google-apis-cloudkms_v1 0.58.0 → 0.60.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2ac78661e30da92e2ec843fee9cae7346e3ced775e81c9d02b12a586332ffd00
-  data.tar.gz: d3e0c2dc81ecb83669638b53b37bfdaa9135414dd7f708b409f9b70186e912c0
+  metadata.gz: d88d548a35598e1bf54991b3b8e45cb5d1effcce6a484206865a11a551f807e7
+  data.tar.gz: 6246c1512a05f2f1b3e22436feb6889081201ec56f91399761578cbe0471d0c4
 SHA512:
-  metadata.gz: df16dafdca1a8192eb28d08346f2d01bd8347548b4eb49154b1e08c020e3988d73bfbb2b6f672d518600d59482e4b915405313f457c83c61a0b635a184fc817d
-  data.tar.gz: 7145226bb0ab11934f3cb862a33d2fadbe51c964f7247e431550a56295815b44f087df725a0adc7ae0e5893adf8b3d1a4de92f3e294a685e6e6d1019fa781b8b
+  metadata.gz: 454b02cadccf26341ae6656b0e7798fded48889c79b441e4c4f3b63c9c48cef4fa7ec44293c512c07f86cecdbc30088c73f27a7cc5d2a8f4551c48746cbbc7f7
+  data.tar.gz: 0b191bc027580a98a880255c86cfcb27113a6a5fd24f0eb5b76918ed8df044aea19793248ba6a62b9ce4b614906ef08be5b75ede127105c3d01e7f124dda1c38

data/CHANGELOG.md

@@ -1,5 +1,14 @@
 # Release history for google-apis-cloudkms_v1
 
+### v0.60.0 (2025-08-10)
+
+* Regenerated from discovery document revision 20250731
+
+### v0.59.0 (2025-05-25)
+
+* Regenerated from discovery document revision 20250516
+* Regenerated using generator version 0.18.0
+
 ### v0.58.0 (2025-05-18)
 
 * Regenerated from discovery document revision 20250501

data/lib/google/apis/cloudkms_v1/classes.rb

@@ -323,6 +323,14 @@ module Google
       class AutokeyConfig
         include Google::Apis::Core::Hashable
       
+        # Optional. A checksum computed by the server based on the value of other fields.
+        # This may be sent on update requests to ensure that the client has an up-to-
+        # date value before proceeding. The request will be rejected with an ABORTED
+        # error on a mismatched etag.
+        # Corresponds to the JSON property `etag`
+        # @return [String]
+        attr_accessor :etag
+      
         # Optional. Name of the key project, e.g. `projects/`PROJECT_ID`` or `projects/`
         # PROJECT_NUMBER``, where Cloud KMS Autokey will provision a new CryptoKey when
         # a KeyHandle is created. On UpdateAutokeyConfig, the caller will require `
@@ -352,6 +360,7 @@ module Google
       
         # Update properties of this object
         def update!(**args)
+          @etag = args[:etag] if args.key?(:etag)
           @key_project = args[:key_project] if args.key?(:key_project)
           @name = args[:name] if args.key?(:name)
           @state = args[:state] if args.key?(:state)
@@ -877,6 +886,107 @@ module Google
         end
       end
       
