google-apis-cloudkms_v1 0.11.0 → 0.15.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d24d53627d68110c7007a55be5249020e3860c727d9305a44f1c24fa286d5261
-  data.tar.gz: 1c5b6e275b1f6ed9ed9b2882029dccacc30d710b1e1b070590a32cea5f8a050b
+  metadata.gz: ce1244f1efea2c5807f4df0bc7847d6d1696cee2e556081b8bc3847145f82597
+  data.tar.gz: f5be8bc097879267d3a81420a2be844248abce2a6f40dee2b3c3669b9438f2e0
 SHA512:
-  metadata.gz: 719138759639eb2e6d250c68df91e25c16e0fdcbc18035f985e887132c0ff54c4b0a3c59eb9d2ec45d74c1a5da4c1889967e37059181773cdf18ca998f9dba0c
-  data.tar.gz: fd86a96235dcef634dfb5b3946074c6d8819b73bf34872f8999052531fdbdb9c6554c923b2b16392328af0eb5100207f49793ed21178f294ead106e638742a65
+  metadata.gz: f7e6a15ab9a1694e5f7c9cd604573727f524a5a50be49a81ceb82880411560f0035402781696ad57806a64285e85fe7c215926f94ba5f6b758efb7cfa667a830
+  data.tar.gz: 3c4abdd1d32b6eb076e3ba521217675d135912daeebbd348c4f78c9550a567513da3d0aa3da2690eb87aa548825d8781a95df83b1fbb512231ed563b9ab5f044

data/CHANGELOG.md

@@ -1,5 +1,21 @@
 # Release history for google-apis-cloudkms_v1
 
+### v0.15.0 (2021-12-08)
+
+* Regenerated from discovery document revision 20211130
+
+### v0.14.0 (2021-11-13)
+
+* Regenerated from discovery document revision 20211105
+
+### v0.13.0 (2021-10-26)
+
+* Regenerated from discovery document revision 20211018
+
+### v0.12.0 (2021-09-01)
+
+* Regenerated from discovery document revision 20210820
+
 ### v0.11.0 (2021-07-31)
 
 * Regenerated from discovery document revision 20210723

data/OVERVIEW.md

@@ -60,8 +60,8 @@ See the class reference docs for information on the methods you can call from a
 
 More detailed descriptions of the Google simple REST clients are available in two documents.
 
- *  The [Usage Guide](https://github.com/googleapis/google-api-ruby-client/blob/master/docs/usage-guide.md) discusses how to make API calls, how to use the provided data structures, and how to work the various features of the client library, including media upload and download, error handling, retries, pagination, and logging.
- *  The [Auth Guide](https://github.com/googleapis/google-api-ruby-client/blob/master/docs/auth-guide.md) discusses authentication in the client libraries, including API keys, OAuth 2.0, service accounts, and environment variables.
+ *  The [Usage Guide](https://github.com/googleapis/google-api-ruby-client/blob/main/docs/usage-guide.md) discusses how to make API calls, how to use the provided data structures, and how to work the various features of the client library, including media upload and download, error handling, retries, pagination, and logging.
+ *  The [Auth Guide](https://github.com/googleapis/google-api-ruby-client/blob/main/docs/auth-guide.md) discusses authentication in the client libraries, including API keys, OAuth 2.0, service accounts, and environment variables.
 
 (Note: the above documents are written for the simple REST clients in general, and their examples may not reflect the Cloudkms service in particular.)
 

data/lib/google/apis/cloudkms_v1/classes.rb

@@ -119,6 +119,28 @@ module Google
       class AsymmetricSignRequest
         include Google::Apis::Core::Hashable
       
+        # Optional. The data to sign. It can't be supplied if AsymmetricSignRequest.
+        # digest is supplied.
+        # Corresponds to the JSON property `data`
+        # NOTE: Values are automatically base64 encoded/decoded in the client library.
+        # @return [String]
+        attr_accessor :data
+      
+        # Optional. An optional CRC32C checksum of the AsymmetricSignRequest.data. If
+        # specified, KeyManagementService will verify the integrity of the received
+        # AsymmetricSignRequest.data using this checksum. KeyManagementService will
+        # report an error if the checksum verification fails. If you receive a checksum
+        # error, your client should verify that CRC32C(AsymmetricSignRequest.data) is
+        # equal to AsymmetricSignRequest.data_crc32c, and if so, perform a limited
+        # number of retries. A persistent mismatch may indicate an issue in your
+        # computation of the CRC32C checksum. Note: This field is defined as int64 for
+        # reasons of compatibility across different languages. However, it is a non-
+        # negative integer, which will never exceed 2^32-1, and can be safely
+        # downconverted to uint32 in languages that support this type.
+        # Corresponds to the JSON property `dataCrc32c`
+        # @return [Fixnum]
+        attr_accessor :data_crc32c
+      
         # A Digest holds a cryptographic message digest.
         # Corresponds to the JSON property `digest`
         # @return [Google::Apis::CloudkmsV1::Digest]
@@ -145,6 +167,8 @@ module Google
       
         # Update properties of this object
         def update!(**args)
+          @data = args[:data] if args.key?(:data)
+          @data_crc32c = args[:data_crc32c] if args.key?(:data_crc32c)
           @digest = args[:digest] if args.key?(:digest)
           @digest_crc32c = args[:digest_crc32c] if args.key?(:digest_crc32c)
         end
@@ -185,6 +209,18 @@ module Google
         # @return [Fixnum]
         attr_accessor :signature_crc32c
       
