google-apis-cloudkms_v1 0.14.0 → 0.18.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f69e3a0fc65e6928568379ac341d0392a2db920eb9d3878df4e49b19d56473a2
-  data.tar.gz: b427fae2fbeaecc703fa7ab19533a49ed97e314c3e80c5811a48020804ef11c0
+  metadata.gz: f9e7a9bf628a433836ffe99b2de43f8496acf463f64fd5673bb50000c4c4289d
+  data.tar.gz: c0638848dd8f3d12809d0371089f2f1dce15f637df007a6e97bb833805fa9083
 SHA512:
-  metadata.gz: 0c15dfd2b13f2506ab903e271565da0dd765f6b53e945a8c79d4418e42621b417f44b030fdb6e228cd61c8034b9fa951880ea7bb8920cc61eff940cc7f373c0e
-  data.tar.gz: 34b73b9f2de6316714dcc73fa903384a9c868f9f81ddbfc19831ed2ac7001401025beb4e6380ccd18d8c7e01573f067a21be4b2dae8ddee91c38198dd71bf705
+  metadata.gz: 3675f97c439089f350e4aec9781406718a04ee2c4c824d1428846b170f7920a13f5ff1792a2bef6fd5541862ad7aed042fdd1065de915935884b98d9bee925c4
+  data.tar.gz: dd18ff0ef0d7259b5f95564e45a3afc6e100156f027dfc2232034ab937c35e798abdfa7a93ade6d4305051514c15b55ca234af297b4763cc5f87e3d34d941e01

data/CHANGELOG.md

@@ -1,5 +1,23 @@
 # Release history for google-apis-cloudkms_v1
 
+### v0.18.0 (2022-02-13)
+
+* Regenerated from discovery document revision 20220208
+
+### v0.17.0 (2022-01-28)
+
+* Regenerated from discovery document revision 20220122
+* Regenerated using generator version 0.4.1
+
+### v0.16.0 (2022-01-08)
+
+* Regenerated from discovery document revision 20220104
+* Unspecified changes
+
+### v0.15.0 (2021-12-08)
+
+* Regenerated from discovery document revision 20211130
+
 ### v0.14.0 (2021-11-13)
 
 * Regenerated from discovery document revision 20211105

data/OVERVIEW.md

@@ -51,7 +51,7 @@ require "google/apis/cloudkms_v1"
 client = Google::Apis::CloudkmsV1::CloudKMSService.new
 
 # Authenticate calls
-client.authentication = # ... use the googleauth gem to create credentials
+client.authorization = # ... use the googleauth gem to create credentials
 ```
 
 See the class reference docs for information on the methods you can call from a client.

data/lib/google/apis/cloudkms_v1/classes.rb

@@ -119,9 +119,8 @@ module Google
       class AsymmetricSignRequest
         include Google::Apis::Core::Hashable
       
-        # Optional. This field will only be honored for RAW_PKCS1 keys. The data to sign.
-        # A digest is computed over the data that will be signed, PKCS #1 padding is
-        # applied to the digest directly and then encrypted.
+        # Optional. The data to sign. It can't be supplied if AsymmetricSignRequest.
+        # digest is supplied.
         # Corresponds to the JSON property `data`
         # NOTE: Values are automatically base64 encoded/decoded in the client library.
         # @return [String]
@@ -391,6 +390,82 @@ module Google
         end
       end
       
+      # A Certificate represents an X.509 certificate used to authenticate HTTPS
+      # connections to EKM replicas.
+      class Certificate
+        include Google::Apis::Core::Hashable
+      
+        # Output only. The issuer distinguished name in RFC 2253 format. Only present if
+        # parsed is true.
+        # Corresponds to the JSON property `issuer`
+        # @return [String]
+        attr_accessor :issuer
+      
+        # Output only. The certificate is not valid after this time. Only present if
+        # parsed is true.
+        # Corresponds to the JSON property `notAfterTime`
+        # @return [String]
+        attr_accessor :not_after_time
+      
+        # Output only. The certificate is not valid before this time. Only present if
+        # parsed is true.
+        # Corresponds to the JSON property `notBeforeTime`
+        # @return [String]
+        attr_accessor :not_before_time
+      
+        # Output only. True if the certificate was parsed successfully.
+        # Corresponds to the JSON property `parsed`
+        # @return [Boolean]
+        attr_accessor :parsed
+        alias_method :parsed?, :parsed
+      
+        # Required. The raw certificate bytes in DER format.
+        # Corresponds to the JSON property `rawDer`
+        # NOTE: Values are automatically base64 encoded/decoded in the client library.
+        # @return [String]
+        attr_accessor :raw_der
+      
+        # Output only. The certificate serial number as a hex string. Only present if
+        # parsed is true.
+        # Corresponds to the JSON property `serialNumber`
+        # @return [String]
+        attr_accessor :serial_number
+      
+        # Output only. The SHA-256 certificate fingerprint as a hex string. Only present
+        # if parsed is true.