+      # Request message for KeyManagementService.Decapsulate.
+      class DecapsulateRequest
+        include Google::Apis::Core::Hashable
+      
+        # Required. The ciphertext produced from encapsulation with the named
+        # CryptoKeyVersion public key(s).
+        # Corresponds to the JSON property `ciphertext`
+        # NOTE: Values are automatically base64 encoded/decoded in the client library.
+        # @return [String]
+        attr_accessor :ciphertext
+      
+        # Optional. A CRC32C checksum of the DecapsulateRequest.ciphertext. If specified,
+        # KeyManagementService will verify the integrity of the received
+        # DecapsulateRequest.ciphertext using this checksum. KeyManagementService will
+        # report an error if the checksum verification fails. If you receive a checksum
+        # error, your client should verify that CRC32C(DecapsulateRequest.ciphertext) is
+        # equal to DecapsulateRequest.ciphertext_crc32c, and if so, perform a limited
+        # number of retries. A persistent mismatch may indicate an issue in your
+        # computation of the CRC32C checksum. Note: This field is defined as int64 for
+        # reasons of compatibility across different languages. However, it is a non-
+        # negative integer, which will never exceed 2^32-1, and can be safely
+        # downconverted to uint32 in languages that support this type.
+        # Corresponds to the JSON property `ciphertextCrc32c`
+        # @return [Fixnum]
+        attr_accessor :ciphertext_crc32c
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @ciphertext = args[:ciphertext] if args.key?(:ciphertext)
+          @ciphertext_crc32c = args[:ciphertext_crc32c] if args.key?(:ciphertext_crc32c)
+        end
+      end
+      
+      # Response message for KeyManagementService.Decapsulate.
+      class DecapsulateResponse
+        include Google::Apis::Core::Hashable
+      
+        # The resource name of the CryptoKeyVersion used for decapsulation. Check this
+        # field to verify that the intended resource was used for decapsulation.
+        # Corresponds to the JSON property `name`
+        # @return [String]
+        attr_accessor :name
+      
+        # The ProtectionLevel of the CryptoKeyVersion used in decapsulation.
+        # Corresponds to the JSON property `protectionLevel`
+        # @return [String]
+        attr_accessor :protection_level
+      
+        # The decapsulated shared_secret originally encapsulated with the matching
+        # public key.
+        # Corresponds to the JSON property `sharedSecret`
+        # NOTE: Values are automatically base64 encoded/decoded in the client library.
+        # @return [String]
+        attr_accessor :shared_secret
+      
+        # Integrity verification field. A CRC32C checksum of the returned
+        # DecapsulateResponse.shared_secret. An integrity check of DecapsulateResponse.
+        # shared_secret can be performed by computing the CRC32C checksum of
+        # DecapsulateResponse.shared_secret and comparing your results to this field.
+        # Discard the response in case of non-matching checksum values, and perform a
+        # limited number of retries. A persistent mismatch may indicate an issue in your
+        # computation of the CRC32C checksum. Note: receiving this response message
+        # indicates that KeyManagementService is able to successfully decrypt the
+        # ciphertext. Note: This field is defined as int64 for reasons of compatibility
+        # across different languages. However, it is a non-negative integer, which will
+        # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
+        # that support this type.
+        # Corresponds to the JSON property `sharedSecretCrc32c`
+        # @return [Fixnum]
+        attr_accessor :shared_secret_crc32c
+      
+        # Integrity verification field. A flag indicating whether DecapsulateRequest.
+        # ciphertext_crc32c was received by KeyManagementService and used for the
+        # integrity verification of the ciphertext. A false value of this field
+        # indicates either that DecapsulateRequest.ciphertext_crc32c was left unset or
+        # that it was not delivered to KeyManagementService. If you've set
+        # DecapsulateRequest.ciphertext_crc32c but this field is still false, discard
+        # the response and perform a limited number of retries.
+        # Corresponds to the JSON property `verifiedCiphertextCrc32c`
+        # @return [Boolean]
+        attr_accessor :verified_ciphertext_crc32c
+        alias_method :verified_ciphertext_crc32c?, :verified_ciphertext_crc32c
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @name = args[:name] if args.key?(:name)
+          @protection_level = args[:protection_level] if args.key?(:protection_level)
+          @shared_secret = args[:shared_secret] if args.key?(:shared_secret)
+          @shared_secret_crc32c = args[:shared_secret_crc32c] if args.key?(:shared_secret_crc32c)
+          @verified_ciphertext_crc32c = args[:verified_ciphertext_crc32c] if args.key?(:verified_ciphertext_crc32c)
+        end
+      end
+      
       # Request message for KeyManagementService.Decrypt.
       class DecryptRequest
         include Google::Apis::Core::Hashable
@@ -1575,6 +1685,34 @@ module Google
         end
       end
       
+      # The configuration of a protection level for a project's Key Access
+      # Justifications enrollment.
+      class KeyAccessJustificationsEnrollmentConfig
+        include Google::Apis::Core::Hashable
+      
+        # Whether the project has KAJ logging enabled.
+        # Corresponds to the JSON property `auditLogging`
+        # @return [Boolean]
+        attr_accessor :audit_logging
+        alias_method :audit_logging?, :audit_logging
+      
+        # Whether the project is enrolled in KAJ policy enforcement.
+        # Corresponds to the JSON property `policyEnforcement`
+        # @return [Boolean]
+        attr_accessor :policy_enforcement
+        alias_method :policy_enforcement?, :policy_enforcement
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @audit_logging = args[:audit_logging] if args.key?(:audit_logging)
+          @policy_enforcement = args[:policy_enforcement] if args.key?(:policy_enforcement)
+        end
+      end
+      
       # A KeyAccessJustificationsPolicy specifies zero or more allowed AccessReason
       # values for encrypt, decrypt, and sign operations on a CryptoKey.
       class KeyAccessJustificationsPolicy
@@ -1597,6 +1735,33 @@ module Google
         end
       end
       
+      # A singleton configuration for Key Access Justifications policies.
+      class KeyAccessJustificationsPolicyConfig
+        include Google::Apis::Core::Hashable
+      
+        # A KeyAccessJustificationsPolicy specifies zero or more allowed AccessReason
+        # values for encrypt, decrypt, and sign operations on a CryptoKey.
+        # Corresponds to the JSON property `defaultKeyAccessJustificationPolicy`
+        # @return [Google::Apis::CloudkmsV1::KeyAccessJustificationsPolicy]
+        attr_accessor :default_key_access_justification_policy
+      
+        # Identifier. The resource name for this KeyAccessJustificationsPolicyConfig in
+        # the format of "`organizations|folders|projects`/*/kajPolicyConfig".
+        # Corresponds to the JSON property `name`
+        # @return [String]
+        attr_accessor :name
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @default_key_access_justification_policy = args[:default_key_access_justification_policy] if args.key?(:default_key_access_justification_policy)
+          @name = args[:name] if args.key?(:name)
+        end
+      end
+      
       # Resource-oriented representation of a request to Cloud KMS Autokey and the
       # resulting provisioning of a CryptoKey.
       class KeyHandle
@@ -2962,6 +3127,61 @@ module Google
         end
       end
       