+        # Integrity verification field. A flag indicating whether AsymmetricSignRequest.
+        # data_crc32c was received by KeyManagementService and used for the integrity
+        # verification of the data. A false value of this field indicates either that
+        # AsymmetricSignRequest.data_crc32c was left unset or that it was not delivered
+        # to KeyManagementService. If you've set AsymmetricSignRequest.data_crc32c but
+        # this field is still false, discard the response and perform a limited number
+        # of retries.
+        # Corresponds to the JSON property `verifiedDataCrc32c`
+        # @return [Boolean]
+        attr_accessor :verified_data_crc32c
+        alias_method :verified_data_crc32c?, :verified_data_crc32c
+      
         # Integrity verification field. A flag indicating whether AsymmetricSignRequest.
         # digest_crc32c was received by KeyManagementService and used for the integrity
         # verification of the digest. A false value of this field indicates either that
@@ -207,6 +243,7 @@ module Google
           @protection_level = args[:protection_level] if args.key?(:protection_level)
           @signature = args[:signature] if args.key?(:signature)
           @signature_crc32c = args[:signature_crc32c] if args.key?(:signature_crc32c)
+          @verified_data_crc32c = args[:verified_data_crc32c] if args.key?(:verified_data_crc32c)
           @verified_digest_crc32c = args[:verified_digest_crc32c] if args.key?(:verified_digest_crc32c)
         end
       end
@@ -282,7 +319,7 @@ module Google
         end
       end
       
-      # Associates `members` with a `role`.
+      # Associates `members`, or principals, with a `role`.
       class Binding
         include Google::Apis::Core::Hashable
       
@@ -305,7 +342,7 @@ module Google
         # @return [Google::Apis::CloudkmsV1::Expr]
         attr_accessor :condition
       
-        # Specifies the identities requesting access for a Cloud Platform resource. `
+        # Specifies the principals requesting access for a Cloud Platform resource. `
         # members` can have the following values: * `allUsers`: A special identifier
         # that represents anyone who is on the internet; with or without a Google
         # account. * `allAuthenticatedUsers`: A special identifier that represents
@@ -335,8 +372,8 @@ module Google
         # @return [Array<String>]
         attr_accessor :members
       
-        # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`
-        # , or `roles/owner`.
+        # Role that is assigned to the list of `members`, or principals. For example, `
+        # roles/viewer`, `roles/editor`, or `roles/owner`.
         # Corresponds to the JSON property `role`
         # @return [String]
         attr_accessor :role
@@ -397,6 +434,19 @@ module Google
         # @return [String]
         attr_accessor :create_time
       
+        # Immutable. The period of time that versions of this key spend in the
+        # DESTROY_SCHEDULED state before transitioning to DESTROYED. If not specified at
+        # creation time, the default duration is 24 hours.
+        # Corresponds to the JSON property `destroyScheduledDuration`
+        # @return [String]
+        attr_accessor :destroy_scheduled_duration
+      
+        # Immutable. Whether this key may contain imported versions only.
+        # Corresponds to the JSON property `importOnly`
+        # @return [Boolean]
+        attr_accessor :import_only
+        alias_method :import_only?, :import_only
+      
         # Labels with user-defined metadata. For more information, see [Labeling Keys](
         # https://cloud.google.com/kms/docs/labeling-keys).
         # Corresponds to the JSON property `labels`
@@ -457,6 +507,8 @@ module Google
         # Update properties of this object
         def update!(**args)
           @create_time = args[:create_time] if args.key?(:create_time)
+          @destroy_scheduled_duration = args[:destroy_scheduled_duration] if args.key?(:destroy_scheduled_duration)
+          @import_only = args[:import_only] if args.key?(:import_only)
           @labels = args[:labels] if args.key?(:labels)
           @name = args[:name] if args.key?(:name)
           @next_rotation_time = args[:next_rotation_time] if args.key?(:next_rotation_time)
@@ -517,20 +569,20 @@ module Google
         # @return [String]
         attr_accessor :generate_time
       
-        # Output only. The root cause of an import failure. Only present if state is
-        # IMPORT_FAILED.
+        # Output only. The root cause of the most recent import failure. Only present if
+        # state is IMPORT_FAILED.
         # Corresponds to the JSON property `importFailureReason`
         # @return [String]
         attr_accessor :import_failure_reason
       
-        # Output only. The name of the ImportJob used to import this CryptoKeyVersion.
-        # Only present if the underlying key material was imported.
+        # Output only. The name of the ImportJob used in the most recent import of this
+        # CryptoKeyVersion. Only present if the underlying key material was imported.
         # Corresponds to the JSON property `importJob`
         # @return [String]
         attr_accessor :import_job
       
-        # Output only. The time at which this CryptoKeyVersion's key material was
-        # imported.
+        # Output only. The time at which this CryptoKeyVersion's key material was most
+        # recently imported.
         # Corresponds to the JSON property `importTime`
         # @return [String]
         attr_accessor :import_time
@@ -547,6 +599,14 @@ module Google
         # @return [String]
         attr_accessor :protection_level
       
+        # Output only. Whether or not this key version is eligible for reimport, by
+        # being specified as a target in ImportCryptoKeyVersionRequest.
+        # crypto_key_version.
+        # Corresponds to the JSON property `reimportEligible`
+        # @return [Boolean]
+        attr_accessor :reimport_eligible
+        alias_method :reimport_eligible?, :reimport_eligible
+      
         # The current state of the CryptoKeyVersion.
         # Corresponds to the JSON property `state`
         # @return [String]
@@ -570,6 +630,7 @@ module Google
           @import_time = args[:import_time] if args.key?(:import_time)
           @name = args[:name] if args.key?(:name)
           @protection_level = args[:protection_level] if args.key?(:protection_level)
+          @reimport_eligible = args[:reimport_eligible] if args.key?(:reimport_eligible)
           @state = args[:state] if args.key?(:state)
         end
       end
@@ -979,6 +1040,68 @@ module Google
         end
       end
       