+        # Corresponds to the JSON property `sha256Fingerprint`
+        # @return [String]
+        attr_accessor :sha256_fingerprint
+      
+        # Output only. The subject distinguished name in RFC 2253 format. Only present
+        # if parsed is true.
+        # Corresponds to the JSON property `subject`
+        # @return [String]
+        attr_accessor :subject
+      
+        # Output only. The subject Alternative DNS names. Only present if parsed is true.
+        # Corresponds to the JSON property `subjectAlternativeDnsNames`
+        # @return [Array<String>]
+        attr_accessor :subject_alternative_dns_names
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @issuer = args[:issuer] if args.key?(:issuer)
+          @not_after_time = args[:not_after_time] if args.key?(:not_after_time)
+          @not_before_time = args[:not_before_time] if args.key?(:not_before_time)
+          @parsed = args[:parsed] if args.key?(:parsed)
+          @raw_der = args[:raw_der] if args.key?(:raw_der)
+          @serial_number = args[:serial_number] if args.key?(:serial_number)
+          @sha256_fingerprint = args[:sha256_fingerprint] if args.key?(:sha256_fingerprint)
+          @subject = args[:subject] if args.key?(:subject)
+          @subject_alternative_dns_names = args[:subject_alternative_dns_names] if args.key?(:subject_alternative_dns_names)
+        end
+      end
+      
       # Certificate chains needed to verify the attestation. Certificates in chains
       # are PEM-encoded and are ordered based on https://tools.ietf.org/html/rfc5246#
       # section-7.4.2.
@@ -435,6 +510,16 @@ module Google
         # @return [String]
         attr_accessor :create_time
       
+        # Immutable. The resource name of the backend environment where the key material
+        # for all CryptoKeyVersions associated with this CryptoKey reside and where all
+        # related cryptographic operations are performed. Only applicable if
+        # CryptoKeyVersions have a ProtectionLevel of EXTERNAL_VPC, with the resource
+        # name in the format `projects/*/locations/*/ekmConnections/*`. Note, this list
+        # is non-exhaustive and may apply to additional ProtectionLevels in the future.
+        # Corresponds to the JSON property `cryptoKeyBackend`
+        # @return [String]
+        attr_accessor :crypto_key_backend
+      
         # Immutable. The period of time that versions of this key spend in the
         # DESTROY_SCHEDULED state before transitioning to DESTROYED. If not specified at
         # creation time, the default duration is 24 hours.
@@ -508,6 +593,7 @@ module Google
         # Update properties of this object
         def update!(**args)
           @create_time = args[:create_time] if args.key?(:create_time)
+          @crypto_key_backend = args[:crypto_key_backend] if args.key?(:crypto_key_backend)
           @destroy_scheduled_duration = args[:destroy_scheduled_duration] if args.key?(:destroy_scheduled_duration)
           @import_only = args[:import_only] if args.key?(:import_only)
           @labels = args[:labels] if args.key?(:labels)
@@ -560,7 +646,7 @@ module Google
       
         # ExternalProtectionLevelOptions stores a group of additional fields for
         # configuring a CryptoKeyVersion that are specific to the EXTERNAL protection
-        # level.
+        # level and EXTERNAL_VPC protection levels.
         # Corresponds to the JSON property `externalProtectionLevelOptions`
         # @return [Google::Apis::CloudkmsV1::ExternalProtectionLevelOptions]
         attr_accessor :external_protection_level_options
@@ -824,6 +910,51 @@ module Google
         end
       end
       
+      # An EkmConnection represents an individual EKM connection. It can be used for
+      # creating CryptoKeys and CryptoKeyVersions with a ProtectionLevel of
+      # EXTERNAL_VPC, as well as performing cryptographic operations using keys
+      # created within the EkmConnection.
+      class EkmConnection
+        include Google::Apis::Core::Hashable
+      
+        # Output only. The time at which the EkmConnection was created.
+        # Corresponds to the JSON property `createTime`
+        # @return [String]
+        attr_accessor :create_time
+      
+        # This checksum is computed by the server based on the value of other fields,
+        # and may be sent on update requests to ensure the client has an up-to-date
+        # value before proceeding.
+        # Corresponds to the JSON property `etag`
+        # @return [String]
+        attr_accessor :etag
+      
+        # Output only. The resource name for the EkmConnection in the format `projects/*/
+        # locations/*/ekmConnections/*`.
+        # Corresponds to the JSON property `name`
+        # @return [String]
+        attr_accessor :name
+      
+        # A list of ServiceResolvers where the EKM can be reached. There should be one
+        # ServiceResolver per EKM replica. Currently, only a single ServiceResolver is
+        # supported.