+      # Response message for KeyAccessJustificationsConfig.
+      # ShowEffectiveKeyAccessJustificationsEnrollmentConfig
+      class ShowEffectiveKeyAccessJustificationsEnrollmentConfigResponse
+        include Google::Apis::Core::Hashable
+      
+        # The configuration of a protection level for a project's Key Access
+        # Justifications enrollment.
+        # Corresponds to the JSON property `externalConfig`
+        # @return [Google::Apis::CloudkmsV1::KeyAccessJustificationsEnrollmentConfig]
+        attr_accessor :external_config
+      
+        # The configuration of a protection level for a project's Key Access
+        # Justifications enrollment.
+        # Corresponds to the JSON property `hardwareConfig`
+        # @return [Google::Apis::CloudkmsV1::KeyAccessJustificationsEnrollmentConfig]
+        attr_accessor :hardware_config
+      
+        # The configuration of a protection level for a project's Key Access
+        # Justifications enrollment.
+        # Corresponds to the JSON property `softwareConfig`
+        # @return [Google::Apis::CloudkmsV1::KeyAccessJustificationsEnrollmentConfig]
+        attr_accessor :software_config
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @external_config = args[:external_config] if args.key?(:external_config)
+          @hardware_config = args[:hardware_config] if args.key?(:hardware_config)
+          @software_config = args[:software_config] if args.key?(:software_config)
+        end
+      end
+      
+      # Response message for KeyAccessJustificationsConfig.
+      # ShowEffectiveKeyAccessJustificationsPolicyConfig.
+      class ShowEffectiveKeyAccessJustificationsPolicyConfigResponse
+        include Google::Apis::Core::Hashable
+      
+        # A singleton configuration for Key Access Justifications policies.
+        # Corresponds to the JSON property `effectiveKajPolicy`
+        # @return [Google::Apis::CloudkmsV1::KeyAccessJustificationsPolicyConfig]
+        attr_accessor :effective_kaj_policy
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @effective_kaj_policy = args[:effective_kaj_policy] if args.key?(:effective_kaj_policy)
+        end
+      end
+      
       # The `Status` type defines a logical error model that is suitable for different
       # programming environments, including REST APIs and RPC APIs. It is used by [
       # gRPC](https://github.com/grpc). Each `Status` message contains three pieces of

data/lib/google/apis/cloudkms_v1/gem_version.rb

@@ -16,13 +16,13 @@ module Google
   module Apis
     module CloudkmsV1
       # Version of the google-apis-cloudkms_v1 gem
-      GEM_VERSION = "0.58.0"
+      GEM_VERSION = "0.60.0"
 
       # Version of the code generator used to generate this client
-      GENERATOR_VERSION = "0.17.0"
+      GENERATOR_VERSION = "0.18.0"
 
       # Revision of the discovery document this client was generated from
-      REVISION = "20250501"
+      REVISION = "20250731"
     end
   end
 end

data/lib/google/apis/cloudkms_v1/representations.rb

@@ -106,6 +106,18 @@ module Google
         include Google::Apis::Core::JsonObjectSupport
       end
       
+      class DecapsulateRequest
+        class Representation < Google::Apis::Core::JsonRepresentation; end
+      
+        include Google::Apis::Core::JsonObjectSupport
+      end
+      
+      class DecapsulateResponse
+        class Representation < Google::Apis::Core::JsonRepresentation; end
+      
+        include Google::Apis::Core::JsonObjectSupport
+      end
+      
       class DecryptRequest
         class Representation < Google::Apis::Core::JsonRepresentation; end
       
@@ -190,12 +202,24 @@ module Google
         include Google::Apis::Core::JsonObjectSupport
       end
       
+      class KeyAccessJustificationsEnrollmentConfig
+        class Representation < Google::Apis::Core::JsonRepresentation; end
+      
+        include Google::Apis::Core::JsonObjectSupport
+      end
+      
       class KeyAccessJustificationsPolicy
         class Representation < Google::Apis::Core::JsonRepresentation; end
       
         include Google::Apis::Core::JsonObjectSupport
       end
       
+      class KeyAccessJustificationsPolicyConfig
+        class Representation < Google::Apis::Core::JsonRepresentation; end
+      
+        include Google::Apis::Core::JsonObjectSupport
+      end
+      
       class KeyHandle
         class Representation < Google::Apis::Core::JsonRepresentation; end
       