+      # Request message for KeyManagementService.GenerateRandomBytes.
+      class GenerateRandomBytesRequest
+        include Google::Apis::Core::Hashable
+      
+        # The length in bytes of the amount of randomness to retrieve. Minimum 8 bytes,
+        # maximum 1024 bytes.
+        # Corresponds to the JSON property `lengthBytes`
+        # @return [Fixnum]
+        attr_accessor :length_bytes
+      
+        # The ProtectionLevel to use when generating the random data. Defaults to
+        # SOFTWARE.
+        # Corresponds to the JSON property `protectionLevel`
+        # @return [String]
+        attr_accessor :protection_level
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @length_bytes = args[:length_bytes] if args.key?(:length_bytes)
+          @protection_level = args[:protection_level] if args.key?(:protection_level)
+        end
+      end
+      
+      # Response message for KeyManagementService.GenerateRandomBytes.
+      class GenerateRandomBytesResponse
+        include Google::Apis::Core::Hashable
+      
+        # The generated data.
+        # Corresponds to the JSON property `data`
+        # NOTE: Values are automatically base64 encoded/decoded in the client library.
+        # @return [String]
+        attr_accessor :data
+      
+        # Integrity verification field. A CRC32C checksum of the returned
+        # GenerateRandomBytesResponse.data. An integrity check of
+        # GenerateRandomBytesResponse.data can be performed by computing the CRC32C
+        # checksum of GenerateRandomBytesResponse.data and comparing your results to
+        # this field. Discard the response in case of non-matching checksum values, and
+        # perform a limited number of retries. A persistent mismatch may indicate an
+        # issue in your computation of the CRC32C checksum. Note: This field is defined
+        # as int64 for reasons of compatibility across different languages. However, it
+        # is a non-negative integer, which will never exceed 2^32-1, and can be safely
+        # downconverted to uint32 in languages that support this type.
+        # Corresponds to the JSON property `dataCrc32c`
+        # @return [Fixnum]
+        attr_accessor :data_crc32c
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @data = args[:data] if args.key?(:data)
+          @data_crc32c = args[:data_crc32c] if args.key?(:data_crc32c)
+        end
+      end
+      
       # Request message for KeyManagementService.ImportCryptoKeyVersion.
       class ImportCryptoKeyVersionRequest
         include Google::Apis::Core::Hashable
@@ -989,6 +1112,19 @@ module Google
         # @return [String]
         attr_accessor :algorithm
       
+        # Optional. The optional name of an existing CryptoKeyVersion to target for an
+        # import operation. If this field is not present, a new CryptoKeyVersion
+        # containing the supplied key material is created. If this field is present, the
+        # supplied key material is imported into the existing CryptoKeyVersion. To
+        # import into an existing CryptoKeyVersion, the CryptoKeyVersion must be a child
+        # of ImportCryptoKeyVersionRequest.parent, have been previously created via
+        # ImportCryptoKeyVersion, and be in DESTROYED or IMPORT_FAILED state. The key
+        # material and algorithm must match the previous CryptoKeyVersion exactly if the
+        # CryptoKeyVersion has ever contained key material.
+        # Corresponds to the JSON property `cryptoKeyVersion`
+        # @return [String]
+        attr_accessor :crypto_key_version
+      
         # Required. The name of the ImportJob that was used to wrap this key material.
         # Corresponds to the JSON property `importJob`
         # @return [String]
@@ -1016,6 +1152,7 @@ module Google
         # Update properties of this object
         def update!(**args)
           @algorithm = args[:algorithm] if args.key?(:algorithm)
+          @crypto_key_version = args[:crypto_key_version] if args.key?(:crypto_key_version)
           @import_job = args[:import_job] if args.key?(:import_job)
           @rsa_aes_wrapped_key = args[:rsa_aes_wrapped_key] if args.key?(:rsa_aes_wrapped_key)
         end
@@ -1637,31 +1774,31 @@ module Google
       