+        # Corresponds to the JSON property `serviceResolvers`
+        # @return [Array<Google::Apis::CloudkmsV1::ServiceResolver>]
+        attr_accessor :service_resolvers
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @create_time = args[:create_time] if args.key?(:create_time)
+          @etag = args[:etag] if args.key?(:etag)
+          @name = args[:name] if args.key?(:name)
+          @service_resolvers = args[:service_resolvers] if args.key?(:service_resolvers)
+        end
+      end
+      
       # Request message for KeyManagementService.Encrypt.
       class EncryptRequest
         include Google::Apis::Core::Hashable
@@ -1022,10 +1153,17 @@ module Google
       
       # ExternalProtectionLevelOptions stores a group of additional fields for
       # configuring a CryptoKeyVersion that are specific to the EXTERNAL protection
-      # level.
+      # level and EXTERNAL_VPC protection levels.
       class ExternalProtectionLevelOptions
         include Google::Apis::Core::Hashable
       
+        # The path to the external key material on the EKM when using EkmConnection e.g.,
+        # "v0/my/key". Set this field instead of external_key_uri when using an
+        # EkmConnection.
+        # Corresponds to the JSON property `ekmConnectionKeyPath`
+        # @return [String]
+        attr_accessor :ekm_connection_key_path
+      
         # The URI for an external resource that this CryptoKeyVersion represents.
         # Corresponds to the JSON property `externalKeyUri`
         # @return [String]
@@ -1037,6 +1175,7 @@ module Google
       
         # Update properties of this object
         def update!(**args)
+          @ekm_connection_key_path = args[:ekm_connection_key_path] if args.key?(:ekm_connection_key_path)
           @external_key_uri = args[:external_key_uri] if args.key?(:external_key_uri)
         end
       end
@@ -1051,8 +1190,8 @@ module Google
         # @return [Fixnum]
         attr_accessor :length_bytes
       
-        # The ProtectionLevel to use when generating the random data. Defaults to
-        # SOFTWARE.
+        # The ProtectionLevel to use when generating the random data. Currently, only
+        # HSM protection level is supported.
         # Corresponds to the JSON property `protectionLevel`
         # @return [String]
         attr_accessor :protection_level
@@ -1134,13 +1273,13 @@ module Google
         # Wrapped key material produced with RSA_OAEP_3072_SHA1_AES_256 or
         # RSA_OAEP_4096_SHA1_AES_256. This field contains the concatenation of two
         # wrapped keys: 1. An ephemeral AES-256 wrapping key wrapped with the public_key
-        # using RSAES-OAEP with SHA-1, MGF1 with SHA-1, and an empty label. 2. The key
-        # to be imported, wrapped with the ephemeral AES-256 key using AES-KWP (RFC 5649)
-        # . If importing symmetric key material, it is expected that the unwrapped key
-        # contains plain bytes. If importing asymmetric key material, it is expected
-        # that the unwrapped key is in PKCS#8-encoded DER format (the PrivateKeyInfo
-        # structure from RFC 5208). This format is the same as the format produced by
-        # PKCS#11 mechanism CKM_RSA_AES_KEY_WRAP.
+        # using RSAES-OAEP with SHA-1/SHA-256, MGF1 with SHA-1/SHA-256, and an empty
+        # label. 2. The key to be imported, wrapped with the ephemeral AES-256 key using
+        # AES-KWP (RFC 5649). If importing symmetric key material, it is expected that
+        # the unwrapped key contains plain bytes. If importing asymmetric key material,
+        # it is expected that the unwrapped key is in PKCS#8-encoded DER format (the
+        # PrivateKeyInfo structure from RFC 5208). This format is the same as the format
+        # produced by PKCS#11 mechanism CKM_RSA_AES_KEY_WRAP.
         # Corresponds to the JSON property `rsaAesWrappedKey`
         # NOTE: Values are automatically base64 encoded/decoded in the client library.
         # @return [String]
@@ -1382,6 +1521,38 @@ module Google
         end
       end
       
+      # Response message for KeyManagementService.ListEkmConnections.
+      class ListEkmConnectionsResponse
+        include Google::Apis::Core::Hashable
+      
+        # The list of EkmConnections.
+        # Corresponds to the JSON property `ekmConnections`
+        # @return [Array<Google::Apis::CloudkmsV1::EkmConnection>]
+        attr_accessor :ekm_connections
+      
+        # A token to retrieve next page of results. Pass this value in
+        # ListEkmConnectionsRequest.page_token to retrieve the next page of results.
+        # Corresponds to the JSON property `nextPageToken`
+        # @return [String]
+        attr_accessor :next_page_token
+      
+        # The total number of EkmConnections that matched the query.
+        # Corresponds to the JSON property `totalSize`
+        # @return [Fixnum]
+        attr_accessor :total_size
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @ekm_connections = args[:ekm_connections] if args.key?(:ekm_connections)
+          @next_page_token = args[:next_page_token] if args.key?(:next_page_token)
+          @total_size = args[:total_size] if args.key?(:total_size)
+        end
+      end
+      
       # Response message for KeyManagementService.ListImportJobs.
       class ListImportJobsResponse
         include Google::Apis::Core::Hashable
@@ -1937,6 +2108,51 @@ module Google
         end
       end
       
+      # A ServiceResolver represents an EKM replica that can be reached within an
+      # EkmConnection.