@@ -358,6 +382,18 @@ module Google
         include Google::Apis::Core::JsonObjectSupport
       end
       
+      class ShowEffectiveKeyAccessJustificationsEnrollmentConfigResponse
+        class Representation < Google::Apis::Core::JsonRepresentation; end
+      
+        include Google::Apis::Core::JsonObjectSupport
+      end
+      
+      class ShowEffectiveKeyAccessJustificationsPolicyConfigResponse
+        class Representation < Google::Apis::Core::JsonRepresentation; end
+      
+        include Google::Apis::Core::JsonObjectSupport
+      end
+      
       class Status
         class Representation < Google::Apis::Core::JsonRepresentation; end
       
@@ -455,6 +491,7 @@ module Google
       class AutokeyConfig
         # @private
         class Representation < Google::Apis::Core::JsonRepresentation
+          property :etag, as: 'etag'
           property :key_project, as: 'keyProject'
           property :name, as: 'name'
           property :state, as: 'state'
@@ -556,6 +593,25 @@ module Google
         end
       end
       
+      class DecapsulateRequest
+        # @private
+        class Representation < Google::Apis::Core::JsonRepresentation
+          property :ciphertext, :base64 => true, as: 'ciphertext'
+          property :ciphertext_crc32c, :numeric_string => true, as: 'ciphertextCrc32c'
+        end
+      end
+      
+      class DecapsulateResponse
+        # @private
+        class Representation < Google::Apis::Core::JsonRepresentation
+          property :name, as: 'name'
+          property :protection_level, as: 'protectionLevel'
+          property :shared_secret, :base64 => true, as: 'sharedSecret'
+          property :shared_secret_crc32c, :numeric_string => true, as: 'sharedSecretCrc32c'
+          property :verified_ciphertext_crc32c, as: 'verifiedCiphertextCrc32c'
+        end
+      end
+      
       class DecryptRequest
         # @private
         class Representation < Google::Apis::Core::JsonRepresentation
@@ -697,6 +753,14 @@ module Google
         end
       end
       
+      class KeyAccessJustificationsEnrollmentConfig
+        # @private
+        class Representation < Google::Apis::Core::JsonRepresentation
+          property :audit_logging, as: 'auditLogging'
+          property :policy_enforcement, as: 'policyEnforcement'
+        end
+      end
+      
       class KeyAccessJustificationsPolicy
         # @private
         class Representation < Google::Apis::Core::JsonRepresentation
@@ -704,6 +768,15 @@ module Google
         end
       end
       
+      class KeyAccessJustificationsPolicyConfig
+        # @private
+        class Representation < Google::Apis::Core::JsonRepresentation
+          property :default_key_access_justification_policy, as: 'defaultKeyAccessJustificationPolicy', class: Google::Apis::CloudkmsV1::KeyAccessJustificationsPolicy, decorator: Google::Apis::CloudkmsV1::KeyAccessJustificationsPolicy::Representation
+      
+          property :name, as: 'name'
+        end
+      end
+      
       class KeyHandle
         # @private
         class Representation < Google::Apis::Core::JsonRepresentation
@@ -983,6 +1056,26 @@ module Google
         end
       end
       
+      class ShowEffectiveKeyAccessJustificationsEnrollmentConfigResponse
+        # @private
+        class Representation < Google::Apis::Core::JsonRepresentation
+          property :external_config, as: 'externalConfig', class: Google::Apis::CloudkmsV1::KeyAccessJustificationsEnrollmentConfig, decorator: Google::Apis::CloudkmsV1::KeyAccessJustificationsEnrollmentConfig::Representation
+      
+          property :hardware_config, as: 'hardwareConfig', class: Google::Apis::CloudkmsV1::KeyAccessJustificationsEnrollmentConfig, decorator: Google::Apis::CloudkmsV1::KeyAccessJustificationsEnrollmentConfig::Representation
+      
+          property :software_config, as: 'softwareConfig', class: Google::Apis::CloudkmsV1::KeyAccessJustificationsEnrollmentConfig, decorator: Google::Apis::CloudkmsV1::KeyAccessJustificationsEnrollmentConfig::Representation
+      
+        end
+      end
+      
+      class ShowEffectiveKeyAccessJustificationsPolicyConfigResponse
+        # @private
+        class Representation < Google::Apis::Core::JsonRepresentation
+          property :effective_kaj_policy, as: 'effectiveKajPolicy', class: Google::Apis::CloudkmsV1::KeyAccessJustificationsPolicyConfig, decorator: Google::Apis::CloudkmsV1::KeyAccessJustificationsPolicyConfig::Representation
+      
+        end
+      end
+      
       class Status
         # @private
         class Representation < Google::Apis::Core::JsonRepresentation

data/lib/google/apis/cloudkms_v1/service.rb

@@ -83,6 +83,37 @@ module Google
           execute_or_queue_command(command, &block)
         end
         