       # An Identity and Access Management (IAM) policy, which specifies access
       # controls for Google Cloud resources. A `Policy` is a collection of `bindings`.
-      # A `binding` binds one or more `members` to a single `role`. Members can be
-      # user accounts, service accounts, Google groups, and domains (such as G Suite).
-      # A `role` is a named list of permissions; each `role` can be an IAM predefined
-      # role or a user-created custom role. For some types of Google Cloud resources,
-      # a `binding` can also specify a `condition`, which is a logical expression that
-      # allows access to a resource only if the expression evaluates to `true`. A
-      # condition can add constraints based on attributes of the request, the resource,
-      # or both. To learn which resources support conditions in their IAM policies,
-      # see the [IAM documentation](https://cloud.google.com/iam/help/conditions/
-      # resource-policies). **JSON example:** ` "bindings": [ ` "role": "roles/
-      # resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "
-      # group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@
-      # appspot.gserviceaccount.com" ] `, ` "role": "roles/resourcemanager.
-      # organizationViewer", "members": [ "user:eve@example.com" ], "condition": ` "
-      # title": "expirable access", "description": "Does not grant access after Sep
-      # 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", `
-      # ` ], "etag": "BwWWja0YfJA=", "version": 3 ` **YAML example:** bindings: -
-      # members: - user:mike@example.com - group:admins@example.com - domain:google.
-      # com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/
-      # resourcemanager.organizationAdmin - members: - user:eve@example.com role:
-      # roles/resourcemanager.organizationViewer condition: title: expirable access
-      # description: Does not grant access after Sep 2020 expression: request.time <
-      # timestamp('2020-10-01T00:00:00.000Z') - etag: BwWWja0YfJA= - version: 3 For a
-      # description of IAM and its features, see the [IAM documentation](https://cloud.
-      # google.com/iam/docs/).
+      # A `binding` binds one or more `members`, or principals, to a single `role`.
+      # Principals can be user accounts, service accounts, Google groups, and domains (
+      # such as G Suite). A `role` is a named list of permissions; each `role` can be
+      # an IAM predefined role or a user-created custom role. For some types of Google
+      # Cloud resources, a `binding` can also specify a `condition`, which is a
+      # logical expression that allows access to a resource only if the expression
+      # evaluates to `true`. A condition can add constraints based on attributes of
+      # the request, the resource, or both. To learn which resources support
+      # conditions in their IAM policies, see the [IAM documentation](https://cloud.
+      # google.com/iam/help/conditions/resource-policies). **JSON example:** ` "
+      # bindings": [ ` "role": "roles/resourcemanager.organizationAdmin", "members": [
+      # "user:mike@example.com", "group:admins@example.com", "domain:google.com", "
+      # serviceAccount:my-project-id@appspot.gserviceaccount.com" ] `, ` "role": "
+      # roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com"
+      # ], "condition": ` "title": "expirable access", "description": "Does not grant
+      # access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:
+      # 00:00.000Z')", ` ` ], "etag": "BwWWja0YfJA=", "version": 3 ` **YAML example:**
+      # bindings: - members: - user:mike@example.com - group:admins@example.com -
+      # domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com
+      # role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.
+      # com role: roles/resourcemanager.organizationViewer condition: title: expirable
+      # access description: Does not grant access after Sep 2020 expression: request.
+      # time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For
+      # a description of IAM and its features, see the [IAM documentation](https://
+      # cloud.google.com/iam/docs/).
       class Policy
         include Google::Apis::Core::Hashable
       
@@ -1670,9 +1807,14 @@ module Google
         # @return [Array<Google::Apis::CloudkmsV1::AuditConfig>]
         attr_accessor :audit_configs
       
-        # Associates a list of `members` to a `role`. Optionally, may specify a `
-        # condition` that determines how and when the `bindings` are applied. Each of
-        # the `bindings` must contain at least one member.
+        # Associates a list of `members`, or principals, with a `role`. Optionally, may
+        # specify a `condition` that determines how and when the `bindings` are applied.
+        # Each of the `bindings` must contain at least one principal. The `bindings` in
+        # a `Policy` can refer to up to 1,500 principals; up to 250 of these principals
+        # can be Google groups. Each occurrence of a principal counts towards these
+        # limits. For example, if the `bindings` grant 50 different roles to `user:alice@
+        # example.com`, and not to any other principal, then you can add another 1,450
+        # principals to the `bindings` in the `Policy`.
         # Corresponds to the JSON property `bindings`
         # @return [Array<Google::Apis::CloudkmsV1::Binding>]
         attr_accessor :bindings
@@ -1800,31 +1942,31 @@ module Google
       
         # An Identity and Access Management (IAM) policy, which specifies access
         # controls for Google Cloud resources. A `Policy` is a collection of `bindings`.
-        # A `binding` binds one or more `members` to a single `role`. Members can be
-        # user accounts, service accounts, Google groups, and domains (such as G Suite).
-        # A `role` is a named list of permissions; each `role` can be an IAM predefined
-        # role or a user-created custom role. For some types of Google Cloud resources,
-        # a `binding` can also specify a `condition`, which is a logical expression that
-        # allows access to a resource only if the expression evaluates to `true`. A
-        # condition can add constraints based on attributes of the request, the resource,
-        # or both. To learn which resources support conditions in their IAM policies,
-        # see the [IAM documentation](https://cloud.google.com/iam/help/conditions/
-        # resource-policies). **JSON example:** ` "bindings": [ ` "role": "roles/
-        # resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "
-        # group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@
-        # appspot.gserviceaccount.com" ] `, ` "role": "roles/resourcemanager.
-        # organizationViewer", "members": [ "user:eve@example.com" ], "condition": ` "
-        # title": "expirable access", "description": "Does not grant access after Sep
-        # 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", `
-        # ` ], "etag": "BwWWja0YfJA=", "version": 3 ` **YAML example:** bindings: -
-        # members: - user:mike@example.com - group:admins@example.com - domain:google.
-        # com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/
-        # resourcemanager.organizationAdmin - members: - user:eve@example.com role:
-        # roles/resourcemanager.organizationViewer condition: title: expirable access
-        # description: Does not grant access after Sep 2020 expression: request.time <
-        # timestamp('2020-10-01T00:00:00.000Z') - etag: BwWWja0YfJA= - version: 3 For a
-        # description of IAM and its features, see the [IAM documentation](https://cloud.
-        # google.com/iam/docs/).
+        # A `binding` binds one or more `members`, or principals, to a single `role`.
+        # Principals can be user accounts, service accounts, Google groups, and domains (
+        # such as G Suite). A `role` is a named list of permissions; each `role` can be
+        # an IAM predefined role or a user-created custom role. For some types of Google
+        # Cloud resources, a `binding` can also specify a `condition`, which is a
+        # logical expression that allows access to a resource only if the expression
+        # evaluates to `true`. A condition can add constraints based on attributes of
+        # the request, the resource, or both. To learn which resources support
+        # conditions in their IAM policies, see the [IAM documentation](https://cloud.
+        # google.com/iam/help/conditions/resource-policies). **JSON example:** ` "
+        # bindings": [ ` "role": "roles/resourcemanager.organizationAdmin", "members": [
+        # "user:mike@example.com", "group:admins@example.com", "domain:google.com", "
+        # serviceAccount:my-project-id@appspot.gserviceaccount.com" ] `, ` "role": "
+        # roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com"
+        # ], "condition": ` "title": "expirable access", "description": "Does not grant
+        # access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:
+        # 00:00.000Z')", ` ` ], "etag": "BwWWja0YfJA=", "version": 3 ` **YAML example:**
+        # bindings: - members: - user:mike@example.com - group:admins@example.com -
+        # domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com
+        # role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.
+        # com role: roles/resourcemanager.organizationViewer condition: title: expirable
+        # access description: Does not grant access after Sep 2020 expression: request.
+        # time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For
+        # a description of IAM and its features, see the [IAM documentation](https://
+        # cloud.google.com/iam/docs/).
         # Corresponds to the JSON property `policy`
         # @return [Google::Apis::CloudkmsV1::Policy]
         attr_accessor :policy