+      class ServiceResolver
+        include Google::Apis::Core::Hashable
+      
+        # Optional. The filter applied to the endpoints of the resolved service. If no
+        # filter is specified, all endpoints will be considered. An endpoint will be
+        # chosen arbitrarily from the filtered list for each request. For endpoint
+        # filter syntax and examples, see https://cloud.google.com/service-directory/
+        # docs/reference/rpc/google.cloud.servicedirectory.v1#resolveservicerequest.
+        # Corresponds to the JSON property `endpointFilter`
+        # @return [String]
+        attr_accessor :endpoint_filter
+      
+        # Required. The hostname of the EKM replica used at TLS and HTTP layers.
+        # Corresponds to the JSON property `hostname`
+        # @return [String]
+        attr_accessor :hostname
+      
+        # Required. A list of leaf server certificates used to authenticate HTTPS
+        # connections to the EKM replica. Currently, a maximum of 10 Certificate is
+        # supported.
+        # Corresponds to the JSON property `serverCertificates`
+        # @return [Array<Google::Apis::CloudkmsV1::Certificate>]
+        attr_accessor :server_certificates
+      
+        # Required. The resource name of the Service Directory service pointing to an
+        # EKM replica, in the format `projects/*/locations/*/namespaces/*/services/*`.
+        # Corresponds to the JSON property `serviceDirectoryService`
+        # @return [String]
+        attr_accessor :service_directory_service
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @endpoint_filter = args[:endpoint_filter] if args.key?(:endpoint_filter)
+          @hostname = args[:hostname] if args.key?(:hostname)
+          @server_certificates = args[:server_certificates] if args.key?(:server_certificates)
+          @service_directory_service = args[:service_directory_service] if args.key?(:service_directory_service)
+        end
+      end
+      
       # Request message for `SetIamPolicy` method.
       class SetIamPolicyRequest
         include Google::Apis::Core::Hashable

data/lib/google/apis/cloudkms_v1/gem_version.rb

@@ -16,13 +16,13 @@ module Google
   module Apis
     module CloudkmsV1
       # Version of the google-apis-cloudkms_v1 gem
-      GEM_VERSION = "0.14.0"
+      GEM_VERSION = "0.18.0"
 
       # Version of the code generator used to generate this client
-      GENERATOR_VERSION = "0.4.0"
+      GENERATOR_VERSION = "0.4.1"
 
       # Revision of the discovery document this client was generated from
-      REVISION = "20211105"
+      REVISION = "20220208"
     end
   end
 end

data/lib/google/apis/cloudkms_v1/representations.rb

@@ -64,6 +64,12 @@ module Google
         include Google::Apis::Core::JsonObjectSupport
       end
       
+      class Certificate
+        class Representation < Google::Apis::Core::JsonRepresentation; end
+      
+        include Google::Apis::Core::JsonObjectSupport
+      end
+      
       class CertificateChains
         class Representation < Google::Apis::Core::JsonRepresentation; end
       
@@ -112,6 +118,12 @@ module Google
         include Google::Apis::Core::JsonObjectSupport
       end
       
+      class EkmConnection
+        class Representation < Google::Apis::Core::JsonRepresentation; end
+      
+        include Google::Apis::Core::JsonObjectSupport
+      end
+      
       class EncryptRequest
         class Representation < Google::Apis::Core::JsonRepresentation; end
       
@@ -184,6 +196,12 @@ module Google
         include Google::Apis::Core::JsonObjectSupport
       end
       
+      class ListEkmConnectionsResponse
+        class Representation < Google::Apis::Core::JsonRepresentation; end
+      
+        include Google::Apis::Core::JsonObjectSupport
+      end
+      
       class ListImportJobsResponse
         class Representation < Google::Apis::Core::JsonRepresentation; end
       
@@ -256,6 +274,12 @@ module Google
         include Google::Apis::Core::JsonObjectSupport
       end
       
+      class ServiceResolver
+        class Representation < Google::Apis::Core::JsonRepresentation; end
+      
+        include Google::Apis::Core::JsonObjectSupport
+      end
+      
       class SetIamPolicyRequest
         class Representation < Google::Apis::Core::JsonRepresentation; end
       
@@ -354,6 +378,21 @@ module Google
         end
       end
       
+      class Certificate
+        # @private
+        class Representation < Google::Apis::Core::JsonRepresentation
+          property :issuer, as: 'issuer'
+          property :not_after_time, as: 'notAfterTime'
+          property :not_before_time, as: 'notBeforeTime'
+          property :parsed, as: 'parsed'
+          property :raw_der, :base64 => true, as: 'rawDer'
+          property :serial_number, as: 'serialNumber'
+          property :sha256_fingerprint, as: 'sha256Fingerprint'
+          property :subject, as: 'subject'
+          collection :subject_alternative_dns_names, as: 'subjectAlternativeDnsNames'
+        end
+      end
+      
       class CertificateChains