+        # Gets the KeyAccessJustificationsPolicyConfig for a given organization/folder/
+        # projects.
+        # @param [String] name
+        #   Required. The name of the KeyAccessJustificationsPolicyConfig to get.
+        # @param [String] fields
+        #   Selector specifying which fields to include in a partial response.
+        # @param [String] quota_user
+        #   Available to use for quota purposes for server-side applications. Can be any
+        #   arbitrary string assigned to a user, but should not exceed 40 characters.
+        # @param [Google::Apis::RequestOptions] options
+        #   Request-specific options
+        #
+        # @yield [result, err] Result & error if block supplied
+        # @yieldparam result [Google::Apis::CloudkmsV1::KeyAccessJustificationsPolicyConfig] parsed result object
+        # @yieldparam err [StandardError] error object if request failed
+        #
+        # @return [Google::Apis::CloudkmsV1::KeyAccessJustificationsPolicyConfig]
+        #
+        # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
+        # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
+        # @raise [Google::Apis::AuthorizationError] Authorization is required
+        def get_folder_kaj_policy_config(name, fields: nil, quota_user: nil, options: nil, &block)
+          command = make_simple_command(:get, 'v1/{+name}', options)
+          command.response_representation = Google::Apis::CloudkmsV1::KeyAccessJustificationsPolicyConfig::Representation
+          command.response_class = Google::Apis::CloudkmsV1::KeyAccessJustificationsPolicyConfig
+          command.params['name'] = name unless name.nil?
+          command.query['fields'] = fields unless fields.nil?
+          command.query['quotaUser'] = quota_user unless quota_user.nil?
+          execute_or_queue_command(command, &block)
+        end
+        
         # Updates the AutokeyConfig for a folder. The caller must have both `cloudkms.
         # autokeyConfigs.update` permission on the parent folder and `cloudkms.
         # cryptoKeys.setIamPolicy` permission on the provided key project. A KeyHandle
@@ -124,6 +155,144 @@ module Google
           execute_or_queue_command(command, &block)
         end
         
+        # Updates the KeyAccessJustificationsPolicyConfig for a given organization/
+        # folder/projects.
+        # @param [String] name
+        #   Identifier. The resource name for this KeyAccessJustificationsPolicyConfig in
+        #   the format of "`organizations|folders|projects`/*/kajPolicyConfig".
+        # @param [Google::Apis::CloudkmsV1::KeyAccessJustificationsPolicyConfig] key_access_justifications_policy_config_object
+        # @param [String] update_mask
+        #   Optional. The list of fields to update.
+        # @param [String] fields
+        #   Selector specifying which fields to include in a partial response.
+        # @param [String] quota_user
+        #   Available to use for quota purposes for server-side applications. Can be any
+        #   arbitrary string assigned to a user, but should not exceed 40 characters.
+        # @param [Google::Apis::RequestOptions] options
+        #   Request-specific options
+        #
+        # @yield [result, err] Result & error if block supplied
+        # @yieldparam result [Google::Apis::CloudkmsV1::KeyAccessJustificationsPolicyConfig] parsed result object
+        # @yieldparam err [StandardError] error object if request failed
+        #
+        # @return [Google::Apis::CloudkmsV1::KeyAccessJustificationsPolicyConfig]
+        #
+        # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
+        # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
+        # @raise [Google::Apis::AuthorizationError] Authorization is required
+        def update_folder_kaj_policy_config(name, key_access_justifications_policy_config_object = nil, update_mask: nil, fields: nil, quota_user: nil, options: nil, &block)
+          command = make_simple_command(:patch, 'v1/{+name}', options)
+          command.request_representation = Google::Apis::CloudkmsV1::KeyAccessJustificationsPolicyConfig::Representation
+          command.request_object = key_access_justifications_policy_config_object
+          command.response_representation = Google::Apis::CloudkmsV1::KeyAccessJustificationsPolicyConfig::Representation
+          command.response_class = Google::Apis::CloudkmsV1::KeyAccessJustificationsPolicyConfig
+          command.params['name'] = name unless name.nil?
+          command.query['updateMask'] = update_mask unless update_mask.nil?
+          command.query['fields'] = fields unless fields.nil?
+          command.query['quotaUser'] = quota_user unless quota_user.nil?
+          execute_or_queue_command(command, &block)
+        end
+        
+        # Gets the KeyAccessJustificationsPolicyConfig for a given organization/folder/
+        # projects.
+        # @param [String] name
+        #   Required. The name of the KeyAccessJustificationsPolicyConfig to get.
+        # @param [String] fields
+        #   Selector specifying which fields to include in a partial response.
+        # @param [String] quota_user
+        #   Available to use for quota purposes for server-side applications. Can be any
+        #   arbitrary string assigned to a user, but should not exceed 40 characters.
+        # @param [Google::Apis::RequestOptions] options
+        #   Request-specific options
+        #
+        # @yield [result, err] Result & error if block supplied
+        # @yieldparam result [Google::Apis::CloudkmsV1::KeyAccessJustificationsPolicyConfig] parsed result object
+        # @yieldparam err [StandardError] error object if request failed
+        #
+        # @return [Google::Apis::CloudkmsV1::KeyAccessJustificationsPolicyConfig]
+        #
+        # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
+        # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
+        # @raise [Google::Apis::AuthorizationError] Authorization is required
+        def get_organization_kaj_policy_config(name, fields: nil, quota_user: nil, options: nil, &block)
+          command = make_simple_command(:get, 'v1/{+name}', options)
+          command.response_representation = Google::Apis::CloudkmsV1::KeyAccessJustificationsPolicyConfig::Representation
+          command.response_class = Google::Apis::CloudkmsV1::KeyAccessJustificationsPolicyConfig
+          command.params['name'] = name unless name.nil?
+          command.query['fields'] = fields unless fields.nil?
+          command.query['quotaUser'] = quota_user unless quota_user.nil?
+          execute_or_queue_command(command, &block)
+        end
+        
+        # Updates the KeyAccessJustificationsPolicyConfig for a given organization/
+        # folder/projects.
+        # @param [String] name
+        #   Identifier. The resource name for this KeyAccessJustificationsPolicyConfig in
+        #   the format of "`organizations|folders|projects`/*/kajPolicyConfig".
+        # @param [Google::Apis::CloudkmsV1::KeyAccessJustificationsPolicyConfig] key_access_justifications_policy_config_object
+        # @param [String] update_mask
+        #   Optional. The list of fields to update.
+        # @param [String] fields
+        #   Selector specifying which fields to include in a partial response.
+        # @param [String] quota_user
+        #   Available to use for quota purposes for server-side applications. Can be any
+        #   arbitrary string assigned to a user, but should not exceed 40 characters.
+        # @param [Google::Apis::RequestOptions] options
+        #   Request-specific options
+        #
+        # @yield [result, err] Result & error if block supplied
+        # @yieldparam result [Google::Apis::CloudkmsV1::KeyAccessJustificationsPolicyConfig] parsed result object
+        # @yieldparam err [StandardError] error object if request failed
+        #
+        # @return [Google::Apis::CloudkmsV1::KeyAccessJustificationsPolicyConfig]
+        #
+        # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
+        # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
+        # @raise [Google::Apis::AuthorizationError] Authorization is required
+        def update_organization_kaj_policy_config(name, key_access_justifications_policy_config_object = nil, update_mask: nil, fields: nil, quota_user: nil, options: nil, &block)
+          command = make_simple_command(:patch, 'v1/{+name}', options)
+          command.request_representation = Google::Apis::CloudkmsV1::KeyAccessJustificationsPolicyConfig::Representation
+          command.request_object = key_access_justifications_policy_config_object
+          command.response_representation = Google::Apis::CloudkmsV1::KeyAccessJustificationsPolicyConfig::Representation
+          command.response_class = Google::Apis::CloudkmsV1::KeyAccessJustificationsPolicyConfig
+          command.params['name'] = name unless name.nil?
+          command.query['updateMask'] = update_mask unless update_mask.nil?
+          command.query['fields'] = fields unless fields.nil?
+          command.query['quotaUser'] = quota_user unless quota_user.nil?
+          execute_or_queue_command(command, &block)
+        end
+        
+        # Gets the KeyAccessJustificationsPolicyConfig for a given organization/folder/
+        # projects.
+        # @param [String] name
+        #   Required. The name of the KeyAccessJustificationsPolicyConfig to get.
+        # @param [String] fields
+        #   Selector specifying which fields to include in a partial response.
+        # @param [String] quota_user
+        #   Available to use for quota purposes for server-side applications. Can be any
+        #   arbitrary string assigned to a user, but should not exceed 40 characters.
+        # @param [Google::Apis::RequestOptions] options
+        #   Request-specific options
+        #
+        # @yield [result, err] Result & error if block supplied
+        # @yieldparam result [Google::Apis::CloudkmsV1::KeyAccessJustificationsPolicyConfig] parsed result object
+        # @yieldparam err [StandardError] error object if request failed
+        #
+        # @return [Google::Apis::CloudkmsV1::KeyAccessJustificationsPolicyConfig]
+        #
+        # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
+        # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
+        # @raise [Google::Apis::AuthorizationError] Authorization is required
+        def get_project_kaj_policy_config(name, fields: nil, quota_user: nil, options: nil, &block)
+          command = make_simple_command(:get, 'v1/{+name}', options)
+          command.response_representation = Google::Apis::CloudkmsV1::KeyAccessJustificationsPolicyConfig::Representation
+          command.response_class = Google::Apis::CloudkmsV1::KeyAccessJustificationsPolicyConfig
+          command.params['name'] = name unless name.nil?
+          command.query['fields'] = fields unless fields.nil?
+          command.query['quotaUser'] = quota_user unless quota_user.nil?
+          execute_or_queue_command(command, &block)
+        end
+        
         # Returns the effective Cloud KMS Autokey configuration for a given project.
         # @param [String] parent
         #   Required. Name of the resource project to the show effective Cloud KMS Autokey
@@ -156,6 +325,108 @@ module Google
           execute_or_queue_command(command, &block)
         end
         