data/lib/google/apis/cloudkms_v1/gem_version.rb

@@ -16,13 +16,13 @@ module Google
   module Apis
     module CloudkmsV1
       # Version of the google-apis-cloudkms_v1 gem
-      GEM_VERSION = "0.11.0"
+      GEM_VERSION = "0.15.0"
 
       # Version of the code generator used to generate this client
       GENERATOR_VERSION = "0.4.0"
 
       # Revision of the discovery document this client was generated from
-      REVISION = "20210723"
+      REVISION = "20211130"
     end
   end
 end

data/lib/google/apis/cloudkms_v1/representations.rb

@@ -136,6 +136,18 @@ module Google
         include Google::Apis::Core::JsonObjectSupport
       end
       
+      class GenerateRandomBytesRequest
+        class Representation < Google::Apis::Core::JsonRepresentation; end
+      
+        include Google::Apis::Core::JsonObjectSupport
+      end
+      
+      class GenerateRandomBytesResponse
+        class Representation < Google::Apis::Core::JsonRepresentation; end
+      
+        include Google::Apis::Core::JsonObjectSupport
+      end
+      
       class ImportCryptoKeyVersionRequest
         class Representation < Google::Apis::Core::JsonRepresentation; end
       
@@ -295,6 +307,8 @@ module Google
       class AsymmetricSignRequest
         # @private
         class Representation < Google::Apis::Core::JsonRepresentation
+          property :data, :base64 => true, as: 'data'
+          property :data_crc32c, :numeric_string => true, as: 'dataCrc32c'
           property :digest, as: 'digest', class: Google::Apis::CloudkmsV1::Digest, decorator: Google::Apis::CloudkmsV1::Digest::Representation
       
           property :digest_crc32c, :numeric_string => true, as: 'digestCrc32c'
@@ -308,6 +322,7 @@ module Google
           property :protection_level, as: 'protectionLevel'
           property :signature, :base64 => true, as: 'signature'
           property :signature_crc32c, :numeric_string => true, as: 'signatureCrc32c'
+          property :verified_data_crc32c, as: 'verifiedDataCrc32c'
           property :verified_digest_crc32c, as: 'verifiedDigestCrc32c'
         end
       end
@@ -352,6 +367,8 @@ module Google
         # @private
         class Representation < Google::Apis::Core::JsonRepresentation
           property :create_time, as: 'createTime'
+          property :destroy_scheduled_duration, as: 'destroyScheduledDuration'
+          property :import_only, as: 'importOnly'
           hash :labels, as: 'labels'
           property :name, as: 'name'
           property :next_rotation_time, as: 'nextRotationTime'
@@ -381,6 +398,7 @@ module Google
           property :import_time, as: 'importTime'
           property :name, as: 'name'
           property :protection_level, as: 'protectionLevel'
+          property :reimport_eligible, as: 'reimportEligible'
           property :state, as: 'state'
         end
       end
@@ -467,10 +485,27 @@ module Google
         end
       end
       
+      class GenerateRandomBytesRequest
+        # @private
+        class Representation < Google::Apis::Core::JsonRepresentation
+          property :length_bytes, as: 'lengthBytes'
+          property :protection_level, as: 'protectionLevel'
+        end
+      end
+      
+      class GenerateRandomBytesResponse
+        # @private
+        class Representation < Google::Apis::Core::JsonRepresentation
+          property :data, :base64 => true, as: 'data'
+          property :data_crc32c, :numeric_string => true, as: 'dataCrc32c'
+        end
+      end
+      
       class ImportCryptoKeyVersionRequest
         # @private
         class Representation < Google::Apis::Core::JsonRepresentation
           property :algorithm, as: 'algorithm'
+          property :crypto_key_version, as: 'cryptoKeyVersion'
           property :import_job, as: 'importJob'
           property :rsa_aes_wrapped_key, :base64 => true, as: 'rsaAesWrappedKey'
         end