         # @private
         class Representation < Google::Apis::Core::JsonRepresentation
@@ -367,6 +406,7 @@ module Google
         # @private
         class Representation < Google::Apis::Core::JsonRepresentation
           property :create_time, as: 'createTime'
+          property :crypto_key_backend, as: 'cryptoKeyBackend'
           property :destroy_scheduled_duration, as: 'destroyScheduledDuration'
           property :import_only, as: 'importOnly'
           hash :labels, as: 'labels'
@@ -446,6 +486,17 @@ module Google
         end
       end
       
+      class EkmConnection
+        # @private
+        class Representation < Google::Apis::Core::JsonRepresentation
+          property :create_time, as: 'createTime'
+          property :etag, as: 'etag'
+          property :name, as: 'name'
+          collection :service_resolvers, as: 'serviceResolvers', class: Google::Apis::CloudkmsV1::ServiceResolver, decorator: Google::Apis::CloudkmsV1::ServiceResolver::Representation
+      
+        end
+      end
+      
       class EncryptRequest
         # @private
         class Representation < Google::Apis::Core::JsonRepresentation
@@ -481,6 +532,7 @@ module Google
       class ExternalProtectionLevelOptions
         # @private
         class Representation < Google::Apis::Core::JsonRepresentation
+          property :ekm_connection_key_path, as: 'ekmConnectionKeyPath'
           property :external_key_uri, as: 'externalKeyUri'
         end
       end
@@ -567,6 +619,16 @@ module Google
         end
       end
       
+      class ListEkmConnectionsResponse
+        # @private
+        class Representation < Google::Apis::Core::JsonRepresentation
+          collection :ekm_connections, as: 'ekmConnections', class: Google::Apis::CloudkmsV1::EkmConnection, decorator: Google::Apis::CloudkmsV1::EkmConnection::Representation
+      
+          property :next_page_token, as: 'nextPageToken'
+          property :total_size, as: 'totalSize'
+        end
+      end
+      
       class ListImportJobsResponse
         # @private
         class Representation < Google::Apis::Core::JsonRepresentation
@@ -685,6 +747,17 @@ module Google
         end
       end
       
+      class ServiceResolver
+        # @private
+        class Representation < Google::Apis::Core::JsonRepresentation
+          property :endpoint_filter, as: 'endpointFilter'
+          property :hostname, as: 'hostname'
+          collection :server_certificates, as: 'serverCertificates', class: Google::Apis::CloudkmsV1::Certificate, decorator: Google::Apis::CloudkmsV1::Certificate::Representation
+      
+          property :service_directory_service, as: 'serviceDirectoryService'
+        end
+      end
+      
       class SetIamPolicyRequest
         # @private
         class Representation < Google::Apis::Core::JsonRepresentation

data/lib/google/apis/cloudkms_v1/service.rb

@@ -158,6 +158,281 @@ module Google
           execute_or_queue_command(command, &block)
         end
         
+        # Creates a new EkmConnection in a given Project and Location.
+        # @param [String] parent
+        #   Required. The resource name of the location associated with the EkmConnection,
+        #   in the format `projects/*/locations/*`.
+        # @param [Google::Apis::CloudkmsV1::EkmConnection] ekm_connection_object
+        # @param [String] ekm_connection_id
+        #   Required. It must be unique within a location and match the regular expression
+        #   `[a-zA-Z0-9_-]`1,63``.
+        # @param [String] fields
+        #   Selector specifying which fields to include in a partial response.
+        # @param [String] quota_user
+        #   Available to use for quota purposes for server-side applications. Can be any
+        #   arbitrary string assigned to a user, but should not exceed 40 characters.
+        # @param [Google::Apis::RequestOptions] options
+        #   Request-specific options
+        #
+        # @yield [result, err] Result & error if block supplied
+        # @yieldparam result [Google::Apis::CloudkmsV1::EkmConnection] parsed result object
+        # @yieldparam err [StandardError] error object if request failed
+        #
+        # @return [Google::Apis::CloudkmsV1::EkmConnection]
+        #
+        # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
+        # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
+        # @raise [Google::Apis::AuthorizationError] Authorization is required
+        def create_project_location_ekm_connection(parent, ekm_connection_object = nil, ekm_connection_id: nil, fields: nil, quota_user: nil, options: nil, &block)
+          command = make_simple_command(:post, 'v1/{+parent}/ekmConnections', options)
+          command.request_representation = Google::Apis::CloudkmsV1::EkmConnection::Representation
+          command.request_object = ekm_connection_object
+          command.response_representation = Google::Apis::CloudkmsV1::EkmConnection::Representation
+          command.response_class = Google::Apis::CloudkmsV1::EkmConnection
+          command.params['parent'] = parent unless parent.nil?