+        # Returns the KeyAccessJustificationsEnrollmentConfig of the resource closest to
+        # the given project in hierarchy.
+        # @param [String] project
+        #   Required. The number or id of the project to get the effective
+        #   KeyAccessJustificationsEnrollmentConfig for.
+        # @param [String] fields
+        #   Selector specifying which fields to include in a partial response.
+        # @param [String] quota_user
+        #   Available to use for quota purposes for server-side applications. Can be any
+        #   arbitrary string assigned to a user, but should not exceed 40 characters.
+        # @param [Google::Apis::RequestOptions] options
+        #   Request-specific options
+        #
+        # @yield [result, err] Result & error if block supplied
+        # @yieldparam result [Google::Apis::CloudkmsV1::ShowEffectiveKeyAccessJustificationsEnrollmentConfigResponse] parsed result object
+        # @yieldparam err [StandardError] error object if request failed
+        #
+        # @return [Google::Apis::CloudkmsV1::ShowEffectiveKeyAccessJustificationsEnrollmentConfigResponse]
+        #
+        # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
+        # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
+        # @raise [Google::Apis::AuthorizationError] Authorization is required
+        def show_project_effective_key_access_justifications_enrollment_config(project, fields: nil, quota_user: nil, options: nil, &block)
+          command = make_simple_command(:get, 'v1/{+project}:showEffectiveKeyAccessJustificationsEnrollmentConfig', options)
+          command.response_representation = Google::Apis::CloudkmsV1::ShowEffectiveKeyAccessJustificationsEnrollmentConfigResponse::Representation
+          command.response_class = Google::Apis::CloudkmsV1::ShowEffectiveKeyAccessJustificationsEnrollmentConfigResponse
+          command.params['project'] = project unless project.nil?
+          command.query['fields'] = fields unless fields.nil?
+          command.query['quotaUser'] = quota_user unless quota_user.nil?
+          execute_or_queue_command(command, &block)
+        end
+        
+        # Returns the KeyAccessJustificationsPolicyConfig of the resource closest to the
+        # given project in hierarchy.
+        # @param [String] project
+        #   Required. The number or id of the project to get the effective
+        #   KeyAccessJustificationsPolicyConfig. In the format of "projects/`|`"
+        # @param [String] fields
+        #   Selector specifying which fields to include in a partial response.
+        # @param [String] quota_user
+        #   Available to use for quota purposes for server-side applications. Can be any
+        #   arbitrary string assigned to a user, but should not exceed 40 characters.
+        # @param [Google::Apis::RequestOptions] options
+        #   Request-specific options
+        #
+        # @yield [result, err] Result & error if block supplied
+        # @yieldparam result [Google::Apis::CloudkmsV1::ShowEffectiveKeyAccessJustificationsPolicyConfigResponse] parsed result object
+        # @yieldparam err [StandardError] error object if request failed
+        #
+        # @return [Google::Apis::CloudkmsV1::ShowEffectiveKeyAccessJustificationsPolicyConfigResponse]
+        #
+        # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
+        # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
+        # @raise [Google::Apis::AuthorizationError] Authorization is required
+        def show_project_effective_key_access_justifications_policy_config(project, fields: nil, quota_user: nil, options: nil, &block)
+          command = make_simple_command(:get, 'v1/{+project}:showEffectiveKeyAccessJustificationsPolicyConfig', options)
+          command.response_representation = Google::Apis::CloudkmsV1::ShowEffectiveKeyAccessJustificationsPolicyConfigResponse::Representation
+          command.response_class = Google::Apis::CloudkmsV1::ShowEffectiveKeyAccessJustificationsPolicyConfigResponse
+          command.params['project'] = project unless project.nil?
+          command.query['fields'] = fields unless fields.nil?
+          command.query['quotaUser'] = quota_user unless quota_user.nil?
+          execute_or_queue_command(command, &block)
+        end
+        
+        # Updates the KeyAccessJustificationsPolicyConfig for a given organization/
+        # folder/projects.
+        # @param [String] name
+        #   Identifier. The resource name for this KeyAccessJustificationsPolicyConfig in
+        #   the format of "`organizations|folders|projects`/*/kajPolicyConfig".
+        # @param [Google::Apis::CloudkmsV1::KeyAccessJustificationsPolicyConfig] key_access_justifications_policy_config_object
+        # @param [String] update_mask
+        #   Optional. The list of fields to update.
+        # @param [String] fields
+        #   Selector specifying which fields to include in a partial response.
+        # @param [String] quota_user
+        #   Available to use for quota purposes for server-side applications. Can be any
+        #   arbitrary string assigned to a user, but should not exceed 40 characters.
+        # @param [Google::Apis::RequestOptions] options
+        #   Request-specific options
+        #
+        # @yield [result, err] Result & error if block supplied
+        # @yieldparam result [Google::Apis::CloudkmsV1::KeyAccessJustificationsPolicyConfig] parsed result object
+        # @yieldparam err [StandardError] error object if request failed
+        #
+        # @return [Google::Apis::CloudkmsV1::KeyAccessJustificationsPolicyConfig]
+        #
+        # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
+        # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
+        # @raise [Google::Apis::AuthorizationError] Authorization is required
+        def update_project_kaj_policy_config(name, key_access_justifications_policy_config_object = nil, update_mask: nil, fields: nil, quota_user: nil, options: nil, &block)
+          command = make_simple_command(:patch, 'v1/{+name}', options)
+          command.request_representation = Google::Apis::CloudkmsV1::KeyAccessJustificationsPolicyConfig::Representation
+          command.request_object = key_access_justifications_policy_config_object
+          command.response_representation = Google::Apis::CloudkmsV1::KeyAccessJustificationsPolicyConfig::Representation
+          command.response_class = Google::Apis::CloudkmsV1::KeyAccessJustificationsPolicyConfig
+          command.params['name'] = name unless name.nil?
+          command.query['updateMask'] = update_mask unless update_mask.nil?
+          command.query['fields'] = fields unless fields.nil?
+          command.query['quotaUser'] = quota_user unless quota_user.nil?
+          execute_or_queue_command(command, &block)
+        end
+        
         # Generate random bytes using the Cloud KMS randomness source in the provided
         # location.
         # @param [String] location
@@ -1622,6 +1893,41 @@ module Google
           execute_or_queue_command(command, &block)
         end
         
