either
// *Policy.ServerResponse.Header or (if a response was returned at all) in
// error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
// whether the returned error was because http.StatusNotModified was returned.
func (c *ProjectsLocationsCaPoolsSetIamPolicyCall) Do(opts ...googleapi.CallOption) (*Policy, error) {
	gensupport.SetOptions(c.urlParams_, opts...)
	res, err := c.doRequest("json")
	if res != nil && res.StatusCode == http.StatusNotModified {
		if res.Body != nil {
			res.Body.Close()
		}
		return nil, gensupport.WrapError(&googleapi.Error{
			Code:   res.StatusCode,
			Header: res.Header,
		})
	}
	if err != nil {
		return nil, err
	}
	defer googleapi.CloseBody(res)
	if err := googleapi.CheckResponse(res); err != nil {
		return nil, gensupport.WrapError(err)
	}
	ret := &Policy{
		ServerResponse: googleapi.ServerResponse{
			Header:         res.Header,
			HTTPStatusCode: res.StatusCode,
		},
	}
	target := &ret
	b, err := gensupport.DecodeResponseBytes(target, res)
	if err != nil {
		return nil, err
	}
	c.s.logger.DebugContext(c.ctx_, "api response", "serviceName", apiName, "rpcName", "privateca.projects.locations.caPools.setIamPolicy", "response", internallog.HTTPResponse(res, b))
	return ret, nil
}

type ProjectsLocationsCaPoolsTestIamPermissionsCall struct {
	s                         *Service
	resource                  string
	testiampermissionsrequest *TestIamPermissionsRequest
	urlParams_                gensupport.URLParams
	ctx_                      context.Context
	header_                   http.Header
}

// TestIamPermissions: Returns permissions that a caller has on the specified
// resource. If the resource does not exist, this will return an empty set of
// permissions, not a `NOT_FOUND` error. Note: This operation is designed to be
// used for building permission-aware UIs and command-line tools, not for
// authorization checking. This operation may "fail open" without warning.
//
//   - resource: REQUIRED: The resource for which the policy detail is being
//     requested. See Resource names
//     (https://cloud.google.com/apis/design/resource_names) for the appropriate
//     value for this field.
func (r *ProjectsLocationsCaPoolsService) TestIamPermissions(resource string, testiampermissionsrequest *TestIamPermissionsRequest) *ProjectsLocationsCaPoolsTestIamPermissionsCall {
	c := &ProjectsLocationsCaPoolsTestIamPermissionsCall{s: r.s, urlParams_: make(gensupport.URLParams)}
	c.resource = resource
	c.testiampermissionsrequest = testiampermissionsrequest
	return c
}

// Fields allows partial responses to be retrieved. See
// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
// details.
func (c *ProjectsLocationsCaPoolsTestIamPermissionsCall) Fields(s ...googleapi.Field) *ProjectsLocationsCaPoolsTestIamPermissionsCall {
	c.urlParams_.Set("fields", googleapi.CombineFields(s))
	return c
}

// Context sets the context to be used in this call's Do method.
func (c *ProjectsLocationsCaPoolsTestIamPermissionsCall) Context(ctx context.Context) *ProjectsLocationsCaPoolsTestIamPermissionsCall {
	c.ctx_ = ctx
	return c
}

// Header returns a http.Header that can be modified by the caller to add
// headers to the request.
func (c *ProjectsLocationsCaPoolsTestIamPermissionsCall) Header() http.Header {
	if c.header_ == nil {
		c.header_ = make(http.Header)
	}
	return c.header_
}

func (c *ProjectsLocationsCaPoolsTestIamPermissionsCall) doRequest(alt string) (*http.Response, error) {
	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "application/json", c.header_)
	body, err := googleapi.WithoutDataWrapper.JSONBuffer(c.testiampermissionsrequest)
	if err != nil {
		return nil, err
	}
	c.urlParams_.Set("alt", alt)
	c.urlParams_.Set("prettyPrint", "false")
	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+resource}:testIamPermissions")
	urls += "?" + c.urlParams_.Encode()
	req, err := http.NewRequest("POST", urls, body)
	if err != nil {
		return nil, err
	}
	req.Header = reqHeaders
	googleapi.Expand(req.URL, map[string]string{
		"resource": c.resource,
	})
	c.s.logger.DebugContext(c.ctx_, "api request", "serviceName", apiName, "rpcName", "privateca.projects.locations.caPools.testIamPermissions", "request", internallog.HTTPRequest(req, body.Bytes()))
	return gensupport.SendRequest(c.ctx_, c.s.client, req)
}

// Do executes the "privateca.projects.locations.caPools.testIamPermissions" call.
// Any non-2xx status code is an error. Response headers are in either
// *TestIamPermissionsResponse.ServerResponse.Header or (if a response was
// returned at all) in error.(*googleapi.Error).Header. Use
// googleapi.IsNotModified to check whether the returned error was because
// http.StatusNotModified was returned.
func (c *ProjectsLocationsCaPoolsTestIamPermissionsCall) Do(opts ...googleapi.CallOption) (*TestIamPermissionsResponse, error) {
	gensupport.SetOptions(c.urlParams_, opts...)
	res, err := c.doRequest("json")
	if res != nil && res.StatusCode == http.StatusNotModified {
		if res.Body != nil {
			res.Body.Close()
		}
		return nil, gensupport.WrapError(&googleapi.Error{
			Code:   res.StatusCode,
			Header: res.Header,
		})
	}
	if err != nil {
		return nil, err
	}
	defer googleapi.CloseBody(res)
	if err := googleapi.CheckResponse(res); err != nil {
		return nil, gensupport.WrapError(err)
	}
	ret := &TestIamPermissionsResponse{
		ServerResponse: googleapi.ServerResponse{
			Header:         res.Header,
			HTTPStatusCode: res.StatusCode,
		},
	}
	target := &ret
	b, err := gensupport.DecodeResponseBytes(target, res)
	if err != nil {
		return nil, err
	}
	c.s.logger.DebugContext(c.ctx_, "api response", "serviceName", apiName, "rpcName", "privateca.projects.locations.caPools.testIamPermissions", "response", internallog.HTTPResponse(res, b))
	return ret, nil
}

type ProjectsLocationsCaPoolsCertificateAuthoritiesActivateCall struct {
	s                                   *Service
	name                                string
	activatecertificateauthorityrequest *ActivateCertificateAuthorityRequest
	urlParams_                          gensupport.URLParams
	ctx_                                context.Context
	header_                             http.Header
}

// Activate: Activate a CertificateAuthority that is in state
// AWAITING_USER_ACTIVATION and is of type SUBORDINATE. After the parent
// Certificate Authority signs a certificate signing request from
// FetchCertificateAuthorityCsr, this method can complete the activation
// process.
//
//   - name: The resource name for this CertificateAuthority in the format
//     `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
func (r *ProjectsLocationsCaPoolsCertificateAuthoritiesService) Activate(name string, activatecertificateauthorityrequest *ActivateCertificateAuthorityRequest) *ProjectsLocationsCaPoolsCertificateAuthoritiesActivateCall {
	c := &ProjectsLocationsCaPoolsCertificateAuthoritiesActivateCall{s: r.s, urlParams_: make(gensupport.URLParams)}
	c.name = name
	c.activatecertificateauthorityrequest = activatecertificateauthorityrequest
	return c
}

// Fields allows partial responses to be retrieved. See
// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
// details.
func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesActivateCall) Fields(s ...googleapi.Field) *ProjectsLocationsCaPoolsCertificateAuthoritiesActivateCall {
	c.urlParams_.Set("fields", googleapi.CombineFields(s))
	return c
}

// Context sets the context to be used in this call's Do method.
func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesActivateCall) Context(ctx context.Context) *ProjectsLocationsCaPoolsCertificateAuthoritiesActivateCall {
	c.ctx_ = ctx
	return c
}

// Header returns a http.Header that can be modified by the caller to add
// headers to the request.
func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesActivateCall) Header() http.Header {
	if c.header_ == nil {
		c.header_ = make(http.Header)
	}
	return c.header_
}

func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesActivateCall) doRequest(alt string) (*http.Response, error) {
	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "application/json", c.header_)
	body, err := googleapi.WithoutDataWrapper.JSONBuffer(c.activatecertificateauthorityrequest)
	if err != nil {
		return nil, err
	}
	c.urlParams_.Set("alt", alt)
	c.urlParams_.Set("prettyPrint", "false")
	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}:activate")
	urls += "?" + c.urlParams_.Encode()
	req, err := http.NewRequest("POST", urls, body)
	if err != nil {
		return nil, err
	}
	req.Header = reqHeaders
	googleapi.Expand(req.URL, map[string]string{
		"name": c.name,
	})
	c.s.logger.DebugContext(c.ctx_, "api request", "serviceName", apiName, "rpcName", "privateca.projects.locations.caPools.certificateAuthorities.activate", "request", internallog.HTTPRequest(req, body.Bytes()))
	return gensupport.SendRequest(c.ctx_, c.s.client, req)
}

// Do executes the "privateca.projects.locations.caPools.certificateAuthorities.activate" call.
// Any non-2xx status code is an error. Response headers are in either
// *Operation.ServerResponse.Header or (if a response was returned at all) in
// error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
// whether the returned error was because http.StatusNotModified was returned.
func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesActivateCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
	gensupport.SetOptions(c.urlParams_, opts...)
	res, err := c.doRequest("json")
	if res != nil && res.StatusCode == http.StatusNotModified {
		if res.Body != nil {
			res.Body.Close()
		}
		return nil, gensupport.WrapError(&googleapi.Error{
			Code:   res.StatusCode,
			Header: res.Header,
		})
	}
	if err != nil {
		return nil, err
	}
	defer googleapi.CloseBody(res)
	if err := googleapi.CheckResponse(res); err != nil {
		return nil, gensupport.WrapError(err)
	}
	ret := &Operation{
		ServerResponse: googleapi.ServerResponse{
			Header:         res.Header,
			HTTPStatusCode: res.StatusCode,
		},
	}
	target := &ret
	b, err := gensupport.DecodeResponseBytes(target, res)
	if err != nil {
		return nil, err
	}
	c.s.logger.DebugContext(c.ctx_, "api response", "serviceName", apiName, "rpcName", "privateca.projects.locations.caPools.certificateAuthorities.activate", "response", internallog.HTTPResponse(res, b))
	return ret, nil
}

type ProjectsLocationsCaPoolsCertificateAuthoritiesCreateCall struct {
	s                    *Service
	parent               string
	certificateauthority *CertificateAuthority
	urlParams_           gensupport.URLParams
	ctx_                 context.Context
	header_              http.Header
}

// Create: Create a new CertificateAuthority in a given Project and Location.
//
//   - parent: The resource name of the CaPool associated with the
//     CertificateAuthorities, in the format `projects/*/locations/*/caPools/*`.
func (r *ProjectsLocationsCaPoolsCertificateAuthoritiesService) Create(parent string, certificateauthority *CertificateAuthority) *ProjectsLocationsCaPoolsCertificateAuthoritiesCreateCall {
	c := &ProjectsLocationsCaPoolsCertificateAuthoritiesCreateCall{s: r.s, urlParams_: make(gensupport.URLParams)}
	c.parent = parent
	c.certificateauthority = certificateauthority
	return c
}

// CertificateAuthorityId sets the optional parameter "certificateAuthorityId":
// Required. It must be unique within a location and match the regular
// expression `[a-zA-Z0-9_-]{1,63}`
func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesCreateCall) CertificateAuthorityId(certificateAuthorityId string) *ProjectsLocationsCaPoolsCertificateAuthoritiesCreateCall {
	c.urlParams_.Set("certificateAuthorityId", certificateAuthorityId)
	return c
}

// RequestId sets the optional parameter "requestId": An ID to identify
// requests. Specify a unique request ID so that if you must retry your
// request, the server will know to ignore the request if it has already been
// completed. The server will guarantee that for at least 60 minutes since the
// first request. For example, consider a situation where you make an initial
// request and the request times out. If you make the request again with the
// same request ID, the server can check if original operation with the same
// request ID was received, and if so, will ignore the second request. This
// prevents clients from accidentally creating duplicate commitments. The
// request ID must be a valid UUID with the exception that zero UUID is not
// supported (00000000-0000-0000-0000-000000000000).
func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesCreateCall) RequestId(requestId string) *ProjectsLocationsCaPoolsCertificateAuthoritiesCreateCall {
	c.urlParams_.Set("requestId", requestId)
	return c
}

// Fields allows partial responses to be retrieved. See
// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
// details.
func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesCreateCall) Fields(s ...googleapi.Field) *ProjectsLocationsCaPoolsCertificateAuthoritiesCreateCall {
	c.urlParams_.Set("fields", googleapi.CombineFields(s))
	return c
}

// Context sets the context to be used in this call's Do method.
func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesCreateCall) Context(ctx context.Context) *ProjectsLocationsCaPoolsCertificateAuthoritiesCreateCall {
	c.ctx_ = ctx
	return c
}

// Header returns a http.Header that can be modified by the caller to add
// headers to the request.
func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesCreateCall) Header() http.Header {
	if c.header_ == nil {
		c.header_ = make(http.Header)
	}
	return c.header_
}

func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesCreateCall) doRequest(alt string) (*http.Response, error) {
	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "application/json", c.header_)
	body, err := googleapi.WithoutDataWrapper.JSONBuffer(c.certificateauthority)
	if err != nil {
		return nil, err
	}
	c.urlParams_.Set("alt", alt)
	c.urlParams_.Set("prettyPrint", "false")
	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+parent}/certificateAuthorities")
	urls += "?" + c.urlParams_.Encode()
	req, err := http.NewRequest("POST", urls, body)
	if err != nil {
		return nil, err
	}
	req.Header = reqHeaders
	googleapi.Expand(req.URL, map[string]string{
		"parent": c.parent,
	})
	c.s.logger.DebugContext(c.ctx_, "api request", "serviceName", apiName, "rpcName", "privateca.projects.locations.caPools.certificateAuthorities.create", "request", internallog.HTTPRequest(req, body.Bytes()))
	return gensupport.SendRequest(c.ctx_, c.s.client, req)
}

// Do executes the "privateca.projects.locations.caPools.certificateAuthorities.create" call.
// Any non-2xx status code is an error. Response headers are in either
// *Operation.ServerResponse.Header or (if a response was returned at all) in
// error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
// whether the returned error was because http.StatusNotModified was returned.
func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesCreateCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
	gensupport.SetOptions(c.urlParams_, opts...)
	res, err := c.doRequest("json")
	if res != nil && res.StatusCode == http.StatusNotModified {
		if res.Body != nil {
			res.Body.Close()
		}
		return nil, gensupport.WrapError(&googleapi.Error{
			Code:   res.StatusCode,
			Header: res.Header,
		})
	}
	if err != nil {
		return nil, err
	}
	defer googleapi.CloseBody(res)
	if err := googleapi.CheckResponse(res); err != nil {
		return nil, gensupport.WrapError(err)
	}
	ret := &Operation{
		ServerResponse: googleapi.ServerResponse{
			Header:         res.Header,
			HTTPStatusCode: res.StatusCode,
		},
	}
	target := &ret
	b, err := gensupport.DecodeResponseBytes(target, res)
	if err != nil {
		return nil, err
	}
	c.s.logger.DebugContext(c.ctx_, "api response", "serviceName", apiName, "rpcName", "privateca.projects.locations.caPools.certificateAuthorities.create", "response", internallog.HTTPResponse(res, b))
	return ret, nil
}

type ProjectsLocationsCaPoolsCertificateAuthoritiesDeleteCall struct {
	s          *Service
	name       string
	urlParams_ gensupport.URLParams
	ctx_       context.Context
	header_    http.Header
}

// Delete: Delete a CertificateAuthority.
//
//   - name: The resource name for this CertificateAuthority in the format
//     `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
func (r *ProjectsLocationsCaPoolsCertificateAuthoritiesService) Delete(name string) *ProjectsLocationsCaPoolsCertificateAuthoritiesDeleteCall {
	c := &ProjectsLocationsCaPoolsCertificateAuthoritiesDeleteCall{s: r.s, urlParams_: make(gensupport.URLParams)}
	c.name = name
	return c
}

// IgnoreActiveCertificates sets the optional parameter
// "ignoreActiveCertificates": This field allows the CA to be deleted even if
// the CA has active certs. Active certs include both unrevoked and unexpired
// certs.
func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesDeleteCall) IgnoreActiveCertificates(ignoreActiveCertificates bool) *ProjectsLocationsCaPoolsCertificateAuthoritiesDeleteCall {
	c.urlParams_.Set("ignoreActiveCertificates", fmt.Sprint(ignoreActiveCertificates))
	return c
}

// IgnoreDependentResources sets the optional parameter
// "ignoreDependentResources": This field allows this CA to be deleted even if
// it's being depended on by another resource. However, doing so may result in
// unintended and unrecoverable effects on any dependent resources since the CA
// will no longer be able to issue certificates.
func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesDeleteCall) IgnoreDependentResources(ignoreDependentResources bool) *ProjectsLocationsCaPoolsCertificateAuthoritiesDeleteCall {
	c.urlParams_.Set("ignoreDependentResources", fmt.Sprint(ignoreDependentResources))
	return c
}

// RequestId sets the optional parameter "requestId": An ID to identify
// requests. Specify a unique request ID so that if you must retry your
// request, the server will know to ignore the request if it has already been
// completed. The server will guarantee that for at least 60 minutes since the
// first request. For example, consider a situation where you make an initial
// request and the request times out. If you make the request again with the
// same request ID, the server can check if original operation with the same
// request ID was received, and if so, will ignore the second request. This
// prevents clients from accidentally creating duplicate commitments. The
// request ID must be a valid UUID with the exception that zero UUID is not
// supported (00000000-0000-0000-0000-000000000000).
func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesDeleteCall) RequestId(requestId string) *ProjectsLocationsCaPoolsCertificateAuthoritiesDeleteCall {
	c.urlParams_.Set("requestId", requestId)
	return c
}

// SkipGracePeriod sets the optional parameter "skipGracePeriod": If this flag
// is set, the Certificate Authority will be deleted as soon as possible
// without a 30-day grace period where undeletion would have been allowed. If
// you proceed, there will be no way to recover this CA.
func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesDeleteCall) SkipGracePeriod(skipGracePeriod bool) *ProjectsLocationsCaPoolsCertificateAuthoritiesDeleteCall {
	c.urlParams_.Set("skipGracePeriod", fmt.Sprint(skipGracePeriod))
	return c
}

// Fields allows partial responses to be retrieved. See
// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
// details.
func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesDeleteCall) Fields(s ...googleapi.Field) *ProjectsLocationsCaPoolsCertificateAuthoritiesDeleteCall {
	c.urlParams_.Set("fields", googleapi.CombineFields(s))
	return c
}

// Context sets the context to be used in this call's Do method.
func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesDeleteCall) Context(ctx context.Context) *ProjectsLocationsCaPoolsCertificateAuthoritiesDeleteCall {
	c.ctx_ = ctx
	return c
}

// Header returns a http.Header that can be modified by the caller to add
// headers to the request.
func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesDeleteCall) Header() http.Header {
	if c.header_ == nil {
		c.header_ = make(http.Header)
	}
	return c.header_
}

func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesDeleteCall) doRequest(alt string) (*http.Response, error) {
	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "", c.header_)
	c.urlParams_.Set("alt", alt)
	c.urlParams_.Set("prettyPrint", "false")
	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}")
	urls += "?" + c.urlParams_.Encode()
	req, err := http.NewRequest("DELETE", urls, nil)
	if err != nil {
		return nil, err
	}
	req.Header = reqHeaders
	googleapi.Expand(req.URL, map[string]string{
		"name": c.name,
	})
	c.s.logger.DebugContext(c.ctx_, "api request", "serviceName", apiName, "rpcName", "privateca.projects.locations.caPools.certificateAuthorities.delete", "request", internallog.HTTPRequest(req, nil))
	return gensupport.SendRequest(c.ctx_, c.s.client, req)
}

// Do executes the "privateca.projects.locations.caPools.certificateAuthorities.delete" call.
// Any non-2xx status code is an error. Response headers are in either
// *Operation.ServerResponse.Header or (if a response was returned at all) in
// error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
// whether the returned error was because http.StatusNotModified was returned.
func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesDeleteCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
	gensupport.SetOptions(c.urlParams_, opts...)
	res, err := c.doRequest("json")
	if res != nil && res.StatusCode == http.StatusNotModified {
		if res.Body != nil {
			res.Body.Close()
		}
		return nil, gensupport.WrapError(&googleapi.Error{
			Code:   res.StatusCode,
			Header: res.Header,
		})
	}
	if err != nil {
		return nil, err
	}
	defer googleapi.CloseBody(res)
	if err := googleapi.CheckResponse(res); err != nil {
		return nil, gensupport.WrapError(err)
	}
	ret := &Operation{
		ServerResponse: googleapi.ServerResponse{
			Header:         res.Header,
			HTTPStatusCode: res.StatusCode,
		},
	}
	target := &ret
	b, err := gensupport.DecodeResponseBytes(target, res)
	if err != nil {
		return nil, err
	}
	c.s.logger.DebugContext(c.ctx_, "api response", "serviceName", apiName, "rpcName", "privateca.projects.locations.caPools.certificateAuthorities.delete", "response", internallog.HTTPResponse(res, b))
	return ret, nil
}

type ProjectsLocationsCaPoolsCertificateAuthoritiesDisableCall struct {
	s                                  *Service
	name                               string
	disablecertificateauthorityrequest *DisableCertificateAuthorityRequest
	urlParams_                         gensupport.URLParams
	ctx_                               context.Context
	header_                            http.Header
}