+          command.query['ekmConnectionId'] = ekm_connection_id unless ekm_connection_id.nil?
+          command.query['fields'] = fields unless fields.nil?
+          command.query['quotaUser'] = quota_user unless quota_user.nil?
+          execute_or_queue_command(command, &block)
+        end
+        
+        # Returns metadata for a given EkmConnection.
+        # @param [String] name
+        #   Required. The name of the EkmConnection to get.
+        # @param [String] fields
+        #   Selector specifying which fields to include in a partial response.
+        # @param [String] quota_user
+        #   Available to use for quota purposes for server-side applications. Can be any
+        #   arbitrary string assigned to a user, but should not exceed 40 characters.
+        # @param [Google::Apis::RequestOptions] options
+        #   Request-specific options
+        #
+        # @yield [result, err] Result & error if block supplied
+        # @yieldparam result [Google::Apis::CloudkmsV1::EkmConnection] parsed result object
+        # @yieldparam err [StandardError] error object if request failed
+        #
+        # @return [Google::Apis::CloudkmsV1::EkmConnection]
+        #
+        # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
+        # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
+        # @raise [Google::Apis::AuthorizationError] Authorization is required
+        def get_project_location_ekm_connection(name, fields: nil, quota_user: nil, options: nil, &block)
+          command = make_simple_command(:get, 'v1/{+name}', options)
+          command.response_representation = Google::Apis::CloudkmsV1::EkmConnection::Representation
+          command.response_class = Google::Apis::CloudkmsV1::EkmConnection
+          command.params['name'] = name unless name.nil?
+          command.query['fields'] = fields unless fields.nil?
+          command.query['quotaUser'] = quota_user unless quota_user.nil?
+          execute_or_queue_command(command, &block)
+        end
+        
+        # Gets the access control policy for a resource. Returns an empty policy if the
+        # resource exists and does not have a policy set.
+        # @param [String] resource
+        #   REQUIRED: The resource for which the policy is being requested. See the
+        #   operation documentation for the appropriate value for this field.
+        # @param [Fixnum] options_requested_policy_version
+        #   Optional. The maximum policy version that will be used to format the policy.
+        #   Valid values are 0, 1, and 3. Requests specifying an invalid value will be
+        #   rejected. Requests for policies with any conditional role bindings must
+        #   specify version 3. Policies with no conditional role bindings may specify any
+        #   valid value or leave the field unset. The policy in the response might use the
+        #   policy version that you specified, or it might use a lower policy version. For
+        #   example, if you specify version 3, but the policy has no conditional role
+        #   bindings, the response uses version 1. To learn which resources support
+        #   conditions in their IAM policies, see the [IAM documentation](https://cloud.
+        #   google.com/iam/help/conditions/resource-policies).
+        # @param [String] fields
+        #   Selector specifying which fields to include in a partial response.
+        # @param [String] quota_user
+        #   Available to use for quota purposes for server-side applications. Can be any
+        #   arbitrary string assigned to a user, but should not exceed 40 characters.
+        # @param [Google::Apis::RequestOptions] options
+        #   Request-specific options
+        #
+        # @yield [result, err] Result & error if block supplied
+        # @yieldparam result [Google::Apis::CloudkmsV1::Policy] parsed result object
+        # @yieldparam err [StandardError] error object if request failed
+        #
+        # @return [Google::Apis::CloudkmsV1::Policy]
+        #
+        # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
+        # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
+        # @raise [Google::Apis::AuthorizationError] Authorization is required
+        def get_project_location_ekm_connection_iam_policy(resource, options_requested_policy_version: nil, fields: nil, quota_user: nil, options: nil, &block)
+          command = make_simple_command(:get, 'v1/{+resource}:getIamPolicy', options)
+          command.response_representation = Google::Apis::CloudkmsV1::Policy::Representation
+          command.response_class = Google::Apis::CloudkmsV1::Policy
+          command.params['resource'] = resource unless resource.nil?
+          command.query['options.requestedPolicyVersion'] = options_requested_policy_version unless options_requested_policy_version.nil?
+          command.query['fields'] = fields unless fields.nil?
+          command.query['quotaUser'] = quota_user unless quota_user.nil?
+          execute_or_queue_command(command, &block)
+        end
+        
+        # Lists EkmConnections.
+        # @param [String] parent
+        #   Required. The resource name of the location associated with the EkmConnections
+        #   to list, in the format `projects/*/locations/*`.
+        # @param [String] filter
+        #   Optional. Only include resources that match the filter in the response. For
+        #   more information, see [Sorting and filtering list results](https://cloud.
+        #   google.com/kms/docs/sorting-and-filtering).
+        # @param [String] order_by
+        #   Optional. Specify how the results should be sorted. If not specified, the
+        #   results will be sorted in the default order. For more information, see [
+        #   Sorting and filtering list results](https://cloud.google.com/kms/docs/sorting-
+        #   and-filtering).
+        # @param [Fixnum] page_size
+        #   Optional. Optional limit on the number of EkmConnections to include in the
+        #   response. Further EkmConnections can subsequently be obtained by including the
+        #   ListEkmConnectionsResponse.next_page_token in a subsequent request. If
+        #   unspecified, the server will pick an appropriate default.
+        # @param [String] page_token
+        #   Optional. Optional pagination token, returned earlier via
+        #   ListEkmConnectionsResponse.next_page_token.
+        # @param [String] fields
+        #   Selector specifying which fields to include in a partial response.
+        # @param [String] quota_user
+        #   Available to use for quota purposes for server-side applications. Can be any
+        #   arbitrary string assigned to a user, but should not exceed 40 characters.
+        # @param [Google::Apis::RequestOptions] options
+        #   Request-specific options
+        #
+        # @yield [result, err] Result & error if block supplied
+        # @yieldparam result [Google::Apis::CloudkmsV1::ListEkmConnectionsResponse] parsed result object
+        # @yieldparam err [StandardError] error object if request failed
+        #
+        # @return [Google::Apis::CloudkmsV1::ListEkmConnectionsResponse]
+        #
+        # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
+        # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
+        # @raise [Google::Apis::AuthorizationError] Authorization is required
+        def list_project_location_ekm_connections(parent, filter: nil, order_by: nil, page_size: nil, page_token: nil, fields: nil, quota_user: nil, options: nil, &block)
+          command = make_simple_command(:get, 'v1/{+parent}/ekmConnections', options)
+          command.response_representation = Google::Apis::CloudkmsV1::ListEkmConnectionsResponse::Representation
+          command.response_class = Google::Apis::CloudkmsV1::ListEkmConnectionsResponse
+          command.params['parent'] = parent unless parent.nil?
+          command.query['filter'] = filter unless filter.nil?
+          command.query['orderBy'] = order_by unless order_by.nil?
+          command.query['pageSize'] = page_size unless page_size.nil?
+          command.query['pageToken'] = page_token unless page_token.nil?
+          command.query['fields'] = fields unless fields.nil?
+          command.query['quotaUser'] = quota_user unless quota_user.nil?
+          execute_or_queue_command(command, &block)
+        end
+        
+        # Updates an EkmConnection's metadata.
+        # @param [String] name
+        #   Output only. The resource name for the EkmConnection in the format `projects/*/
+        #   locations/*/ekmConnections/*`.
+        # @param [Google::Apis::CloudkmsV1::EkmConnection] ekm_connection_object
+        # @param [String] update_mask
+        #   Required. List of fields to be updated in this request.
+        # @param [String] fields
+        #   Selector specifying which fields to include in a partial response.
+        # @param [String] quota_user
+        #   Available to use for quota purposes for server-side applications. Can be any
+        #   arbitrary string assigned to a user, but should not exceed 40 characters.
+        # @param [Google::Apis::RequestOptions] options
+        #   Request-specific options
+        #
+        # @yield [result, err] Result & error if block supplied
+        # @yieldparam result [Google::Apis::CloudkmsV1::EkmConnection] parsed result object
+        # @yieldparam err [StandardError] error object if request failed
+        #
+        # @return [Google::Apis::CloudkmsV1::EkmConnection]
+        #
+        # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
+        # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
+        # @raise [Google::Apis::AuthorizationError] Authorization is required
+        def patch_project_location_ekm_connection(name, ekm_connection_object = nil, update_mask: nil, fields: nil, quota_user: nil, options: nil, &block)
+          command = make_simple_command(:patch, 'v1/{+name}', options)
+          command.request_representation = Google::Apis::CloudkmsV1::EkmConnection::Representation
+          command.request_object = ekm_connection_object
+          command.response_representation = Google::Apis::CloudkmsV1::EkmConnection::Representation
+          command.response_class = Google::Apis::CloudkmsV1::EkmConnection
+          command.params['name'] = name unless name.nil?
+          command.query['updateMask'] = update_mask unless update_mask.nil?
+          command.query['fields'] = fields unless fields.nil?
+          command.query['quotaUser'] = quota_user unless quota_user.nil?
+          execute_or_queue_command(command, &block)
+        end
+        
+        # Sets the access control policy on the specified resource. Replaces any
+        # existing policy. Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `
+        # PERMISSION_DENIED` errors.
+        # @param [String] resource
+        #   REQUIRED: The resource for which the policy is being specified. See the
+        #   operation documentation for the appropriate value for this field.
+        # @param [Google::Apis::CloudkmsV1::SetIamPolicyRequest] set_iam_policy_request_object
+        # @param [String] fields
+        #   Selector specifying which fields to include in a partial response.