data/lib/google/apis/cloudkms_v1/service.rb

@@ -50,6 +50,41 @@ module Google
           @batch_path = 'batch'
         end
         
+        # Generate random bytes using the Cloud KMS randomness source in the provided
+        # location.
+        # @param [String] location
+        #   The project-specific location in which to generate random bytes. For example, "
+        #   projects/my-project/locations/us-central1".
+        # @param [Google::Apis::CloudkmsV1::GenerateRandomBytesRequest] generate_random_bytes_request_object
+        # @param [String] fields
+        #   Selector specifying which fields to include in a partial response.
+        # @param [String] quota_user
+        #   Available to use for quota purposes for server-side applications. Can be any
+        #   arbitrary string assigned to a user, but should not exceed 40 characters.
+        # @param [Google::Apis::RequestOptions] options
+        #   Request-specific options
+        #
+        # @yield [result, err] Result & error if block supplied
+        # @yieldparam result [Google::Apis::CloudkmsV1::GenerateRandomBytesResponse] parsed result object
+        # @yieldparam err [StandardError] error object if request failed
+        #
+        # @return [Google::Apis::CloudkmsV1::GenerateRandomBytesResponse]
+        #
+        # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
+        # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
+        # @raise [Google::Apis::AuthorizationError] Authorization is required
+        def generate_location_random_bytes(location, generate_random_bytes_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
+          command = make_simple_command(:post, 'v1/{+location}:generateRandomBytes', options)
+          command.request_representation = Google::Apis::CloudkmsV1::GenerateRandomBytesRequest::Representation
+          command.request_object = generate_random_bytes_request_object
+          command.response_representation = Google::Apis::CloudkmsV1::GenerateRandomBytesResponse::Representation
+          command.response_class = Google::Apis::CloudkmsV1::GenerateRandomBytesResponse
+          command.params['location'] = location unless location.nil?
+          command.query['fields'] = fields unless fields.nil?
+          command.query['quotaUser'] = quota_user unless quota_user.nil?
+          execute_or_queue_command(command, &block)
+        end
+        
         # Gets information about a location.
         # @param [String] name
         #   Resource name for the location.
@@ -123,6 +158,124 @@ module Google
           execute_or_queue_command(command, &block)
         end
         