// Disable: Disable a CertificateAuthority.
//
//   - name: The resource name for this CertificateAuthority in the format
//     `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
func (r *ProjectsLocationsCaPoolsCertificateAuthoritiesService) Disable(name string, disablecertificateauthorityrequest *DisableCertificateAuthorityRequest) *ProjectsLocationsCaPoolsCertificateAuthoritiesDisableCall {
	c := &ProjectsLocationsCaPoolsCertificateAuthoritiesDisableCall{s: r.s, urlParams_: make(gensupport.URLParams)}
	c.name = name
	c.disablecertificateauthorityrequest = disablecertificateauthorityrequest
	return c
}

// Fields allows partial responses to be retrieved. See
// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
// details.
func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesDisableCall) Fields(s ...googleapi.Field) *ProjectsLocationsCaPoolsCertificateAuthoritiesDisableCall {
	c.urlParams_.Set("fields", googleapi.CombineFields(s))
	return c
}

// Context sets the context to be used in this call's Do method.
func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesDisableCall) Context(ctx context.Context) *ProjectsLocationsCaPoolsCertificateAuthoritiesDisableCall {
	c.ctx_ = ctx
	return c
}

// Header returns a http.Header that can be modified by the caller to add
// headers to the request.
func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesDisableCall) Header() http.Header {
	if c.header_ == nil {
		c.header_ = make(http.Header)
	}
	return c.header_
}

func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesDisableCall) doRequest(alt string) (*http.Response, error) {
	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "application/json", c.header_)
	body, err := googleapi.WithoutDataWrapper.JSONBuffer(c.disablecertificateauthorityrequest)
	if err != nil {
		return nil, err
	}
	c.urlParams_.Set("alt", alt)
	c.urlParams_.Set("prettyPrint", "false")
	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}:disable")
	urls += "?" + c.urlParams_.Encode()
	req, err := http.NewRequest("POST", urls, body)
	if err != nil {
		return nil, err
	}
	req.Header = reqHeaders
	googleapi.Expand(req.URL, map[string]string{
		"name": c.name,
	})
	c.s.logger.DebugContext(c.ctx_, "api request", "serviceName", apiName, "rpcName", "privateca.projects.locations.caPools.certificateAuthorities.disable", "request", internallog.HTTPRequest(req, body.Bytes()))
	return gensupport.SendRequest(c.ctx_, c.s.client, req)
}

// Do executes the "privateca.projects.locations.caPools.certificateAuthorities.disable" call.
// Any non-2xx status code is an error. Response headers are in either
// *Operation.ServerResponse.Header or (if a response was returned at all) in
// error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
// whether the returned error was because http.StatusNotModified was returned.
func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesDisableCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
	gensupport.SetOptions(c.urlParams_, opts...)
	res, err := c.doRequest("json")
	if res != nil && res.StatusCode == http.StatusNotModified {
		if res.Body != nil {
			res.Body.Close()
		}
		return nil, gensupport.WrapError(&googleapi.Error{
			Code:   res.StatusCode,
			Header: res.Header,
		})
	}
	if err != nil {
		return nil, err
	}
	defer googleapi.CloseBody(res)
	if err := googleapi.CheckResponse(res); err != nil {
		return nil, gensupport.WrapError(err)
	}
	ret := &Operation{
		ServerResponse: googleapi.ServerResponse{
			Header:         res.Header,
			HTTPStatusCode: res.StatusCode,
		},
	}
	target := &ret
	b, err := gensupport.DecodeResponseBytes(target, res)
	if err != nil {
		return nil, err
	}
	c.s.logger.DebugContext(c.ctx_, "api response", "serviceName", apiName, "rpcName", "privateca.projects.locations.caPools.certificateAuthorities.disable", "response", internallog.HTTPResponse(res, b))
	return ret, nil
}

type ProjectsLocationsCaPoolsCertificateAuthoritiesEnableCall struct {
	s                                 *Service
	name                              string
	enablecertificateauthorityrequest *EnableCertificateAuthorityRequest
	urlParams_                        gensupport.URLParams
	ctx_                              context.Context
	header_                           http.Header
}

// Enable: Enable a CertificateAuthority.
//
//   - name: The resource name for this CertificateAuthority in the format
//     `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
func (r *ProjectsLocationsCaPoolsCertificateAuthoritiesService) Enable(name string, enablecertificateauthorityrequest *EnableCertificateAuthorityRequest) *ProjectsLocationsCaPoolsCertificateAuthoritiesEnableCall {
	c := &ProjectsLocationsCaPoolsCertificateAuthoritiesEnableCall{s: r.s, urlParams_: make(gensupport.URLParams)}
	c.name = name
	c.enablecertificateauthorityrequest = enablecertificateauthorityrequest
	return c
}

// Fields allows partial responses to be retrieved. See
// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
// details.
func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesEnableCall) Fields(s ...googleapi.Field) *ProjectsLocationsCaPoolsCertificateAuthoritiesEnableCall {
	c.urlParams_.Set("fields", googleapi.CombineFields(s))
	return c
}

// Context sets the context to be used in this call's Do method.
func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesEnableCall) Context(ctx context.Context) *ProjectsLocationsCaPoolsCertificateAuthoritiesEnableCall {
	c.ctx_ = ctx
	return c
}

// Header returns a http.Header that can be modified by the caller to add
// headers to the request.
func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesEnableCall) Header() http.Header {
	if c.header_ == nil {
		c.header_ = make(http.Header)
	}
	return c.header_
}

func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesEnableCall) doRequest(alt string) (*http.Response, error) {
	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "application/json", c.header_)
	body, err := googleapi.WithoutDataWrapper.JSONBuffer(c.enablecertificateauthorityrequest)
	if err != nil {
		return nil, err
	}
	c.urlParams_.Set("alt", alt)
	c.urlParams_.Set("prettyPrint", "false")
	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}:enable")
	urls += "?" + c.urlParams_.Encode()
	req, err := http.NewRequest("POST", urls, body)
	if err != nil {
		return nil, err
	}
	req.Header = reqHeaders
	googleapi.Expand(req.URL, map[string]string{
		"name": c.name,
	})
	c.s.logger.DebugContext(c.ctx_, "api request", "serviceName", apiName, "rpcName", "privateca.projects.locations.caPools.certificateAuthorities.enable", "request", internallog.HTTPRequest(req, body.Bytes()))
	return gensupport.SendRequest(c.ctx_, c.s.client, req)
}

// Do executes the "privateca.projects.locations.caPools.certificateAuthorities.enable" call.
// Any non-2xx status code is an error. Response headers are in either
// *Operation.ServerResponse.Header or (if a response was returned at all) in
// error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
// whether the returned error was because http.StatusNotModified was returned.
func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesEnableCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
	gensupport.SetOptions(c.urlParams_, opts...)
	res, err := c.doRequest("json")
	if res != nil && res.StatusCode == http.StatusNotModified {
		if res.Body != nil {
			res.Body.Close()
		}
		return nil, gensupport.WrapError(&googleapi.Error{
			Code:   res.StatusCode,
			Header: res.Header,
		})
	}
	if err != nil {
		return nil, err
	}
	defer googleapi.CloseBody(res)
	if err := googleapi.CheckResponse(res); err != nil {
		return nil, gensupport.WrapError(err)
	}
	ret := &Operation{
		ServerResponse: googleapi.ServerResponse{
			Header:         res.Header,
			HTTPStatusCode: res.StatusCode,
		},
	}
	target := &ret
	b, err := gensupport.DecodeResponseBytes(target, res)
	if err != nil {
		return nil, err
	}
	c.s.logger.DebugContext(c.ctx_, "api response", "serviceName", apiName, "rpcName", "privateca.projects.locations.caPools.certificateAuthorities.enable", "response", internallog.HTTPResponse(res, b))
	return ret, nil
}

type ProjectsLocationsCaPoolsCertificateAuthoritiesFetchCall struct {
	s            *Service
	name         string
	urlParams_   gensupport.URLParams
	ifNoneMatch_ string
	ctx_         context.Context
	header_      http.Header
}

// Fetch: Fetch a certificate signing request (CSR) from a CertificateAuthority
// that is in state AWAITING_USER_ACTIVATION and is of type SUBORDINATE. The
// CSR must then be signed by the desired parent Certificate Authority, which
// could be another CertificateAuthority resource, or could be an on-prem
// certificate authority. See also ActivateCertificateAuthority.
//
//   - name: The resource name for this CertificateAuthority in the format
//     `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
func (r *ProjectsLocationsCaPoolsCertificateAuthoritiesService) Fetch(name string) *ProjectsLocationsCaPoolsCertificateAuthoritiesFetchCall {
	c := &ProjectsLocationsCaPoolsCertificateAuthoritiesFetchCall{s: r.s, urlParams_: make(gensupport.URLParams)}
	c.name = name
	return c
}

// Fields allows partial responses to be retrieved. See
// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
// details.
func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesFetchCall) Fields(s ...googleapi.Field) *ProjectsLocationsCaPoolsCertificateAuthoritiesFetchCall {
	c.urlParams_.Set("fields", googleapi.CombineFields(s))
	return c
}

// IfNoneMatch sets an optional parameter which makes the operation fail if the
// object's ETag matches the given value. This is useful for getting updates
// only after the object has changed since the last request.
func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesFetchCall) IfNoneMatch(entityTag string) *ProjectsLocationsCaPoolsCertificateAuthoritiesFetchCall {
	c.ifNoneMatch_ = entityTag
	return c
}

// Context sets the context to be used in this call's Do method.
func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesFetchCall) Context(ctx context.Context) *ProjectsLocationsCaPoolsCertificateAuthoritiesFetchCall {
	c.ctx_ = ctx
	return c
}

// Header returns a http.Header that can be modified by the caller to add
// headers to the request.
func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesFetchCall) Header() http.Header {
	if c.header_ == nil {
		c.header_ = make(http.Header)
	}
	return c.header_
}

func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesFetchCall) doRequest(alt string) (*http.Response, error) {
	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "", c.header_)
	if c.ifNoneMatch_ != "" {
		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
	}
	c.urlParams_.Set("alt", alt)
	c.urlParams_.Set("prettyPrint", "false")
	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}:fetch")
	urls += "?" + c.urlParams_.Encode()
	req, err := http.NewRequest("GET", urls, nil)
	if err != nil {
		return nil, err
	}
	req.Header = reqHeaders
	googleapi.Expand(req.URL, map[string]string{
		"name": c.name,
	})
	c.s.logger.DebugContext(c.ctx_, "api request", "serviceName", apiName, "rpcName", "privateca.projects.locations.caPools.certificateAuthorities.fetch", "request", internallog.HTTPRequest(req, nil))
	return gensupport.SendRequest(c.ctx_, c.s.client, req)
}

// Do executes the "privateca.projects.locations.caPools.certificateAuthorities.fetch" call.
// Any non-2xx status code is an error. Response headers are in either
// *FetchCertificateAuthorityCsrResponse.ServerResponse.Header or (if a
// response was returned at all) in error.(*googleapi.Error).Header. Use
// googleapi.IsNotModified to check whether the returned error was because
// http.StatusNotModified was returned.
func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesFetchCall) Do(opts ...googleapi.CallOption) (*FetchCertificateAuthorityCsrResponse, error) {
	gensupport.SetOptions(c.urlParams_, opts...)
	res, err := c.doRequest("json")
	if res != nil && res.StatusCode == http.StatusNotModified {
		if res.Body != nil {
			res.Body.Close()
		}
		return nil, gensupport.WrapError(&googleapi.Error{
			Code:   res.StatusCode,
			Header: res.Header,
		})
	}
	if err != nil {
		return nil, err
	}
	defer googleapi.CloseBody(res)
	if err := googleapi.CheckResponse(res); err != nil {
		return nil, gensupport.WrapError(err)
	}
	ret := &FetchCertificateAuthorityCsrResponse{
		ServerResponse: googleapi.ServerResponse{
			Header:         res.Header,
			HTTPStatusCode: res.StatusCode,
		},
	}
	target := &ret
	b, err := gensupport.DecodeResponseBytes(target, res)
	if err != nil {
		return nil, err
	}
	c.s.logger.DebugContext(c.ctx_, "api response", "serviceName", apiName, "rpcName", "privateca.projects.locations.caPools.certificateAuthorities.fetch", "response", internallog.HTTPResponse(res, b))
	return ret, nil
}

type ProjectsLocationsCaPoolsCertificateAuthoritiesGetCall struct {
	s            *Service
	name         string
	urlParams_   gensupport.URLParams
	ifNoneMatch_ string
	ctx_         context.Context
	header_      http.Header
}

// Get: Returns a CertificateAuthority.
//
// - name: The name of the CertificateAuthority to get.
func (r *ProjectsLocationsCaPoolsCertificateAuthoritiesService) Get(name string) *ProjectsLocationsCaPoolsCertificateAuthoritiesGetCall {
	c := &ProjectsLocationsCaPoolsCertificateAuthoritiesGetCall{s: r.s, urlParams_: make(gensupport.URLParams)}
	c.name = name
	return c
}

// Fields allows partial responses to be retrieved. See
// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
// details.
func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesGetCall) Fields(s ...googleapi.Field) *ProjectsLocationsCaPoolsCertificateAuthoritiesGetCall {
	c.urlParams_.Set("fields", googleapi.CombineFields(s))
	return c
}

// IfNoneMatch sets an optional parameter which makes the operation fail if the
// object's ETag matches the given value. This is useful for getting updates
// only after the object has changed since the last request.
func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesGetCall) IfNoneMatch(entityTag string) *ProjectsLocationsCaPoolsCertificateAuthoritiesGetCall {
	c.ifNoneMatch_ = entityTag
	return c
}

// Context sets the context to be used in this call's Do method.
func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesGetCall) Context(ctx context.Context) *ProjectsLocationsCaPoolsCertificateAuthoritiesGetCall {
	c.ctx_ = ctx
	return c
}

// Header returns a http.Header that can be modified by the caller to add
// headers to the request.
func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesGetCall) Header() http.Header {
	if c.header_ == nil {
		c.header_ = make(http.Header)
	}
	return c.header_
}

func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesGetCall) doRequest(alt string) (*http.Response, error) {
	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "", c.header_)
	if c.ifNoneMatch_ != "" {
		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
	}
	c.urlParams_.Set("alt", alt)
	c.urlParams_.Set("prettyPrint", "false")
	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}")
	urls += "?" + c.urlParams_.Encode()
	req, err := http.NewRequest("GET", urls, nil)
	if err != nil {
		return nil, err
	}
	req.Header = reqHeaders
	googleapi.Expand(req.URL, map[string]string{
		"name": c.name,
	})
	c.s.logger.DebugContext(c.ctx_, "api request", "serviceName", apiName, "rpcName", "privateca.projects.locations.caPools.certificateAuthorities.get", "request", internallog.HTTPRequest(req, nil))
	return gensupport.SendRequest(c.ctx_, c.s.client, req)
}

// Do executes the "privateca.projects.locations.caPools.certificateAuthorities.get" call.
// Any non-2xx status code is an error. Response headers are in either
// *CertificateAuthority.ServerResponse.Header or (if a response was returned
// at all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
// check whether the returned error was because http.StatusNotModified was
// returned.
func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesGetCall) Do(opts ...googleapi.CallOption) (*CertificateAuthority, error) {
	gensupport.SetOptions(c.urlParams_, opts...)
	res, err := c.doRequest("json")
	if res != nil && res.StatusCode == http.StatusNotModified {
		if res.Body != nil {
			res.Body.Close()
		}
		return nil, gensupport.WrapError(&googleapi.Error{
			Code:   res.StatusCode,
			Header: res.Header,
		})
	}
	if err != nil {
		return nil, err
	}
	defer googleapi.CloseBody(res)
	if err := googleapi.CheckResponse(res); err != nil {
		return nil, gensupport.WrapError(err)
	}
	ret := &CertificateAuthority{
		ServerResponse: googleapi.ServerResponse{
			Header:         res.Header,
			HTTPStatusCode: res.StatusCode,
		},
	}
	target := &ret
	b, err := gensupport.DecodeResponseBytes(target, res)
	if err != nil {
		return nil, err
	}
	c.s.logger.DebugContext(c.ctx_, "api response", "serviceName", apiName, "rpcName", "privateca.projects.locations.caPools.certificateAuthorities.get", "response", internallog.HTTPResponse(res, b))
	return ret, nil
}

type ProjectsLocationsCaPoolsCertificateAuthoritiesListCall struct {
	s            *Service
	parent       string
	urlParams_   gensupport.URLParams
	ifNoneMatch_ string
	ctx_         context.Context
	header_      http.Header
}

// List: Lists CertificateAuthorities.
//
//   - parent: The resource name of the CaPool associated with the
//     CertificateAuthorities, in the format `projects/*/locations/*/caPools/*`.
func (r *ProjectsLocationsCaPoolsCertificateAuthoritiesService) List(parent string) *ProjectsLocationsCaPoolsCertificateAuthoritiesListCall {
	c := &ProjectsLocationsCaPoolsCertificateAuthoritiesListCall{s: r.s, urlParams_: make(gensupport.URLParams)}
	c.parent = parent
	return c
}

// Filter sets the optional parameter "filter": Only include resources that
// match the filter in the response.
func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesListCall) Filter(filter string) *ProjectsLocationsCaPoolsCertificateAuthoritiesListCall {
	c.urlParams_.Set("filter", filter)
	return c
}

// OrderBy sets the optional parameter "orderBy": Specify how the results
// should be sorted.
func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesListCall) OrderBy(orderBy string) *ProjectsLocationsCaPoolsCertificateAuthoritiesListCall {
	c.urlParams_.Set("orderBy", orderBy)
	return c
}

// PageSize sets the optional parameter "pageSize": Limit on the number of
// CertificateAuthorities to include in the response. Further
// CertificateAuthorities can subsequently be obtained by including the
// ListCertificateAuthoritiesResponse.next_page_token in a subsequent request.
// If unspecified, the server will pick an appropriate default.
func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesListCall) PageSize(pageSize int64) *ProjectsLocationsCaPoolsCertificateAuthoritiesListCall {
	c.urlParams_.Set("pageSize", fmt.Sprint(pageSize))
	return c
}

// PageToken sets the optional parameter "pageToken": Pagination token,
// returned earlier via ListCertificateAuthoritiesResponse.next_page_token.
func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesListCall) PageToken(pageToken string) *ProjectsLocationsCaPoolsCertificateAuthoritiesListCall {
	c.urlParams_.Set("pageToken", pageToken)
	return c
}

// Fields allows partial responses to be retrieved. See
// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
// details.
func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesListCall) Fields(s ...googleapi.Field) *ProjectsLocationsCaPoolsCertificateAuthoritiesListCall {
	c.urlParams_.Set("fields", googleapi.CombineFields(s))
	return c
}

// IfNoneMatch sets an optional parameter which makes the operation fail if the
// object's ETag matches the given value. This is useful for getting updates
// only after the object has changed since the last request.
func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesListCall) IfNoneMatch(entityTag string) *ProjectsLocationsCaPoolsCertificateAuthoritiesListCall {
	c.ifNoneMatch_ = entityTag
	return c
}

// Context sets the context to be used in this call's Do method.
func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesListCall) Context(ctx context.Context) *ProjectsLocationsCaPoolsCertificateAuthoritiesListCall {
	c.ctx_ = ctx
	return c
}

// Header returns a http.Header that can be modified by the caller to add
// headers to the request.
func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesListCall) Header() http.Header {
	if c.header_ == nil {
		c.header_ = make(http.Header)
	}
	return c.header_
}

func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesListCall) doRequest(alt string) (*http.Response, error) {
	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "", c.header_)
	if c.ifNoneMatch_ != "" {
		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
	}
	c.urlParams_.Set("alt", alt)
	c.urlParams_.Set("prettyPrint", "false")
	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+parent}/certificateAuthorities")
	urls += "?" + c.urlParams_.Encode()
	req, err := http.NewRequest("GET", urls, nil)
	if err != nil {
		return nil, err
	}
	req.Header = reqHeaders
	googleapi.Expand(req.URL, map[string]string{
		"parent": c.parent,
	})
	c.s.logger.DebugContext(c.ctx_, "api request", "serviceName", apiName, "rpcName", "privateca.projects.locations.caPools.certificateAuthorities.list", "request", internallog.HTTPRequest(req, nil))
	return gensupport.SendRequest(c.ctx_, c.s.client, req)
}