+        # @param [String] quota_user
+        #   Available to use for quota purposes for server-side applications. Can be any
+        #   arbitrary string assigned to a user, but should not exceed 40 characters.
+        # @param [Google::Apis::RequestOptions] options
+        #   Request-specific options
+        #
+        # @yield [result, err] Result & error if block supplied
+        # @yieldparam result [Google::Apis::CloudkmsV1::Policy] parsed result object
+        # @yieldparam err [StandardError] error object if request failed
+        #
+        # @return [Google::Apis::CloudkmsV1::Policy]
+        #
+        # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
+        # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
+        # @raise [Google::Apis::AuthorizationError] Authorization is required
+        def set_ekm_connection_iam_policy(resource, set_iam_policy_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
+          command = make_simple_command(:post, 'v1/{+resource}:setIamPolicy', options)
+          command.request_representation = Google::Apis::CloudkmsV1::SetIamPolicyRequest::Representation
+          command.request_object = set_iam_policy_request_object
+          command.response_representation = Google::Apis::CloudkmsV1::Policy::Representation
+          command.response_class = Google::Apis::CloudkmsV1::Policy
+          command.params['resource'] = resource unless resource.nil?
+          command.query['fields'] = fields unless fields.nil?
+          command.query['quotaUser'] = quota_user unless quota_user.nil?
+          execute_or_queue_command(command, &block)
+        end
+        
+        # Returns permissions that a caller has on the specified resource. If the
+        # resource does not exist, this will return an empty set of permissions, not a `
+        # NOT_FOUND` error. Note: This operation is designed to be used for building
+        # permission-aware UIs and command-line tools, not for authorization checking.
+        # This operation may "fail open" without warning.
+        # @param [String] resource
+        #   REQUIRED: The resource for which the policy detail is being requested. See the
+        #   operation documentation for the appropriate value for this field.
+        # @param [Google::Apis::CloudkmsV1::TestIamPermissionsRequest] test_iam_permissions_request_object
+        # @param [String] fields
+        #   Selector specifying which fields to include in a partial response.
+        # @param [String] quota_user
+        #   Available to use for quota purposes for server-side applications. Can be any
+        #   arbitrary string assigned to a user, but should not exceed 40 characters.
+        # @param [Google::Apis::RequestOptions] options
+        #   Request-specific options
+        #
+        # @yield [result, err] Result & error if block supplied
+        # @yieldparam result [Google::Apis::CloudkmsV1::TestIamPermissionsResponse] parsed result object
+        # @yieldparam err [StandardError] error object if request failed
+        #
+        # @return [Google::Apis::CloudkmsV1::TestIamPermissionsResponse]
+        #
+        # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
+        # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
+        # @raise [Google::Apis::AuthorizationError] Authorization is required
+        def test_ekm_connection_iam_permissions(resource, test_iam_permissions_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
+          command = make_simple_command(:post, 'v1/{+resource}:testIamPermissions', options)
+          command.request_representation = Google::Apis::CloudkmsV1::TestIamPermissionsRequest::Representation
+          command.request_object = test_iam_permissions_request_object
+          command.response_representation = Google::Apis::CloudkmsV1::TestIamPermissionsResponse::Representation
+          command.response_class = Google::Apis::CloudkmsV1::TestIamPermissionsResponse
+          command.params['resource'] = resource unless resource.nil?
+          command.query['fields'] = fields unless fields.nil?
+          command.query['quotaUser'] = quota_user unless quota_user.nil?
+          execute_or_queue_command(command, &block)
+        end
+        
         # Create a new KeyRing in a given Project and Location.
         # @param [String] parent
         #   Required. The resource name of the location associated with the KeyRings, in

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: google-apis-cloudkms_v1
 version: !ruby/object:Gem::Version
-  version: 0.14.0
+  version: 0.18.0
 platform: ruby
 authors:
 - Google LLC
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-11-15 00:00:00.000000000 Z
+date: 2022-02-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: google-apis-core
@@ -58,7 +58,7 @@ licenses:
 metadata:
   bug_tracker_uri: https://github.com/googleapis/google-api-ruby-client/issues
   changelog_uri: https://github.com/googleapis/google-api-ruby-client/tree/main/generated/google-apis-cloudkms_v1/CHANGELOG.md
-  documentation_uri: https://googleapis.dev/ruby/google-apis-cloudkms_v1/v0.14.0
+  documentation_uri: https://googleapis.dev/ruby/google-apis-cloudkms_v1/v0.18.0
   source_code_uri: https://github.com/googleapis/google-api-ruby-client/tree/main/generated/google-apis-cloudkms_v1
 post_install_message: 
 rdoc_options: []
@@ -75,7 +75,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.17
+rubygems_version: 3.3.5
 signing_key: 
 specification_version: 4
 summary: Simple REST client for Cloud Key Management Service (KMS) API V1