+        # Decapsulates data that was encapsulated with a public key retrieved from
+        # GetPublicKey corresponding to a CryptoKeyVersion with CryptoKey.purpose
+        # KEY_ENCAPSULATION.
+        # @param [String] name
+        #   Required. The resource name of the CryptoKeyVersion to use for decapsulation.
+        # @param [Google::Apis::CloudkmsV1::DecapsulateRequest] decapsulate_request_object
+        # @param [String] fields
+        #   Selector specifying which fields to include in a partial response.
+        # @param [String] quota_user
+        #   Available to use for quota purposes for server-side applications. Can be any
+        #   arbitrary string assigned to a user, but should not exceed 40 characters.
+        # @param [Google::Apis::RequestOptions] options
+        #   Request-specific options
+        #
+        # @yield [result, err] Result & error if block supplied
+        # @yieldparam result [Google::Apis::CloudkmsV1::DecapsulateResponse] parsed result object
+        # @yieldparam err [StandardError] error object if request failed
+        #
+        # @return [Google::Apis::CloudkmsV1::DecapsulateResponse]
+        #
+        # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
+        # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
+        # @raise [Google::Apis::AuthorizationError] Authorization is required
+        def decapsulate_crypto_key_version(name, decapsulate_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
+          command = make_simple_command(:post, 'v1/{+name}:decapsulate', options)
+          command.request_representation = Google::Apis::CloudkmsV1::DecapsulateRequest::Representation
+          command.request_object = decapsulate_request_object
+          command.response_representation = Google::Apis::CloudkmsV1::DecapsulateResponse::Representation
+          command.response_class = Google::Apis::CloudkmsV1::DecapsulateResponse
+          command.params['name'] = name unless name.nil?
+          command.query['fields'] = fields unless fields.nil?
+          command.query['quotaUser'] = quota_user unless quota_user.nil?
+          execute_or_queue_command(command, &block)
+        end
+        
         # Schedule a CryptoKeyVersion for destruction. Upon calling this method,
         # CryptoKeyVersion.state will be set to DESTROY_SCHEDULED, and destroy_time will
         # be set to the time destroy_scheduled_duration in the future. At that time, the

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: google-apis-cloudkms_v1
 version: !ruby/object:Gem::Version
-  version: 0.58.0
+  version: 0.60.0
 platform: ruby
 authors:
 - Google LLC
@@ -57,7 +57,7 @@ licenses:
 metadata:
   bug_tracker_uri: https://github.com/googleapis/google-api-ruby-client/issues
   changelog_uri: https://github.com/googleapis/google-api-ruby-client/tree/main/generated/google-apis-cloudkms_v1/CHANGELOG.md
-  documentation_uri: https://googleapis.dev/ruby/google-apis-cloudkms_v1/v0.58.0
+  documentation_uri: https://googleapis.dev/ruby/google-apis-cloudkms_v1/v0.60.0
   source_code_uri: https://github.com/googleapis/google-api-ruby-client/tree/main/generated/google-apis-cloudkms_v1
 rdoc_options: []
 require_paths:
@@ -73,7 +73,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.6.8
+rubygems_version: 3.6.9
 specification_version: 4
 summary: Simple REST client for Cloud Key Management Service (KMS) API V1
 test_files: []