+        # Gets the access control policy for a resource. Returns an empty policy if the
+        # resource exists and does not have a policy set.
+        # @param [String] resource
+        #   REQUIRED: The resource for which the policy is being requested. See the
+        #   operation documentation for the appropriate value for this field.
+        # @param [Fixnum] options_requested_policy_version
+        #   Optional. The maximum policy version that will be used to format the policy.
+        #   Valid values are 0, 1, and 3. Requests specifying an invalid value will be
+        #   rejected. Requests for policies with any conditional role bindings must
+        #   specify version 3. Policies with no conditional role bindings may specify any
+        #   valid value or leave the field unset. The policy in the response might use the
+        #   policy version that you specified, or it might use a lower policy version. For
+        #   example, if you specify version 3, but the policy has no conditional role
+        #   bindings, the response uses version 1. To learn which resources support
+        #   conditions in their IAM policies, see the [IAM documentation](https://cloud.
+        #   google.com/iam/help/conditions/resource-policies).
+        # @param [String] fields
+        #   Selector specifying which fields to include in a partial response.
+        # @param [String] quota_user
+        #   Available to use for quota purposes for server-side applications. Can be any
+        #   arbitrary string assigned to a user, but should not exceed 40 characters.
+        # @param [Google::Apis::RequestOptions] options
+        #   Request-specific options
+        #
+        # @yield [result, err] Result & error if block supplied
+        # @yieldparam result [Google::Apis::CloudkmsV1::Policy] parsed result object
+        # @yieldparam err [StandardError] error object if request failed
+        #
+        # @return [Google::Apis::CloudkmsV1::Policy]
+        #
+        # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
+        # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
+        # @raise [Google::Apis::AuthorizationError] Authorization is required
+        def get_project_location_ekm_connection_iam_policy(resource, options_requested_policy_version: nil, fields: nil, quota_user: nil, options: nil, &block)
+          command = make_simple_command(:get, 'v1/{+resource}:getIamPolicy', options)
+          command.response_representation = Google::Apis::CloudkmsV1::Policy::Representation
+          command.response_class = Google::Apis::CloudkmsV1::Policy
+          command.params['resource'] = resource unless resource.nil?
+          command.query['options.requestedPolicyVersion'] = options_requested_policy_version unless options_requested_policy_version.nil?
+          command.query['fields'] = fields unless fields.nil?
+          command.query['quotaUser'] = quota_user unless quota_user.nil?
+          execute_or_queue_command(command, &block)
+        end
+        
+        # Sets the access control policy on the specified resource. Replaces any
+        # existing policy. Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `
+        # PERMISSION_DENIED` errors.
+        # @param [String] resource
+        #   REQUIRED: The resource for which the policy is being specified. See the
+        #   operation documentation for the appropriate value for this field.
+        # @param [Google::Apis::CloudkmsV1::SetIamPolicyRequest] set_iam_policy_request_object
+        # @param [String] fields
+        #   Selector specifying which fields to include in a partial response.
+        # @param [String] quota_user
+        #   Available to use for quota purposes for server-side applications. Can be any
+        #   arbitrary string assigned to a user, but should not exceed 40 characters.
+        # @param [Google::Apis::RequestOptions] options
+        #   Request-specific options
+        #
+        # @yield [result, err] Result & error if block supplied
+        # @yieldparam result [Google::Apis::CloudkmsV1::Policy] parsed result object
+        # @yieldparam err [StandardError] error object if request failed
+        #
+        # @return [Google::Apis::CloudkmsV1::Policy]
+        #
+        # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
+        # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
+        # @raise [Google::Apis::AuthorizationError] Authorization is required
+        def set_ekm_connection_iam_policy(resource, set_iam_policy_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
+          command = make_simple_command(:post, 'v1/{+resource}:setIamPolicy', options)
+          command.request_representation = Google::Apis::CloudkmsV1::SetIamPolicyRequest::Representation
+          command.request_object = set_iam_policy_request_object
+          command.response_representation = Google::Apis::CloudkmsV1::Policy::Representation
+          command.response_class = Google::Apis::CloudkmsV1::Policy
+          command.params['resource'] = resource unless resource.nil?
+          command.query['fields'] = fields unless fields.nil?
+          command.query['quotaUser'] = quota_user unless quota_user.nil?
+          execute_or_queue_command(command, &block)
+        end
+        
+        # Returns permissions that a caller has on the specified resource. If the
+        # resource does not exist, this will return an empty set of permissions, not a `
+        # NOT_FOUND` error. Note: This operation is designed to be used for building
+        # permission-aware UIs and command-line tools, not for authorization checking.
+        # This operation may "fail open" without warning.
+        # @param [String] resource
+        #   REQUIRED: The resource for which the policy detail is being requested. See the
+        #   operation documentation for the appropriate value for this field.
+        # @param [Google::Apis::CloudkmsV1::TestIamPermissionsRequest] test_iam_permissions_request_object
+        # @param [String] fields
+        #   Selector specifying which fields to include in a partial response.
+        # @param [String] quota_user
+        #   Available to use for quota purposes for server-side applications. Can be any
+        #   arbitrary string assigned to a user, but should not exceed 40 characters.
+        # @param [Google::Apis::RequestOptions] options
+        #   Request-specific options
+        #
+        # @yield [result, err] Result & error if block supplied
+        # @yieldparam result [Google::Apis::CloudkmsV1::TestIamPermissionsResponse] parsed result object
+        # @yieldparam err [StandardError] error object if request failed
+        #
+        # @return [Google::Apis::CloudkmsV1::TestIamPermissionsResponse]
+        #
+        # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
+        # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
+        # @raise [Google::Apis::AuthorizationError] Authorization is required
+        def test_ekm_connection_iam_permissions(resource, test_iam_permissions_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
+          command = make_simple_command(:post, 'v1/{+resource}:testIamPermissions', options)
+          command.request_representation = Google::Apis::CloudkmsV1::TestIamPermissionsRequest::Representation
+          command.request_object = test_iam_permissions_request_object
+          command.response_representation = Google::Apis::CloudkmsV1::TestIamPermissionsResponse::Representation
+          command.response_class = Google::Apis::CloudkmsV1::TestIamPermissionsResponse
+          command.params['resource'] = resource unless resource.nil?
+          command.query['fields'] = fields unless fields.nil?
+          command.query['quotaUser'] = quota_user unless quota_user.nil?
+          execute_or_queue_command(command, &block)
+        end
+        
         # Create a new KeyRing in a given Project and Location.
         # @param [String] parent
         #   Required. The resource name of the location associated with the KeyRings, in
@@ -197,13 +350,16 @@ module Google
         #   REQUIRED: The resource for which the policy is being requested. See the
         #   operation documentation for the appropriate value for this field.
         # @param [Fixnum] options_requested_policy_version
-        #   Optional. The policy format version to be returned. Valid values are 0, 1, and
-        #   3. Requests specifying an invalid value will be rejected. Requests for
-        #   policies with any conditional bindings must specify version 3. Policies
-        #   without any conditional bindings may specify any valid value or leave the
-        #   field unset. To learn which resources support conditions in their IAM policies,
-        #   see the [IAM documentation](https://cloud.google.com/iam/help/conditions/
-        #   resource-policies).
+        #   Optional. The maximum policy version that will be used to format the policy.
+        #   Valid values are 0, 1, and 3. Requests specifying an invalid value will be
+        #   rejected. Requests for policies with any conditional role bindings must
+        #   specify version 3. Policies with no conditional role bindings may specify any
+        #   valid value or leave the field unset. The policy in the response might use the
+        #   policy version that you specified, or it might use a lower policy version. For
+        #   example, if you specify version 3, but the policy has no conditional role
+        #   bindings, the response uses version 1. To learn which resources support
+        #   conditions in their IAM policies, see the [IAM documentation](https://cloud.
+        #   google.com/iam/help/conditions/resource-policies).
         # @param [String] fields
         #   Selector specifying which fields to include in a partial response.
         # @param [String] quota_user
@@ -509,13 +665,16 @@ module Google
         #   REQUIRED: The resource for which the policy is being requested. See the
         #   operation documentation for the appropriate value for this field.
         # @param [Fixnum] options_requested_policy_version
-        #   Optional. The policy format version to be returned. Valid values are 0, 1, and
-        #   3. Requests specifying an invalid value will be rejected. Requests for
-        #   policies with any conditional bindings must specify version 3. Policies
-        #   without any conditional bindings may specify any valid value or leave the
-        #   field unset. To learn which resources support conditions in their IAM policies,
-        #   see the [IAM documentation](https://cloud.google.com/iam/help/conditions/
-        #   resource-policies).
+        #   Optional. The maximum policy version that will be used to format the policy.
+        #   Valid values are 0, 1, and 3. Requests specifying an invalid value will be
+        #   rejected. Requests for policies with any conditional role bindings must
+        #   specify version 3. Policies with no conditional role bindings may specify any
+        #   valid value or leave the field unset. The policy in the response might use the
+        #   policy version that you specified, or it might use a lower policy version. For
+        #   example, if you specify version 3, but the policy has no conditional role
+        #   bindings, the response uses version 1. To learn which resources support
+        #   conditions in their IAM policies, see the [IAM documentation](https://cloud.
+        #   google.com/iam/help/conditions/resource-policies).
         # @param [String] fields
         #   Selector specifying which fields to include in a partial response.
         # @param [String] quota_user
@@ -848,11 +1007,11 @@ module Google
         end
         