// Do executes the "privateca.projects.locations.caPools.certificateAuthorities.list" call.
// Any non-2xx status code is an error. Response headers are in either
// *ListCertificateAuthoritiesResponse.ServerResponse.Header or (if a response
// was returned at all) in error.(*googleapi.Error).Header. Use
// googleapi.IsNotModified to check whether the returned error was because
// http.StatusNotModified was returned.
func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesListCall) Do(opts ...googleapi.CallOption) (*ListCertificateAuthoritiesResponse, error) {
	gensupport.SetOptions(c.urlParams_, opts...)
	res, err := c.doRequest("json")
	if res != nil && res.StatusCode == http.StatusNotModified {
		if res.Body != nil {
			res.Body.Close()
		}
		return nil, gensupport.WrapError(&googleapi.Error{
			Code:   res.StatusCode,
			Header: res.Header,
		})
	}
	if err != nil {
		return nil, err
	}
	defer googleapi.CloseBody(res)
	if err := googleapi.CheckResponse(res); err != nil {
		return nil, gensupport.WrapError(err)
	}
	ret := &ListCertificateAuthoritiesResponse{
		ServerResponse: googleapi.ServerResponse{
			Header:         res.Header,
			HTTPStatusCode: res.StatusCode,
		},
	}
	target := &ret
	b, err := gensupport.DecodeResponseBytes(target, res)
	if err != nil {
		return nil, err
	}
	c.s.logger.DebugContext(c.ctx_, "api response", "serviceName", apiName, "rpcName", "privateca.projects.locations.caPools.certificateAuthorities.list", "response", internallog.HTTPResponse(res, b))
	return ret, nil
}

// Pages invokes f for each page of results.
// A non-nil error returned from f will halt the iteration.
// The provided context supersedes any context provided to the Context method.
func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesListCall) Pages(ctx context.Context, f func(*ListCertificateAuthoritiesResponse) error) error {
	c.ctx_ = ctx
	defer c.PageToken(c.urlParams_.Get("pageToken"))
	for {
		x, err := c.Do()
		if err != nil {
			return err
		}
		if err := f(x); err != nil {
			return err
		}
		if x.NextPageToken == "" {
			return nil
		}
		c.PageToken(x.NextPageToken)
	}
}

type ProjectsLocationsCaPoolsCertificateAuthoritiesPatchCall struct {
	s                    *Service
	name                 string
	certificateauthority *CertificateAuthority
	urlParams_           gensupport.URLParams
	ctx_                 context.Context
	header_              http.Header
}

// Patch: Update a CertificateAuthority.
//
//   - name: Identifier. The resource name for this CertificateAuthority in the
//     format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
func (r *ProjectsLocationsCaPoolsCertificateAuthoritiesService) Patch(name string, certificateauthority *CertificateAuthority) *ProjectsLocationsCaPoolsCertificateAuthoritiesPatchCall {
	c := &ProjectsLocationsCaPoolsCertificateAuthoritiesPatchCall{s: r.s, urlParams_: make(gensupport.URLParams)}
	c.name = name
	c.certificateauthority = certificateauthority
	return c
}

// RequestId sets the optional parameter "requestId": An ID to identify
// requests. Specify a unique request ID so that if you must retry your
// request, the server will know to ignore the request if it has already been
// completed. The server will guarantee that for at least 60 minutes since the
// first request. For example, consider a situation where you make an initial
// request and the request times out. If you make the request again with the
// same request ID, the server can check if original operation with the same
// request ID was received, and if so, will ignore the second request. This
// prevents clients from accidentally creating duplicate commitments. The
// request ID must be a valid UUID with the exception that zero UUID is not
// supported (00000000-0000-0000-0000-000000000000).
func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesPatchCall) RequestId(requestId string) *ProjectsLocationsCaPoolsCertificateAuthoritiesPatchCall {
	c.urlParams_.Set("requestId", requestId)
	return c
}

// UpdateMask sets the optional parameter "updateMask": Required. A list of
// fields to be updated in this request.
func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesPatchCall) UpdateMask(updateMask string) *ProjectsLocationsCaPoolsCertificateAuthoritiesPatchCall {
	c.urlParams_.Set("updateMask", updateMask)
	return c
}

// Fields allows partial responses to be retrieved. See
// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
// details.
func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesPatchCall) Fields(s ...googleapi.Field) *ProjectsLocationsCaPoolsCertificateAuthoritiesPatchCall {
	c.urlParams_.Set("fields", googleapi.CombineFields(s))
	return c
}

// Context sets the context to be used in this call's Do method.
func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesPatchCall) Context(ctx context.Context) *ProjectsLocationsCaPoolsCertificateAuthoritiesPatchCall {
	c.ctx_ = ctx
	return c
}

// Header returns a http.Header that can be modified by the caller to add
// headers to the request.
func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesPatchCall) Header() http.Header {
	if c.header_ == nil {
		c.header_ = make(http.Header)
	}
	return c.header_
}

func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesPatchCall) doRequest(alt string) (*http.Response, error) {
	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "application/json", c.header_)
	body, err := googleapi.WithoutDataWrapper.JSONBuffer(c.certificateauthority)
	if err != nil {
		return nil, err
	}
	c.urlParams_.Set("alt", alt)
	c.urlParams_.Set("prettyPrint", "false")
	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}")
	urls += "?" + c.urlParams_.Encode()
	req, err := http.NewRequest("PATCH", urls, body)
	if err != nil {
		return nil, err
	}
	req.Header = reqHeaders
	googleapi.Expand(req.URL, map[string]string{
		"name": c.name,
	})
	c.s.logger.DebugContext(c.ctx_, "api request", "serviceName", apiName, "rpcName", "privateca.projects.locations.caPools.certificateAuthorities.patch", "request", internallog.HTTPRequest(req, body.Bytes()))
	return gensupport.SendRequest(c.ctx_, c.s.client, req)
}

// Do executes the "privateca.projects.locations.caPools.certificateAuthorities.patch" call.
// Any non-2xx status code is an error. Response headers are in either
// *Operation.ServerResponse.Header or (if a response was returned at all) in
// error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
// whether the returned error was because http.StatusNotModified was returned.
func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesPatchCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
	gensupport.SetOptions(c.urlParams_, opts...)
	res, err := c.doRequest("json")
	if res != nil && res.StatusCode == http.StatusNotModified {
		if res.Body != nil {
			res.Body.Close()
		}
		return nil, gensupport.WrapError(&googleapi.Error{
			Code:   res.StatusCode,
			Header: res.Header,
		})
	}
	if err != nil {
		return nil, err
	}
	defer googleapi.CloseBody(res)
	if err := googleapi.CheckResponse(res); err != nil {
		return nil, gensupport.WrapError(err)
	}
	ret := &Operation{
		ServerResponse: googleapi.ServerResponse{
			Header:         res.Header,
			HTTPStatusCode: res.StatusCode,
		},
	}
	target := &ret
	b, err := gensupport.DecodeResponseBytes(target, res)
	if err != nil {
		return nil, err
	}
	c.s.logger.DebugContext(c.ctx_, "api response", "serviceName", apiName, "rpcName", "privateca.projects.locations.caPools.certificateAuthorities.patch", "response", internallog.HTTPResponse(res, b))
	return ret, nil
}

type ProjectsLocationsCaPoolsCertificateAuthoritiesUndeleteCall struct {
	s                                   *Service
	name                                string
	undeletecertificateauthorityrequest *UndeleteCertificateAuthorityRequest
	urlParams_                          gensupport.URLParams
	ctx_                                context.Context
	header_                             http.Header
}

// Undelete: Undelete a CertificateAuthority that has been deleted.
//
//   - name: The resource name for this CertificateAuthority in the format
//     `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
func (r *ProjectsLocationsCaPoolsCertificateAuthoritiesService) Undelete(name string, undeletecertificateauthorityrequest *UndeleteCertificateAuthorityRequest) *ProjectsLocationsCaPoolsCertificateAuthoritiesUndeleteCall {
	c := &ProjectsLocationsCaPoolsCertificateAuthoritiesUndeleteCall{s: r.s, urlParams_: make(gensupport.URLParams)}
	c.name = name
	c.undeletecertificateauthorityrequest = undeletecertificateauthorityrequest
	return c
}

// Fields allows partial responses to be retrieved. See
// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
// details.
func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesUndeleteCall) Fields(s ...googleapi.Field) *ProjectsLocationsCaPoolsCertificateAuthoritiesUndeleteCall {
	c.urlParams_.Set("fields", googleapi.CombineFields(s))
	return c
}

// Context sets the context to be used in this call's Do method.
func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesUndeleteCall) Context(ctx context.Context) *ProjectsLocationsCaPoolsCertificateAuthoritiesUndeleteCall {
	c.ctx_ = ctx
	return c
}

// Header returns a http.Header that can be modified by the caller to add
// headers to the request.
func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesUndeleteCall) Header() http.Header {
	if c.header_ == nil {
		c.header_ = make(http.Header)
	}
	return c.header_
}

func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesUndeleteCall) doRequest(alt string) (*http.Response, error) {
	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "application/json", c.header_)
	body, err := googleapi.WithoutDataWrapper.JSONBuffer(c.undeletecertificateauthorityrequest)
	if err != nil {
		return nil, err
	}
	c.urlParams_.Set("alt", alt)
	c.urlParams_.Set("prettyPrint", "false")
	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}:undelete")
	urls += "?" + c.urlParams_.Encode()
	req, err := http.NewRequest("POST", urls, body)
	if err != nil {
		return nil, err
	}
	req.Header = reqHeaders
	googleapi.Expand(req.URL, map[string]string{
		"name": c.name,
	})
	c.s.logger.DebugContext(c.ctx_, "api request", "serviceName", apiName, "rpcName", "privateca.projects.locations.caPools.certificateAuthorities.undelete", "request", internallog.HTTPRequest(req, body.Bytes()))
	return gensupport.SendRequest(c.ctx_, c.s.client, req)
}

// Do executes the "privateca.projects.locations.caPools.certificateAuthorities.undelete" call.
// Any non-2xx status code is an error. Response headers are in either
// *Operation.ServerResponse.Header or (if a response was returned at all) in
// error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
// whether the returned error was because http.StatusNotModified was returned.
func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesUndeleteCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
	gensupport.SetOptions(c.urlParams_, opts...)
	res, err := c.doRequest("json")
	if res != nil && res.StatusCode == http.StatusNotModified {
		if res.Body != nil {
			res.Body.Close()
		}
		return nil, gensupport.WrapError(&googleapi.Error{
			Code:   res.StatusCode,
			Header: res.Header,
		})
	}
	if err != nil {
		return nil, err
	}
	defer googleapi.CloseBody(res)
	if err := googleapi.CheckResponse(res); err != nil {
		return nil, gensupport.WrapError(err)
	}
	ret := &Operation{
		ServerResponse: googleapi.ServerResponse{
			Header:         res.Header,
			HTTPStatusCode: res.StatusCode,
		},
	}
	target := &ret
	b, err := gensupport.DecodeResponseBytes(target, res)
	if err != nil {
		return nil, err
	}
	c.s.logger.DebugContext(c.ctx_, "api response", "serviceName", apiName, "rpcName", "privateca.projects.locations.caPools.certificateAuthorities.undelete", "response", internallog.HTTPResponse(res, b))
	return ret, nil
}

type ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsGetCall struct {
	s            *Service
	name         string
	urlParams_   gensupport.URLParams
	ifNoneMatch_ string
	ctx_         context.Context
	header_      http.Header
}

// Get: Returns a CertificateRevocationList.
//
// - name: The name of the CertificateRevocationList to get.
func (r *ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsService) Get(name string) *ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsGetCall {
	c := &ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsGetCall{s: r.s, urlParams_: make(gensupport.URLParams)}
	c.name = name
	return c
}

// Fields allows partial responses to be retrieved. See
// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
// details.
func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsGetCall) Fields(s ...googleapi.Field) *ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsGetCall {
	c.urlParams_.Set("fields", googleapi.CombineFields(s))
	return c
}

// IfNoneMatch sets an optional parameter which makes the operation fail if the
// object's ETag matches the given value. This is useful for getting updates
// only after the object has changed since the last request.
func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsGetCall) IfNoneMatch(entityTag string) *ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsGetCall {
	c.ifNoneMatch_ = entityTag
	return c
}

// Context sets the context to be used in this call's Do method.
func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsGetCall) Context(ctx context.Context) *ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsGetCall {
	c.ctx_ = ctx
	return c
}

// Header returns a http.Header that can be modified by the caller to add
// headers to the request.
func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsGetCall) Header() http.Header {
	if c.header_ == nil {
		c.header_ = make(http.Header)
	}
	return c.header_
}

func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsGetCall) doRequest(alt string) (*http.Response, error) {
	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "", c.header_)
	if c.ifNoneMatch_ != "" {
		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
	}
	c.urlParams_.Set("alt", alt)
	c.urlParams_.Set("prettyPrint", "false")
	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}")
	urls += "?" + c.urlParams_.Encode()
	req, err := http.NewRequest("GET", urls, nil)
	if err != nil {
		return nil, err
	}
	req.Header = reqHeaders
	googleapi.Expand(req.URL, map[string]string{
		"name": c.name,
	})
	c.s.logger.DebugContext(c.ctx_, "api request", "serviceName", apiName, "rpcName", "privateca.projects.locations.caPools.certificateAuthorities.certificateRevocationLists.get", "request", internallog.HTTPRequest(req, nil))
	return gensupport.SendRequest(c.ctx_, c.s.client, req)
}

// Do executes the "privateca.projects.locations.caPools.certificateAuthorities.certificateRevocationLists.get" call.
// Any non-2xx status code is an error. Response headers are in either
// *CertificateRevocationList.ServerResponse.Header or (if a response was
// returned at all) in error.(*googleapi.Error).Header. Use
// googleapi.IsNotModified to check whether the returned error was because
// http.StatusNotModified was returned.
func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsGetCall) Do(opts ...googleapi.CallOption) (*CertificateRevocationList, error) {
	gensupport.SetOptions(c.urlParams_, opts...)
	res, err := c.doRequest("json")
	if res != nil && res.StatusCode == http.StatusNotModified {
		if res.Body != nil {
			res.Body.Close()
		}
		return nil, gensupport.WrapError(&googleapi.Error{
			Code:   res.StatusCode,
			Header: res.Header,
		})
	}
	if err != nil {
		return nil, err
	}
	defer googleapi.CloseBody(res)
	if err := googleapi.CheckResponse(res); err != nil {
		return nil, gensupport.WrapError(err)
	}
	ret := &CertificateRevocationList{
		ServerResponse: googleapi.ServerResponse{
			Header:         res.Header,
			HTTPStatusCode: res.StatusCode,
		},
	}
	target := &ret
	b, err := gensupport.DecodeResponseBytes(target, res)
	if err != nil {
		return nil, err
	}
	c.s.logger.DebugContext(c.ctx_, "api response", "serviceName", apiName, "rpcName", "privateca.projects.locations.caPools.certificateAuthorities.certificateRevocationLists.get", "response", internallog.HTTPResponse(res, b))
	return ret, nil
}

type ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsGetIamPolicyCall struct {
	s            *Service
	resource     string
	urlParams_   gensupport.URLParams
	ifNoneMatch_ string
	ctx_         context.Context
	header_      http.Header
}

// GetIamPolicy: Gets the access control policy for a resource. Returns an
// empty policy if the resource exists and does not have a policy set.
//
//   - resource: REQUIRED: The resource for which the policy is being requested.
//     See Resource names (https://cloud.google.com/apis/design/resource_names)
//     for the appropriate value for this field.
func (r *ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsService) GetIamPolicy(resource string) *ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsGetIamPolicyCall {
	c := &ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsGetIamPolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)}
	c.resource = resource
	return c
}

// OptionsRequestedPolicyVersion sets the optional parameter
// "options.requestedPolicyVersion": The maximum policy version that will be
// used to format the policy. Valid values are 0, 1, and 3. Requests specifying
// an invalid value will be rejected. Requests for policies with any
// conditional role bindings must specify version 3. Policies with no
// conditional role bindings may specify any valid value or leave the field
// unset. The policy in the response might use the policy version that you
// specified, or it might use a lower policy version. For example, if you
// specify version 3, but the policy has no conditional role bindings, the
// response uses version 1. To learn which resources support conditions in
// their IAM policies, see the IAM documentation
// (https://cloud.google.com/iam/help/conditions/resource-policies).
func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsGetIamPolicyCall) OptionsRequestedPolicyVersion(optionsRequestedPolicyVersion int64) *ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsGetIamPolicyCall {
	c.urlParams_.Set("options.requestedPolicyVersion", fmt.Sprint(optionsRequestedPolicyVersion))
	return c
}

// Fields allows partial responses to be retrieved. See
// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
// details.
func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsGetIamPolicyCall) Fields(s ...googleapi.Field) *ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsGetIamPolicyCall {
	c.urlParams_.Set("fields", googleapi.CombineFields(s))
	return c
}

// IfNoneMatch sets an optional parameter which makes the operation fail if the
// object's ETag matches the given value. This is useful for getting updates
// only after the object has changed since the last request.
func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsGetIamPolicyCall) IfNoneMatch(entityTag string) *ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsGetIamPolicyCall {
	c.ifNoneMatch_ = entityTag
	return c
}

// Context sets the context to be used in this call's Do method.
func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsGetIamPolicyCall) Context(ctx context.Context) *ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsGetIamPolicyCall {
	c.ctx_ = ctx
	return c
}

// Header returns a http.Header that can be modified by the caller to add
// headers to the request.
func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsGetIamPolicyCall) Header() http.Header {
	if c.header_ == nil {
		c.header_ = make(http.Header)
	}
	return c.header_
}

func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsGetIamPolicyCall) doRequest(alt string) (*http.Response, error) {
	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "", c.header_)
	if c.ifNoneMatch_ != "" {
		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
	}
	c.urlParams_.Set("alt", alt)
	c.urlParams_.Set("prettyPrint", "false")
	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+resource}:getIamPolicy")
	urls += "?" + c.urlParams_.Encode()
	req, err := http.NewRequest("GET", urls, nil)
	if err != nil {
		return nil, err
	}
	req.Header = reqHeaders
	googleapi.Expand(req.URL, map[string]string{
		"resource": c.resource,
	})
	c.s.logger.DebugContext(c.ctx_, "api request", "serviceName", apiName, "rpcName", "privateca.projects.locations.caPools.certificateAuthorities.certificateRevocationLists.getIamPolicy", "request", internallog.HTTPRequest(req, nil))
	return gensupport.SendRequest(c.ctx_, c.s.client, req)
}

// Do executes the "privateca.projects.locations.caPools.certificateAuthorities.certificateRevocationLists.getIamPolicy" call.
// Any non-2xx status code is an error. Response headers are in either
// *Policy.ServerResponse.Header or (if a response was returned at all) in
// error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
// whether the returned error was because http.StatusNotModified was returned.
func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsGetIamPolicyCall) Do(opts ...googleapi.CallOption) (*Policy, error) {
	gensupport.SetOptions(c.urlParams_, opts...)
	res, err := c.doRequest("json")
	if res != nil && res.StatusCode == http.StatusNotModified {
		if res.Body != nil {
			res.Body.Close()
		}
		return nil, gensupport.WrapError(&googleapi.Error{
			Code:   res.StatusCode,
			Header: res.Header,
		})
	}
	if err != nil {
		return nil, err
	}
	defer googleapi.CloseBody(res)
	if err := googleapi.CheckResponse(res); err != nil {
		return nil, gensupport.WrapError(err)
	}
	ret := &Policy{
		ServerResponse: googleapi.ServerResponse{
			Header:         res.Header,
			HTTPStatusCode: res.StatusCode,
		},
	}
	target := &ret
	b, err := gensupport.DecodeResponseBytes(target, res)
	if err != nil {
		return nil, err
	}
	c.s.logger.DebugContext(c.ctx_, "api response", "serviceName", apiName, "rpcName", "privateca.projects.locations.caPools.certificateAuthorities.certificateRevocationLists.getIamPolicy", "response", internallog.HTTPResponse(res, b))
	return ret, nil
}

type ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsListCall struct {
	s            *Service
	parent       string
	urlParams_   gensupport.URLParams
	ifNoneMatch_ string
	ctx_         context.Context
	header_      http.Header
}

// List: Lists CertificateRevocationLists.
//
//   - parent: The resource name of the location associated with the
//     CertificateRevocationLists, in the format
//     `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
func (r *ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsService) List(parent string) *ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsListCall {
	c := &ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsListCall{s: r.s, urlParams_: make(gensupport.URLParams)}
	c.parent = parent
	return c
}

// Filter sets the optional parameter "filter": Only include resources that
// match the filter in the response.
func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsListCall) Filter(filter string) *ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsListCall {
	c.urlParams_.Set("filter", filter)
	return c
}

// OrderBy sets the optional parameter "orderBy": Specify how the results
// should be sorted.
func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsListCall) OrderBy(orderBy string) *ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsListCall {
	c.urlParams_.Set("orderBy", orderBy)
	return c
}

// PageSize sets the optional parameter "pageSize": Limit on the number of
// CertificateRevocationLists to include in the response. Further
// CertificateRevocationLists can subsequently be obtained by including the
// ListCertificateRevocationListsResponse.next_page_token in a subsequent
// request. If unspecified, the server will pick an appropriate default.
func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsListCall) PageSize(pageSize int64) *ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsListCall {
	c.urlParams_.Set("pageSize", fmt.Sprint(pageSize))
	return c
}

// PageToken sets the optional parameter "pageToken": Pagination token,
// returned earlier via ListCertificateRevocationListsResponse.next_page_token.
func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsListCall) PageToken(pageToken string) *ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsListCall {
	c.urlParams_.Set("pageToken", pageToken)
	return c
}

// Fields allows partial responses to be retrieved. See
// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
// details.
func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsListCall) Fields(s ...googleapi.Field) *ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsListCall {
	c.urlParams_.Set("fields", googleapi.CombineFields(s))
	return c
}

// IfNoneMatch sets an optional parameter which makes the operation fail if the
// object's ETag matches the given value. This is useful for getting updates
// only after the object has changed since the last request.
func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsListCall) IfNoneMatch(entityTag string) *ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsListCall {
	c.ifNoneMatch_ = entityTag
	return c
}

// Context sets the context to be used in this call's Do method.
func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsListCall) Context(ctx context.Context) *ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsListCall {
	c.ctx_ = ctx
	return c
}

// Header returns a http.Header that can be modified by the caller to add
// headers to the request.
func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsListCall) Header() http.Header {
	if c.header_ == nil {
		c.header_ = make(http.Header)
	}
	return c.header_
}

func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsListCall) doRequest(alt string) (*http.Response, error) {
	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "", c.header_)
	if c.ifNoneMatch_ != "" {
		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
	}
	c.urlParams_.Set("alt", alt)
	c.urlParams_.Set("prettyPrint", "false")
	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+parent}/certificateRevocationLists")
	urls += "?" + c.urlParams_.Encode()
	req, err := http.NewRequest("GET", urls, nil)
	if err != nil {
		return nil, err
	}
	req.Header = reqHeaders
	googleapi.Expand(req.URL, map[string]string{
		"parent": c.parent,
	})
	c.s.logger.DebugContext(c.ctx_, "api request", "serviceName", apiName, "rpcName", "privateca.projects.locations.caPools.certificateAuthorities.certificateRevocationLists.list", "request", internallog.HTTPRequest(req, nil))
	return gensupport.SendRequest(c.ctx_, c.s.client, req)
}

// Do executes the "privateca.projects.locations.caPools.certificateAuthorities.certificateRevocationLists.list" call.
// Any non-2xx status code is an error. Response headers are in either
// *ListCertificateRevocationListsResponse.ServerResponse.Header or (if a
// response was returned at all) in error.(*googleapi.Error).Header. Use
// googleapi.IsNotModified to check whether the returned error was because
// http.StatusNotModified was returned.
func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsListCall) Do(opts ...googleapi.CallOption) (*ListCertificateRevocationListsResponse, error) {
	gensupport.SetOptions(c.urlParams_, opts...)
	res, err := c.doRequest("json")
	if res != nil && res.StatusCode == http.StatusNotModified {
		if res.Body != nil {
			res.Body.Close()
		}
		return nil, gensupport.WrapError(&googleapi.Error{
			Code:   res.StatusCode,
			Header: res.Header,
		})
	}
	if err != nil {
		return nil, err
	}
	defer googleapi.CloseBody(res)
	if err := googleapi.CheckResponse(res); err != nil {
		return nil, gensupport.WrapError(err)
	}
	ret := &ListCertificateRevocationListsResponse{
		ServerResponse: googleapi.ServerResponse{
			Header:         res.Header,
			HTTPStatusCode: res.StatusCode,
		},
	}
	target := &ret
	b, err := gensupport.DecodeResponseBytes(target, res)
	if err != nil {
		return nil, err
	}
	c.s.logger.DebugContext(c.ctx_, "api response", "serviceName", apiName, "rpcName", "privateca.projects.locations.caPools.certificateAuthorities.certificateRevocationLists.list", "response", internallog.HTTPResponse(res, b))
	return ret, nil
}

// Pages invokes f for each page of results.
// A non-nil error returned from f will halt the iteration.
// The provided context supersedes any context provided to the Context method.
func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsListCall) Pages(ctx context.Context, f func(*ListCertificateRevocationListsResponse) error) error {
	c.ctx_ = ctx
	defer c.PageToken(c.urlParams_.Get("pageToken"))
	for {
		x, err := c.Do()
		if err != nil {
			return err
		}
		if err := f(x); err != nil {
			return err
		}
		if x.NextPageToken == "" {
			return nil
		}
		c.PageToken(x.NextPageToken)
	}
}

type ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsPatchCall struct {
	s                         *Service
	name                      string
	certificaterevocationlist *CertificateRevocationList
	urlParams_                gensupport.URLParams
	ctx_                      context.Context
	header_                   http.Header
}

// Patch: Update a CertificateRevocationList.
//
//   - name: Identifier. The resource name for this CertificateRevocationList in
//     the format `projects/*/locations/*/caPools/*certificateAuthorities/*/
//     certificateRevocationLists/*`.
func (r *ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsService) Patch(name string, certificaterevocationlist *CertificateRevocationList) *ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsPatchCall {
	c := &ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsPatchCall{s: r.s, urlParams_: make(gensupport.URLParams)}
	c.name = name
	c.certificaterevocationlist = certificaterevocationlist
	return c
}

// RequestId sets the optional parameter "requestId": An ID to identify
// requests. Specify a unique request ID so that if you must retry your
// request, the server will know to ignore the request if it has already been
// completed. The server will guarantee that for at least 60 minutes since the
// first request. For example, consider a situation where you make an initial
// request and the request times out. If you make the request again with the
// same request ID, the server can check if original operation with the same
// request ID was received, and if so, will ignore the second request. This
// prevents clients from accidentally creating duplicate commitments. The
// request ID must be a valid UUID with the exception that zero UUID is not
// supported (00000000-0000-0000-0000-000000000000).
func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsPatchCall) RequestId(requestId string) *ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsPatchCall {
	c.urlParams_.Set("requestId", requestId)
	return c
}

// UpdateMask sets the optional parameter "updateMask": Required. A list of
// fields to be updated in this request.
func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsPatchCall) UpdateMask(updateMask string) *ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsPatchCall {
	c.urlParams_.Set("updateMask", updateMask)
	return c
}

// Fields allows partial responses to be retrieved. See
// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
// details.
func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsPatchCall) Fields(s ...googleapi.Field) *ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsPatchCall {
	c.urlParams_.Set("fields", googleapi.CombineFields(s))
	return c
}

// Context sets the context to be used in this call's Do method.
func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsPatchCall) Context(ctx context.Context) *ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsPatchCall {
	c.ctx_ = ctx
	return c
}

// Header returns a http.Header that can be modified by the caller to add
// headers to the request.
func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsPatchCall) Header() http.Header {
	if c.header_ == nil {
		c.header_ = make(http.Header)
	}
	return c.header_
}

func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsPatchCall) doRequest(alt string) (*http.Response, error) {
	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "application/json", c.header_)
	body, err := googleapi.WithoutDataWrapper.JSONBuffer(c.certificaterevocationlist)
	if err != nil {
		return nil, err
	}
	c.urlParams_.Set("alt", alt)
	c.urlParams_.Set("prettyPrint", "false")
	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}")
	urls += "?" + c.urlParams_.Encode()
	req, err := http.NewRequest("PATCH", urls, body)
	if err != nil {
		return nil, err
	}
	req.Header = reqHeaders
	googleapi.Expand(req.URL, map[string]string{
		"name": c.name,
	})
	c.s.logger.DebugContext(c.ctx_, "api request", "serviceName", apiName, "rpcName", "privateca.projects.locations.caPools.certificateAuthorities.certificateRevocationLists.patch", "request", internallog.HTTPRequest(req, body.Bytes()))
	return gensupport.SendRequest(c.ctx_, c.s.client, req)
}

// Do executes the "privateca.projects.locations.caPools.certificateAuthorities.certificateRevocationLists.patch" call.
// Any non-2xx status code is an error. Response headers are in either
// *Operation.ServerResponse.Header or (if a response was returned at all) in
// error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
// whether the returned error was because http.StatusNotModified was returned.
func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsPatchCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
	gensupport.SetOptions(c.urlParams_, opts...)
	res, err := c.doRequest("json")
	if res != nil && res.StatusCode == http.StatusNotModified {
		if res.Body != nil {
			res.Body.Close()
		}
		return nil, gensupport.WrapError(&googleapi.Error{
			Code:   res.StatusCode,
			Header: res.Header,
		})
	}
	if err != nil {
		return nil, err
	}
	defer googleapi.CloseBody(res)
	if err := googleapi.CheckResponse(res); err != nil {
		return nil, gensupport.WrapError(err)
	}
	ret := &Operation{
		ServerResponse: googleapi.ServerResponse{
			Header:         res.Header,
			HTTPStatusCode: res.StatusCode,
		},
	}
	target := &ret
	b, err := gensupport.DecodeResponseBytes(target, res)
	if err != nil {
		return nil, err
	}
	c.s.logger.DebugContext(c.ctx_, "api response", "serviceName", apiName, "rpcName", "privateca.projects.locations.caPools.certificateAuthorities.certificateRevocationLists.patch", "response", internallog.HTTPResponse(res, b))
	return ret, nil
}

type ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsSetIamPolicyCall struct {
	s                   *Service
	resource            string
	setiampolicyrequest *SetIamPolicyRequest
	urlParams_          gensupport.URLParams
	ctx_                context.Context
	header_             http.Header
}

// SetIamPolicy: Sets the access control policy on the specified resource.
// Replaces any existing policy. Can return `NOT_FOUND`, `INVALID_ARGUMENT`,
// and `PERMISSION_DENIED` errors.
//
//   - resource: REQUIRED: The resource for which the policy is being specified.
//     See Resource names (https://cloud.google.com/apis/design/resource_names)
//     for the appropriate value for this field.
func (r *ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsService) SetIamPolicy(resource string, setiampolicyrequest *SetIamPolicyRequest) *ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsSetIamPolicyCall {
	c := &ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsSetIamPolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)}
	c.resource = resource
	c.setiampolicyrequest = setiampolicyrequest
	return c
}

// Fields allows partial responses to be retrieved. See
// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
// details.
func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsSetIamPolicyCall) Fields(s ...googleapi.Field) *ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsSetIamPolicyCall {
	c.urlParams_.Set("fields", googleapi.CombineFields(s))
	return c
}

// Context sets the context to be used in this call's Do method.
func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsSetIamPolicyCall) Context(ctx context.Context) *ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsSetIamPolicyCall {
	c.ctx_ = ctx
	return c
}

// Header returns a http.Header that can be modified by the caller to add
// headers to the request.
func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsSetIamPolicyCall) Header() http.Header {
	if c.header_ == nil {
		c.header_ = make(http.Header)
	}
	return c.header_
}

func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsSetIamPolicyCall) doRequest(alt string) (*http.Response, error) {
	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "application/json", c.header_)
	body, err := googleapi.WithoutDataWrapper.JSONBuffer(c.setiampolicyrequest)
	if err != nil {
		return nil, err
	}
	c.urlParams_.Set("alt", alt)
	c.urlParams_.Set("prettyPrint", "false")
	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+resource}:setIamPolicy")
	urls += "?" + c.urlParams_.Encode()
	req, err := http.NewRequest("POST", urls, body)
	if err != nil {
		return nil, err
	}
	req.Header = reqHeaders
	googleapi.Expand(req.URL, map[string]string{
		"resource": c.resource,
	})
	c.s.logger.DebugContext(c.ctx_, "api request", "serviceName", apiName, "rpcName", "privateca.projects.locations.caPools.certificateAuthorities.certificateRevocationLists.setIamPolicy", "request", internallog.HTTPRequest(req, body.Bytes()))
	return gensupport.SendRequest(c.ctx_, c.s.client, req)
}

// Do executes the "privateca.projects.locations.caPools.certificateAuthorities.certificateRevocationLists.setIamPolicy" call.
// Any non-2xx status code is an error. Response headers are in either
// *Policy.ServerResponse.Header or (if a response was returned at all) in
// error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
// whether the returned error was because http.StatusNotModified was returned.
func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsSetIamPolicyCall) Do(opts ...googleapi.CallOption) (*Policy, error) {
	gensupport.SetOptions(c.urlParams_, opts...)
	res, err := c.doRequest("json")
	if res != nil && res.StatusCode == http.StatusNotModified {
		if res.Body != nil {
			res.Body.Close()
		}
		return nil, gensupport.WrapError(&googleapi.Error{
			Code:   res.StatusCode,
			Header: res.Header,
		})
	}
	if err != nil {
		return nil, err
	}
	defer googleapi.CloseBody(res)
	if err := googleapi.CheckResponse(res); err != nil {
		return nil, gensupport.WrapError(err)
	}
	ret := &Policy{
		ServerResponse: googleapi.ServerResponse{
			Header:         res.Header,
			HTTPStatusCode: res.StatusCode,
		},
	}
	target := &ret
	b, err := gensupport.DecodeResponseBytes(target, res)
	if err != nil {
		return nil, err
	}
	c.s.logger.DebugContext(c.ctx_, "api response", "serviceName", apiName, "rpcName", "privateca.projects.locations.caPools.certificateAuthorities.certificateRevocationLists.setIamPolicy", "response", internallog.HTTPResponse(res, b))
	return ret, nil
}

type ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsTestIamPermissionsCall struct {
	s                         *Service
	resource                  string
	testiampermissionsrequest *TestIamPermissionsRequest
	urlParams_                gensupport.URLParams
	ctx_                      context.Context
	header_                   http.Header
}

// TestIamPermissions: Returns permissions that a caller has on the specified
// resource. If the resource does not exist, this will return an empty set of
// permissions, not a `NOT_FOUND` error. Note: This operation is designed to be
// used for building permission-aware UIs and command-line tools, not for
// authorization checking. This operation may "fail open" without warning.
//
//   - resource: REQUIRED: The resource for which the policy detail is being
//     requested. See Resource names
//     (https://cloud.google.com/apis/design/resource_names) for the appropriate
//     value for this field.
func (r *ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsService) TestIamPermissions(resource string, testiampermissionsrequest *TestIamPermissionsRequest) *ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsTestIamPermissionsCall {
	c := &ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsTestIamPermissionsCall{s: r.s, urlParams_: make(gensupport.URLParams)}
	c.resource = resource
	c.testiampermissionsrequest = testiampermissionsrequest
	return c
}

// Fields allows partial responses to be retrieved. See
// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
// details.
func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsTestIamPermissionsCall) Fields(s ...googleapi.Field) *ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsTestIamPermissionsCall {
	c.urlParams_.Set("fields", googleapi.CombineFields(s))
	return c
}

// Context sets the context to be used in this call's Do method.
func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsTestIamPermissionsCall) Context(ctx context.Context) *ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsTestIamPermissionsCall {
	c.ctx_ = ctx
	return c
}

// Header returns a http.Header that can be modified by the caller to add
// headers to the request.
func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsTestIamPermissionsCall) Header() http.Header {
	if c.header_ == nil {
		c.header_ = make(http.Header)
	}
	return c.header_
}

func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsTestIamPermissionsCall) doRequest(alt string) (*http.Response, error) {
	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "application/json", c.header_)
	body, err := googleapi.WithoutDataWrapper.JSONBuffer(c.testiampermissionsrequest)
	if err != nil {
		return nil, err
	}
	c.urlParams_.Set("alt", alt)
	c.urlParams_.Set("prettyPrint", "false")
	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+resource}:testIamPermissions")
	urls += "?" + c.urlParams_.Encode()
	req, err := http.NewRequest("POST", urls, body)
	if err != nil {
		return nil, err
	}
	req.Header = reqHeaders
	googleapi.Expand(req.URL, map[string]string{
		"resource": c.resource,
	})
	c.s.logger.DebugContext(c.ctx_, "api request", "serviceName", apiName, "rpcName", "privateca.projects.locations.caPools.certificateAuthorities.certificateRevocationLists.testIamPermissions", "request", internallog.HTTPRequest(req, body.Bytes()))
	return gensupport.SendRequest(c.ctx_, c.s.client, req)
}

// Do executes the "privateca.projects.locations.caPools.certificateAuthorities.certificateRevocationLists.testIamPermissions" call.
// Any non-2xx status code is an error. Response headers are in either
// *TestIamPermissionsResponse.ServerResponse.Header or (if a response was
// returned at all) in error.(*googleapi.Error).Header. Use
// googleapi.IsNotModified to check whether the returned error was because
// http.StatusNotModified was returned.
func (c *ProjectsLocationsCaPoolsCertificateAuthoritiesCertificateRevocationListsTestIamPermissionsCall) Do(opts ...googleapi.CallOption) (*TestIamPermissionsResponse, error) {
	gensupport.SetOptions(c.urlParams_, opts...)
	res, err := c.doRequest("json")
	if res != nil && res.StatusCode == http.StatusNotModified {
		if res.Body != nil {
			res.Body.Close()
		}
		return nil, gensupport.WrapError(&googleapi.Error{
			Code:   res.StatusCode,
			Header: res.Header,
		})
	}
	if err != nil {
		return nil, err
	}
	defer googleapi.CloseBody(res)
	if err := googleapi.CheckResponse(res); err != nil {
		return nil, gensupport.WrapError(err)
	}
	ret := &TestIamPermissionsResponse{
		ServerResponse: googleapi.ServerResponse{
			Header:         res.Header,
			HTTPStatusCode: res.StatusCode,
		},
	}
	target := &ret
	b, err := gensupport.DecodeResponseBytes(target, res)
	if err != nil {
		return nil, err
	}
	c.s.logger.DebugContext(c.ctx_, "api response", "serviceName", apiName, "rpcName", "privateca.projects.locations.caPools.certificateAuthorities.certificateRevocationLists.testIamPermissions", "response", internallog.HTTPResponse(res, b))
	return ret, nil
}

type ProjectsLocationsCaPoolsCertificatesCreateCall struct {
	s           *Service
	parent      string
	certificate *Certificate
	urlParams_  gensupport.URLParams
	ctx_        context.Context
	header_     http.Header
}

// Create: Create a new Certificate in a given Project, Location from a
// particular CaPool.
//
//   - parent: The resource name of the CaPool associated with the Certificate,
//     in the format `projects/*/locations/*/caPools/*`.
func (r *ProjectsLocationsCaPoolsCertificatesService) Create(parent string, certificate *Certificate) *ProjectsLocationsCaPoolsCertificatesCreateCall {
	c := &ProjectsLocationsCaPoolsCertificatesCreateCall{s: r.s, urlParams_: make(gensupport.URLParams)}
	c.parent = parent
	c.certificate = certificate
	return c
}

// CertificateId sets the optional parameter "certificateId": It must be unique
// within a location and match the regular expression `[a-zA-Z0-9_-]{1,63}`.
// This field is required when using a CertificateAuthority in the Enterprise
// CertificateAuthority.tier, but is optional and its value is ignored
// otherwise.
func (c *ProjectsLocationsCaPoolsCertificatesCreateCall) CertificateId(certificateId string) *ProjectsLocationsCaPoolsCertificatesCreateCall {
	c.urlParams_.Set("certificateId", certificateId)
	return c
}

// IssuingCertificateAuthorityId sets the optional parameter
// "issuingCertificateAuthorityId": The resource ID of the CertificateAuthority
// that should issue the certificate. This optional field will ignore the
// load-balancing scheme of the Pool and directly issue the certificate from
// the CA with the specified ID, contained in the same CaPool referenced by
// `parent`. Per-CA quota rules apply. If left empty, a CertificateAuthority
// will be chosen from the CaPool by the service. For example, to issue a
// Certificate from a Certificate Authority with resource name
// "projects/my-project/locations/us-central1/caPools/my-pool/certificateAuthori
// ties/my-ca", you can set the parent to
// "projects/my-project/locations/us-central1/caPools/my-pool" and the
// issuing_certificate_authority_id to "my-ca".
func (c *ProjectsLocationsCaPoolsCertificatesCreateCall) IssuingCertificateAuthorityId(issuingCertificateAuthorityId string) *ProjectsLocationsCaPoolsCertificatesCreateCall {
	c.urlParams_.Set("issuingCertificateAuthorityId", issuingCertificateAuthorityId)
	return c
}

// RequestId sets the optional parameter "requestId": An ID to identify
// requests. Specify a unique request ID so that if you must retry your
// request, the server will know to ignore the request if it has already been
// completed. The server will guarantee that for at least 60 minutes since the
// first request. For example, consider a situation where you make an initial
// request and the request times out. If you make the request again with the
// same request ID, the server can check if original operation with the same
// request ID was received, and if so, will ignore the second request. This
// prevents clients from accidentally creating duplicate commitments. The
// request ID must be a valid UUID with the exception that zero UUID is not
// supported (00000000-0000-0000-0000-000000000000).
func (c *ProjectsLocationsCaPoolsCertificatesCreateCall) RequestId(requestId string) *ProjectsLocationsCaPoolsCertificatesCreateCall {
	c.urlParams_.Set("requestId", requestId)
	return c
}

// ValidateOnly sets the optional parameter "validateOnly": If this is true, no
// Certificate resource will be persisted regardless of the CaPool's tier, and
// the returned Certificate will not contain the pem_certificate field.
func (c *ProjectsLocationsCaPoolsCertificatesCreateCall) ValidateOnly(validateOnly bool) *ProjectsLocationsCaPoolsCertificatesCreateCall {
	c.urlParams_.Set("validateOnly", fmt.Sprint(validateOnly))
	return c
}

// Fields allows partial responses to be retrieved. See
// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
// details.
func (c *ProjectsLocationsCaPoolsCertificatesCreateCall) Fields(s ...googleapi.Field) *ProjectsLocationsCaPoolsCertificatesCreateCall {
	c.urlParams_.Set("fields", googleapi.CombineFields(s))
	return c
}

// Context sets the context to be used in this call's Do method.
func (c *ProjectsLocationsCaPoolsCertificatesCreateCall) Context(ctx context.Context) *ProjectsLocationsCaPoolsCertificatesCreateCall {
	c.ctx_ = ctx
	return c
}

// Header returns a http.Header that can be modified by the caller to add
// headers to the request.
func (c *ProjectsLocationsCaPoolsCertificatesCreateCall) Header() http.Header {
	if c.header_ == nil {
		c.header_ = make(http.Header)
	}
	return c.header_
}

func (c *ProjectsLocationsCaPoolsCertificatesCreateCall) doRequest(alt string) (*http.Response, error) {
	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "application/json", c.header_)
	body, err := googleapi.WithoutDataWrapper.JSONBuffer(c.certificate)
	if err != nil {
		return nil, err
	}
	c.urlParams_.Set("alt", alt)
	c.urlParams_.Set("prettyPrint", "false")
	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+parent}/certificates")
	urls += "?" + c.urlParams_.Encode()
	req, err := http.NewRequest("POST", urls, body)
	if err != nil {
		return nil, err
	}
	req.Header = reqHeaders
	googleapi.Expand(req.URL, map[string]string{
		"parent": c.parent,
	})
	c.s.logger.DebugContext(c.ctx_, "api request", "serviceName", apiName, "rpcName", "privateca.projects.locations.caPools.certificates.create", "request", internallog.HTTPRequest(req, body.Bytes()))
	return gensupport.SendRequest(c.ctx_, c.s.client, req)
}

// Do executes the "privateca.projects.locations.caPools.certificates.create" call.
// Any non-2xx status code is an error. Response headers are in either
// *Certificate.ServerResponse.Header or (if a response was returned at all) in
// error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
// whether the returned error was because http.StatusNotModified was returned.
func (c *ProjectsLocationsCaPoolsCertificatesCreateCall) Do(opts ...googleapi.CallOption) (*Certificate, error) {
	gensupport.SetOptions(c.urlParams_, opts...)
	res, err := c.doRequest("json")
	if res != nil && res.StatusCode == http.StatusNotModified {
		if res.Body != nil {
			res.Body.Close()
		}
		return nil, gensupport.WrapError(&googleapi.Error{
			Code:   res.StatusCode,
			Header: res.Header,
		})
	}
	if err != nil {
		return nil, err
	}
	defer googleapi.CloseBody(res)
	if err := googleapi.CheckResponse(res); err != nil {
		return nil, gensupport.WrapError(err)
	}
	ret := &Certificate{
		ServerResponse: googleapi.ServerResponse{
			Header:         res.Header,
			HTTPStatusCode: res.StatusCode,
		},
	}
	target := &ret
	b, err := gensupport.DecodeResponseBytes(target, res)
	if err != nil {
		return nil, err
	}
	c.s.logger.DebugContext(c.ctx_, "api response", "serviceName", apiName, "rpcName", "privateca.projects.locations.caPools.certificates.create", "response", internallog.HTTPResponse(res, b))
	return ret, nil
}

type ProjectsLocationsCaPoolsCertificatesGetCall struct {
	s            *Service
	name         string
	urlParams_   gensupport.URLParams
	ifNoneMatch_ string
	ctx_         context.Context
	header_      http.Header
}

// Get: Returns a Certificate.
//
// - name: The name of the Certificate to get.
func (r *ProjectsLocationsCaPoolsCertificatesService) Get(name string) *ProjectsLocationsCaPoolsCertificatesGetCall {
	c := &ProjectsLocationsCaPoolsCertificatesGetCall{s: r.s, urlParams_: make(gensupport.URLParams)}
	c.name = name
	return c
}

// Fields allows partial responses to be retrieved. See
// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
// details.
func (c *ProjectsLocationsCaPoolsCertificatesGetCall) Fields(s ...googleapi.Field) *ProjectsLocationsCaPoolsCertificatesGetCall {
	c.urlParams_.Set("fields", googleapi.CombineFields(s))
	return c
}

// IfNoneMatch sets an optional parameter which makes the operation fail if the
// object's ETag matches the given value. This is useful for getting updates
// only after the object has changed since the last request.
func (c *ProjectsLocationsCaPoolsCertificatesGetCall) IfNoneMatch(entityTag string) *ProjectsLocationsCaPoolsCertificatesGetCall {
	c.ifNoneMatch_ = entityTag
	return c
}

// Context sets the context to be used in this call's Do method.
func (c *ProjectsLocationsCaPoolsCertificatesGetCall) Context(ctx context.Context) *ProjectsLocationsCaPoolsCertificatesGetCall {
	c.ctx_ = ctx
	return c
}

// Header returns a http.Header that can be modified by the caller to add
// headers to the request.
func (c *ProjectsLocationsCaPoolsCertificatesGetCall) Header() http.Header {
	if c.header_ == nil {
		c.header_ = make(http.Header)
	}
	return c.header_
}

func (c *ProjectsLocationsCaPoolsCertificatesGetCall) doRequest(alt string) (*http.Response, error) {
	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "", c.header_)
	if c.ifNoneMatch_ != "" {
		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
	}
	c.urlParams_.Set("alt", alt)
	c.urlParams_.Set("prettyPrint", "false")
	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}")
	urls += "?" + c.urlParams_.Encode()
	req, err := http.NewRequest("GET", urls, nil)
	if err != nil {
		return nil, err
	}
	req.Header = reqHeaders
	googleapi.Expand(req.URL, map[string]string{
		"name": c.name,
	})
	c.s.logger.DebugContext(c.ctx_, "api request", "serviceName", apiName, "rpcName", "privateca.projects.locations.caPools.certificates.get", "request", internallog.HTTPRequest(req, nil))
	return gensupport.SendRequest(c.ctx_, c.s.client, req)
}

// Do executes the "privateca.projects.locations.caPools.certificates.get" call.
// Any non-2xx status code is an error. Response headers are in either
// *Certificate.ServerResponse.Header or (if a response was returned at all) in
// error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
// whether the returned error was because http.StatusNotModified was returned.
func (c *ProjectsLocationsCaPoolsCertificatesGetCall) Do(opts ...googleapi.CallOption) (*Certificate, error) {
	gensupport.SetOptions(c.urlParams_, opts...)
	res, err := c.doRequest("json")
	if res != nil && res.StatusCode == http.StatusNotModified {
		if res.Body != nil {
			res.Body.Close()
		}
		return nil, gensupport.WrapError(&googleapi.Error{
			Code:   res.StatusCode,
			Header: res.Header,
		})
	}
	if err != nil {
		return nil, err
	}
	defer googleapi.CloseBody(res)
	if err := googleapi.CheckResponse(res); err != nil {
		return nil, gensupport.WrapError(err)
	}
	ret := &Certificate{
		ServerResponse: googleapi.ServerResponse{
			Header:         res.Header,
			HTTPStatusCode: res.StatusCode,
		},
	}
	target := &ret
	b, err := gensupport.DecodeResponseBytes(target, res)
	if err != nil {
		return nil, err
	}
	c.s.logger.DebugContext(c.ctx_, "api response", "serviceName", apiName, "rpcName", "privateca.projects.locations.caPools.certificates.get", "response", internallog.HTTPResponse(res, b))
	return ret, nil
}

type ProjectsLocationsCaPoolsCertificatesListCall struct {
	s            *Service
	parent       string
	urlParams_   gensupport.URLParams
	ifNoneMatch_ string
	ctx_         context.Context
	header_      http.Header
}

// List: Lists Certificates.
//
//   - parent: The resource name of the parent associated with the Certificates,
//     in the format `projects/*/locations/*/caPools/*`. The parent resource name
//     can be in one of two forms: 1. **Specific CA Pool:** To list certificates
//     within a single CA Pool: `projects/*/locations/*/caPools/*` 2. **All CA
//     Pools in a Location:** To list certificates across *all* CA Pools in a
//     given project and location, use the wildcard character (`-`) in place of
//     the CA Pool ID. Example: `projects/*/locations/*/caPools/-` See
//     go/ccfe-nested-collections#aggregate-listing for more details.
func (r *ProjectsLocationsCaPoolsCertificatesService) List(parent string) *ProjectsLocationsCaPoolsCertificatesListCall {
	c := &ProjectsLocationsCaPoolsCertificatesListCall{s: r.s, urlParams_: make(gensupport.URLParams)}
	c.parent = parent
	return c
}

// Filter sets the optional parameter "filter": Only include resources that
// match the filter in the response. For details on supported filters and
// syntax, see Certificates Filtering documentation
// (https://cloud.google.com/certificate-authority-service/docs/sorting-filtering-certificates#filtering_support).
func (c *ProjectsLocationsCaPoolsCertificatesListCall) Filter(filter string) *ProjectsLocationsCaPoolsCertificatesListCall {
	c.urlParams_.Set("filter", filter)
	return c
}

// OrderBy sets the optional parameter "orderBy": Specify how the results
// should be sorted. For details on supported fields and syntax, see
// Certificates Sorting documentation
// (https://cloud.google.com/certificate-authority-service/docs/sorting-filtering-certificates#sorting_support).
func (c *ProjectsLocationsCaPoolsCertificatesListCall) OrderBy(orderBy string) *ProjectsLocationsCaPoolsCertificatesListCall {
	c.urlParams_.Set("orderBy", orderBy)
	return c
}

// PageSize sets the optional parameter "pageSize": Limit on the number of
// Certificates to include in the response. Further Certificates can
// subsequently be obtained by including the
// ListCertificatesResponse.next_page_token in a subsequent request. If
// unspecified, the server will pick an appropriate default.
func (c *ProjectsLocationsCaPoolsCertificatesListCall) PageSize(pageSize int64) *ProjectsLocationsCaPoolsCertificatesListCall {
	c.urlParams_.Set("pageSize", fmt.Sprint(pageSize))
	return c
}

// PageToken sets the optional parameter "pageToken": Pagination token,
// returned earlier via ListCertificatesResponse.next_page_token.
func (c *ProjectsLocationsCaPoolsCertificatesListCall) PageToken(pageToken string) *ProjectsLocationsCaPoolsCertificatesListCall {
	c.urlParams_.Set("pageToken", pageToken)
	return c
}

// Fields allows partial responses to be retrieved. See
// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
// details.
func (c *ProjectsLocationsCaPoolsCertificatesListCall) Fields(s ...googleapi.Field) *ProjectsLocationsCaPoolsCertificatesListCall {
	c.urlParams_.Set("fields", googleapi.CombineFields(s))
	return c
}

// IfNoneMatch sets an optional parameter which makes the operation fail if the
// object's ETag matches the given value. This is useful for getting updates
// only after the object has changed since the last request.
func (c *ProjectsLocationsCaPoolsCertificatesListCall) IfNoneMatch(entityTag string) *ProjectsLocationsCaPoolsCertificatesListCall {
	c.ifNoneMatch_ = entityTag
	return c
}

// Context sets the context to be used in this call's Do method.
func (c *ProjectsLocationsCaPoolsCertificatesListCall) Context(ctx context.Context) *ProjectsLocationsCaPoolsCertificatesListCall {
	c.ctx_ = ctx
	return c
}

// Header returns a http.Header that can be modified by the caller to add
// headers to the request.
func (c *ProjectsLocationsCaPoolsCertificatesListCall) Header() http.Header {
	if c.header_ == nil {
		c.header_ = make(http.Header)
	}
	return c.header_
}

func (c *ProjectsLocationsCaPoolsCertificatesListCall) doRequest(alt string) (*http.Response, error) {
	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "", c.header_)
	if c.ifNoneMatch_ != "" {
		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
	}
	c.urlParams_.Set("alt", alt)
	c.urlParams_.Set("prettyPrint", "false")
	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+parent}/certificates")
	urls += "?" + c.urlParams_.Encode()
	req, err := http.NewRequest("GET", urls, nil)
	if err != nil {
		return nil, err
	}
	req.Header = reqHeaders
	googleapi.Expand(req.URL, map[string]string{
		"parent": c.parent,
	})
	c.s.logger.DebugContext(c.ctx_, "api request", "serviceName", apiName, "rpcName", "privateca.projects.locations.caPools.certificates.list", "request", internallog.HTTPRequest(req, nil))
	return gensupport.SendRequest(c.ctx_, c.s.client, req)
}

// Do executes the "privateca.projects.locations.caPools.certificates.list" call.
// Any non-2xx status code is an error. Response headers are in either
// *ListCertificatesResponse.ServerResponse.Header or (if a response was
// returned at all) in error.(*googleapi.Error).Header. Use
// googleapi.IsNotModified to check whether the returned error was because
// http.StatusNotModified was returned.
func (c *ProjectsLocationsCaPoolsCertificatesListCall) Do(opts ...googleapi.CallOption) (*ListCertificatesResponse, error) {
	gensupport.SetOptions(c.urlParams_, opts...)
	res, err := c.doRequest("json")
	if res != nil && res.StatusCode == http.StatusNotModified {
		if res.Body != nil {
			res.Body.Close()
		}
		return nil, gensupport.WrapError(&googleapi.Error{
			Code:   res.StatusCode,
			Header: res.Header,
		})
	}
	if err != nil {
		return nil, err
	}
	defer googleapi.CloseBody(res)
	if err := googleapi.CheckResponse(res); err != nil {
		return nil, gensupport.WrapError(err)
	}
	ret := &ListCertificatesResponse{
		ServerResponse: googleapi.ServerResponse{
			Header:         res.Header,
			HTTPStatusCode: res.StatusCode,
		},
	}
	target := &ret
	b, err := gensupport.DecodeResponseBytes(target, res)
	if err != nil {
		return nil, err
	}
	c.s.logger.DebugContext(c.ctx_, "api response", "serviceName", apiName, "rpcName", "privateca.projects.locations.caPools.certificates.list", "response", internallog.HTTPResponse(res, b))
	return ret, nil
}

// Pages invokes f for each page of results.
// A non-nil error returned from f will halt the iteration.
// The provided context supersedes any context provided to the Context method.
func (c *ProjectsLocationsCaPoolsCertificatesListCall) Pages(ctx context.Context, f func(*ListCertificatesResponse) error) error {
	c.ctx_ = ctx
	defer c.PageToken(c.urlParams_.Get("pageToken"))
	for {
		x, err := c.Do()
		if err != nil {
			return err
		}
		if err := f(x); err != nil {
			return err
		}
		if x.NextPageToken == "" {
			return nil
		}
		c.PageToken(x.NextPageToken)
	}
}

type ProjectsLocationsCaPoolsCertificatesPatchCall struct {
	s           *Service
	name        string
	certificate *Certificate
	urlParams_  gensupport.URLParams
	ctx_        context.Context
	header_     http.Header
}

// Patch: Update a Certificate. Currently, the only field you can update is the
// labels field.
//
//   - name: Identifier. The resource name for this Certificate in the format
//     `projects/*/locations/*/caPools/*/certificates/*`.
func (r *ProjectsLocationsCaPoolsCertificatesService) Patch(name string, certificate *Certificate) *ProjectsLocationsCaPoolsCertificatesPatchCall {
	c := &ProjectsLocationsCaPoolsCertificatesPatchCall{s: r.s, urlParams_: make(gensupport.URLParams)}
	c.name = name
	c.certificate = certificate
	return c
}

// RequestId sets the optional parameter "requestId": An ID to identify
// requests. Specify a unique request ID so that if you must retry your
// request, the server will know to ignore the request if it has already been
// completed. The server will guarantee that for at least 60 minutes since the
// first request. For example, consider a situation where you make an initial
// request and the request times out. If you make the request again with the
// same request ID, the server can check if original operation with the same
// request ID was received, and if so, will ignore the second request. This
// prevents clients from accidentally creating duplicate commitments. The
// request ID must be a valid UUID with the exception that zero UUID is not
// supported (00000000-0000-0000-0000-000000000000).
func (c *ProjectsLocationsCaPoolsCertificatesPatchCall) RequestId(requestId string) *ProjectsLocationsCaPoolsCertificatesPatchCall {
	c.urlParams_.Set("requestId", requestId)
	return c
}

// UpdateMask sets the optional parameter "updateMask": Required. A list of
// fields to be updated in this request.
func (c *ProjectsLocationsCaPoolsCertificatesPatchCall) UpdateMask(updateMask string) *ProjectsLocationsCaPoolsCertificatesPatchCall {
	c.urlParams_.Set("updateMask", updateMask)
	return c
}

// Fields allows partial responses to be retrieved. See
// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
// details.
func (c *ProjectsLocationsCaPoolsCertificatesPatchCall) Fields(s ...googleapi.Field) *ProjectsLocationsCaPoolsCertificatesPatchCall {
	c.urlParams_.Set("fields", googleapi.CombineFields(s))
	return c
}

// Context sets the context to be used in this call's Do method.
func (c *ProjectsLocationsCaPoolsCertificatesPatchCall) Context(ctx context.Context) *ProjectsLocationsCaPoolsCertificatesPatchCall {
	c.ctx_ = ctx
	return c
}

// Header returns a http.Header that can be modified by the caller to add
// headers to the request.
func (c *ProjectsLocationsCaPoolsCertificatesPatchCall) Header() http.Header {
	if c.header_ == nil {
		c.header_ = make(http.Header)
	}
	return c.header_
}

func (c *ProjectsLocationsCaPoolsCertificatesPatchCall) doRequest(alt string) (*http.Response, error) {
	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "application/json", c.header_)
	body, err := googleapi.WithoutDataWrapper.JSONBuffer(c.certificate)
	if err != nil {
		return nil, err
	}
	c.urlParams_.Set("alt", alt)
	c.urlParams_.Set("prettyPrint", "false")
	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}")
	urls += "?" + c.urlParams_.Encode()
	req, err := http.NewRequest("PATCH", urls, body)
	if err != nil {
		return nil, err
	}
	req.Header = reqHeaders
	googleapi.Expand(req.URL, map[string]string{
		"name": c.name,
	})
	c.s.logger.DebugContext(c.ctx_, "api request", "serviceName", apiName, "rpcName", "privateca.projects.locations.caPools.certificates.patch", "request", internallog.HTTPRequest(req, body.Bytes()))
	return gensupport.SendRequest(c.ctx_, c.s.client, req)
}

// Do executes the "privateca.projects.locations.caPools.certificates.patch" call.
// Any non-2xx status code is an error. Response headers are in either
// *Certificate.ServerResponse.Header or (if a response was returned at all) in
// error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
// whether the returned error was because http.StatusNotModified was returned.
func (c *ProjectsLocationsCaPoolsCertificatesPatchCall) Do(opts ...googleapi.CallOption) (*Certificate, error) {
	gensupport.SetOptions(c.urlParams_, opts...)
	res, err := c.doRequest("json")
	if res != nil && res.StatusCode == http.StatusNotModified {
		if res.Body != nil {
			res.Body.Close()
		}
		return nil, gensupport.WrapError(&googleapi.Error{
			Code:   res.StatusCode,
			Header: res.Header,
		})
	}
	if err != nil {
		return nil, err
	}
	defer googleapi.CloseBody(res)
	if err := googleapi.CheckResponse(res); err != nil {
		return nil, gensupport.WrapError(err)
	}
	ret := &Certificate{
		ServerResponse: googleapi.ServerResponse{
			Header:         res.Header,
			HTTPStatusCode: res.StatusCode,
		},
	}
	target := &ret
	b, err := gensupport.DecodeResponseBytes(target, res)
	if err != nil {
		return nil, err
	}
	c.s.logger.DebugContext(c.ctx_, "api response", "serviceName", apiName, "rpcName", "privateca.projects.locations.caPools.certificates.patch", "response", internallog.HTTPResponse(res, b))
	return ret, nil
}

type ProjectsLocationsCaPoolsCertificatesRevokeCall struct {
	s                        *Service
	name                     string
	revokecertificaterequest *RevokeCertificateRequest
	urlParams_               gensupport.URLParams
	ctx_                     context.Context
	header_                  http.Header
}

// Revoke: Revoke a Certificate.
//
//   - name: The resource name for this Certificate in the format
//     `projects/*/locations/*/caPools/*/certificates/*`.
func (r *ProjectsLocationsCaPoolsCertificatesService) Revoke(name string, revokecertificaterequest *RevokeCertificateRequest) *ProjectsLocationsCaPoolsCertificatesRevokeCall {
	c := &ProjectsLocationsCaPoolsCertificatesRevokeCall{s: r.s, urlParams_: make(gensupport.URLParams)}
	c.name = name
	c.revokecertificaterequest = revokecertificaterequest
	return c
}

// Fields allows partial responses to be retrieved. See
// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
// details.
func (c *ProjectsLocationsCaPoolsCertificatesRevokeCall) Fields(s ...googleapi.Field) *ProjectsLocationsCaPoolsCertificatesRevokeCall {
	c.urlParams_.Set("fields", googleapi.CombineFields(s))
	return c
}

// Context sets the context to be used in this call's Do method.
func (c *ProjectsLocationsCaPoolsCertificatesRevokeCall) Context(ctx context.Context) *ProjectsLocationsCaPoolsCertificatesRevokeCall {
	c.ctx_ = ctx
	return c
}

// Header returns a http.Header that can be modified by the caller to add
// headers to the request.
func (c *ProjectsLocationsCaPoolsCertificatesRevokeCall) Header() http.Header {
	if c.header_ == nil {
		c.header_ = make(http.Header)
	}
	return c.header_
}

func (c *ProjectsLocationsCaPoolsCertificatesRevokeCall) doRequest(alt string) (*http.Response, error) {
	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "application/json", c.header_)
	body, err := googleapi.WithoutDataWrapper.JSONBuffer(c.revokecertificaterequest)
	if err != nil {
		return nil, err
	}
	c.urlParams_.Set("alt", alt)
	c.urlParams_.Set("prettyPrint", "false")
	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}:revoke")
	urls += "?" + c.urlParams_.Encode()
	req, err := http.NewRequest("POST", urls, body)
	if err != nil {
		return nil, err
	}
	req.Header = reqHeaders
	googleapi.Expand(req.URL, map[string]string{
		"name": c.name,
	})
	c.s.logger.DebugContext(c.ctx_, "api request", "serviceName", apiName, "rpcName", "privateca.projects.locations.caPools.certificates.revoke", "request", internallog.HTTPRequest(req, body.Bytes()))
	return gensupport.SendRequest(c.ctx_, c.s.client, req)
}

// Do executes the "privateca.projects.locations.caPools.certificates.revoke" call.
// Any non-2xx status code is an error. Response headers are in either
// *Certificate.ServerResponse.Header or (if a response was returned at all) in
// error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
// whether the returned error was because http.StatusNotModified was returned.
func (c *ProjectsLocationsCaPoolsCertificatesRevokeCall) Do(opts ...googleapi.CallOption) (*Certificate, error) {
	gensupport.SetOptions(c.urlParams_, opts...)
	res, err := c.doRequest("json")
	if res != nil && res.StatusCode == http.StatusNotModified {
		if res.Body != nil {
			res.Body.Close()
		}
		return nil, gensupport.WrapError(&googleapi.Error{
			Code:   res.StatusCode,
			Header: res.Header,
		})
	}
	if err != nil {
		return nil, err
	}
	defer googleapi.CloseBody(res)
	if err := googleapi.CheckResponse(res); err != nil {
		return nil, gensupport.WrapError(err)
	}
	ret := &Certificate{
		ServerResponse: googleapi.ServerResponse{
			Header:         res.Header,
			HTTPStatusCode: res.StatusCode,
		},
	}
	target := &ret
	b, err := gensupport.DecodeResponseBytes(target, res)
	if err != nil {
		return nil, err
	}
	c.s.logger.DebugContext(c.ctx_, "api response", "serviceName", apiName, "rpcName", "privateca.projects.locations.caPools.certificates.revoke", "response", internallog.HTTPResponse(res, b))
	return ret, nil
}

type ProjectsLocationsCertificateTemplatesCreateCall struct {
	s                   *Service
	parent              string
	certificatetemplate *CertificateTemplate
	urlParams_          gensupport.URLParams
	ctx_                context.Context
	header_             http.Header
}

// Create: Create a new CertificateTemplate in a given Project and Location.
//
//   - parent: The resource name of the location associated with the
//     CertificateTemplate, in the format `projects/*/locations/*`.
func (r *ProjectsLocationsCertificateTemplatesService) Create(parent string, certificatetemplate *CertificateTemplate) *ProjectsLocationsCertificateTemplatesCreateCall {
	c := &ProjectsLocationsCertificateTemplatesCreateCall{s: r.s, urlParams_: make(gensupport.URLParams)}
	c.parent = parent
	c.certificatetemplate = certificatetemplate
	return c
}

// CertificateTemplateId sets the optional parameter "certificateTemplateId":
// Required. It must be unique within a location and match the regular
// expression `[a-zA-Z0-9_-]{1,63}`
func (c *ProjectsLocationsCertificateTemplatesCreateCall) CertificateTemplateId(certificateTemplateId string) *ProjectsLocationsCertificateTemplatesCreateCall {
	c.urlParams_.Set("certificateTemplateId", certificateTemplateId)
	return c
}

// RequestId sets the optional parameter "requestId": An ID to identify
// requests. Specify a unique request ID so that if you must retry your
// request, the server will know to ignore the request if it has already been
// completed. The server will guarantee that for at least 60 minutes since the
// first request. For example, consider a situation where you make an initial
// request and the request times out. If you make the request again with the
// same request ID, the server can check if original operation with the same
// request ID was received, and if so, will ignore the second request. This
// prevents clients from accidentally creating duplicate commitments. The
// request ID must be a valid UUID with the exception that zero UUID is not
// supported (00000000-0000-0000-0000-000000000000).
func (c *ProjectsLocationsCertificateTemplatesCreateCall) RequestId(requestId string) *ProjectsLocationsCertificateTemplatesCreateCall {
	c.urlParams_.Set("requestId", requestId)
	return c
}

// Fields allows partial responses to be retrieved. See
// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
// details.
func (c *ProjectsLocationsCertificateTemplatesCreateCall) Fields(s ...googleapi.Field) *ProjectsLocationsCertificateTemplatesCreateCall {
	c.urlParams_.Set("fields", googleapi.CombineFields(s))
	return c
}

// Context sets the context to be used in this call's Do method.
func (c *ProjectsLocationsCertificateTemplatesCreateCall) Context(ctx context.Context) *ProjectsLocationsCertificateTemplatesCreateCall {
	c.ctx_ = ctx
	return c
}

// Header returns a http.Header that can be modified by the caller to add
// headers to the request.
func (c *ProjectsLocationsCertificateTemplatesCreateCall) Header() http.Header {
	if c.header_ == nil {
		c.header_ = make(http.Header)
	}
	return c.header_
}

func (c *ProjectsLocationsCertificateTemplatesCreateCall) doRequest(alt string) (*http.Response, error) {
	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "application/json", c.header_)
	body, err := googleapi.WithoutDataWrapper.JSONBuffer(c.certificatetemplate)
	if err != nil {
		return nil, err
	}
	c.urlParams_.Set("alt", alt)
	c.urlParams_.Set("prettyPrint", "false")
	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+parent}/certificateTemplates")
	urls += "?" + c.urlParams_.Encode()
	req, err := http.NewRequest("POST", urls, body)
	if err != nil {
		return nil, err
	}
	req.Header = reqHeaders
	googleapi.Expand(req.URL, map[string]string{
		"parent": c.parent,
	})
	c.s.logger.DebugContext(c.ctx_, "api request", "serviceName", apiName, "rpcName", "privateca.projects.locations.certificateTemplates.create", "request", internallog.HTTPRequest(req, body.Bytes()))
	return gensupport.SendRequest(c.ctx_, c.s.client, req)
}

// Do executes the "privateca.projects.locations.certificateTemplates.create" call.
// Any non-2xx status code is an error. Response headers are in either
// *Operation.ServerResponse.Header or (if a response was returned at all) in
// error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
// whether the returned error was because http.StatusNotModified was returned.
func (c *ProjectsLocationsCertificateTemplatesCreateCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
	gensupport.SetOptions(c.urlParams_, opts...)
	res, err := c.doRequest("json")
	if res != nil && res.StatusCode == http.StatusNotModified {
		if res.Body != nil {
			res.Body.Close()
		}
		return nil, gensupport.WrapError(&googleapi.Error{
			Code:   res.StatusCode,
			Header: res.Header,
		})
	}
	if err != nil {
		return nil, err
	}
	defer googleapi.CloseBody(res)
	if err := googleapi.CheckResponse(res); err != nil {
		return nil, gensupport.WrapError(err)
	}
	ret := &Operation{
		ServerResponse: googleapi.ServerResponse{
			Header:         res.Header,
			HTTPStatusCode: res.StatusCode,
		},
	}
	target := &ret
	b, err := gensupport.DecodeResponseBytes(target, res)
	if err != nil {
		return nil, err
	}
	c.s.logger.DebugContext(c.ctx_, "api response", "serviceName", apiName, "rpcName", "privateca.projects.locations.certificateTemplates.create", "response", internallog.HTTPResponse(res, b))
	return ret, nil
}

type ProjectsLocationsCertificateTemplatesDeleteCall struct {
	s          *Service
	name       string
	urlParams_ gensupport.URLParams
	ctx_       context.Context
	header_    http.Header
}

// Delete: DeleteCertificateTemplate deletes a CertificateTemplate.
//
//   - name: The resource name for this CertificateTemplate in the format
//     `projects/*/locations/*/certificateTemplates/*`.
func (r *ProjectsLocationsCertificateTemplatesService) Delete(name string) *ProjectsLocationsCertificateTemplatesDeleteCall {
	c := &ProjectsLocationsCertificateTemplatesDeleteCall{s: r.s, urlParams_: make(gensupport.URLParams)}
	c.name = name
	return c
}

// RequestId sets the optional parameter "requestId": An ID to identify
// requests. Specify a unique request ID so that if you must retry your
// request, the server will know to ignore the request if it has already been
// completed. The server will guarantee that for at least 60 minutes since the
// first request. For example, consider a situation where you make an initial
// request and the request times out. If you make the request again with the
// same request ID, the server can check if original operation with the same
// request ID was received, and if so, will ignore the second request. This
// prevents clients from accidentally creating duplicate commitments. The
// request ID must be a valid UUID with the exception that zero UUID is not
// supported (00000000-0000-0000-0000-000000000000).
func (c *ProjectsLocationsCertificateTemplatesDeleteCall) RequestId(requestId string) *ProjectsLocationsCertificateTemplatesDeleteCall {
	c.urlParams_.Set("requestId", requestId)
	return c
}

// Fields allows partial responses to be retrieved. See
// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
// details.
func (c *ProjectsLocationsCertificateTemplatesDeleteCall) Fields(s ...googleapi.Field) *ProjectsLocationsCertificateTemplatesDeleteCall {
	c.urlParams_.Set("fields", googleapi.CombineFields(s))
	return c
}

// Context sets the context to be used in this call's Do method.
func (c *ProjectsLocationsCertificateTemplatesDeleteCall) Context(ctx context.Context) *ProjectsLocationsCertificateTemplatesDeleteCall {
	c.ctx_ = ctx
	return c
}

// Header returns a http.Header that can be modified by the caller to add
// headers to the request.
func (c *ProjectsLocationsCertificateTemplatesDeleteCall) Header() http.Header {
	if c.header_ == nil {
		c.header_ = make(http.Header)
	}
	return c.header_
}

func (c *ProjectsLocationsCertificateTemplatesDeleteCall) doRequest(alt string) (*http.Response, error) {
	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "", c.header_)
	c.urlParams_.Set("alt", alt)
	c.urlParams_.Set("prettyPrint", "false")
	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}")
	urls += "?" + c.urlParams_.Encode()
	req, err := http.NewRequest("DELETE", urls, nil)
	if err != nil {
		return nil, err
	}
	req.Header = reqHeaders
	googleapi.Expand(req.URL, map[string]string{
		"name": c.name,
	})
	c.s.logger.DebugContext(c.ctx_, "api request", "serviceName", apiName, "rpcName", "privateca.projects.locations.certificateTemplates.delete", "request", internallog.HTTPRequest(req, nil))
	return gensupport.SendRequest(c.ctx_, c.s.client, req)
}

// Do executes the "privateca.projects.locations.certificateTemplates.delete" call.
// Any non-2xx status code is an error. Response headers are in either
// *Operation.ServerResponse.Header or (if a response was returned at all) in
// error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
// whether the returned error was because http.StatusNotModified was returned.
func (c *ProjectsLocationsCertificateTemplatesDeleteCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
	gensupport.SetOptions(c.urlParams_, opts...)
	res, err := c.doRequest("json")
	if res != nil && res.StatusCode == http.StatusNotModified {
		if res.Body != nil {
			res.Body.Close()
		}
		return nil, gensupport.WrapError(&googleapi.Error{
			Code:   res.StatusCode,
			Header: res.Header,
		})
	}
	if err != nil {
		return nil, err
	}
	defer googleapi.CloseBody(res)
	if err := googleapi.CheckResponse(res); err != nil {
		return nil, gensupport.WrapError(err)
	}
	ret := &Operation{
		ServerResponse: googleapi.ServerResponse{
			Header:         res.Header,
			HTTPStatusCode: res.StatusCode,
		},
	}
	target := &ret
	b, err := gensupport.DecodeResponseBytes(target, res)
	if err != nil {
		return nil, err
	}
	c.s.logger.DebugContext(c.ctx_, "api response", "serviceName", apiName, "rpcName", "privateca.projects.locations.certificateTemplates.delete", "response", internallog.HTTPResponse(res, b))
	return ret, nil
}

type ProjectsLocationsCertificateTemplatesGetCall struct {
	s            *Service
	name         string
	urlParams_   gensupport.URLParams
	ifNoneMatch_ string
	ctx_         context.Context
	header_      http.Header
}

// Get: Returns a CertificateTemplate.
//
// - name: The name of the CertificateTemplate to get.
func (r *ProjectsLocationsCertificateTemplatesService) Get(name string) *ProjectsLocationsCertificateTemplatesGetCall {
	c := &ProjectsLocationsCertificateTemplatesGetCall{s: r.s, urlParams_: make(gensupport.URLParams)}
	c.name = name
	return c
}

// Fields allows partial responses to be retrieved. See
// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
// details.
func (c *ProjectsLocationsCertificateTemplatesGetCall) Fields(s ...googleapi.Field) *ProjectsLocationsCertificateTemplatesGetCall {
	c.urlParams_.Set("fields", googleapi.CombineFields(s))
	return c
}

// IfNoneMatch sets an optional parameter which makes the operation fail if the
// object's ETag matches the given value. This is useful for getting updates
// only after the object has changed since the last request.
func (c *ProjectsLocationsCertificateTemplatesGetCall) IfNoneMatch(entityTag string) *ProjectsLocationsCertificateTemplatesGetCall {
	c.ifNoneMatch_ = entityTag
	return c
}

// Context sets the context to be used in this call's Do method.
func (c *ProjectsLocationsCertificateTemplatesGetCall) Context(ctx context.Context) *ProjectsLocationsCertificateTemplatesGetCall {
	c.ctx_ = ctx
	return c
}

// Header returns a http.Header that can be modified by the caller to add
// headers to the request.
func (c *ProjectsLocationsCertificateTemplatesGetCall) Header() http.Header {
	if c.header_ == nil {
		c.header_ = make(http.Header)
	}
	return c.header_
}

func (c *ProjectsLocationsCertificateTemplatesGetCall) doRequest(alt string) (*http.Response, error) {
	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "", c.header_)
	if c.ifNoneMatch_ != "" {
		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
	}
	c.urlParams_.Set("alt", alt)
	c.urlParams_.Set("prettyPrint", "false")
	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}")
	urls += "?" + c.urlParams_.Encode()
	req, err := http.NewRequest("GET", urls, nil)
	if err != nil {
		return nil, err
	}
	req.Header = reqHeaders
	googleapi.Expand(req.URL, map[string]string{
		"name": c.name,
	})
	c.s.logger.DebugContext(c.ctx_, "api request", "serviceName", apiName, "rpcName", "privateca.projects.locations.certificateTemplates.get", "request", internallog.HTTPRequest(req, nil))
	return gensupport.SendRequest(c.ctx_, c.s.client, req)
}

// Do executes the "privateca.projects.locations.certificateTemplates.get" call.
// Any non-2xx status code is an error. Response headers are in either
// *CertificateTemplate.ServerResponse.Header or (if a response was returned at
// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
// check whether the returned error was because http.StatusNotModified was
// returned.
func (c *ProjectsLocationsCertificateTemplatesGetCall) Do(opts ...googleapi.CallOption) (*CertificateTemplate, error) {
	gensupport.SetOptions(c.urlParams_, opts...)
	res, err := c.doRequest("json")
	if res != nil && res.StatusCode == http.StatusNotModified {
		if res.Body != nil {
			res.Body.Close()
		}
		return nil, gensupport.WrapError(&googleapi.Error{
			Code:   res.StatusCode,
			Header: res.Header,
		})
	}
	if err != nil {
		return nil, err
	}
	defer googleapi.CloseBody(res)
	if err := googleapi.CheckResponse(res); err != nil {
		return nil, gensupport.WrapError(err)
	}
	ret := &CertificateTemplate{
		ServerResponse: googleapi.ServerResponse{
			Header:         res.Header,
			HTTPStatusCode: res.StatusCode,
		},
	}
	target := &ret
	b, err := gensupport.DecodeResponseBytes(target, res)
	if err != nil {
		return nil, err
	}
	c.s.logger.DebugContext(c.ctx_, "api response", "serviceName", apiName, "rpcName", "privateca.projects.locations.certificateTemplates.get", "response", internallog.HTTPResponse(res, b))
	return ret, nil
}

type ProjectsLocationsCertificateTemplatesGetIamPolicyCall struct {
	s            *Service
	resource     string
	urlParams_   gensupport.URLParams
	ifNoneMatch_ string
	ctx_         context.Context
	header_      http.Header
}

// GetIamPolicy: Gets the access control policy for a resource. Returns an
// empty policy if the resource exists and does not have a policy set.
//
//   - resource: REQUIRED: The resource for which the policy is being requested.
//     See Resource names (https://cloud.google.com/apis/design/resource_names)
//     for the appropriate value for this field.
func (r *ProjectsLocationsCertificateTemplatesService) GetIamPolicy(resource string) *ProjectsLocationsCertificateTemplatesGetIamPolicyCall {
	c := &ProjectsLocationsCertificateTemplatesGetIamPolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)}
	c.resource = resource
	return c
}

// OptionsRequestedPolicyVersion sets the optional parameter
// "options.requestedPolicyVersion": The maximum policy version that will be
// used to format the policy. Valid values are 0, 1, and 3. Requests specifying
// an invalid value will be rejected. Requests for policies with any
// conditional role bindings must specify version 3. Policies with no
// conditional role bindings may specify any valid value or leave the field
// unset. The policy in the response might use the policy version that you
// specified, or it might use a lower policy version. For example, if you
// specify version 3, but the policy has no conditional role bindings, the
// response uses version 1. To learn which resources support conditions in
// their IAM policies, see the IAM documentation
// (https://cloud.google.com/iam/help/conditions/resource-policies).
func (c *ProjectsLocationsCertificateTemplatesGetIamPolicyCall) OptionsRequestedPolicyVersion(optionsRequestedPolicyVersion int64) *ProjectsLocationsCertificateTemplatesGetIamPolicyCall {
	c.urlParams_.Set("options.requestedPolicyVersion", fmt.Sprint(optionsRequestedPolicyVersion))
	return c
}

// Fields allows partial responses to be retrieved. See
// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
// details.
func (c *ProjectsLocationsCertificateTemplatesGetIamPolicyCall) Fields(s ...googleapi.Field) *ProjectsLocationsCertificateTemplatesGetIamPolicyCall {
	c.urlParams_.Set("fields", googleapi.CombineFields(s))
	return c
}

// IfNoneMatch sets an optional parameter which makes the operation fail if the
// object's ETag matches the given value. This is useful for getting updates
// only after the object has changed since the last request.
func (c *ProjectsLocationsCertificateTemplatesGetIamPolicyCall) IfNoneMatch(entityTag string) *ProjectsLocationsCertificateTemplatesGetIamPolicyCall {
	c.ifNoneMatch_ = entityTag
	return c
}

// Context sets the context to be used in this call's Do method.
func (c *ProjectsLocationsCertificateTemplatesGetIamPolicyCall) Context(ctx context.Context) *ProjectsLocationsCertificateTemplatesGetIamPolicyCall {
	c.ctx_ = ctx
	return c
}

// Header returns a http.Header that can be modified by the caller to add
// headers to the request.
func (c *ProjectsLocationsCertificateTemplatesGetIamPolicyCall) Header() http.Header {
	if c.header_ == nil {
		c.header_ = make(http.Header)
	}
	return c.header_
}

func (c *ProjectsLocationsCertificateTemplatesGetIamPolicyCall) doRequest(alt string) (*http.Response, error) {
	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "", c.header_)
	if c.ifNoneMatch_ != "" {
		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
	}
	c.urlParams_.Set("alt", alt)
	c.urlParams_.Set("prettyPrint", "false")
	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+resource}:getIamPolicy")
	urls += "?" + c.urlParams_.Encode()
	req, err := http.NewRequest("GET", urls, nil)
	if err != nil {
		return nil, err
	}
	req.Header = reqHeaders
	googleapi.Expand(req.URL, map[string]string{
		"resource": c.resource,
	})
	c.s.logger.DebugContext(c.ctx_, "api request", "serviceName", apiName, "rpcName", "privateca.projects.locations.certificateTemplates.getIamPolicy", "request", internallog.HTTPRequest(req, nil))
	return gensupport.SendRequest(c.ctx_, c.s.client, req)
}

// Do executes the "privateca.projects.locations.certificateTemplates.getIamPolicy" call.
// Any non-2xx status code is an error. Response headers are in either
// *Policy.ServerResponse.Header or (if a response was returned at all) in
// error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
// whether the returned error was because http.StatusNotModified was returned.
func (c *ProjectsLocationsCertificateTemplatesGetIamPolicyCall) Do(opts ...googleapi.CallOption) (*Policy, error) {
	gensupport.SetOptions(c.urlParams_, opts...)
	res, err := c.doRequest("json")
	if res != nil && res.StatusCode == http.StatusNotModified {
		if res.Body != nil {
			res.Body.Close()
		}
		return nil, gensupport.WrapError(&googleapi.Error{
			Code:   res.StatusCode,
			Header: res.Header,
		})
	}
	if err != nil {
		return nil, err
	}
	defer googleapi.CloseBody(res)
	if err := googleapi.CheckResponse(res); err != nil {
		return nil, gensupport.WrapError(err)
	}
	ret := &Policy{
		ServerResponse: googleapi.ServerResponse{
			Header:         res.Header,
			HTTPStatusCode: res.StatusCode,
		},
	}
	target := &ret
	b, err := gensupport.DecodeResponseBytes(target, res)
	if err != nil {
		return nil, err
	}
	c.s.logger.DebugContext(c.ctx_, "api response", "serviceName", apiName, "rpcName", "privateca.projects.locations.certificateTemplates.getIamPolicy", "response", internallog.HTTPResponse(res, b))
	return ret, nil
}

type ProjectsLocationsCertificateTemplatesListCall struct {
	s            *Service
	parent       string
	urlParams_   gensupport.URLParams
	ifNoneMatch_ string
	ctx_         context.Context
	header_      http.Header
}

// List: Lists CertificateTemplates.
//
//   - parent: The resource name of the location associated with the
//     CertificateTemplates, in the format `projects/*/locations/*`.
func (r *ProjectsLocationsCertificateTemplatesService) List(parent string) *ProjectsLocationsCertificateTemplatesListCall {
	c := &ProjectsLocationsCertificateTemplatesListCall{s: r.s, urlParams_: make(gensupport.URLParams)}
	c.parent = parent
	return c
}

// Filter sets the optional parameter "filter": Only include resources that
// match the filter in the response.
func (c *ProjectsLocationsCertificateTemplatesListCall) Filter(filter string) *ProjectsLocationsCertificateTemplatesListCall {
	c.urlParams_.Set("filter", filter)
	return c
}

// OrderBy sets the optional parameter "orderBy": Specify how the results
// should be sorted.
func (c *ProjectsLocationsCertificateTemplatesListCall) OrderBy(orderBy string) *ProjectsLocationsCertificateTemplatesListCall {
	c.urlParams_.Set("orderBy", orderBy)
	return c
}

// PageSize sets the optional parameter "pageSize": Limit on the number of
// CertificateTemplates to include in the response. Further
// CertificateTemplates can subsequently be obtained by including the
// ListCertificateTemplatesResponse.next_page_token in a subsequent request. If
// unspecified, the server will pick an appropriate default.
func (c *ProjectsLocationsCertificateTemplatesListCall) PageSize(pageSize int64) *ProjectsLocationsCertificateTemplatesListCall {
	c.urlParams_.Set("pageSize", fmt.Sprint(pageSize))
	return c
}

// PageToken sets the optional parameter "pageToken": Pagination token,
// returned earlier via ListCertificateTemplatesResponse.next_page_token.
func (c *ProjectsLocationsCertificateTemplatesListCall) PageToken(pageToken string) *ProjectsLocationsCertificateTemplatesListCall {
	c.urlParams_.Set("pageToken", pageToken)
	return c
}

// Fields allows partial responses to be retrieved. See
// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
// details.
func (c *ProjectsLocationsCertificateTemplatesListCall) Fields(s ...googleapi.Field) *ProjectsLocationsCertificateTemplatesListCall {
	c.urlParams_.Set("fields", googleapi.CombineFields(s))
	return c
}

// IfNoneMatch sets an optional parameter which makes the operation fail if the
// object's ETag matches the given value. This is useful for getting updates
// only after the object has changed since the last request.
func (c *ProjectsLocationsCertificateTemplatesListCall) IfNoneMatch(entityTag string) *ProjectsLocationsCertificateTemplatesListCall {
	c.ifNoneMatch_ = entityTag
	return c
}

// Context sets the context to be used in this call's Do method.
func (c *ProjectsLocationsCertificateTemplatesListCall) Context(ctx context.Context) *ProjectsLocationsCertificateTemplatesListCall {
	c.ctx_ = ctx
	return c
}

// Header returns a http.Header that can be modified by the caller to add
// headers to the request.
func (c *ProjectsLocationsCertificateTemplatesListCall) Header() http.Header {
	if c.header_ == nil {
		c.header_ = make(http.Header)
	}
	return c.header_
}

func (c *ProjectsLocationsCertificateTemplatesListCall) doRequest(alt string) (*http.Response, error) {
	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "", c.header_)
	if c.ifNoneMatch_ != "" {
		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
	}
	c.urlParams_.Set("alt", alt)
	c.urlParams_.Set("prettyPrint", "false")
	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+parent}/certificateTemplates")
	urls += "?" + c.urlParams_.Encode()
	req, err := http.NewRequest("GET", urls, nil)
	if err != nil {
		return nil, err
	}
	req.Header = reqHeaders
	googleapi.Expand(req.URL, map[string]string{
		"parent": c.parent,
	})
	c.s.logger.DebugContext(c.ctx_, "api request", "serviceName", apiName, "rpcName", "privateca.projects.locations.certificateTemplates.list", "request", internallog.HTTPRequest(req, nil))
	return gensupport.SendRequest(c.ctx_, c.s.client, req)
}

// Do executes the "privateca.projects.locations.certificateTemplates.list" call.
// Any non-2xx status code is an error. Response headers are in either
// *ListCertificateTemplatesResponse.ServerResponse.Header or (if a response
// was returned at all) in error.(*googleapi.Error).Header. Use
// googleapi.IsNotModified to check whether the returned error was because
// http.StatusNotModified was returned.
func (c *ProjectsLocationsCertificateTemplatesListCall) Do(opts ...googleapi.CallOption) (*ListCertificateTemplatesResponse, error) {
	gensupport.SetOptions(c.urlParams_, opts...)
	res, err := c.doRequest("json")
	if res != nil && res.StatusCode == http.StatusNotModified {
		if res.Body != nil {
			res.Body.Close()
		}
		return nil, gensupport.WrapError(&googleapi.Error{
			Code:   res.StatusCode,
			Header: res.Header,
		})
	}
	if err != nil {
		return nil, err
	}
	defer googleapi.CloseBody(res)
	if err := googleapi.CheckResponse(res); err != nil {
		return nil, gensupport.WrapError(err)
	}
	ret := &ListCertificateTemplatesResponse{
		ServerResponse: googleapi.ServerResponse{
			Header:         res.Header,
			HTTPStatusCode: res.StatusCode,
		},
	}
	target := &ret
	b, err := gensupport.DecodeResponseBytes(target, res)
	if err != nil {
		return nil, err
	}
	c.s.logger.DebugContext(c.ctx_, "api response", "serviceName", apiName, "rpcName", "privateca.projects.locations.certificateTemplates.list", "response", internallog.HTTPResponse(res, b))
	return ret, nil
}

// Pages invokes f for each page of results.
// A non-nil error returned from f will halt the iteration.
// The provided context supersedes any context provided to the Context method.
func (c *ProjectsLocationsCertificateTemplatesListCall) Pages(ctx context.Context, f func(*ListCertificateTemplatesResponse) error) error {
	c.ctx_ = ctx
	defer c.PageToken(c.urlParams_.Get("pageToken"))
	for {
		x, err := c.Do()
		if err != nil {
			return err
		}
		if err := f(x); err != nil {
			return err
		}
		if x.NextPageToken == "" {
			return nil
		}
		c.PageToken(x.NextPageToken)
	}
}

type ProjectsLocationsCertificateTemplatesPatchCall struct {
	s                   *Service
	name                string
	certificatetemplate *CertificateTemplate
	urlParams_          gensupport.URLParams
	ctx_                context.Context
	header_             http.Header
}

// Patch: Update a CertificateTemplate.
//
//   - name: Identifier. The resource name for this CertificateTemplate in the
//     format `projects/*/locations/*/certificateTemplates/*`.
func (r *ProjectsLocationsCertificateTemplatesService) Patch(name string, certificatetemplate *CertificateTemplate) *ProjectsLocationsCertificateTemplatesPatchCall {
	c := &ProjectsLocationsCertificateTemplatesPatchCall{s: r.s, urlParams_: make(gensupport.URLParams)}
	c.name = name
	c.certificatetemplate = certificatetemplate
	return c
}

// RequestId sets the optional parameter "requestId": An ID to identify
// requests. Specify a unique request ID so that if you must retry your
// request, the server will know to ignore the request if it has already been
// completed. The server will guarantee that for at least 60 minutes since the
// first request. For example, consider a situation where you make an initial
// request and the request times out. If you make the request again with the
// same request ID, the server can check if original operation with the same
// request ID was received, and if so, will ignore the second request. This
// prevents clients from accidentally creating duplicate commitments. The
// request ID must be a valid UUID with the exception that zero UUID is not
// supported (00000000-0000-0000-0000-000000000000).
func (c *ProjectsLocationsCertificateTemplatesPatchCall) RequestId(requestId string) *ProjectsLocationsCertificateTemplatesPatchCall {
	c.urlParams_.Set("requestId", requestId)
	return c
}

// UpdateMask sets the optional parameter "updateMask": Required. A list of
// fields to be updated in this request.
func (c *ProjectsLocationsCertificateTemplatesPatchCall) UpdateMask(updateMask string) *ProjectsLocationsCertificateTemplatesPatchCall {
	c.urlParams_.Set("updateMask", updateMask)
	return c
}

// Fields allows partial responses to be retrieved. See
// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
// details.
func (c *ProjectsLocationsCertificateTemplatesPatchCall) Fields(s ...googleapi.Field) *ProjectsLocationsCertificateTemplatesPatchCall {
	c.urlParams_.Set("fields", googleapi.CombineFields(s))
	return c
}

// Context sets the context to be used in this call's Do method.
func (c *ProjectsLocationsCertificateTemplatesPatchCall) Context(ctx context.Context) *ProjectsLocationsCertificateTemplatesPatchCall {
	c.ctx_ = ctx
	return c
}

// Header returns a http.Header that can be modified by the caller to add
// headers to the request.
func (c *ProjectsLocationsCertificateTemplatesPatchCall) Header() http.Header {
	if c.header_ == nil {
		c.header_ = make(http.Header)
	}
	return c.header_
}

func (c *ProjectsLocationsCertificateTemplatesPatchCall) doRequest(alt string) (*http.Response, error) {
	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "application/json", c.header_)
	body, err := googleapi.WithoutDataWrapper.JSONBuffer(c.certificatetemplate)
	if err != nil {
		return nil, err
	}
	c.urlParams_.Set("alt", alt)
	c.urlParams_.Set("prettyPrint", "false")
	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}")
	urls += "?" + c.urlParams_.Encode()
	req, err := http.NewRequest("PATCH", urls, body)
	if err != nil {
		return nil, err
	}
	req.Header = reqHeaders
	googleapi.Expand(req.URL, map[string]string{
		"name": c.name,
	})
	c.s.logger.DebugContext(c.ctx_, "api request", "serviceName", apiName, "rpcName", "privateca.projects.locations.certificateTemplates.patch", "request", internallog.HTTPRequest(req, body.Bytes()))
	return gensupport.SendRequest(c.ctx_, c.s.client, req)
}

// Do executes the "privateca.projects.locations.certificateTemplates.patch" call.
// Any non-2xx status code is an error. Response headers are in either
// *Operation.ServerResponse.Header or (if a response was returned at all) in
// error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
// whether the returned error was because http.StatusNotModified was returned.
func (c *ProjectsLocationsCertificateTemplatesPatchCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
	gensupport.SetOptions(c.urlParams_, opts...)
	res, err := c.doRequest("json")
	if res != nil && res.StatusCode == http.StatusNotModified {
		if res.Body != nil {
			res.Body.Close()
		}
		return nil, gensupport.WrapError(&googleapi.Error{
			Code:   res.StatusCode,
			Header: res.Header,
		})
	}
	if err != nil {
		return nil, err
	}
	defer googleapi.CloseBody(res)
	if err := googleapi.CheckResponse(res); err != nil {
		return nil, gensupport.WrapError(err)
	}
	ret := &Operation{
		ServerResponse: googleapi.ServerResponse{
			Header:         res.Header,
			HTTPStatusCode: res.StatusCode,
		},
	}
	target := &ret
	b, err := gensupport.DecodeResponseBytes(target, res)
	if err != nil {
		return nil, err
	}
	c.s.logger.DebugContext(c.ctx_, "api response", "serviceName", apiName, "rpcName", "privateca.projects.locations.certificateTemplates.patch", "response", internallog.HTTPResponse(res, b))
	return ret, nil
}

type ProjectsLocationsCertificateTemplatesSetIamPolicyCall struct {
	s                   *Service
	resource            string
	setiampolicyrequest *SetIamPolicyRequest
	urlParams_          gensupport.URLParams
	ctx_                context.Context
	header_             http.Header
}

// SetIamPolicy: Sets the access control policy on the specified resource.
// Replaces any existing policy. Can return `NOT_FOUND`, `INVALID_ARGUMENT`,
// and `PERMISSION_DENIED` errors.
//
//   - resource: REQUIRED: The resource for which the policy is being specified.
//     See Resource names (https://cloud.google.com/apis/design/resource_names)
//     for the appropriate value for this field.
func (r *ProjectsLocationsCertificateTemplatesService) SetIamPolicy(resource string, setiampolicyrequest *SetIamPolicyRequest) *ProjectsLocationsCertificateTemplatesSetIamPolicyCall {
	c := &ProjectsLocationsCertificateTemplatesSetIamPolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)}
	c.resource = resource
	c.setiampolicyrequest = setiampolicyrequest
	return c
}

// Fields allows partial responses to be retrieved. See
// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
// details.
func (c *ProjectsLocationsCertificateTemplatesSetIamPolicyCall) Fields(s ...googleapi.Field) *ProjectsLocationsCertificateTemplatesSetIamPolicyCall {
	c.urlParams_.Set("fields", googleapi.CombineFields(s))
	return c
}

// Context sets the context to be used in this call's Do method.
func (c *ProjectsLocationsCertificateTemplatesSetIamPolicyCall) Context(ctx context.Context) *ProjectsLocationsCertificateTemplatesSetIamPolicyCall {
	c.ctx_ = ctx
	return c
}

// Header returns a http.Header that can be modified by the caller to add
// headers to the request.
func (c *ProjectsLocationsCertificateTemplatesSetIamPolicyCall) Header() http.Header {
	if c.header_ == nil {
		c.header_ = make(http.Header)
	}
	return c.header_
}

func (c *ProjectsLocationsCertificateTemplatesSetIamPolicyCall) doRequest(alt string) (*http.Response, error) {
	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "application/json", c.header_)
	body, err := googleapi.WithoutDataWrapper.JSONBuffer(c.setiampolicyrequest)
	if err != nil {
		return nil, err
	}
	c.urlParams_.Set("alt", alt)
	c.urlParams_.Set("prettyPrint", "false")
	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+resource}:setIamPolicy")
	urls += "?" + c.urlParams_.Encode()
	req, err := http.NewRequest("POST", urls, body)
	if err != nil {
		return nil, err
	}
	req.Header = reqHeaders
	googleapi.Expand(req.URL, map[string]string{
		"resource": c.resource,
	})
	c.s.logger.DebugContext(c.ctx_, "api request", "serviceName", apiName, "rpcName", "privateca.projects.locations.certificateTemplates.setIamPolicy", "request", internallog.HTTPRequest(req, body.Bytes()))
	return gensupport.SendRequest(c.ctx_, c.s.client, req)
}

// Do executes the "privateca.projects.locations.certificateTemplates.setIamPolicy" call.
// Any non-2xx status code is an error. Response headers are in either
// *Policy.ServerResponse.Header or (if a response was returned at all) in
// error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
// whether the returned error was because http.StatusNotModified was returned.
func (c *ProjectsLocationsCertificateTemplatesSetIamPolicyCall) Do(opts ...googleapi.CallOption) (*Policy, error) {
	gensupport.SetOptions(c.urlParams_, opts...)
	res, err := c.doRequest("json")
	if res != nil && res.StatusCode == http.StatusNotModified {
		if res.Body != nil {
			res.Body.Close()
		}
		return nil, gensupport.WrapError(&googleapi.Error{
			Code:   res.StatusCode,
			Header: res.Header,
		})
	}
	if err != nil {
		return nil, err
	}
	defer googleapi.CloseBody(res)
	if err := googleapi.CheckResponse(res); err != nil {
		return nil, gensupport.WrapError(err)
	}
	ret := &Policy{
		ServerResponse: googleapi.ServerResponse{
			Header:         res.Header,
			HTTPStatusCode: res.StatusCode,
		},
	}
	target := &ret
	b, err := gensupport.DecodeResponseBytes(target, res)
	if err != nil {
		return nil, err
	}
	c.s.logger.DebugContext(c.ctx_, "api response", "serviceName", apiName, "rpcName", "privateca.projects.locations.certificateTemplates.setIamPolicy", "response", internallog.HTTPResponse(res, b))
	return ret, nil
}

type ProjectsLocationsCertificateTemplatesTestIamPermissionsCall struct {
	s                         *Service
	resource                  string
	testiampermissionsrequest *TestIamPermissionsRequest
	urlParams_                gensupport.URLParams
	ctx_                      context.Context
	header_                   http.Header
}

// TestIamPermissions: Returns permissions that a caller has on the specified
// resource. If the resource does not exist, this will return an empty set of
// permissions, not a `NOT_FOUND` error. Note: This operation is designed to be
// used for building permission-aware UIs and command-line tools, not for
// authorization checking. This operation may "fail open" without warning.
//
//   - resource: REQUIRED: The resource for which the policy detail is being
//     requested. See Resource names
//     (https://cloud.google.com/apis/design/resource_names) for the appropriate
//     value for this field.
func (r *ProjectsLocationsCertificateTemplatesService) TestIamPermissions(resource string, testiampermissionsrequest *TestIamPermissionsRequest) *ProjectsLocationsCertificateTemplatesTestIamPermissionsCall {
	c := &ProjectsLocationsCertificateTemplatesTestIamPermissionsCall{s: r.s, urlParams_: make(gensupport.URLParams)}
	c.resource = resource
	c.testiampermissionsrequest = testiampermissionsrequest
	return c
}

// Fields allows partial responses to be retrieved. See
// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
// details.
func (c *ProjectsLocationsCertificateTemplatesTestIamPermissionsCall) Fields(s ...googleapi.Field) *ProjectsLocationsCertificateTemplatesTestIamPermissionsCall {
	c.urlParams_.Set("fields", googleapi.CombineFields(s))
	return c
}

// Context sets the context to be used in this call's Do method.
func (c *ProjectsLocationsCertificateTemplatesTestIamPermissionsCall) Context(ctx context.Context) *ProjectsLocationsCertificateTemplatesTestIamPermissionsCall {
	c.ctx_ = ctx
	return c
}

// Header returns a http.Header that can be modified by the caller to add
// headers to the request.
func (c *ProjectsLocationsCertificateTemplatesTestIamPermissionsCall) Header() http.Header {
	if c.header_ == nil {
		c.header_ = make(http.Header)
	}
	return c.header_
}

func (c *ProjectsLocationsCertificateTemplatesTestIamPermissionsCall) doRequest(alt string) (*http.Response, error) {
	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "application/json", c.header_)
	body, err := googleapi.WithoutDataWrapper.JSONBuffer(c.testiampermissionsrequest)
	if err != nil {
		return nil, err
	}
	c.urlParams_.Set("alt", alt)
	c.urlParams_.Set("prettyPrint", "false")
	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+resource}:testIamPermissions")
	urls += "?" + c.urlParams_.Encode()
	req, err := http.NewRequest("POST", urls, body)
	if err != nil {
		return nil, err
	}
	req.Header = reqHeaders
	googleapi.Expand(req.URL, map[string]string{
		"resource": c.resource,
	})
	c.s.logger.DebugContext(c.ctx_, "api request", "serviceName", apiName, "rpcName", "privateca.projects.locations.certificateTemplates.testIamPermissions", "request", internallog.HTTPRequest(req, body.Bytes()))
	return gensupport.SendRequest(c.ctx_, c.s.client, req)
}

// Do executes the "privateca.projects.locations.certificateTemplates.testIamPermissions" call.
// Any non-2xx status code is an error. Response headers are in either
// *TestIamPermissionsResponse.ServerResponse.Header or (if a response was
// returned at all) in error.(*googleapi.Error).Header. Use
// googleapi.IsNotModified to check whether the returned error was because
// http.StatusNotModified was returned.
func (c *ProjectsLocationsCertificateTemplatesTestIamPermissionsCall) Do(opts ...googleapi.CallOption) (*TestIamPermissionsResponse, error) {
	gensupport.SetOptions(c.urlParams_, opts...)
	res, err := c.doRequest("json")
	if res != nil && res.StatusCode == http.StatusNotModified {
		if res.Body != nil {
			res.Body.Close()
		}
		return nil, gensupport.WrapError(&googleapi.Error{
			Code:   res.StatusCode,
			Header: res.Header,
		})
	}
	if err != nil {
		return nil, err
	}
	defer googleapi.CloseBody(res)
	if err := googleapi.CheckResponse(res); err != nil {
		return nil, gensupport.WrapError(err)
	}
	ret := &TestIamPermissionsResponse{
		ServerResponse: googleapi.ServerResponse{
			Header:         res.Header,
			HTTPStatusCode: res.StatusCode,
		},
	}
	target := &ret
	b, err := gensupport.DecodeResponseBytes(target, res)
	if err != nil {
		return nil, err
	}
	c.s.logger.DebugContext(c.ctx_, "api response", "serviceName", apiName, "rpcName", "privateca.projects.locations.certificateTemplates.testIamPermissions", "response", internallog.HTTPResponse(res, b))
	return ret, nil
}

type ProjectsLocationsOperationsCancelCall struct {
	s                      *Service
	name                   string
	canceloperationrequest *CancelOperationRequest
	urlParams_             gensupport.URLParams
	ctx_                   context.Context
	header_                http.Header
}

// Cancel: Starts asynchronous cancellation on a long-running operation. The
// server makes a best effort to cancel the operation, but success is not
// guaranteed. If the server doesn't support this method, it returns
// `google.rpc.Code.UNIMPLEMENTED`. Clients can use Operations.GetOperation or
// other methods to check whether the cancellation succeeded or whether the
// operation completed despite cancellation. On successful cancellation, the
// operation is not deleted; instead, it becomes an operation with an
// Operation.error value with a google.rpc.Status.code of `1`, corresponding to
// `Code.CANCELLED`.
//
// - name: The name of the operation resource to be cancelled.
func (r *ProjectsLocationsOperationsService) Cancel(name string, canceloperationrequest *CancelOperationRequest) *ProjectsLocationsOperationsCancelCall {
	c := &ProjectsLocationsOperationsCancelCall{s: r.s, urlParams_: make(gensupport.URLParams)}
	c.name = name
	c.canceloperationrequest = canceloperationrequest
	return c
}

// Fields allows partial responses to be retrieved. See
// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
// details.
func (c *ProjectsLocationsOperationsCancelCall) Fields(s ...googleapi.Field) *ProjectsLocationsOperationsCancelCall {
	c.urlParams_.Set("fields", googleapi.CombineFields(s))
	return c
}

// Context sets the context to be used in this call's Do method.
func (c *ProjectsLocationsOperationsCancelCall) Context(ctx context.Context) *ProjectsLocationsOperationsCancelCall {
	c.ctx_ = ctx
	return c
}

// Header returns a http.Header that can be modified by the caller to add
// headers to the request.
func (c *ProjectsLocationsOperationsCancelCall) Header() http.Header {
	if c.header_ == nil {
		c.header_ = make(http.Header)
	}
	return c.header_
}

func (c *ProjectsLocationsOperationsCancelCall) doRequest(alt string) (*http.Response, error) {
	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "application/json", c.header_)
	body, err := googleapi.WithoutDataWrapper.JSONBuffer(c.canceloperationrequest)
	if err != nil {
		return nil, err
	}
	c.urlParams_.Set("alt", alt)
	c.urlParams_.Set("prettyPrint", "false")
	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}:cancel")
	urls += "?" + c.urlParams_.Encode()
	req, err := http.NewRequest("POST", urls, body)
	if err != nil {
		return nil, err
	}
	req.Header = reqHeaders
	googleapi.Expand(req.URL, map[string]string{
		"name": c.name,
	})
	c.s.logger.DebugContext(c.ctx_, "api request", "serviceName", apiName, "rpcName", "privateca.projects.locations.operations.cancel", "request", internallog.HTTPRequest(req, body.Bytes()))
	return gensupport.SendRequest(c.ctx_, c.s.client, req)
}

// Do executes the "privateca.projects.locations.operations.cancel" call.
// Any non-2xx status code is an error. Response headers are in either
// *Empty.ServerResponse.Header or (if a response was returned at all) in
// error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
// whether the returned error was because http.StatusNotModified was returned.
func (c *ProjectsLocationsOperationsCancelCall) Do(opts ...googleapi.CallOption) (*Empty, error) {
	gensupport.SetOptions(c.urlParams_, opts...)
	res, err := c.doRequest("json")
	if res != nil && res.StatusCode == http.StatusNotModified {
		if res.Body != nil {
			res.Body.Close()
		}
		return nil, gensupport.WrapError(&googleapi.Error{
			Code:   res.StatusCode,
			Header: res.Header,
		})
	}
	if err != nil {
		return nil, err
	}
	defer googleapi.CloseBody(res)
	if err := googleapi.CheckResponse(res); err != nil {
		return nil, gensupport.WrapError(err)
	}
	ret := &Empty{
		ServerResponse: googleapi.ServerResponse{
			Header:         res.Header,
			HTTPStatusCode: res.StatusCode,
		},
	}
	target := &ret
	b, err := gensupport.DecodeResponseBytes(target, res)
	if err != nil {
		return nil, err
	}
	c.s.logger.DebugContext(c.ctx_, "api response", "serviceName", apiName, "rpcName", "privateca.projects.locations.operations.cancel", "response", internallog.HTTPResponse(res, b))
	return ret, nil
}

type ProjectsLocationsOperationsDeleteCall struct {
	s          *Service
	name       string
	urlParams_ gensupport.URLParams
	ctx_       context.Context
	header_    http.Header
}

// Delete: Deletes a long-running operation. This method indicates that the
// client is no longer interested in the operation result. It does not cancel
// the operation. If the server doesn't support this method, it returns
// `google.rpc.Code.UNIMPLEMENTED`.
//
// - name: The name of the operation resource to be deleted.
func (r *ProjectsLocationsOperationsService) Delete(name string) *ProjectsLocationsOperationsDeleteCall {
	c := &ProjectsLocationsOperationsDeleteCall{s: r.s, urlParams_: make(gensupport.URLParams)}
	c.name = name
	return c
}

// Fields allows partial responses to be retrieved. See
// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
// details.
func (c *ProjectsLocationsOperationsDeleteCall) Fields(s ...googleapi.Field) *ProjectsLocationsOperationsDeleteCall {
	c.urlParams_.Set("fields", googleapi.CombineFields(s))
	return c
}

// Context sets the context to be used in this call's Do method.
func (c *ProjectsLocationsOperationsDeleteCall) Context(ctx context.Context) *ProjectsLocationsOperationsDeleteCall {
	c.ctx_ = ctx
	return c
}

// Header returns a http.Header that can be modified by the caller to add
// headers to the request.
func (c *ProjectsLocationsOperationsDeleteCall) Header() http.Header {
	if c.header_ == nil {
		c.header_ = make(http.Header)
	}
	return c.header_
}

func (c *ProjectsLocationsOperationsDeleteCall) doRequest(alt string) (*http.Response, error) {
	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "", c.header_)
	c.urlParams_.Set("alt", alt)
	c.urlParams_.Set("prettyPrint", "false")
	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}")
	urls += "?" + c.urlParams_.Encode()
	req, err := http.NewRequest("DELETE", urls, nil)
	if err != nil {
		return nil, err
	}
	req.Header = reqHeaders
	googleapi.Expand(req.URL, map[string]string{
		"name": c.name,
	})
	c.s.logger.DebugContext(c.ctx_, "api request", "serviceName", apiName, "rpcName", "privateca.projects.locations.operations.delete", "request", internallog.HTTPRequest(req, nil))
	return gensupport.SendRequest(c.ctx_, c.s.client, req)
}

// Do executes the "privateca.projects.locations.operations.delete" call.
// Any non-2xx status code is an error. Response headers are in either
// *Empty.ServerResponse.Header or (if a response was returned at all) in
// error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
// whether the returned error was because http.StatusNotModified was returned.
func (c *ProjectsLocationsOperationsDeleteCall) Do(opts ...googleapi.CallOption) (*Empty, error) {
	gensupport.SetOptions(c.urlParams_, opts...)
	res, err := c.doRequest("json")
	if res != nil && res.StatusCode == http.StatusNotModified {
		if res.Body != nil {
			res.Body.Close()
		}
		return nil, gensupport.WrapError(&googleapi.Error{
			Code:   res.StatusCode,
			Header: res.Header,
		})
	}
	if err != nil {
		return nil, err
	}
	defer googleapi.CloseBody(res)
	if err := googleapi.CheckResponse(res); err != nil {
		return nil, gensupport.WrapError(err)
	}
	ret := &Empty{
		ServerResponse: googleapi.ServerResponse{
			Header:         res.Header,
			HTTPStatusCode: res.StatusCode,
		},
	}
	target := &ret
	b, err := gensupport.DecodeResponseBytes(target, res)
	if err != nil {
		return nil, err
	}
	c.s.logger.DebugContext(c.ctx_, "api response", "serviceName", apiName, "rpcName", "privateca.projects.locations.operations.delete", "response", internallog.HTTPResponse(res, b))
	return ret, nil
}

type ProjectsLocationsOperationsGetCall struct {
	s            *Service
	name         string
	urlParams_   gensupport.URLParams
	ifNoneMatch_ string
	ctx_         context.Context
	header_      http.Header
}

// Get: Gets the latest state of a long-running operation. Clients can use this
// method to poll the operation result at intervals as recommended by the API
// service.
//
// - name: The name of the operation resource.
func (r *ProjectsLocationsOperationsService) Get(name string) *ProjectsLocationsOperationsGetCall {
	c := &ProjectsLocationsOperationsGetCall{s: r.s, urlParams_: make(gensupport.URLParams)}
	c.name = name
	return c
}

// Fields allows partial responses to be retrieved. See
// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
// details.
func (c *ProjectsLocationsOperationsGetCall) Fields(s ...googleapi.Field) *ProjectsLocationsOperationsGetCall {
	c.urlParams_.Set("fields", googleapi.CombineFields(s))
	return c
}

// IfNoneMatch sets an optional parameter which makes the operation fail if the
// object's ETag matches the given value. This is useful for getting updates
// only after the object has changed since the last request.
func (c *ProjectsLocationsOperationsGetCall) IfNoneMatch(entityTag string) *ProjectsLocationsOperationsGetCall {
	c.ifNoneMatch_ = entityTag
	return c
}

// Context sets the context to be used in this call's Do method.
func (c *ProjectsLocationsOperationsGetCall) Context(ctx context.Context) *ProjectsLocationsOperationsGetCall {
	c.ctx_ = ctx
	return c
}

// Header returns a http.Header that can be modified by the caller to add
// headers to the request.
func (c *ProjectsLocationsOperationsGetCall) Header() http.Header {
	if c.header_ == nil {
		c.header_ = make(http.Header)
	}
	return c.header_
}

func (c *ProjectsLocationsOperationsGetCall) doRequest(alt string) (*http.Response, error) {
	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "", c.header_)
	if c.ifNoneMatch_ != "" {
		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
	}
	c.urlParams_.Set("alt", alt)
	c.urlParams_.Set("prettyPrint", "false")
	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}")
	urls += "?" + c.urlParams_.Encode()
	req, err := http.NewRequest("GET", urls, nil)
	if err != nil {
		return nil, err
	}
	req.Header = reqHeaders
	googleapi.Expand(req.URL, map[string]string{
		"name": c.name,
	})
	c.s.logger.DebugContext(c.ctx_, "api request", "serviceName", apiName, "rpcName", "privateca.projects.locations.operations.get", "request", internallog.HTTPRequest(req, nil))
	return gensupport.SendRequest(c.ctx_, c.s.client, req)
}

// Do executes the "privateca.projects.locations.operations.get" call.
// Any non-2xx status code is an error. Response headers are in either
// *Operation.ServerResponse.Header or (if a response was returned at all) in
// error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
// whether the returned error was because http.StatusNotModified was returned.
func (c *ProjectsLocationsOperationsGetCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
	gensupport.SetOptions(c.urlParams_, opts...)
	res, err := c.doRequest("json")
	if res != nil && res.StatusCode == http.StatusNotModified {
		if res.Body != nil {
			res.Body.Close()
		}
		return nil, gensupport.WrapError(&googleapi.Error{
			Code:   res.StatusCode,
			Header: res.Header,
		})
	}
	if err != nil {
		return nil, err
	}
	defer googleapi.CloseBody(res)
	if err := googleapi.CheckResponse(res); err != nil {
		return nil, gensupport.WrapError(err)
	}
	ret := &Operation{
		ServerResponse: googleapi.ServerResponse{
			Header:         res.Header,
			HTTPStatusCode: res.StatusCode,
		},
	}
	target := &ret
	b, err := gensupport.DecodeResponseBytes(target, res)
	if err != nil {
		return nil, err
	}
	c.s.logger.DebugContext(c.ctx_, "api response", "serviceName", apiName, "rpcName", "privateca.projects.locations.operations.get", "response", internallog.HTTPResponse(res, b))
	return ret, nil
}

type ProjectsLocationsOperationsListCall struct {
	s            *Service
	name         string
	urlParams_   gensupport.URLParams
	ifNoneMatch_ string
	ctx_         context.Context
	header_      http.Header
}

// List: Lists operations that match the specified filter in the request. If
// the server doesn't support this method, it returns `UNIMPLEMENTED`.
//
// - name: The name of the operation's parent resource.
func (r *ProjectsLocationsOperationsService) List(name string) *ProjectsLocationsOperationsListCall {
	c := &ProjectsLocationsOperationsListCall{s: r.s, urlParams_: make(gensupport.URLParams)}
	c.name = name
	return c
}

// Filter sets the optional parameter "filter": The standard list filter.
func (c *ProjectsLocationsOperationsListCall) Filter(filter string) *ProjectsLocationsOperationsListCall {
	c.urlParams_.Set("filter", filter)
	return c
}

// PageSize sets the optional parameter "pageSize": The standard list page
// size.
func (c *ProjectsLocationsOperationsListCall) PageSize(pageSize int64) *ProjectsLocationsOperationsListCall {
	c.urlParams_.Set("pageSize", fmt.Sprint(pageSize))
	return c
}

// PageToken sets the optional parameter "pageToken": The standard list page
// token.
func (c *ProjectsLocationsOperationsListCall) PageToken(pageToken string) *ProjectsLocationsOperationsListCall {
	c.urlParams_.Set("pageToken", pageToken)
	return c
}

// ReturnPartialSuccess sets the optional parameter "returnPartialSuccess":
// When set to `true`, operations that are reachable are returned as normal,
// and those that are unreachable are returned in the
// ListOperationsResponse.unreachable field. This can only be `true` when
// reading across collections. For example, when `parent` is set to
// "projects/example/locations/-". This field is not supported by default and
// will result in an `UNIMPLEMENTED` error if set unless explicitly documented
// otherwise in service or product specific documentation.
func (c *ProjectsLocationsOperationsListCall) ReturnPartialSuccess(returnPartialSuccess bool) *ProjectsLocationsOperationsListCall {
	c.urlParams_.Set("returnPartialSuccess", fmt.Sprint(returnPartialSuccess))
	return c
}

// Fields allows partial responses to be retrieved. See
// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
// details.
func (c *ProjectsLocationsOperationsListCall) Fields(s ...googleapi.Field) *ProjectsLocationsOperationsListCall {
	c.urlParams_.Set("fields", googleapi.CombineFields(s))
	return c
}

// IfNoneMatch sets an optional parameter which makes the operation fail if the
// object's ETag matches the given value. This is useful for getting updates
// only after the object has changed since the last request.
func (c *ProjectsLocationsOperationsListCall) IfNoneMatch(entityTag string) *ProjectsLocationsOperationsListCall {
	c.ifNoneMatch_ = entityTag
	return c
}

// Context sets the context to be used in this call's Do method.
func (c *ProjectsLocationsOperationsListCall) Context(ctx context.Context) *ProjectsLocationsOperationsListCall {
	c.ctx_ = ctx
	return c
}

// Header returns a http.Header that can be modified by the caller to add
// headers to the request.
func (c *ProjectsLocationsOperationsListCall) Header() http.Header {
	if c.header_ == nil {
		c.header_ = make(http.Header)
	}
	return c.header_
}

func (c *ProjectsLocationsOperationsListCall) doRequest(alt string) (*http.Response, error) {
	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "", c.header_)
	if c.ifNoneMatch_ != "" {
		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
	}
	c.urlParams_.Set("alt", alt)
	c.urlParams_.Set("prettyPrint", "false")
	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}/operations")
	urls += "?" + c.urlParams_.Encode()
	req, err := http.NewRequest("GET", urls, nil)
	if err != nil {
		return nil, err
	}
	req.Header = reqHeaders
	googleapi.Expand(req.URL, map[string]string{
		"name": c.name,
	})
	c.s.logger.DebugContext(c.ctx_, "api request", "serviceName", apiName, "rpcName", "privateca.projects.locations.operations.list", "request", internallog.HTTPRequest(req, nil))
	return gensupport.SendRequest(c.ctx_, c.s.client, req)
}

// Do executes the "privateca.projects.locations.operations.list" call.
// Any non-2xx status code is an error. Response headers are in either
// *ListOperationsResponse.ServerResponse.Header or (if a response was returned
// at all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
// check whether the returned error was because http.StatusNotModified was
// returned.
func (c *ProjectsLocationsOperationsListCall) Do(opts ...googleapi.CallOption) (*ListOperationsResponse, error) {
	gensupport.SetOptions(c.urlParams_, opts...)
	res, err := c.doRequest("json")
	if res != nil && res.StatusCode == http.StatusNotModified {
		if res.Body != nil {
			res.Body.Close()
		}
		return nil, gensupport.WrapError(&googleapi.Error{
			Code:   res.StatusCode,
			Header: res.Header,
		})
	}
	if err != nil {
		return nil, err
	}
	defer googleapi.CloseBody(res)
	if err := googleapi.CheckResponse(res); err != nil {
		return nil, gensupport.WrapError(err)
	}
	ret := &ListOperationsResponse{
		ServerResponse: googleapi.ServerResponse{
			Header:         res.Header,
			HTTPStatusCode: res.StatusCode,
		},
	}
	target := &ret
	b, err := gensupport.DecodeResponseBytes(target, res)
	if err != nil {
		return nil, err
	}
	c.s.logger.DebugContext(c.ctx_, "api response", "serviceName", apiName, "rpcName", "privateca.projects.locations.operations.list", "response", internallog.HTTPResponse(res, b))
	return ret, nil
}

// Pages invokes f for each page of results.
// A non-nil error returned from f will halt the iteration.
// The provided context supersedes any context provided to the Context method.
func (c *ProjectsLocationsOperationsListCall) Pages(ctx context.Context, f func(*ListOperationsResponse) error) error {
	c.ctx_ = ctx
	defer c.PageToken(c.urlParams_.Get("pageToken"))
	for {
		x, err := c.Do()
		if err != nil {
			return err
		}
		if err := f(x); err != nil {
			return err
		}
		if x.NextPageToken == "" {
			return nil
		}
		c.PageToken(x.NextPageToken)
	}
}
