Fix cloudcas tests.

3 years ago · 48bc4e549d
parent 072bd0dcf4
commit 48bc4e549d
5 changed files with 365 additions and 346 deletions
--- a/cas/cloudcas/certificate_test.go
+++ b/cas/cloudcas/certificate_test.go
@ -15,8 +15,7 @@ import (
 	"testing"

 	kmsapi "github.com/smallstep/certificates/kms/apiv1"
-	pb "google.golang.org/genproto/googleapis/cloud/security/privateca/v1beta1"
-	wrapperspb "google.golang.org/protobuf/types/known/wrapperspb"
+	pb "google.golang.org/genproto/googleapis/cloud/security/privateca/v1"
 )

 var (
@ -67,30 +66,27 @@ func Test_createCertificateConfig(t *testing.T) {
 		{"ok", args{cert}, &pb.Certificate_Config{
 			Config: &pb.CertificateConfig{
 				SubjectConfig: &pb.CertificateConfig_SubjectConfig{
-					Subject:    &pb.Subject{},
-					CommonName: "test.smallstep.com",
+					Subject: &pb.Subject{
+						CommonName: "test.smallstep.com",
+					},
 					SubjectAltName: &pb.SubjectAltNames{
 						DnsNames: []string{"test.smallstep.com"},
 					},
 				},
-				ReusableConfig: &pb.ReusableConfigWrapper{
-					ConfigValues: &pb.ReusableConfigWrapper_ReusableConfigValues{
-						ReusableConfigValues: &pb.ReusableConfigValues{
-							KeyUsage: &pb.KeyUsage{
-								BaseKeyUsage: &pb.KeyUsage_KeyUsageOptions{
-									DigitalSignature: true,
-								},
-								ExtendedKeyUsage: &pb.KeyUsage_ExtendedKeyUsageOptions{
-									ClientAuth: true,
-									ServerAuth: true,
-								},
-							},
+				X509Config: &pb.X509Parameters{
+					KeyUsage: &pb.KeyUsage{
+						BaseKeyUsage: &pb.KeyUsage_KeyUsageOptions{
+							DigitalSignature: true,
+						},
+						ExtendedKeyUsage: &pb.KeyUsage_ExtendedKeyUsageOptions{
+							ClientAuth: true,
+							ServerAuth: true,
 						},
 					},
 				},
 				PublicKey: &pb.PublicKey{
-					Type: pb.PublicKey_PEM_EC_KEY,
-					Key:  []byte(testLeafPublicKey),
+					Key:    []byte(testLeafPublicKey),
+					Format: pb.PublicKey_PEM,
 				},
 			},
 		}, false},
@ -104,7 +100,7 @@ func Test_createCertificateConfig(t *testing.T) {
 				return
 			}
 			if !reflect.DeepEqual(got, tt.want) {
-				t.Errorf("createCertificateConfig() = %v, want %v", got.Config.ReusableConfig, tt.want.Config.ReusableConfig)
+				t.Errorf("createCertificateConfig() = %v, want %v", got.Config, tt.want.Config)
 			}
 		})
 	}
@ -127,12 +123,12 @@ func Test_createPublicKey(t *testing.T) {
 		wantErr bool
 	}{
 		{"ok ec", args{ecCert.PublicKey}, &pb.PublicKey{
-			Type: pb.PublicKey_PEM_EC_KEY,
-			Key:  []byte(testLeafPublicKey),
+			Format: pb.PublicKey_PEM,
+			Key:    []byte(testLeafPublicKey),
 		}, false},
 		{"ok rsa", args{rsaCert.PublicKey}, &pb.PublicKey{
-			Type: pb.PublicKey_PEM_RSA_KEY,
-			Key:  []byte(testRSAPublicKey),
+			Format: pb.PublicKey_PEM,
+			Key:    []byte(testRSAPublicKey),
 		}, false},
 		{"fail ed25519", args{edpub}, nil, true},
 		{"fail ec marshal", args{&ecdsa.PublicKey{
@ -185,6 +181,7 @@ func Test_createSubject(t *testing.T) {
 			Province:           "California",
 			StreetAddress:      "1 A St.",
 			PostalCode:         "12345",
+			CommonName:         "test.smallstep.com",
 		}},
 	}
 	for _, tt := range tests {
@ -289,62 +286,55 @@ func Test_createSubjectAlternativeNames(t *testing.T) {
 	}
 }

-func Test_createReusableConfig(t *testing.T) {
-	withKU := func(ku *pb.KeyUsage) *pb.ReusableConfigWrapper {
+func Test_createX509Parameters(t *testing.T) {
+	withKU := func(ku *pb.KeyUsage) *pb.X509Parameters {
 		if ku.BaseKeyUsage == nil {
 			ku.BaseKeyUsage = &pb.KeyUsage_KeyUsageOptions{}
 		}
 		if ku.ExtendedKeyUsage == nil {
 			ku.ExtendedKeyUsage = &pb.KeyUsage_ExtendedKeyUsageOptions{}
 		}
-		return &pb.ReusableConfigWrapper{
-			ConfigValues: &pb.ReusableConfigWrapper_ReusableConfigValues{
-				ReusableConfigValues: &pb.ReusableConfigValues{
-					KeyUsage: ku,
-				},
-			},
+		return &pb.X509Parameters{
+			KeyUsage: ku,
 		}
 	}
-	withRCV := func(rcv *pb.ReusableConfigValues) *pb.ReusableConfigWrapper {
+	withRCV := func(rcv *pb.X509Parameters) *pb.X509Parameters {
 		if rcv.KeyUsage == nil {
 			rcv.KeyUsage = &pb.KeyUsage{
 				BaseKeyUsage:     &pb.KeyUsage_KeyUsageOptions{},
 				ExtendedKeyUsage: &pb.KeyUsage_ExtendedKeyUsageOptions{},
 			}
 		}
-		return &pb.ReusableConfigWrapper{
-			ConfigValues: &pb.ReusableConfigWrapper_ReusableConfigValues{
-				ReusableConfigValues: rcv,
-			},
-		}
+		return rcv
 	}

+	vTrue := true
+	vFalse := false
+	vZero := int32(0)
+	vOne := int32(1)
+
 	type args struct {
 		cert *x509.Certificate
 	}
 	tests := []struct {
 		name string
 		args args
-		want *pb.ReusableConfigWrapper
+		want *pb.X509Parameters
 	}{
 		{"keyUsageDigitalSignature", args{&x509.Certificate{
 			KeyUsage: x509.KeyUsageDigitalSignature,
-		}}, &pb.ReusableConfigWrapper{
-			ConfigValues: &pb.ReusableConfigWrapper_ReusableConfigValues{
-				ReusableConfigValues: &pb.ReusableConfigValues{
-					KeyUsage: &pb.KeyUsage{
-						BaseKeyUsage: &pb.KeyUsage_KeyUsageOptions{
-							DigitalSignature: true,
-						},
-						ExtendedKeyUsage:         &pb.KeyUsage_ExtendedKeyUsageOptions{},
-						UnknownExtendedKeyUsages: nil,
-					},
-					CaOptions:            nil,
-					PolicyIds:            nil,
-					AiaOcspServers:       nil,
-					AdditionalExtensions: nil,
+		}}, &pb.X509Parameters{
+			KeyUsage: &pb.KeyUsage{
+				BaseKeyUsage: &pb.KeyUsage_KeyUsageOptions{
+					DigitalSignature: true,
 				},
+				ExtendedKeyUsage:         &pb.KeyUsage_ExtendedKeyUsageOptions{},
+				UnknownExtendedKeyUsages: nil,
 			},
+			CaOptions:            nil,
+			PolicyIds:            nil,
+			AiaOcspServers:       nil,
+			AdditionalExtensions: nil,
 		}},
 		// KeyUsage
 		{"KeyUsageDigitalSignature", args{&x509.Certificate{KeyUsage: x509.KeyUsageDigitalSignature}}, withKU(&pb.KeyUsage{
@ -455,48 +445,48 @@ func Test_createReusableConfig(t *testing.T) {
 			},
 		})},
 		// BasicCre
-		{"BasicConstraintsCAMax0", args{&x509.Certificate{BasicConstraintsValid: true, IsCA: true, MaxPathLen: 0, MaxPathLenZero: true}}, withRCV(&pb.ReusableConfigValues{
-			CaOptions: &pb.ReusableConfigValues_CaOptions{
-				IsCa:                wrapperspb.Bool(true),
-				MaxIssuerPathLength: wrapperspb.Int32(0),
+		{"BasicConstraintsCAMax0", args{&x509.Certificate{BasicConstraintsValid: true, IsCA: true, MaxPathLen: 0, MaxPathLenZero: true}}, withRCV(&pb.X509Parameters{
+			CaOptions: &pb.X509Parameters_CaOptions{
+				IsCa:                &vTrue,
+				MaxIssuerPathLength: &vZero,
 			},
 		})},
-		{"BasicConstraintsCAMax1", args{&x509.Certificate{BasicConstraintsValid: true, IsCA: true, MaxPathLen: 1, MaxPathLenZero: false}}, withRCV(&pb.ReusableConfigValues{
-			CaOptions: &pb.ReusableConfigValues_CaOptions{
-				IsCa:                wrapperspb.Bool(true),
-				MaxIssuerPathLength: wrapperspb.Int32(1),
+		{"BasicConstraintsCAMax1", args{&x509.Certificate{BasicConstraintsValid: true, IsCA: true, MaxPathLen: 1, MaxPathLenZero: false}}, withRCV(&pb.X509Parameters{
+			CaOptions: &pb.X509Parameters_CaOptions{
+				IsCa:                &vTrue,
+				MaxIssuerPathLength: &vOne,
 			},
 		})},
-		{"BasicConstraintsCANoMax", args{&x509.Certificate{BasicConstraintsValid: true, IsCA: true, MaxPathLen: -1, MaxPathLenZero: false}}, withRCV(&pb.ReusableConfigValues{
-			CaOptions: &pb.ReusableConfigValues_CaOptions{
-				IsCa:                wrapperspb.Bool(true),
+		{"BasicConstraintsCANoMax", args{&x509.Certificate{BasicConstraintsValid: true, IsCA: true, MaxPathLen: -1, MaxPathLenZero: false}}, withRCV(&pb.X509Parameters{
+			CaOptions: &pb.X509Parameters_CaOptions{
+				IsCa:                &vTrue,
 				MaxIssuerPathLength: nil,
 			},
 		})},
-		{"BasicConstraintsCANoMax0", args{&x509.Certificate{BasicConstraintsValid: true, IsCA: true, MaxPathLen: 0, MaxPathLenZero: false}}, withRCV(&pb.ReusableConfigValues{
-			CaOptions: &pb.ReusableConfigValues_CaOptions{
-				IsCa:                wrapperspb.Bool(true),
+		{"BasicConstraintsCANoMax0", args{&x509.Certificate{BasicConstraintsValid: true, IsCA: true, MaxPathLen: 0, MaxPathLenZero: false}}, withRCV(&pb.X509Parameters{
+			CaOptions: &pb.X509Parameters_CaOptions{
+				IsCa:                &vTrue,
 				MaxIssuerPathLength: nil,
 			},
 		})},
-		{"BasicConstraintsNoCA", args{&x509.Certificate{BasicConstraintsValid: true, IsCA: false, MaxPathLen: 0, MaxPathLenZero: false}}, withRCV(&pb.ReusableConfigValues{
-			CaOptions: &pb.ReusableConfigValues_CaOptions{
-				IsCa:                wrapperspb.Bool(false),
+		{"BasicConstraintsNoCA", args{&x509.Certificate{BasicConstraintsValid: true, IsCA: false, MaxPathLen: 0, MaxPathLenZero: false}}, withRCV(&pb.X509Parameters{
+			CaOptions: &pb.X509Parameters_CaOptions{
+				IsCa:                &vFalse,
 				MaxIssuerPathLength: nil,
 			},
 		})},
-		{"BasicConstraintsNoValid", args{&x509.Certificate{BasicConstraintsValid: false, IsCA: false, MaxPathLen: 0, MaxPathLenZero: false}}, withRCV(&pb.ReusableConfigValues{
+		{"BasicConstraintsNoValid", args{&x509.Certificate{BasicConstraintsValid: false, IsCA: false, MaxPathLen: 0, MaxPathLenZero: false}}, withRCV(&pb.X509Parameters{
 			CaOptions: nil,
 		})},
 		// PolicyIdentifiers
-		{"PolicyIdentifiers", args{&x509.Certificate{PolicyIdentifiers: []asn1.ObjectIdentifier{{1, 2, 3, 4}, {4, 3, 2, 1}}}}, withRCV(&pb.ReusableConfigValues{
+		{"PolicyIdentifiers", args{&x509.Certificate{PolicyIdentifiers: []asn1.ObjectIdentifier{{1, 2, 3, 4}, {4, 3, 2, 1}}}}, withRCV(&pb.X509Parameters{
 			PolicyIds: []*pb.ObjectId{
 				{ObjectIdPath: []int32{1, 2, 3, 4}},
 				{ObjectIdPath: []int32{4, 3, 2, 1}},
 			},
 		})},
 		// OCSPServer
-		{"OCPServers", args{&x509.Certificate{OCSPServer: []string{"https://oscp.doe.com", "https://doe.com/ocsp"}}}, withRCV(&pb.ReusableConfigValues{
+		{"OCPServers", args{&x509.Certificate{OCSPServer: []string{"https://oscp.doe.com", "https://doe.com/ocsp"}}}, withRCV(&pb.X509Parameters{
 			AiaOcspServers: []string{"https://oscp.doe.com", "https://doe.com/ocsp"},
 		})},
 		// Extensions
@ -505,7 +495,7 @@ func Test_createReusableConfig(t *testing.T) {
 			{Id: []int{2, 5, 29, 17}, Critical: true, Value: []byte("SANs")}, //
 			{Id: []int{4, 3, 2, 1}, Critical: false, Value: []byte("zoobar")},
 			{Id: []int{2, 5, 29, 31}, Critical: false, Value: []byte("CRL Distribution points")},
-		}}}, withRCV(&pb.ReusableConfigValues{
+		}}}, withRCV(&pb.X509Parameters{
 			AdditionalExtensions: []*pb.X509Extension{
 				{ObjectId: &pb.ObjectId{ObjectIdPath: []int32{1, 2, 3, 4}}, Critical: true, Value: []byte("foobar")},
 				{ObjectId: &pb.ObjectId{ObjectIdPath: []int32{4, 3, 2, 1}}, Critical: false, Value: []byte("zoobar")},
@ -514,8 +504,8 @@ func Test_createReusableConfig(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			if got := createReusableConfig(tt.args.cert); !reflect.DeepEqual(got, tt.want) {
-				t.Errorf("createReusableConfig() = %v, want %v", got, tt.want)
+			if got := createX509Parameters(tt.args.cert); !reflect.DeepEqual(got, tt.want) {
+				t.Errorf("createX509Parameters() = %v, want %v", got, tt.want)
 			}
 		})
 	}
--- a/cas/cloudcas/cloudcas.go
+++ b/cas/cloudcas/cloudcas.go
@ -74,6 +74,7 @@ type CloudCAS struct {
 	project              string
 	location             string
 	caPool               string
+	gcsBucket            string
 }

 // newCertificateAuthorityClient creates the certificate authority client. This
@ -263,6 +264,8 @@ func (c *CloudCAS) CreateCertificateAuthority(req *apiv1.CreateCertificateAuthor
 		return nil, errors.New("cloudCAS `project` cannot be empty")
 	case c.location == "":
 		return nil, errors.New("cloudCAS `location` cannot be empty")
+	case c.caPool == "":
+		return nil, errors.New("cloudCAS `caPool` cannot be empty")
 	case req.Template == nil:
 		return nil, errors.New("createCertificateAuthorityRequest `template` cannot be nil")
 	case req.Lifetime == 0:
@ -335,7 +338,7 @@ func (c *CloudCAS) CreateCertificateAuthority(req *apiv1.CreateCertificateAuthor
 			},
 			Lifetime:  durationpb.New(req.Lifetime),
 			KeySpec:   keySpec,
-			GcsBucket: "",
+			GcsBucket: c.gcsBucket,
 			Labels:    map[string]string{},
 		},
 	}
--- a/cas/cloudcas/cloudcas_test.go
+++ b/cas/cloudcas/cloudcas_test.go
@ -20,7 +20,7 @@ import (
 	"time"

 	lroauto "cloud.google.com/go/longrunning/autogen"
-	privateca "cloud.google.com/go/security/privateca/apiv1beta1"
+	privateca "cloud.google.com/go/security/privateca/apiv1"
 	gomock "github.com/golang/mock/gomock"
 	"github.com/google/uuid"
 	gax "github.com/googleapis/gax-go/v2"
@ -28,19 +28,23 @@ import (
 	"github.com/smallstep/certificates/cas/apiv1"
 	kmsapi "github.com/smallstep/certificates/kms/apiv1"
 	"google.golang.org/api/option"
-	pb "google.golang.org/genproto/googleapis/cloud/security/privateca/v1beta1"
+	pb "google.golang.org/genproto/googleapis/cloud/security/privateca/v1"
 	longrunningpb "google.golang.org/genproto/googleapis/longrunning"
 	"google.golang.org/grpc"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/status"
 	"google.golang.org/grpc/test/bufconn"
 	"google.golang.org/protobuf/types/known/anypb"
 )

 var (
 	errTest             = errors.New("test error")
-	testAuthorityName   = "projects/test-project/locations/us-west1/certificateAuthorities/test-ca"
-	testCertificateName = "projects/test-project/locations/us-west1/certificateAuthorities/test-ca/certificates/test-certificate"
+	testCaPoolName      = "projects/test-project/locations/us-west1/caPools/test-capool"
+	testAuthorityName   = "projects/test-project/locations/us-west1/caPools/test-capool/certificateAuthorities/test-ca"
+	testCertificateName = "projects/test-project/locations/us-west1/caPools/test-capool/certificateAuthorities/test-ca/certificates/test-certificate"
 	testProject         = "test-project"
 	testLocation        = "us-west1"
+	testCaPool          = "test-capool"
 	testRootCertificate = `-----BEGIN CERTIFICATE-----
 MIIBeDCCAR+gAwIBAgIQcXWWjtSZ/PAyH8D1Ou4L9jAKBggqhkjOPQQDAjAbMRkw
 FwYDVQQDExBDbG91ZENBUyBSb290IENBMB4XDTIwMTAyNzIyNTM1NFoXDTMwMTAy
@ -214,6 +218,18 @@ func (c *testClient) ActivateCertificateAuthority(ctx context.Context, req *pb.A
 	return nil, errors.New("use NewMockCertificateAuthorityClient")
 }

+func (c *testClient) EnableCertificateAuthority(ctx context.Context, req *pb.EnableCertificateAuthorityRequest, opts ...gax.CallOption) (*privateca.EnableCertificateAuthorityOperation, error) {
+	return nil, errors.New("use NewMockCertificateAuthorityClient")
+}
+
+func (c *testClient) GetCaPool(ctx context.Context, req *pb.GetCaPoolRequest, opts ...gax.CallOption) (*pb.CaPool, error) {
+	return nil, errors.New("use NewMockCertificateAuthorityClient")
+}
+
+func (c *testClient) CreateCaPool(ctx context.Context, req *pb.CreateCaPoolRequest, opts ...gax.CallOption) (*privateca.CreateCaPoolOperation, error) {
+	return nil, errors.New("use NewMockCertificateAuthorityClient")
+}
+
 func mustParseCertificate(t *testing.T, pemCert string) *x509.Certificate {
 	t.Helper()
 	crt, err := parseCertificate(pemCert)
@ -262,6 +278,7 @@ func TestNew(t *testing.T) {
 			certificateAuthority: testAuthorityName,
 			project:              testProject,
 			location:             testLocation,
+			caPool:               testCaPool,
 		}, false},
 		{"ok with credentials", args{context.Background(), apiv1.Options{
 			CertificateAuthority: testAuthorityName, CredentialsFile: "testdata/credentials.json",
@ -270,16 +287,18 @@ func TestNew(t *testing.T) {
 			certificateAuthority: testAuthorityName,
 			project:              testProject,
 			location:             testLocation,
+			caPool:               testCaPool,
 		}, false},
 		{"ok creator", args{context.Background(), apiv1.Options{
-			IsCreator: true, Project: testProject, Location: testLocation,
+			IsCreator: true, Project: testProject, Location: testLocation, CAPool: testCaPool,
 		}}, &CloudCAS{
 			client:   &testClient{},
 			project:  testProject,
 			location: testLocation,
+			caPool:   testCaPool,
 		}, false},
 		{"fail certificate authority", args{context.Background(), apiv1.Options{
-			CertificateAuthority: "projects/ok1234/locations/ok1234/certificateAuthorities/ok1234/bad",
+			CertificateAuthority: "projects/ok1234/locations/ok1234/caPools/ok1234/certificateAuthorities/ok1234/bad",
 		}}, nil, true},
 		{"fail certificate authority regex", args{context.Background(), apiv1.Options{}}, nil, true},
 		{"fail with credentials", args{context.Background(), apiv1.Options{
@ -291,6 +310,9 @@ func TestNew(t *testing.T) {
 		{"fail creator location", args{context.Background(), apiv1.Options{
 			IsCreator: true, Project: testProject, Location: "",
 		}}, nil, true},
+		{"fail caPool", args{context.Background(), apiv1.Options{
+			IsCreator: true, Project: testProject, Location: testLocation, CAPool: "",
+		}}, nil, true},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
@ -320,6 +342,7 @@ func TestNew_register(t *testing.T) {
 		certificateAuthority: testAuthorityName,
 		project:              testProject,
 		location:             testLocation,
+		caPool:               testCaPool,
 	}

 	newFn, ok := apiv1.LoadCertificateAuthorityServiceNewFunc(apiv1.CloudCAS)
@ -338,7 +361,6 @@ func TestNew_register(t *testing.T) {
 	if !reflect.DeepEqual(got, want) {
 		t.Errorf("New() = %v, want %v", got, want)
 	}
-
 }

 func TestNew_real(t *testing.T) {
@ -812,14 +834,27 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	fake := &privateca.CertificateAuthorityClient{
-		LROClient: client,
+	fake, err := privateca.NewCertificateAuthorityClient(context.Background(), option.WithGRPCConn(conn))
+	if err != nil {
+		t.Fatal(err)
 	}
+	fake.LROClient = client

 	// Configure mocks
 	any := gomock.Any()

 	// ok root
+	m.EXPECT().GetCaPool(any, any).Return(nil, status.Error(codes.NotFound, "not found"))
+	m.EXPECT().CreateCaPool(any, any).Return(fake.CreateCaPoolOperation("CreateCaPool"), nil)
+	mos.EXPECT().GetOperation(any, any).Return(&longrunningpb.Operation{
+		Name: "CreateCaPool",
+		Done: true,
+		Result: &longrunningpb.Operation_Response{
+			Response: must(anypb.New(&pb.CaPool{
+				Name: testCaPoolName,
+			})).(*anypb.Any),
+		},
+	}, nil)
 	m.EXPECT().CreateCertificateAuthority(any, any).Return(fake.CreateCertificateAuthorityOperation("CreateCertificateAuthority"), nil)
 	mos.EXPECT().GetOperation(any, any).Return(&longrunningpb.Operation{
 		Name: "CreateCertificateAuthority",
@ -831,8 +866,20 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
 			})).(*anypb.Any),
 		},
 	}, nil)
+	m.EXPECT().EnableCertificateAuthority(any, any).Return(fake.EnableCertificateAuthorityOperation("EnableCertificateAuthorityOperation"), nil)
+	mos.EXPECT().GetOperation(any, any).Return(&longrunningpb.Operation{
+		Name: "EnableCertificateAuthority",
+		Done: true,
+		Result: &longrunningpb.Operation_Response{
+			Response: must(anypb.New(&pb.CertificateAuthority{
+				Name:              testAuthorityName,
+				PemCaCertificates: []string{testRootCertificate},
+			})).(*anypb.Any),
+		},
+	}, nil)

 	// ok intermediate
+	m.EXPECT().GetCaPool(any, any).Return(&pb.CaPool{Name: testCaPoolName}, nil)
 	m.EXPECT().CreateCertificateAuthority(any, any).Return(fake.CreateCertificateAuthorityOperation("CreateCertificateAuthority"), nil)
 	mos.EXPECT().GetOperation(any, any).Return(&longrunningpb.Operation{
 		Name: "CreateCertificateAuthority",
@ -857,7 +904,20 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
 			})).(*anypb.Any),
 		},
 	}, nil)
+	m.EXPECT().EnableCertificateAuthority(any, any).Return(fake.EnableCertificateAuthorityOperation("EnableCertificateAuthorityOperation"), nil)
+	mos.EXPECT().GetOperation(any, any).Return(&longrunningpb.Operation{
+		Name: "EnableCertificateAuthority",
+		Done: true,
+		Result: &longrunningpb.Operation_Response{
+			Response: must(anypb.New(&pb.CertificateAuthority{
+				Name:              testAuthorityName,
+				PemCaCertificates: []string{testIntermediateCertificate, testRootCertificate},
+			})).(*anypb.Any),
+		},
+	}, nil)
+
 	// ok intermediate local signer
+	m.EXPECT().GetCaPool(any, any).Return(&pb.CaPool{Name: testCaPoolName}, nil)
 	m.EXPECT().CreateCertificateAuthority(any, any).Return(fake.CreateCertificateAuthorityOperation("CreateCertificateAuthority"), nil)
 	mos.EXPECT().GetOperation(any, any).Return(&longrunningpb.Operation{
 		Name: "CreateCertificateAuthority",
@ -886,8 +946,20 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
 			})).(*anypb.Any),
 		},
 	}, nil)
+	m.EXPECT().EnableCertificateAuthority(any, any).Return(fake.EnableCertificateAuthorityOperation("EnableCertificateAuthorityOperation"), nil)
+	mos.EXPECT().GetOperation(any, any).Return(&longrunningpb.Operation{
+		Name: "EnableCertificateAuthority",
+		Done: true,
+		Result: &longrunningpb.Operation_Response{
+			Response: must(anypb.New(&pb.CertificateAuthority{
+				Name:              testAuthorityName,
+				PemCaCertificates: []string{testIntermediateCertificate, testRootCertificate},
+			})).(*anypb.Any),
+		},
+	}, nil)

 	// ok create key
+	m.EXPECT().GetCaPool(any, any).Return(&pb.CaPool{Name: testCaPoolName}, nil)
 	m.EXPECT().CreateCertificateAuthority(any, any).Return(fake.CreateCertificateAuthorityOperation("CreateCertificateAuthority"), nil)
 	mos.EXPECT().GetOperation(any, any).Return(&longrunningpb.Operation{
 		Name: "CreateCertificateAuthority",
@ -899,15 +971,41 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
 			})).(*anypb.Any),
 		},
 	}, nil)
+	m.EXPECT().EnableCertificateAuthority(any, any).Return(fake.EnableCertificateAuthorityOperation("EnableCertificateAuthorityOperation"), nil)
+	mos.EXPECT().GetOperation(any, any).Return(&longrunningpb.Operation{
+		Name: "EnableCertificateAuthority",
+		Done: true,
+		Result: &longrunningpb.Operation_Response{
+			Response: must(anypb.New(&pb.CertificateAuthority{
+				Name:              testAuthorityName,
+				PemCaCertificates: []string{testRootCertificate},
+			})).(*anypb.Any),
+		},
+	}, nil)
+
+	// fail GetCaPool
+	m.EXPECT().GetCaPool(any, any).Return(nil, errTest)
+
+	// fail CreateCaPool
+	m.EXPECT().GetCaPool(any, any).Return(nil, status.Error(codes.NotFound, "not found"))
+	m.EXPECT().CreateCaPool(any, any).Return(nil, errTest)
+
+	// fail CreateCaPool.Wait
+	m.EXPECT().GetCaPool(any, any).Return(nil, status.Error(codes.NotFound, "not found"))
+	m.EXPECT().CreateCaPool(any, any).Return(fake.CreateCaPoolOperation("CreateCaPool"), nil)
+	mos.EXPECT().GetOperation(any, any).Return(nil, errTest)

 	// fail CreateCertificateAuthority
+	m.EXPECT().GetCaPool(any, any).Return(&pb.CaPool{Name: testCaPoolName}, nil)
 	m.EXPECT().CreateCertificateAuthority(any, any).Return(nil, errTest)

 	// fail CreateCertificateAuthority.Wait
+	m.EXPECT().GetCaPool(any, any).Return(&pb.CaPool{Name: testCaPoolName}, nil)
 	m.EXPECT().CreateCertificateAuthority(any, any).Return(fake.CreateCertificateAuthorityOperation("CreateCertificateAuthority"), nil)
 	mos.EXPECT().GetOperation(any, any).Return(nil, errTest)

 	// fail FetchCertificateAuthorityCsr
+	m.EXPECT().GetCaPool(any, any).Return(&pb.CaPool{Name: testCaPoolName}, nil)
 	m.EXPECT().CreateCertificateAuthority(any, any).Return(fake.CreateCertificateAuthorityOperation("CreateCertificateAuthority"), nil)
 	mos.EXPECT().GetOperation(any, any).Return(&longrunningpb.Operation{
 		Name: "CreateCertificateAuthority",
@ -921,6 +1019,7 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
 	m.EXPECT().FetchCertificateAuthorityCsr(any, any).Return(nil, errTest)

 	// fail CreateCertificate
+	m.EXPECT().GetCaPool(any, any).Return(&pb.CaPool{Name: testCaPoolName}, nil)
 	m.EXPECT().CreateCertificateAuthority(any, any).Return(fake.CreateCertificateAuthorityOperation("CreateCertificateAuthority"), nil)
 	mos.EXPECT().GetOperation(any, any).Return(&longrunningpb.Operation{
 		Name: "CreateCertificateAuthority",
@ -937,6 +1036,7 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
 	m.EXPECT().CreateCertificate(any, any).Return(nil, errTest)

 	// fail ActivateCertificateAuthority
+	m.EXPECT().GetCaPool(any, any).Return(&pb.CaPool{Name: testCaPoolName}, nil)
 	m.EXPECT().CreateCertificateAuthority(any, any).Return(fake.CreateCertificateAuthorityOperation("CreateCertificateAuthority"), nil)
 	mos.EXPECT().GetOperation(any, any).Return(&longrunningpb.Operation{
 		Name: "CreateCertificateAuthority",
@ -957,6 +1057,7 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
 	m.EXPECT().ActivateCertificateAuthority(any, any).Return(nil, errTest)

 	// fail ActivateCertificateAuthority.Wait
+	m.EXPECT().GetCaPool(any, any).Return(&pb.CaPool{Name: testCaPoolName}, nil)
 	m.EXPECT().CreateCertificateAuthority(any, any).Return(fake.CreateCertificateAuthorityOperation("CreateCertificateAuthority"), nil)
 	mos.EXPECT().GetOperation(any, any).Return(&longrunningpb.Operation{
 		Name: "CreateCertificateAuthority",
@ -978,6 +1079,7 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
 	mos.EXPECT().GetOperation(any, any).Return(nil, errTest)

 	// fail x509util.CreateCertificate
+	m.EXPECT().GetCaPool(any, any).Return(&pb.CaPool{Name: testCaPoolName}, nil)
 	m.EXPECT().CreateCertificateAuthority(any, any).Return(fake.CreateCertificateAuthorityOperation("CreateCertificateAuthority"), nil)
 	mos.EXPECT().GetOperation(any, any).Return(&longrunningpb.Operation{
 		Name: "CreateCertificateAuthority",
@ -993,6 +1095,7 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
 	}, nil)

 	// fail parseCertificateRequest
+	m.EXPECT().GetCaPool(any, any).Return(&pb.CaPool{Name: testCaPoolName}, nil)
 	m.EXPECT().CreateCertificateAuthority(any, any).Return(fake.CreateCertificateAuthorityOperation("CreateCertificateAuthority"), nil)
 	mos.EXPECT().GetOperation(any, any).Return(&longrunningpb.Operation{
 		Name: "CreateCertificateAuthority",
@ -1015,6 +1118,7 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
 		certificateAuthority string
 		project              string
 		location             string
+		caPool               string
 	}
 	type args struct {
 		req *apiv1.CreateCertificateAuthorityRequest
@ -1026,7 +1130,7 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
 		want    *apiv1.CreateCertificateAuthorityResponse
 		wantErr bool
 	}{
-		{"ok root", fields{m, "", testProject, testLocation}, args{&apiv1.CreateCertificateAuthorityRequest{
+		{"ok root", fields{m, "", testProject, testLocation, testCaPool}, args{&apiv1.CreateCertificateAuthorityRequest{
 			Type:     apiv1.RootCA,
 			Template: mustParseCertificate(t, testRootCertificate),
 			Lifetime: 24 * time.Hour,
@ -1034,7 +1138,7 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
 			Name:        testAuthorityName,
 			Certificate: rootCrt,
 		}, false},
-		{"ok intermediate", fields{m, "", testProject, testLocation}, args{&apiv1.CreateCertificateAuthorityRequest{
+		{"ok intermediate", fields{m, "", testProject, testLocation, testCaPool}, args{&apiv1.CreateCertificateAuthorityRequest{
 			Type:     apiv1.IntermediateCA,
 			Template: mustParseCertificate(t, testIntermediateCertificate),
 			Lifetime: 24 * time.Hour,
@ -1047,7 +1151,7 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
 			Certificate:      intCrt,
 			CertificateChain: []*x509.Certificate{rootCrt},
 		}, false},
-		{"ok intermediate local signer", fields{m, "", testProject, testLocation}, args{&apiv1.CreateCertificateAuthorityRequest{
+		{"ok intermediate local signer", fields{m, "", testProject, testLocation, testCaPool}, args{&apiv1.CreateCertificateAuthorityRequest{
 			Type:     apiv1.IntermediateCA,
 			Template: mustParseCertificate(t, testIntermediateCertificate),
 			Lifetime: 24 * time.Hour,
@ -1060,7 +1164,7 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
 			Certificate:      intCrt,
 			CertificateChain: []*x509.Certificate{rootCrt},
 		}, false},
-		{"ok create key", fields{m, "", testProject, testLocation}, args{&apiv1.CreateCertificateAuthorityRequest{
+		{"ok create key", fields{m, "", testProject, testLocation, testCaPool}, args{&apiv1.CreateCertificateAuthorityRequest{
 			Type:     apiv1.RootCA,
 			Template: mustParseCertificate(t, testRootCertificate),
 			Lifetime: 24 * time.Hour,
@ -1071,41 +1175,46 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
 			Name:        testAuthorityName,
 			Certificate: rootCrt,
 		}, false},
-		{"fail project", fields{m, "", "", testLocation}, args{&apiv1.CreateCertificateAuthorityRequest{
+		{"fail project", fields{m, "", "", testLocation, testCaPool}, args{&apiv1.CreateCertificateAuthorityRequest{
+			Type:     apiv1.RootCA,
+			Template: mustParseCertificate(t, testRootCertificate),
+			Lifetime: 24 * time.Hour,
+		}}, nil, true},
+		{"fail location", fields{m, "", testProject, "", testCaPool}, args{&apiv1.CreateCertificateAuthorityRequest{
 			Type:     apiv1.RootCA,
 			Template: mustParseCertificate(t, testRootCertificate),
 			Lifetime: 24 * time.Hour,
 		}}, nil, true},
-		{"fail location", fields{m, "", testProject, ""}, args{&apiv1.CreateCertificateAuthorityRequest{
+		{"fail caPool", fields{m, "", testProject, testLocation, ""}, args{&apiv1.CreateCertificateAuthorityRequest{
 			Type:     apiv1.RootCA,
 			Template: mustParseCertificate(t, testRootCertificate),
 			Lifetime: 24 * time.Hour,
 		}}, nil, true},
-		{"fail template", fields{m, "", testProject, testLocation}, args{&apiv1.CreateCertificateAuthorityRequest{
+		{"fail template", fields{m, "", testProject, testLocation, testCaPool}, args{&apiv1.CreateCertificateAuthorityRequest{
 			Type:     apiv1.RootCA,
 			Lifetime: 24 * time.Hour,
 		}}, nil, true},
-		{"fail lifetime", fields{m, "", testProject, testLocation}, args{&apiv1.CreateCertificateAuthorityRequest{
+		{"fail lifetime", fields{m, "", testProject, testLocation, testCaPool}, args{&apiv1.CreateCertificateAuthorityRequest{
 			Type:     apiv1.RootCA,
 			Template: mustParseCertificate(t, testRootCertificate),
 		}}, nil, true},
-		{"fail parent", fields{m, "", testProject, testLocation}, args{&apiv1.CreateCertificateAuthorityRequest{
+		{"fail parent", fields{m, "", testProject, testLocation, testCaPool}, args{&apiv1.CreateCertificateAuthorityRequest{
 			Type:     apiv1.IntermediateCA,
 			Template: mustParseCertificate(t, testRootCertificate),
 			Lifetime: 24 * time.Hour,
 		}}, nil, true},
-		{"fail parent name", fields{m, "", testProject, testLocation}, args{&apiv1.CreateCertificateAuthorityRequest{
+		{"fail parent name", fields{m, "", testProject, testLocation, testCaPool}, args{&apiv1.CreateCertificateAuthorityRequest{
 			Type:     apiv1.IntermediateCA,
 			Template: mustParseCertificate(t, testRootCertificate),
 			Lifetime: 24 * time.Hour,
 			Parent:   &apiv1.CreateCertificateAuthorityResponse{},
 		}}, nil, true},
-		{"fail type", fields{m, "", testProject, testLocation}, args{&apiv1.CreateCertificateAuthorityRequest{
+		{"fail type", fields{m, "", testProject, testLocation, testCaPool}, args{&apiv1.CreateCertificateAuthorityRequest{
 			Type:     0,
 			Template: mustParseCertificate(t, testRootCertificate),
 			Lifetime: 24 * time.Hour,
 		}}, nil, true},
-		{"fail create key", fields{m, "", testProject, testLocation}, args{&apiv1.CreateCertificateAuthorityRequest{
+		{"fail create key", fields{m, "", testProject, testLocation, testCaPool}, args{&apiv1.CreateCertificateAuthorityRequest{
 			Type:     apiv1.RootCA,
 			Template: mustParseCertificate(t, testRootCertificate),
 			Lifetime: 24 * time.Hour,
@ -1113,17 +1222,32 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
 				SignatureAlgorithm: kmsapi.PureEd25519,
 			},
 		}}, nil, true},
-		{"fail CreateCertificateAuthority", fields{m, "", testProject, testLocation}, args{&apiv1.CreateCertificateAuthorityRequest{
+		{"fail GetCaPool", fields{m, "", testProject, testLocation, testCaPool}, args{&apiv1.CreateCertificateAuthorityRequest{
+			Type:     apiv1.RootCA,
+			Template: mustParseCertificate(t, testRootCertificate),
+			Lifetime: 24 * time.Hour,
+		}}, nil, true},
+		{"fail CreateCaPool", fields{m, "", testProject, testLocation, testCaPool}, args{&apiv1.CreateCertificateAuthorityRequest{
+			Type:     apiv1.RootCA,
+			Template: mustParseCertificate(t, testRootCertificate),
+			Lifetime: 24 * time.Hour,
+		}}, nil, true},
+		{"fail CreateCaPool.Wait", fields{m, "", testProject, testLocation, testCaPool}, args{&apiv1.CreateCertificateAuthorityRequest{
+			Type:     apiv1.RootCA,
+			Template: mustParseCertificate(t, testRootCertificate),
+			Lifetime: 24 * time.Hour,
+		}}, nil, true},
+		{"fail CreateCertificateAuthority", fields{m, "", testProject, testLocation, testCaPool}, args{&apiv1.CreateCertificateAuthorityRequest{
 			Type:     apiv1.RootCA,
 			Template: mustParseCertificate(t, testRootCertificate),
 			Lifetime: 24 * time.Hour,
 		}}, nil, true},
-		{"fail CreateCertificateAuthority.Wait", fields{m, "", testProject, testLocation}, args{&apiv1.CreateCertificateAuthorityRequest{
+		{"fail CreateCertificateAuthority.Wait", fields{m, "", testProject, testLocation, testCaPool}, args{&apiv1.CreateCertificateAuthorityRequest{
 			Type:     apiv1.RootCA,
 			Template: mustParseCertificate(t, testRootCertificate),
 			Lifetime: 24 * time.Hour,
 		}}, nil, true},
-		{"fail FetchCertificateAuthorityCsr", fields{m, "", testProject, testLocation}, args{&apiv1.CreateCertificateAuthorityRequest{
+		{"fail FetchCertificateAuthorityCsr", fields{m, "", testProject, testLocation, testCaPool}, args{&apiv1.CreateCertificateAuthorityRequest{
 			Type:     apiv1.IntermediateCA,
 			Template: mustParseCertificate(t, testIntermediateCertificate),
 			Lifetime: 24 * time.Hour,
@ -1132,7 +1256,7 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
 				Certificate: rootCrt,
 			},
 		}}, nil, true},
-		{"fail CreateCertificate", fields{m, "", testProject, testLocation}, args{&apiv1.CreateCertificateAuthorityRequest{
+		{"fail CreateCertificate", fields{m, "", testProject, testLocation, testCaPool}, args{&apiv1.CreateCertificateAuthorityRequest{
 			Type:     apiv1.IntermediateCA,
 			Template: mustParseCertificate(t, testIntermediateCertificate),
 			Lifetime: 24 * time.Hour,
@ -1141,7 +1265,7 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
 				Certificate: rootCrt,
 			},
 		}}, nil, true},
-		{"fail ActivateCertificateAuthority", fields{m, "", testProject, testLocation}, args{&apiv1.CreateCertificateAuthorityRequest{
+		{"fail ActivateCertificateAuthority", fields{m, "", testProject, testLocation, testCaPool}, args{&apiv1.CreateCertificateAuthorityRequest{
 			Type:     apiv1.IntermediateCA,
 			Template: mustParseCertificate(t, testIntermediateCertificate),
 			Lifetime: 24 * time.Hour,
@ -1150,7 +1274,7 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
 				Certificate: rootCrt,
 			},
 		}}, nil, true},
-		{"fail ActivateCertificateAuthority.Wait", fields{m, "", testProject, testLocation}, args{&apiv1.CreateCertificateAuthorityRequest{
+		{"fail ActivateCertificateAuthority.Wait", fields{m, "", testProject, testLocation, testCaPool}, args{&apiv1.CreateCertificateAuthorityRequest{
 			Type:     apiv1.IntermediateCA,
 			Template: mustParseCertificate(t, testIntermediateCertificate),
 			Lifetime: 24 * time.Hour,
@ -1159,7 +1283,7 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
 				Certificate: rootCrt,
 			},
 		}}, nil, true},
-		{"fail x509util.CreateCertificate", fields{m, "", testProject, testLocation}, args{&apiv1.CreateCertificateAuthorityRequest{
+		{"fail x509util.CreateCertificate", fields{m, "", testProject, testLocation, testCaPool}, args{&apiv1.CreateCertificateAuthorityRequest{
 			Type:     apiv1.IntermediateCA,
 			Template: mustParseCertificate(t, testIntermediateCertificate),
 			Lifetime: 24 * time.Hour,
@ -1168,7 +1292,7 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
 				Signer:      createBadSigner(t),
 			},
 		}}, nil, true},
-		{"fail parseCertificateRequest", fields{m, "", testProject, testLocation}, args{&apiv1.CreateCertificateAuthorityRequest{
+		{"fail parseCertificateRequest", fields{m, "", testProject, testLocation, testCaPool}, args{&apiv1.CreateCertificateAuthorityRequest{
 			Type:     apiv1.IntermediateCA,
 			Template: mustParseCertificate(t, testIntermediateCertificate),
 			Lifetime: 24 * time.Hour,
@ -1185,6 +1309,7 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
 				certificateAuthority: tt.fields.certificateAuthority,
 				project:              tt.fields.project,
 				location:             tt.fields.location,
+				caPool:               tt.fields.caPool,
 			}
 			got, err := c.CreateCertificateAuthority(tt.args.req)
 			if (err != nil) != tt.wantErr {
--- a/cas/cloudcas/mock_client_test.go
+++ b/cas/cloudcas/mock_client_test.go
@ -1,15 +1,15 @@
 // Code generated by MockGen. DO NOT EDIT.
-// Source: ./cas/cloudcas/cloudcas.go
+// Source: github.com/smallstep/certificates/cas/cloudcas (interfaces: CertificateAuthorityClient)

 // Package cloudcas is a generated GoMock package.
 package cloudcas

 import (
-	privateca "cloud.google.com/go/security/privateca/apiv1beta1"
+	privateca "cloud.google.com/go/security/privateca/apiv1"
 	context "context"
 	gomock "github.com/golang/mock/gomock"
 	gax "github.com/googleapis/gax-go/v2"
-	privateca0 "google.golang.org/genproto/googleapis/cloud/security/privateca/v1beta1"
+	privateca0 "google.golang.org/genproto/googleapis/cloud/security/privateca/v1"
 	reflect "reflect"
 )

@ -36,71 +36,71 @@ func (m *MockCertificateAuthorityClient) EXPECT() *MockCertificateAuthorityClien
 	return m.recorder
 }

-// CreateCertificate mocks base method
-func (m *MockCertificateAuthorityClient) CreateCertificate(ctx context.Context, req *privateca0.CreateCertificateRequest, opts ...gax.CallOption) (*privateca0.Certificate, error) {
+// ActivateCertificateAuthority mocks base method
+func (m *MockCertificateAuthorityClient) ActivateCertificateAuthority(arg0 context.Context, arg1 *privateca0.ActivateCertificateAuthorityRequest, arg2 ...gax.CallOption) (*privateca.ActivateCertificateAuthorityOperation, error) {
 	m.ctrl.T.Helper()
-	varargs := []interface{}{ctx, req}
-	for _, a := range opts {
+	varargs := []interface{}{arg0, arg1}
+	for _, a := range arg2 {
 		varargs = append(varargs, a)
 	}
-	ret := m.ctrl.Call(m, "CreateCertificate", varargs...)
-	ret0, _ := ret[0].(*privateca0.Certificate)
+	ret := m.ctrl.Call(m, "ActivateCertificateAuthority", varargs...)
+	ret0, _ := ret[0].(*privateca.ActivateCertificateAuthorityOperation)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }

-// CreateCertificate indicates an expected call of CreateCertificate
-func (mr *MockCertificateAuthorityClientMockRecorder) CreateCertificate(ctx, req interface{}, opts ...interface{}) *gomock.Call {
+// ActivateCertificateAuthority indicates an expected call of ActivateCertificateAuthority
+func (mr *MockCertificateAuthorityClientMockRecorder) ActivateCertificateAuthority(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
-	varargs := append([]interface{}{ctx, req}, opts...)
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "CreateCertificate", reflect.TypeOf((*MockCertificateAuthorityClient)(nil).CreateCertificate), varargs...)
+	varargs := append([]interface{}{arg0, arg1}, arg2...)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ActivateCertificateAuthority", reflect.TypeOf((*MockCertificateAuthorityClient)(nil).ActivateCertificateAuthority), varargs...)
 }

-// RevokeCertificate mocks base method
-func (m *MockCertificateAuthorityClient) RevokeCertificate(ctx context.Context, req *privateca0.RevokeCertificateRequest, opts ...gax.CallOption) (*privateca0.Certificate, error) {
+// CreateCaPool mocks base method
+func (m *MockCertificateAuthorityClient) CreateCaPool(arg0 context.Context, arg1 *privateca0.CreateCaPoolRequest, arg2 ...gax.CallOption) (*privateca.CreateCaPoolOperation, error) {
 	m.ctrl.T.Helper()
-	varargs := []interface{}{ctx, req}
-	for _, a := range opts {
+	varargs := []interface{}{arg0, arg1}
+	for _, a := range arg2 {
 		varargs = append(varargs, a)
 	}
-	ret := m.ctrl.Call(m, "RevokeCertificate", varargs...)
-	ret0, _ := ret[0].(*privateca0.Certificate)
+	ret := m.ctrl.Call(m, "CreateCaPool", varargs...)
+	ret0, _ := ret[0].(*privateca.CreateCaPoolOperation)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }

-// RevokeCertificate indicates an expected call of RevokeCertificate
-func (mr *MockCertificateAuthorityClientMockRecorder) RevokeCertificate(ctx, req interface{}, opts ...interface{}) *gomock.Call {
+// CreateCaPool indicates an expected call of CreateCaPool
+func (mr *MockCertificateAuthorityClientMockRecorder) CreateCaPool(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
-	varargs := append([]interface{}{ctx, req}, opts...)
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "RevokeCertificate", reflect.TypeOf((*MockCertificateAuthorityClient)(nil).RevokeCertificate), varargs...)
+	varargs := append([]interface{}{arg0, arg1}, arg2...)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "CreateCaPool", reflect.TypeOf((*MockCertificateAuthorityClient)(nil).CreateCaPool), varargs...)
 }

-// GetCertificateAuthority mocks base method
-func (m *MockCertificateAuthorityClient) GetCertificateAuthority(ctx context.Context, req *privateca0.GetCertificateAuthorityRequest, opts ...gax.CallOption) (*privateca0.CertificateAuthority, error) {
+// CreateCertificate mocks base method
+func (m *MockCertificateAuthorityClient) CreateCertificate(arg0 context.Context, arg1 *privateca0.CreateCertificateRequest, arg2 ...gax.CallOption) (*privateca0.Certificate, error) {
 	m.ctrl.T.Helper()
-	varargs := []interface{}{ctx, req}
-	for _, a := range opts {
+	varargs := []interface{}{arg0, arg1}
+	for _, a := range arg2 {
 		varargs = append(varargs, a)
 	}
-	ret := m.ctrl.Call(m, "GetCertificateAuthority", varargs...)
-	ret0, _ := ret[0].(*privateca0.CertificateAuthority)
+	ret := m.ctrl.Call(m, "CreateCertificate", varargs...)
+	ret0, _ := ret[0].(*privateca0.Certificate)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }

-// GetCertificateAuthority indicates an expected call of GetCertificateAuthority
-func (mr *MockCertificateAuthorityClientMockRecorder) GetCertificateAuthority(ctx, req interface{}, opts ...interface{}) *gomock.Call {
+// CreateCertificate indicates an expected call of CreateCertificate
+func (mr *MockCertificateAuthorityClientMockRecorder) CreateCertificate(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
-	varargs := append([]interface{}{ctx, req}, opts...)
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetCertificateAuthority", reflect.TypeOf((*MockCertificateAuthorityClient)(nil).GetCertificateAuthority), varargs...)
+	varargs := append([]interface{}{arg0, arg1}, arg2...)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "CreateCertificate", reflect.TypeOf((*MockCertificateAuthorityClient)(nil).CreateCertificate), varargs...)
 }

 // CreateCertificateAuthority mocks base method
-func (m *MockCertificateAuthorityClient) CreateCertificateAuthority(ctx context.Context, req *privateca0.CreateCertificateAuthorityRequest, opts ...gax.CallOption) (*privateca.CreateCertificateAuthorityOperation, error) {
+func (m *MockCertificateAuthorityClient) CreateCertificateAuthority(arg0 context.Context, arg1 *privateca0.CreateCertificateAuthorityRequest, arg2 ...gax.CallOption) (*privateca.CreateCertificateAuthorityOperation, error) {
 	m.ctrl.T.Helper()
-	varargs := []interface{}{ctx, req}
-	for _, a := range opts {
+	varargs := []interface{}{arg0, arg1}
+	for _, a := range arg2 {
 		varargs = append(varargs, a)
 	}
 	ret := m.ctrl.Call(m, "CreateCertificateAuthority", varargs...)
@ -110,17 +110,37 @@ func (m *MockCertificateAuthorityClient) CreateCertificateAuthority(ctx context.
 }

 // CreateCertificateAuthority indicates an expected call of CreateCertificateAuthority
-func (mr *MockCertificateAuthorityClientMockRecorder) CreateCertificateAuthority(ctx, req interface{}, opts ...interface{}) *gomock.Call {
+func (mr *MockCertificateAuthorityClientMockRecorder) CreateCertificateAuthority(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
-	varargs := append([]interface{}{ctx, req}, opts...)
+	varargs := append([]interface{}{arg0, arg1}, arg2...)
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "CreateCertificateAuthority", reflect.TypeOf((*MockCertificateAuthorityClient)(nil).CreateCertificateAuthority), varargs...)
 }

+// EnableCertificateAuthority mocks base method
+func (m *MockCertificateAuthorityClient) EnableCertificateAuthority(arg0 context.Context, arg1 *privateca0.EnableCertificateAuthorityRequest, arg2 ...gax.CallOption) (*privateca.EnableCertificateAuthorityOperation, error) {
+	m.ctrl.T.Helper()
+	varargs := []interface{}{arg0, arg1}
+	for _, a := range arg2 {
+		varargs = append(varargs, a)
+	}
+	ret := m.ctrl.Call(m, "EnableCertificateAuthority", varargs...)
+	ret0, _ := ret[0].(*privateca.EnableCertificateAuthorityOperation)
+	ret1, _ := ret[1].(error)
+	return ret0, ret1
+}
+
+// EnableCertificateAuthority indicates an expected call of EnableCertificateAuthority
+func (mr *MockCertificateAuthorityClientMockRecorder) EnableCertificateAuthority(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	varargs := append([]interface{}{arg0, arg1}, arg2...)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "EnableCertificateAuthority", reflect.TypeOf((*MockCertificateAuthorityClient)(nil).EnableCertificateAuthority), varargs...)
+}
+
 // FetchCertificateAuthorityCsr mocks base method
-func (m *MockCertificateAuthorityClient) FetchCertificateAuthorityCsr(ctx context.Context, req *privateca0.FetchCertificateAuthorityCsrRequest, opts ...gax.CallOption) (*privateca0.FetchCertificateAuthorityCsrResponse, error) {
+func (m *MockCertificateAuthorityClient) FetchCertificateAuthorityCsr(arg0 context.Context, arg1 *privateca0.FetchCertificateAuthorityCsrRequest, arg2 ...gax.CallOption) (*privateca0.FetchCertificateAuthorityCsrResponse, error) {
 	m.ctrl.T.Helper()
-	varargs := []interface{}{ctx, req}
-	for _, a := range opts {
+	varargs := []interface{}{arg0, arg1}
+	for _, a := range arg2 {
 		varargs = append(varargs, a)
 	}
 	ret := m.ctrl.Call(m, "FetchCertificateAuthorityCsr", varargs...)
@ -130,28 +150,68 @@ func (m *MockCertificateAuthorityClient) FetchCertificateAuthorityCsr(ctx contex
 }

 // FetchCertificateAuthorityCsr indicates an expected call of FetchCertificateAuthorityCsr
-func (mr *MockCertificateAuthorityClientMockRecorder) FetchCertificateAuthorityCsr(ctx, req interface{}, opts ...interface{}) *gomock.Call {
+func (mr *MockCertificateAuthorityClientMockRecorder) FetchCertificateAuthorityCsr(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
-	varargs := append([]interface{}{ctx, req}, opts...)
+	varargs := append([]interface{}{arg0, arg1}, arg2...)
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "FetchCertificateAuthorityCsr", reflect.TypeOf((*MockCertificateAuthorityClient)(nil).FetchCertificateAuthorityCsr), varargs...)
 }

-// ActivateCertificateAuthority mocks base method
-func (m *MockCertificateAuthorityClient) ActivateCertificateAuthority(ctx context.Context, req *privateca0.ActivateCertificateAuthorityRequest, opts ...gax.CallOption) (*privateca.ActivateCertificateAuthorityOperation, error) {
+// GetCaPool mocks base method
+func (m *MockCertificateAuthorityClient) GetCaPool(arg0 context.Context, arg1 *privateca0.GetCaPoolRequest, arg2 ...gax.CallOption) (*privateca0.CaPool, error) {
 	m.ctrl.T.Helper()
-	varargs := []interface{}{ctx, req}
-	for _, a := range opts {
+	varargs := []interface{}{arg0, arg1}
+	for _, a := range arg2 {
 		varargs = append(varargs, a)
 	}
-	ret := m.ctrl.Call(m, "ActivateCertificateAuthority", varargs...)
-	ret0, _ := ret[0].(*privateca.ActivateCertificateAuthorityOperation)
+	ret := m.ctrl.Call(m, "GetCaPool", varargs...)
+	ret0, _ := ret[0].(*privateca0.CaPool)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }

-// ActivateCertificateAuthority indicates an expected call of ActivateCertificateAuthority
-func (mr *MockCertificateAuthorityClientMockRecorder) ActivateCertificateAuthority(ctx, req interface{}, opts ...interface{}) *gomock.Call {
+// GetCaPool indicates an expected call of GetCaPool
+func (mr *MockCertificateAuthorityClientMockRecorder) GetCaPool(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
-	varargs := append([]interface{}{ctx, req}, opts...)
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ActivateCertificateAuthority", reflect.TypeOf((*MockCertificateAuthorityClient)(nil).ActivateCertificateAuthority), varargs...)
+	varargs := append([]interface{}{arg0, arg1}, arg2...)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetCaPool", reflect.TypeOf((*MockCertificateAuthorityClient)(nil).GetCaPool), varargs...)
+}
+
+// GetCertificateAuthority mocks base method
+func (m *MockCertificateAuthorityClient) GetCertificateAuthority(arg0 context.Context, arg1 *privateca0.GetCertificateAuthorityRequest, arg2 ...gax.CallOption) (*privateca0.CertificateAuthority, error) {
+	m.ctrl.T.Helper()
+	varargs := []interface{}{arg0, arg1}
+	for _, a := range arg2 {
+		varargs = append(varargs, a)
+	}
+	ret := m.ctrl.Call(m, "GetCertificateAuthority", varargs...)
+	ret0, _ := ret[0].(*privateca0.CertificateAuthority)
+	ret1, _ := ret[1].(error)
+	return ret0, ret1
+}
+
+// GetCertificateAuthority indicates an expected call of GetCertificateAuthority
+func (mr *MockCertificateAuthorityClientMockRecorder) GetCertificateAuthority(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	varargs := append([]interface{}{arg0, arg1}, arg2...)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetCertificateAuthority", reflect.TypeOf((*MockCertificateAuthorityClient)(nil).GetCertificateAuthority), varargs...)
+}
+
+// RevokeCertificate mocks base method
+func (m *MockCertificateAuthorityClient) RevokeCertificate(arg0 context.Context, arg1 *privateca0.RevokeCertificateRequest, arg2 ...gax.CallOption) (*privateca0.Certificate, error) {
+	m.ctrl.T.Helper()
+	varargs := []interface{}{arg0, arg1}
+	for _, a := range arg2 {
+		varargs = append(varargs, a)
+	}
+	ret := m.ctrl.Call(m, "RevokeCertificate", varargs...)
+	ret0, _ := ret[0].(*privateca0.Certificate)
+	ret1, _ := ret[1].(error)
+	return ret0, ret1
+}
+
+// RevokeCertificate indicates an expected call of RevokeCertificate
+func (mr *MockCertificateAuthorityClientMockRecorder) RevokeCertificate(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	varargs := append([]interface{}{arg0, arg1}, arg2...)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "RevokeCertificate", reflect.TypeOf((*MockCertificateAuthorityClient)(nil).RevokeCertificate), varargs...)
 }
--- a/cas/cloudcas/mock_operation_server_test.go
+++ b/cas/cloudcas/mock_operation_server_test.go
@ -1,5 +1,5 @@
 // Code generated by MockGen. DO NOT EDIT.
-// Source: /Users/mariano/go/pkg/mod/google.golang.org/genproto@v0.0.0-20200904004341-0bd0a958aa1d/googleapis/longrunning/operations.pb.go
+// Source: google.golang.org/genproto/googleapis/longrunning (interfaces: OperationsServer)

 // Package cloudcas is a generated GoMock package.
 package cloudcas
@ -8,169 +8,10 @@ import (
 	context "context"
 	gomock "github.com/golang/mock/gomock"
 	longrunning "google.golang.org/genproto/googleapis/longrunning"
-	grpc "google.golang.org/grpc"
 	emptypb "google.golang.org/protobuf/types/known/emptypb"
 	reflect "reflect"
 )

-// MockisOperation_Result is a mock of isOperation_Result interface
-type MockisOperation_Result struct {
-	ctrl     *gomock.Controller
-	recorder *MockisOperation_ResultMockRecorder
-}
-
-// MockisOperation_ResultMockRecorder is the mock recorder for MockisOperation_Result
-type MockisOperation_ResultMockRecorder struct {
-	mock *MockisOperation_Result
-}
-
-// NewMockisOperation_Result creates a new mock instance
-func NewMockisOperation_Result(ctrl *gomock.Controller) *MockisOperation_Result {
-	mock := &MockisOperation_Result{ctrl: ctrl}
-	mock.recorder = &MockisOperation_ResultMockRecorder{mock}
-	return mock
-}
-
-// EXPECT returns an object that allows the caller to indicate expected use
-func (m *MockisOperation_Result) EXPECT() *MockisOperation_ResultMockRecorder {
-	return m.recorder
-}
-
-// isOperation_Result mocks base method
-func (m *MockisOperation_Result) isOperation_Result() {
-	m.ctrl.T.Helper()
-	m.ctrl.Call(m, "isOperation_Result")
-}
-
-// isOperation_Result indicates an expected call of isOperation_Result
-func (mr *MockisOperation_ResultMockRecorder) isOperation_Result() *gomock.Call {
-	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "isOperation_Result", reflect.TypeOf((*MockisOperation_Result)(nil).isOperation_Result))
-}
-
-// MockOperationsClient is a mock of OperationsClient interface
-type MockOperationsClient struct {
-	ctrl     *gomock.Controller
-	recorder *MockOperationsClientMockRecorder
-}
-
-// MockOperationsClientMockRecorder is the mock recorder for MockOperationsClient
-type MockOperationsClientMockRecorder struct {
-	mock *MockOperationsClient
-}
-
-// NewMockOperationsClient creates a new mock instance
-func NewMockOperationsClient(ctrl *gomock.Controller) *MockOperationsClient {
-	mock := &MockOperationsClient{ctrl: ctrl}
-	mock.recorder = &MockOperationsClientMockRecorder{mock}
-	return mock
-}
-
-// EXPECT returns an object that allows the caller to indicate expected use
-func (m *MockOperationsClient) EXPECT() *MockOperationsClientMockRecorder {
-	return m.recorder
-}
-
-// ListOperations mocks base method
-func (m *MockOperationsClient) ListOperations(ctx context.Context, in *longrunning.ListOperationsRequest, opts ...grpc.CallOption) (*longrunning.ListOperationsResponse, error) {
-	m.ctrl.T.Helper()
-	varargs := []interface{}{ctx, in}
-	for _, a := range opts {
-		varargs = append(varargs, a)
-	}
-	ret := m.ctrl.Call(m, "ListOperations", varargs...)
-	ret0, _ := ret[0].(*longrunning.ListOperationsResponse)
-	ret1, _ := ret[1].(error)
-	return ret0, ret1
-}
-
-// ListOperations indicates an expected call of ListOperations
-func (mr *MockOperationsClientMockRecorder) ListOperations(ctx, in interface{}, opts ...interface{}) *gomock.Call {
-	mr.mock.ctrl.T.Helper()
-	varargs := append([]interface{}{ctx, in}, opts...)
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ListOperations", reflect.TypeOf((*MockOperationsClient)(nil).ListOperations), varargs...)
-}
-
-// GetOperation mocks base method
-func (m *MockOperationsClient) GetOperation(ctx context.Context, in *longrunning.GetOperationRequest, opts ...grpc.CallOption) (*longrunning.Operation, error) {
-	m.ctrl.T.Helper()
-	varargs := []interface{}{ctx, in}
-	for _, a := range opts {
-		varargs = append(varargs, a)
-	}
-	ret := m.ctrl.Call(m, "GetOperation", varargs...)
-	ret0, _ := ret[0].(*longrunning.Operation)
-	ret1, _ := ret[1].(error)
-	return ret0, ret1
-}
-
-// GetOperation indicates an expected call of GetOperation
-func (mr *MockOperationsClientMockRecorder) GetOperation(ctx, in interface{}, opts ...interface{}) *gomock.Call {
-	mr.mock.ctrl.T.Helper()
-	varargs := append([]interface{}{ctx, in}, opts...)
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetOperation", reflect.TypeOf((*MockOperationsClient)(nil).GetOperation), varargs...)
-}
-
-// DeleteOperation mocks base method
-func (m *MockOperationsClient) DeleteOperation(ctx context.Context, in *longrunning.DeleteOperationRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) {
-	m.ctrl.T.Helper()
-	varargs := []interface{}{ctx, in}
-	for _, a := range opts {
-		varargs = append(varargs, a)
-	}
-	ret := m.ctrl.Call(m, "DeleteOperation", varargs...)
-	ret0, _ := ret[0].(*emptypb.Empty)
-	ret1, _ := ret[1].(error)
-	return ret0, ret1
-}
-
-// DeleteOperation indicates an expected call of DeleteOperation
-func (mr *MockOperationsClientMockRecorder) DeleteOperation(ctx, in interface{}, opts ...interface{}) *gomock.Call {
-	mr.mock.ctrl.T.Helper()
-	varargs := append([]interface{}{ctx, in}, opts...)
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "DeleteOperation", reflect.TypeOf((*MockOperationsClient)(nil).DeleteOperation), varargs...)
-}
-
-// CancelOperation mocks base method
-func (m *MockOperationsClient) CancelOperation(ctx context.Context, in *longrunning.CancelOperationRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) {
-	m.ctrl.T.Helper()
-	varargs := []interface{}{ctx, in}
-	for _, a := range opts {
-		varargs = append(varargs, a)
-	}
-	ret := m.ctrl.Call(m, "CancelOperation", varargs...)
-	ret0, _ := ret[0].(*emptypb.Empty)
-	ret1, _ := ret[1].(error)
-	return ret0, ret1
-}
-
-// CancelOperation indicates an expected call of CancelOperation
-func (mr *MockOperationsClientMockRecorder) CancelOperation(ctx, in interface{}, opts ...interface{}) *gomock.Call {
-	mr.mock.ctrl.T.Helper()
-	varargs := append([]interface{}{ctx, in}, opts...)
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "CancelOperation", reflect.TypeOf((*MockOperationsClient)(nil).CancelOperation), varargs...)
-}
-
-// WaitOperation mocks base method
-func (m *MockOperationsClient) WaitOperation(ctx context.Context, in *longrunning.WaitOperationRequest, opts ...grpc.CallOption) (*longrunning.Operation, error) {
-	m.ctrl.T.Helper()
-	varargs := []interface{}{ctx, in}
-	for _, a := range opts {
-		varargs = append(varargs, a)
-	}
-	ret := m.ctrl.Call(m, "WaitOperation", varargs...)
-	ret0, _ := ret[0].(*longrunning.Operation)
-	ret1, _ := ret[1].(error)
-	return ret0, ret1
-}
-
-// WaitOperation indicates an expected call of WaitOperation
-func (mr *MockOperationsClientMockRecorder) WaitOperation(ctx, in interface{}, opts ...interface{}) *gomock.Call {
-	mr.mock.ctrl.T.Helper()
-	varargs := append([]interface{}{ctx, in}, opts...)
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "WaitOperation", reflect.TypeOf((*MockOperationsClient)(nil).WaitOperation), varargs...)
-}
-
 // MockOperationsServer is a mock of OperationsServer interface
 type MockOperationsServer struct {
 	ctrl     *gomock.Controller
@ -194,64 +35,64 @@ func (m *MockOperationsServer) EXPECT() *MockOperationsServerMockRecorder {
 	return m.recorder
 }

-// ListOperations mocks base method
-func (m *MockOperationsServer) ListOperations(arg0 context.Context, arg1 *longrunning.ListOperationsRequest) (*longrunning.ListOperationsResponse, error) {
+// CancelOperation mocks base method
+func (m *MockOperationsServer) CancelOperation(arg0 context.Context, arg1 *longrunning.CancelOperationRequest) (*emptypb.Empty, error) {
 	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "ListOperations", arg0, arg1)
-	ret0, _ := ret[0].(*longrunning.ListOperationsResponse)
+	ret := m.ctrl.Call(m, "CancelOperation", arg0, arg1)
+	ret0, _ := ret[0].(*emptypb.Empty)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }

-// ListOperations indicates an expected call of ListOperations
-func (mr *MockOperationsServerMockRecorder) ListOperations(arg0, arg1 interface{}) *gomock.Call {
+// CancelOperation indicates an expected call of CancelOperation
+func (mr *MockOperationsServerMockRecorder) CancelOperation(arg0, arg1 interface{}) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ListOperations", reflect.TypeOf((*MockOperationsServer)(nil).ListOperations), arg0, arg1)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "CancelOperation", reflect.TypeOf((*MockOperationsServer)(nil).CancelOperation), arg0, arg1)
 }

-// GetOperation mocks base method
-func (m *MockOperationsServer) GetOperation(arg0 context.Context, arg1 *longrunning.GetOperationRequest) (*longrunning.Operation, error) {
+// DeleteOperation mocks base method
+func (m *MockOperationsServer) DeleteOperation(arg0 context.Context, arg1 *longrunning.DeleteOperationRequest) (*emptypb.Empty, error) {
 	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "GetOperation", arg0, arg1)
-	ret0, _ := ret[0].(*longrunning.Operation)
+	ret := m.ctrl.Call(m, "DeleteOperation", arg0, arg1)
+	ret0, _ := ret[0].(*emptypb.Empty)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }

-// GetOperation indicates an expected call of GetOperation
-func (mr *MockOperationsServerMockRecorder) GetOperation(arg0, arg1 interface{}) *gomock.Call {
+// DeleteOperation indicates an expected call of DeleteOperation
+func (mr *MockOperationsServerMockRecorder) DeleteOperation(arg0, arg1 interface{}) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetOperation", reflect.TypeOf((*MockOperationsServer)(nil).GetOperation), arg0, arg1)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "DeleteOperation", reflect.TypeOf((*MockOperationsServer)(nil).DeleteOperation), arg0, arg1)
 }

-// DeleteOperation mocks base method
-func (m *MockOperationsServer) DeleteOperation(arg0 context.Context, arg1 *longrunning.DeleteOperationRequest) (*emptypb.Empty, error) {
+// GetOperation mocks base method
+func (m *MockOperationsServer) GetOperation(arg0 context.Context, arg1 *longrunning.GetOperationRequest) (*longrunning.Operation, error) {
 	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "DeleteOperation", arg0, arg1)
-	ret0, _ := ret[0].(*emptypb.Empty)
+	ret := m.ctrl.Call(m, "GetOperation", arg0, arg1)
+	ret0, _ := ret[0].(*longrunning.Operation)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }

-// DeleteOperation indicates an expected call of DeleteOperation
-func (mr *MockOperationsServerMockRecorder) DeleteOperation(arg0, arg1 interface{}) *gomock.Call {
+// GetOperation indicates an expected call of GetOperation
+func (mr *MockOperationsServerMockRecorder) GetOperation(arg0, arg1 interface{}) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "DeleteOperation", reflect.TypeOf((*MockOperationsServer)(nil).DeleteOperation), arg0, arg1)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetOperation", reflect.TypeOf((*MockOperationsServer)(nil).GetOperation), arg0, arg1)
 }

-// CancelOperation mocks base method
-func (m *MockOperationsServer) CancelOperation(arg0 context.Context, arg1 *longrunning.CancelOperationRequest) (*emptypb.Empty, error) {
+// ListOperations mocks base method
+func (m *MockOperationsServer) ListOperations(arg0 context.Context, arg1 *longrunning.ListOperationsRequest) (*longrunning.ListOperationsResponse, error) {
 	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "CancelOperation", arg0, arg1)
-	ret0, _ := ret[0].(*emptypb.Empty)
+	ret := m.ctrl.Call(m, "ListOperations", arg0, arg1)
+	ret0, _ := ret[0].(*longrunning.ListOperationsResponse)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }

-// CancelOperation indicates an expected call of CancelOperation
-func (mr *MockOperationsServerMockRecorder) CancelOperation(arg0, arg1 interface{}) *gomock.Call {
+// ListOperations indicates an expected call of ListOperations
+func (mr *MockOperationsServerMockRecorder) ListOperations(arg0, arg1 interface{}) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "CancelOperation", reflect.TypeOf((*MockOperationsServer)(nil).CancelOperation), arg0, arg1)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ListOperations", reflect.TypeOf((*MockOperationsServer)(nil).ListOperations), arg0, arg1)
 }

 // WaitOperation mocks base method