         # Schedule a CryptoKeyVersion for destruction. Upon calling this method,
-        # CryptoKeyVersion.state will be set to DESTROY_SCHEDULED and destroy_time will
-        # be set to a time 24 hours in the future, at which point the state will be
-        # changed to DESTROYED, and the key material will be irrevocably destroyed.
-        # Before the destroy_time is reached, RestoreCryptoKeyVersion may be called to
-        # reverse the process.
+        # CryptoKeyVersion.state will be set to DESTROY_SCHEDULED, and destroy_time will
+        # be set to the time destroy_scheduled_duration in the future. At that time, the
+        # state will automatically change to DESTROYED, and the key material will be
+        # irrevocably destroyed. Before the destroy_time is reached,
+        # RestoreCryptoKeyVersion may be called to reverse the process.
         # @param [String] name
         #   Required. The resource name of the CryptoKeyVersion to destroy.
         # @param [Google::Apis::CloudkmsV1::DestroyCryptoKeyVersionRequest] destroy_crypto_key_version_request_object
@@ -946,11 +1105,14 @@ module Google
           execute_or_queue_command(command, &block)
         end
         
-        # Imports a new CryptoKeyVersion into an existing CryptoKey using the wrapped
-        # key material provided in the request. The version ID will be assigned the next
-        # sequential id within the CryptoKey.
+        # Import wrapped key material into a CryptoKeyVersion. All requests must specify
+        # a CryptoKey. If a CryptoKeyVersion is additionally specified in the request,
+        # key material will be reimported into that version. Otherwise, a new version
+        # will be created, and will be assigned the next sequential id within the
+        # CryptoKey.
         # @param [String] parent
-        #   Required. The name of the CryptoKey to be imported into.
+        #   Required. The name of the CryptoKey to be imported into. The create permission
+        #   is only required on this key when creating a new CryptoKeyVersion.
         # @param [Google::Apis::CloudkmsV1::ImportCryptoKeyVersionRequest] import_crypto_key_version_request_object
         # @param [String] fields
         #   Selector specifying which fields to include in a partial response.
@@ -1252,13 +1414,16 @@ module Google
         #   REQUIRED: The resource for which the policy is being requested. See the
         #   operation documentation for the appropriate value for this field.
         # @param [Fixnum] options_requested_policy_version
-        #   Optional. The policy format version to be returned. Valid values are 0, 1, and
-        #   3. Requests specifying an invalid value will be rejected. Requests for
-        #   policies with any conditional bindings must specify version 3. Policies
-        #   without any conditional bindings may specify any valid value or leave the
-        #   field unset. To learn which resources support conditions in their IAM policies,
-        #   see the [IAM documentation](https://cloud.google.com/iam/help/conditions/
-        #   resource-policies).
+        #   Optional. The maximum policy version that will be used to format the policy.
+        #   Valid values are 0, 1, and 3. Requests specifying an invalid value will be
+        #   rejected. Requests for policies with any conditional role bindings must
+        #   specify version 3. Policies with no conditional role bindings may specify any
+        #   valid value or leave the field unset. The policy in the response might use the
+        #   policy version that you specified, or it might use a lower policy version. For
+        #   example, if you specify version 3, but the policy has no conditional role
+        #   bindings, the response uses version 1. To learn which resources support
+        #   conditions in their IAM policies, see the [IAM documentation](https://cloud.
+        #   google.com/iam/help/conditions/resource-policies).
         # @param [String] fields
         #   Selector specifying which fields to include in a partial response.
         # @param [String] quota_user

data/lib/google/apis/cloudkms_v1.rb

@@ -30,7 +30,7 @@ module Google
       # This is NOT the gem version.
       VERSION = 'V1'
 
-      # See, edit, configure, and delete your Google Cloud Platform data
+      # See, edit, configure, and delete your Google Cloud data and see the email address for your Google Account.
       AUTH_CLOUD_PLATFORM = 'https://www.googleapis.com/auth/cloud-platform'
 
       # View and manage your keys and secrets stored in Cloud Key Management Service

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: google-apis-cloudkms_v1
 version: !ruby/object:Gem::Version
-  version: 0.11.0
+  version: 0.15.0
 platform: ruby
 authors:
 - Google LLC
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-08-02 00:00:00.000000000 Z
+date: 2021-12-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: google-apis-core
@@ -57,9 +57,9 @@ licenses:
 - Apache-2.0
 metadata:
   bug_tracker_uri: https://github.com/googleapis/google-api-ruby-client/issues
-  changelog_uri: https://github.com/googleapis/google-api-ruby-client/tree/master/generated/google-apis-cloudkms_v1/CHANGELOG.md
-  documentation_uri: https://googleapis.dev/ruby/google-apis-cloudkms_v1/v0.11.0
-  source_code_uri: https://github.com/googleapis/google-api-ruby-client/tree/master/generated/google-apis-cloudkms_v1
+  changelog_uri: https://github.com/googleapis/google-api-ruby-client/tree/main/generated/google-apis-cloudkms_v1/CHANGELOG.md
+  documentation_uri: https://googleapis.dev/ruby/google-apis-cloudkms_v1/v0.15.0
+  source_code_uri: https://github.com/googleapis/google-api-ruby-client/tree/main/generated/google-apis-cloudkms_v1
 post_install_message: 
 rdoc_options: []
 require_paths: