google-apis-cloudkms_v1 0.9.0 → 0.13.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: '083ef8974584fb4752648cedde431bc9a332049934336c4b0e94ee917e28ee81'
-  data.tar.gz: 1d8870d46487cec8ff9a48abbd7ad5281a728ba6f4b040d29d5bdfceff9fbd86
+  metadata.gz: eef0d274f894eea11b33ba175de8fe306fb023a5e3df4370ac638b4a248eefde
+  data.tar.gz: 3f6b829005f150c087b5b9383c27e32923974c5cf6e722ce1a9321e679e29a43
 SHA512:
-  metadata.gz: 7a68b14dd76288a00af560994dbac73187efd155e02aa295f08846a3830f86106f82e1296b0ab20fb632d29634f10844bab72f8a1b1ee80bfc3d5c7004d1d973
-  data.tar.gz: d89d56d8a130ed9a1a6ce12ba7b566beccfb6df6b60c9cfd6e95f2dbce0c6f8ff32559e85d90be5ee917ae66434990c96a71dc1af235cab5a830ef31c6fede05
+  metadata.gz: 6c21f4e7bb306d8673aaad482fd22f1690ad90d270913c4e9707d11835e0f319777e47608d8f748a35009e542cd8c2bc332645c4d6257c84a2b069e58ac7d70c
+  data.tar.gz: bd843d20073722f6c00419825973460e408d193754f82f9c161b40c3ff9ca2195d40d720c600617bb3516c8d226efdc744a52544c9d256d27fbe7a3b2229ddac

data/CHANGELOG.md

@@ -1,5 +1,21 @@
 # Release history for google-apis-cloudkms_v1
 
+### v0.13.0 (2021-10-26)
+
+* Regenerated from discovery document revision 20211018
+
+### v0.12.0 (2021-09-01)
+
+* Regenerated from discovery document revision 20210820
+
+### v0.11.0 (2021-07-31)
+
+* Regenerated from discovery document revision 20210723
+
+### v0.10.0 (2021-07-14)
+
+* Regenerated from discovery document revision 20210702
+
 ### v0.9.0 (2021-06-29)
 
 * Regenerated from discovery document revision 20210622

data/OVERVIEW.md

@@ -60,8 +60,8 @@ See the class reference docs for information on the methods you can call from a
 
 More detailed descriptions of the Google simple REST clients are available in two documents.
 
- *  The [Usage Guide](https://github.com/googleapis/google-api-ruby-client/blob/master/docs/usage-guide.md) discusses how to make API calls, how to use the provided data structures, and how to work the various features of the client library, including media upload and download, error handling, retries, pagination, and logging.
- *  The [Auth Guide](https://github.com/googleapis/google-api-ruby-client/blob/master/docs/auth-guide.md) discusses authentication in the client libraries, including API keys, OAuth 2.0, service accounts, and environment variables.
+ *  The [Usage Guide](https://github.com/googleapis/google-api-ruby-client/blob/main/docs/usage-guide.md) discusses how to make API calls, how to use the provided data structures, and how to work the various features of the client library, including media upload and download, error handling, retries, pagination, and logging.
+ *  The [Auth Guide](https://github.com/googleapis/google-api-ruby-client/blob/main/docs/auth-guide.md) discusses authentication in the client libraries, including API keys, OAuth 2.0, service accounts, and environment variables.
 
 (Note: the above documents are written for the simple REST clients in general, and their examples may not reflect the Cloudkms service in particular.)
 

data/lib/google/apis/cloudkms_v1/classes.rb

@@ -44,7 +44,7 @@ module Google
         # checksum. Note: This field is defined as int64 for reasons of compatibility
         # across different languages. However, it is a non-negative integer, which will
         # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
-        # that support this type. NOTE: This field is in Beta.
+        # that support this type.
         # Corresponds to the JSON property `ciphertextCrc32c`
         # @return [Fixnum]
         attr_accessor :ciphertext_crc32c
@@ -79,8 +79,7 @@ module Google
         # issue in your computation of the CRC32C checksum. Note: This field is defined
         # as int64 for reasons of compatibility across different languages. However, it
         # is a non-negative integer, which will never exceed 2^32-1, and can be safely
-        # downconverted to uint32 in languages that support this type. NOTE: This field
-        # is in Beta.
+        # downconverted to uint32 in languages that support this type.
         # Corresponds to the JSON property `plaintextCrc32c`
         # @return [Fixnum]
         attr_accessor :plaintext_crc32c
@@ -97,7 +96,7 @@ module Google
         # ciphertext_crc32c was left unset or that it was not delivered to
         # KeyManagementService. If you've set AsymmetricDecryptRequest.ciphertext_crc32c
         # but this field is still false, discard the response and perform a limited
-        # number of retries. NOTE: This field is in Beta.
+        # number of retries.
         # Corresponds to the JSON property `verifiedCiphertextCrc32c`
         # @return [Boolean]
         attr_accessor :verified_ciphertext_crc32c
@@ -120,6 +119,29 @@ module Google
       class AsymmetricSignRequest
         include Google::Apis::Core::Hashable
       
+        # Optional. This field will only be honored for RAW_PKCS1 keys. The data to sign.
+        # A digest is computed over the data that will be signed, PKCS #1 padding is
+        # applied to the digest directly and then encrypted.
+        # Corresponds to the JSON property `data`
+        # NOTE: Values are automatically base64 encoded/decoded in the client library.
+        # @return [String]
+        attr_accessor :data
+      
+        # Optional. An optional CRC32C checksum of the AsymmetricSignRequest.data. If
+        # specified, KeyManagementService will verify the integrity of the received
+        # AsymmetricSignRequest.data using this checksum. KeyManagementService will
+        # report an error if the checksum verification fails. If you receive a checksum
+        # error, your client should verify that CRC32C(AsymmetricSignRequest.data) is
+        # equal to AsymmetricSignRequest.data_crc32c, and if so, perform a limited
+        # number of retries. A persistent mismatch may indicate an issue in your
+        # computation of the CRC32C checksum. Note: This field is defined as int64 for
+        # reasons of compatibility across different languages. However, it is a non-
+        # negative integer, which will never exceed 2^32-1, and can be safely
+        # downconverted to uint32 in languages that support this type.
+        # Corresponds to the JSON property `dataCrc32c`
+        # @return [Fixnum]
+        attr_accessor :data_crc32c
+      
         # A Digest holds a cryptographic message digest.
         # Corresponds to the JSON property `digest`
         # @return [Google::Apis::CloudkmsV1::Digest]
@@ -135,8 +157,7 @@ module Google
         # computation of the CRC32C checksum. Note: This field is defined as int64 for
         # reasons of compatibility across different languages. However, it is a non-
         # negative integer, which will never exceed 2^32-1, and can be safely
-        # downconverted to uint32 in languages that support this type. NOTE: This field
-        # is in Beta.
+        # downconverted to uint32 in languages that support this type.
         # Corresponds to the JSON property `digestCrc32c`
         # @return [Fixnum]
         attr_accessor :digest_crc32c
@@ -147,6 +168,8 @@ module Google
       
         # Update properties of this object
         def update!(**args)
+          @data = args[:data] if args.key?(:data)
+          @data_crc32c = args[:data_crc32c] if args.key?(:data_crc32c)
           @digest = args[:digest] if args.key?(:digest)
           @digest_crc32c = args[:digest_crc32c] if args.key?(:digest_crc32c)
         end
@@ -157,8 +180,7 @@ module Google
         include Google::Apis::Core::Hashable
       
         # The resource name of the CryptoKeyVersion used for signing. Check this field
-        # to verify that the intended resource was used for signing. NOTE: This field is
-        # in Beta.
+        # to verify that the intended resource was used for signing.
         # Corresponds to the JSON property `name`
         # @return [String]
         attr_accessor :name
@@ -183,19 +205,30 @@ module Google
         # computation of the CRC32C checksum. Note: This field is defined as int64 for
         # reasons of compatibility across different languages. However, it is a non-
         # negative integer, which will never exceed 2^32-1, and can be safely
-        # downconverted to uint32 in languages that support this type. NOTE: This field
-        # is in Beta.
+        # downconverted to uint32 in languages that support this type.
         # Corresponds to the JSON property `signatureCrc32c`
         # @return [Fixnum]
         attr_accessor :signature_crc32c
       
+        # Integrity verification field. A flag indicating whether AsymmetricSignRequest.
+        # data_crc32c was received by KeyManagementService and used for the integrity
+        # verification of the data. A false value of this field indicates either that
+        # AsymmetricSignRequest.data_crc32c was left unset or that it was not delivered
+        # to KeyManagementService. If you've set AsymmetricSignRequest.data_crc32c but
+        # this field is still false, discard the response and perform a limited number
+        # of retries.
+        # Corresponds to the JSON property `verifiedDataCrc32c`
+        # @return [Boolean]
+        attr_accessor :verified_data_crc32c
+        alias_method :verified_data_crc32c?, :verified_data_crc32c
+      
         # Integrity verification field. A flag indicating whether AsymmetricSignRequest.
         # digest_crc32c was received by KeyManagementService and used for the integrity
         # verification of the digest. A false value of this field indicates either that
         # AsymmetricSignRequest.digest_crc32c was left unset or that it was not
         # delivered to KeyManagementService. If you've set AsymmetricSignRequest.
         # digest_crc32c but this field is still false, discard the response and perform
-        # a limited number of retries. NOTE: This field is in Beta.
+        # a limited number of retries.
         # Corresponds to the JSON property `verifiedDigestCrc32c`
         # @return [Boolean]
         attr_accessor :verified_digest_crc32c
@@ -211,6 +244,7 @@ module Google
           @protection_level = args[:protection_level] if args.key?(:protection_level)
           @signature = args[:signature] if args.key?(:signature)
           @signature_crc32c = args[:signature_crc32c] if args.key?(:signature_crc32c)
+          @verified_data_crc32c = args[:verified_data_crc32c] if args.key?(:verified_data_crc32c)
           @verified_digest_crc32c = args[:verified_digest_crc32c] if args.key?(:verified_digest_crc32c)
         end
       end
@@ -286,7 +320,7 @@ module Google
         end
       end
       
-      # Associates `members` with a `role`.
+      # Associates `members`, or principals, with a `role`.
       class Binding
         include Google::Apis::Core::Hashable
       
@@ -309,7 +343,7 @@ module Google
         # @return [Google::Apis::CloudkmsV1::Expr]
         attr_accessor :condition
       
-        # Specifies the identities requesting access for a Cloud Platform resource. `
+        # Specifies the principals requesting access for a Cloud Platform resource. `
         # members` can have the following values: * `allUsers`: A special identifier
         # that represents anyone who is on the internet; with or without a Google
         # account. * `allAuthenticatedUsers`: A special identifier that represents
@@ -339,8 +373,8 @@ module Google
         # @return [Array<String>]
         attr_accessor :members
       
-        # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`
-        # , or `roles/owner`.
+        # Role that is assigned to the list of `members`, or principals. For example, `
+        # roles/viewer`, `roles/editor`, or `roles/owner`.
         # Corresponds to the JSON property `role`
         # @return [String]
         attr_accessor :role
@@ -401,6 +435,19 @@ module Google
         # @return [String]
         attr_accessor :create_time
       
+        # Immutable. The period of time that versions of this key spend in the
+        # DESTROY_SCHEDULED state before transitioning to DESTROYED. If not specified at
+        # creation time, the default duration is 24 hours.
+        # Corresponds to the JSON property `destroyScheduledDuration`
+        # @return [String]
+        attr_accessor :destroy_scheduled_duration
+      
+        # Immutable. Whether this key may contain imported versions only.
+        # Corresponds to the JSON property `importOnly`
+        # @return [Boolean]
+        attr_accessor :import_only
+        alias_method :import_only?, :import_only
+      
         # Labels with user-defined metadata. For more information, see [Labeling Keys](
         # https://cloud.google.com/kms/docs/labeling-keys).
         # Corresponds to the JSON property `labels`
@@ -461,6 +508,8 @@ module Google
         # Update properties of this object
         def update!(**args)
           @create_time = args[:create_time] if args.key?(:create_time)
+          @destroy_scheduled_duration = args[:destroy_scheduled_duration] if args.key?(:destroy_scheduled_duration)
+          @import_only = args[:import_only] if args.key?(:import_only)
           @labels = args[:labels] if args.key?(:labels)
           @name = args[:name] if args.key?(:name)
           @next_rotation_time = args[:next_rotation_time] if args.key?(:next_rotation_time)
@@ -521,20 +570,20 @@ module Google
         # @return [String]
         attr_accessor :generate_time
       
-        # Output only. The root cause of an import failure. Only present if state is
-        # IMPORT_FAILED.
+        # Output only. The root cause of the most recent import failure. Only present if
+        # state is IMPORT_FAILED.
         # Corresponds to the JSON property `importFailureReason`
         # @return [String]
         attr_accessor :import_failure_reason
       
-        # Output only. The name of the ImportJob used to import this CryptoKeyVersion.
-        # Only present if the underlying key material was imported.
+        # Output only. The name of the ImportJob used in the most recent import of this
+        # CryptoKeyVersion. Only present if the underlying key material was imported.
         # Corresponds to the JSON property `importJob`
         # @return [String]
         attr_accessor :import_job
       
-        # Output only. The time at which this CryptoKeyVersion's key material was
-        # imported.
+        # Output only. The time at which this CryptoKeyVersion's key material was most
+        # recently imported.
         # Corresponds to the JSON property `importTime`
         # @return [String]
         attr_accessor :import_time
@@ -551,6 +600,14 @@ module Google
         # @return [String]
         attr_accessor :protection_level
       
+        # Output only. Whether or not this key version is eligible for reimport, by
+        # being specified as a target in ImportCryptoKeyVersionRequest.
+        # crypto_key_version.
+        # Corresponds to the JSON property `reimportEligible`
+        # @return [Boolean]
+        attr_accessor :reimport_eligible
+        alias_method :reimport_eligible?, :reimport_eligible
+      
         # The current state of the CryptoKeyVersion.
         # Corresponds to the JSON property `state`
         # @return [String]
@@ -574,6 +631,7 @@ module Google
           @import_time = args[:import_time] if args.key?(:import_time)
           @name = args[:name] if args.key?(:name)
           @protection_level = args[:protection_level] if args.key?(:protection_level)
+          @reimport_eligible = args[:reimport_eligible] if args.key?(:reimport_eligible)
           @state = args[:state] if args.key?(:state)
         end
       end
@@ -630,8 +688,7 @@ module Google
         # computation of the CRC32C checksum. Note: This field is defined as int64 for
         # reasons of compatibility across different languages. However, it is a non-
         # negative integer, which will never exceed 2^32-1, and can be safely
-        # downconverted to uint32 in languages that support this type. NOTE: This field
-        # is in Beta.
+        # downconverted to uint32 in languages that support this type.
         # Corresponds to the JSON property `additionalAuthenticatedDataCrc32c`
         # @return [Fixnum]
         attr_accessor :additional_authenticated_data_crc32c
@@ -652,7 +709,7 @@ module Google
         # the CRC32C checksum. Note: This field is defined as int64 for reasons of
         # compatibility across different languages. However, it is a non-negative
         # integer, which will never exceed 2^32-1, and can be safely downconverted to
-        # uint32 in languages that support this type. NOTE: This field is in Beta.
+        # uint32 in languages that support this type.
         # Corresponds to the JSON property `ciphertextCrc32c`
         # @return [Fixnum]
         attr_accessor :ciphertext_crc32c
@@ -691,7 +748,7 @@ module Google
         # This field is defined as int64 for reasons of compatibility across different
         # languages. However, it is a non-negative integer, which will never exceed 2^32-
         # 1, and can be safely downconverted to uint32 in languages that support this
-        # type. NOTE: This field is in Beta.
+        # type.
         # Corresponds to the JSON property `plaintextCrc32c`
         # @return [Fixnum]
         attr_accessor :plaintext_crc32c
@@ -792,8 +849,7 @@ module Google
         # computation of the CRC32C checksum. Note: This field is defined as int64 for
         # reasons of compatibility across different languages. However, it is a non-
         # negative integer, which will never exceed 2^32-1, and can be safely
-        # downconverted to uint32 in languages that support this type. NOTE: This field
-        # is in Beta.
+        # downconverted to uint32 in languages that support this type.
         # Corresponds to the JSON property `additionalAuthenticatedDataCrc32c`
         # @return [Fixnum]
         attr_accessor :additional_authenticated_data_crc32c
@@ -818,7 +874,7 @@ module Google
         # the CRC32C checksum. Note: This field is defined as int64 for reasons of
         # compatibility across different languages. However, it is a non-negative
         # integer, which will never exceed 2^32-1, and can be safely downconverted to
-        # uint32 in languages that support this type. NOTE: This field is in Beta.
+        # uint32 in languages that support this type.
         # Corresponds to the JSON property `plaintextCrc32c`
         # @return [Fixnum]
         attr_accessor :plaintext_crc32c
@@ -855,7 +911,7 @@ module Google
         # checksum. Note: This field is defined as int64 for reasons of compatibility
         # across different languages. However, it is a non-negative integer, which will
         # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
-        # that support this type. NOTE: This field is in Beta.
+        # that support this type.
         # Corresponds to the JSON property `ciphertextCrc32c`
         # @return [Fixnum]
         attr_accessor :ciphertext_crc32c
@@ -877,8 +933,7 @@ module Google
         # indicates either that EncryptRequest.additional_authenticated_data_crc32c was
         # left unset or that it was not delivered to KeyManagementService. If you've set
         # EncryptRequest.additional_authenticated_data_crc32c but this field is still
-        # false, discard the response and perform a limited number of retries. NOTE:
-        # This field is in Beta.
+        # false, discard the response and perform a limited number of retries.
         # Corresponds to the JSON property `verifiedAdditionalAuthenticatedDataCrc32c`
         # @return [Boolean]
         attr_accessor :verified_additional_authenticated_data_crc32c
@@ -890,7 +945,7 @@ module Google
         # either that EncryptRequest.plaintext_crc32c was left unset or that it was not
         # delivered to KeyManagementService. If you've set EncryptRequest.
         # plaintext_crc32c but this field is still false, discard the response and
-        # perform a limited number of retries. NOTE: This field is in Beta.
+        # perform a limited number of retries.
         # Corresponds to the JSON property `verifiedPlaintextCrc32c`
         # @return [Boolean]
         attr_accessor :verified_plaintext_crc32c
@@ -986,6 +1041,68 @@ module Google
         end
       end
       
+      # Request message for KeyManagementService.GenerateRandomBytes.
+      class GenerateRandomBytesRequest
+        include Google::Apis::Core::Hashable
+      
+        # The length in bytes of the amount of randomness to retrieve. Minimum 8 bytes,
+        # maximum 1024 bytes.
+        # Corresponds to the JSON property `lengthBytes`
+        # @return [Fixnum]
+        attr_accessor :length_bytes
+      
+        # The ProtectionLevel to use when generating the random data. Defaults to
+        # SOFTWARE.
+        # Corresponds to the JSON property `protectionLevel`
+        # @return [String]
+        attr_accessor :protection_level
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @length_bytes = args[:length_bytes] if args.key?(:length_bytes)
+          @protection_level = args[:protection_level] if args.key?(:protection_level)
+        end
+      end
+      
+      # Response message for KeyManagementService.GenerateRandomBytes.
+      class GenerateRandomBytesResponse
+        include Google::Apis::Core::Hashable
+      
+        # The generated data.
+        # Corresponds to the JSON property `data`
+        # NOTE: Values are automatically base64 encoded/decoded in the client library.
+        # @return [String]
+        attr_accessor :data
+      
+        # Integrity verification field. A CRC32C checksum of the returned
+        # GenerateRandomBytesResponse.data. An integrity check of
+        # GenerateRandomBytesResponse.data can be performed by computing the CRC32C
+        # checksum of GenerateRandomBytesResponse.data and comparing your results to
+        # this field. Discard the response in case of non-matching checksum values, and
+        # perform a limited number of retries. A persistent mismatch may indicate an
+        # issue in your computation of the CRC32C checksum. Note: This field is defined
+        # as int64 for reasons of compatibility across different languages. However, it
+        # is a non-negative integer, which will never exceed 2^32-1, and can be safely
+        # downconverted to uint32 in languages that support this type.
+        # Corresponds to the JSON property `dataCrc32c`
+        # @return [Fixnum]
+        attr_accessor :data_crc32c
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @data = args[:data] if args.key?(:data)
+          @data_crc32c = args[:data_crc32c] if args.key?(:data_crc32c)
+        end
+      end
+      
       # Request message for KeyManagementService.ImportCryptoKeyVersion.
       class ImportCryptoKeyVersionRequest
         include Google::Apis::Core::Hashable
@@ -996,6 +1113,19 @@ module Google
         # @return [String]
         attr_accessor :algorithm
       
+        # Optional. The optional name of an existing CryptoKeyVersion to target for an
+        # import operation. If this field is not present, a new CryptoKeyVersion
+        # containing the supplied key material is created. If this field is present, the
+        # supplied key material is imported into the existing CryptoKeyVersion. To
+        # import into an existing CryptoKeyVersion, the CryptoKeyVersion must be a child
+        # of ImportCryptoKeyVersionRequest.parent, have been previously created via
+        # ImportCryptoKeyVersion, and be in DESTROYED or IMPORT_FAILED state. The key
+        # material and algorithm must match the previous CryptoKeyVersion exactly if the
+        # CryptoKeyVersion has ever contained key material.
+        # Corresponds to the JSON property `cryptoKeyVersion`
+        # @return [String]
+        attr_accessor :crypto_key_version
+      
         # Required. The name of the ImportJob that was used to wrap this key material.
         # Corresponds to the JSON property `importJob`
         # @return [String]
@@ -1023,6 +1153,7 @@ module Google
         # Update properties of this object
         def update!(**args)
           @algorithm = args[:algorithm] if args.key?(:algorithm)
+          @crypto_key_version = args[:crypto_key_version] if args.key?(:crypto_key_version)
           @import_job = args[:import_job] if args.key?(:import_job)
           @rsa_aes_wrapped_key = args[:rsa_aes_wrapped_key] if args.key?(:rsa_aes_wrapped_key)
         end
@@ -1416,33 +1547,259 @@ module Google
         end
       end
       
+      # Request message for KeyManagementService.MacSign.
+      class MacSignRequest
+        include Google::Apis::Core::Hashable
+      
+        # Required. The data to sign. The MAC tag is computed over this data field based
+        # on the specific algorithm.
+        # Corresponds to the JSON property `data`
+        # NOTE: Values are automatically base64 encoded/decoded in the client library.
+        # @return [String]
+        attr_accessor :data
+      
+        # Optional. An optional CRC32C checksum of the MacSignRequest.data. If specified,
+        # KeyManagementService will verify the integrity of the received MacSignRequest.
+        # data using this checksum. KeyManagementService will report an error if the
+        # checksum verification fails. If you receive a checksum error, your client
+        # should verify that CRC32C(MacSignRequest.data) is equal to MacSignRequest.
+        # data_crc32c, and if so, perform a limited number of retries. A persistent
+        # mismatch may indicate an issue in your computation of the CRC32C checksum.
+        # Note: This field is defined as int64 for reasons of compatibility across
+        # different languages. However, it is a non-negative integer, which will never
+        # exceed 2^32-1, and can be safely downconverted to uint32 in languages that
+        # support this type.
+        # Corresponds to the JSON property `dataCrc32c`
+        # @return [Fixnum]
+        attr_accessor :data_crc32c
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @data = args[:data] if args.key?(:data)
+          @data_crc32c = args[:data_crc32c] if args.key?(:data_crc32c)
+        end
+      end
+      
+      # Response message for KeyManagementService.MacSign.
+      class MacSignResponse
+        include Google::Apis::Core::Hashable
+      
+        # The created signature.
+        # Corresponds to the JSON property `mac`
+        # NOTE: Values are automatically base64 encoded/decoded in the client library.
+        # @return [String]
+        attr_accessor :mac
+      
+        # Integrity verification field. A CRC32C checksum of the returned
+        # MacSignResponse.mac. An integrity check of MacSignResponse.mac can be
+        # performed by computing the CRC32C checksum of MacSignResponse.mac and
+        # comparing your results to this field. Discard the response in case of non-
+        # matching checksum values, and perform a limited number of retries. A
+        # persistent mismatch may indicate an issue in your computation of the CRC32C
+        # checksum. Note: This field is defined as int64 for reasons of compatibility
+        # across different languages. However, it is a non-negative integer, which will
+        # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
+        # that support this type.
+        # Corresponds to the JSON property `macCrc32c`
+        # @return [Fixnum]
+        attr_accessor :mac_crc32c
+      
+        # The resource name of the CryptoKeyVersion used for signing. Check this field
+        # to verify that the intended resource was used for signing.
+        # Corresponds to the JSON property `name`
+        # @return [String]
+        attr_accessor :name
+      
+        # The ProtectionLevel of the CryptoKeyVersion used for signing.
+        # Corresponds to the JSON property `protectionLevel`
+        # @return [String]
+        attr_accessor :protection_level
+      
+        # Integrity verification field. A flag indicating whether MacSignRequest.
+        # data_crc32c was received by KeyManagementService and used for the integrity
+        # verification of the data. A false value of this field indicates either that
+        # MacSignRequest.data_crc32c was left unset or that it was not delivered to
+        # KeyManagementService. If you've set MacSignRequest.data_crc32c but this field
+        # is still false, discard the response and perform a limited number of retries.
+        # Corresponds to the JSON property `verifiedDataCrc32c`
+        # @return [Boolean]
+        attr_accessor :verified_data_crc32c
+        alias_method :verified_data_crc32c?, :verified_data_crc32c
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @mac = args[:mac] if args.key?(:mac)
+          @mac_crc32c = args[:mac_crc32c] if args.key?(:mac_crc32c)
+          @name = args[:name] if args.key?(:name)
+          @protection_level = args[:protection_level] if args.key?(:protection_level)
+          @verified_data_crc32c = args[:verified_data_crc32c] if args.key?(:verified_data_crc32c)
+        end
+      end
+      
+      # Request message for KeyManagementService.MacVerify.
+      class MacVerifyRequest
+        include Google::Apis::Core::Hashable
+      
+        # Required. The data used previously as a MacSignRequest.data to generate the
+        # MAC tag.
+        # Corresponds to the JSON property `data`
+        # NOTE: Values are automatically base64 encoded/decoded in the client library.
+        # @return [String]
+        attr_accessor :data
+      
+        # Optional. An optional CRC32C checksum of the MacVerifyRequest.data. If
+        # specified, KeyManagementService will verify the integrity of the received
+        # MacVerifyRequest.data using this checksum. KeyManagementService will report an
+        # error if the checksum verification fails. If you receive a checksum error,
+        # your client should verify that CRC32C(MacVerifyRequest.data) is equal to
+        # MacVerifyRequest.data_crc32c, and if so, perform a limited number of retries.
+        # A persistent mismatch may indicate an issue in your computation of the CRC32C
+        # checksum. Note: This field is defined as int64 for reasons of compatibility
+        # across different languages. However, it is a non-negative integer, which will
+        # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
+        # that support this type.
+        # Corresponds to the JSON property `dataCrc32c`
+        # @return [Fixnum]
+        attr_accessor :data_crc32c
+      
+        # Required. The signature to verify.
+        # Corresponds to the JSON property `mac`
+        # NOTE: Values are automatically base64 encoded/decoded in the client library.
+        # @return [String]
+        attr_accessor :mac
+      
+        # Optional. An optional CRC32C checksum of the MacVerifyRequest.mac. If
+        # specified, KeyManagementService will verify the integrity of the received
+        # MacVerifyRequest.mac using this checksum. KeyManagementService will report an
+        # error if the checksum verification fails. If you receive a checksum error,
+        # your client should verify that CRC32C(MacVerifyRequest.tag) is equal to
+        # MacVerifyRequest.mac_crc32c, and if so, perform a limited number of retries. A
+        # persistent mismatch may indicate an issue in your computation of the CRC32C
+        # checksum. Note: This field is defined as int64 for reasons of compatibility
+        # across different languages. However, it is a non-negative integer, which will
+        # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
+        # that support this type.
+        # Corresponds to the JSON property `macCrc32c`
+        # @return [Fixnum]
+        attr_accessor :mac_crc32c
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @data = args[:data] if args.key?(:data)
+          @data_crc32c = args[:data_crc32c] if args.key?(:data_crc32c)
+          @mac = args[:mac] if args.key?(:mac)
+          @mac_crc32c = args[:mac_crc32c] if args.key?(:mac_crc32c)
+        end
+      end
+      
+      # Response message for KeyManagementService.MacVerify.
+      class MacVerifyResponse
+        include Google::Apis::Core::Hashable
+      
+        # The resource name of the CryptoKeyVersion used for verification. Check this
+        # field to verify that the intended resource was used for verification.
+        # Corresponds to the JSON property `name`
+        # @return [String]
+        attr_accessor :name
+      
+        # The ProtectionLevel of the CryptoKeyVersion used for verification.
+        # Corresponds to the JSON property `protectionLevel`
+        # @return [String]
+        attr_accessor :protection_level
+      
+        # This field indicates whether or not the verification operation for
+        # MacVerifyRequest.mac over MacVerifyRequest.data was successful.
+        # Corresponds to the JSON property `success`
+        # @return [Boolean]
+        attr_accessor :success
+        alias_method :success?, :success
+      
+        # Integrity verification field. A flag indicating whether MacVerifyRequest.
+        # data_crc32c was received by KeyManagementService and used for the integrity
+        # verification of the data. A false value of this field indicates either that
+        # MacVerifyRequest.data_crc32c was left unset or that it was not delivered to
+        # KeyManagementService. If you've set MacVerifyRequest.data_crc32c but this
+        # field is still false, discard the response and perform a limited number of
+        # retries.
+        # Corresponds to the JSON property `verifiedDataCrc32c`
+        # @return [Boolean]
+        attr_accessor :verified_data_crc32c
+        alias_method :verified_data_crc32c?, :verified_data_crc32c
+      
+        # Integrity verification field. A flag indicating whether MacVerifyRequest.
+        # mac_crc32c was received by KeyManagementService and used for the integrity
+        # verification of the data. A false value of this field indicates either that
+        # MacVerifyRequest.mac_crc32c was left unset or that it was not delivered to
+        # KeyManagementService. If you've set MacVerifyRequest.mac_crc32c but this field
+        # is still false, discard the response and perform a limited number of retries.
+        # Corresponds to the JSON property `verifiedMacCrc32c`
+        # @return [Boolean]
+        attr_accessor :verified_mac_crc32c
+        alias_method :verified_mac_crc32c?, :verified_mac_crc32c
+      
+        # Integrity verification field. This value is used for the integrity
+        # verification of [MacVerifyResponse.success]. If the value of this field
+        # contradicts the value of [MacVerifyResponse.success], discard the response and
+        # perform a limited number of retries.
+        # Corresponds to the JSON property `verifiedSuccessIntegrity`
+        # @return [Boolean]
+        attr_accessor :verified_success_integrity
+        alias_method :verified_success_integrity?, :verified_success_integrity
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @name = args[:name] if args.key?(:name)
+          @protection_level = args[:protection_level] if args.key?(:protection_level)
+          @success = args[:success] if args.key?(:success)
+          @verified_data_crc32c = args[:verified_data_crc32c] if args.key?(:verified_data_crc32c)
+          @verified_mac_crc32c = args[:verified_mac_crc32c] if args.key?(:verified_mac_crc32c)
+          @verified_success_integrity = args[:verified_success_integrity] if args.key?(:verified_success_integrity)
+        end
+      end
+      
       # An Identity and Access Management (IAM) policy, which specifies access
       # controls for Google Cloud resources. A `Policy` is a collection of `bindings`.
-      # A `binding` binds one or more `members` to a single `role`. Members can be
-      # user accounts, service accounts, Google groups, and domains (such as G Suite).
-      # A `role` is a named list of permissions; each `role` can be an IAM predefined
-      # role or a user-created custom role. For some types of Google Cloud resources,
-      # a `binding` can also specify a `condition`, which is a logical expression that
-      # allows access to a resource only if the expression evaluates to `true`. A
-      # condition can add constraints based on attributes of the request, the resource,
-      # or both. To learn which resources support conditions in their IAM policies,
-      # see the [IAM documentation](https://cloud.google.com/iam/help/conditions/
-      # resource-policies). **JSON example:** ` "bindings": [ ` "role": "roles/
-      # resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "
-      # group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@
-      # appspot.gserviceaccount.com" ] `, ` "role": "roles/resourcemanager.
-      # organizationViewer", "members": [ "user:eve@example.com" ], "condition": ` "
-      # title": "expirable access", "description": "Does not grant access after Sep
-      # 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", `
-      # ` ], "etag": "BwWWja0YfJA=", "version": 3 ` **YAML example:** bindings: -
-      # members: - user:mike@example.com - group:admins@example.com - domain:google.
-      # com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/
-      # resourcemanager.organizationAdmin - members: - user:eve@example.com role:
-      # roles/resourcemanager.organizationViewer condition: title: expirable access
-      # description: Does not grant access after Sep 2020 expression: request.time <
-      # timestamp('2020-10-01T00:00:00.000Z') - etag: BwWWja0YfJA= - version: 3 For a
-      # description of IAM and its features, see the [IAM documentation](https://cloud.
-      # google.com/iam/docs/).
+      # A `binding` binds one or more `members`, or principals, to a single `role`.
+      # Principals can be user accounts, service accounts, Google groups, and domains (
+      # such as G Suite). A `role` is a named list of permissions; each `role` can be
+      # an IAM predefined role or a user-created custom role. For some types of Google
+      # Cloud resources, a `binding` can also specify a `condition`, which is a
+      # logical expression that allows access to a resource only if the expression
+      # evaluates to `true`. A condition can add constraints based on attributes of
+      # the request, the resource, or both. To learn which resources support
+      # conditions in their IAM policies, see the [IAM documentation](https://cloud.
+      # google.com/iam/help/conditions/resource-policies). **JSON example:** ` "
+      # bindings": [ ` "role": "roles/resourcemanager.organizationAdmin", "members": [
+      # "user:mike@example.com", "group:admins@example.com", "domain:google.com", "
+      # serviceAccount:my-project-id@appspot.gserviceaccount.com" ] `, ` "role": "
+      # roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com"
+      # ], "condition": ` "title": "expirable access", "description": "Does not grant
+      # access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:
+      # 00:00.000Z')", ` ` ], "etag": "BwWWja0YfJA=", "version": 3 ` **YAML example:**
+      # bindings: - members: - user:mike@example.com - group:admins@example.com -
+      # domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com
+      # role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.
+      # com role: roles/resourcemanager.organizationViewer condition: title: expirable
+      # access description: Does not grant access after Sep 2020 expression: request.
+      # time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For
+      # a description of IAM and its features, see the [IAM documentation](https://
+      # cloud.google.com/iam/docs/).
       class Policy
         include Google::Apis::Core::Hashable
       
@@ -1451,9 +1808,14 @@ module Google
         # @return [Array<Google::Apis::CloudkmsV1::AuditConfig>]
         attr_accessor :audit_configs
       
-        # Associates a list of `members` to a `role`. Optionally, may specify a `
-        # condition` that determines how and when the `bindings` are applied. Each of
-        # the `bindings` must contain at least one member.
+        # Associates a list of `members`, or principals, with a `role`. Optionally, may
+        # specify a `condition` that determines how and when the `bindings` are applied.
+        # Each of the `bindings` must contain at least one principal. The `bindings` in
+        # a `Policy` can refer to up to 1,500 principals; up to 250 of these principals
+        # can be Google groups. Each occurrence of a principal counts towards these
+        # limits. For example, if the `bindings` grant 50 different roles to `user:alice@
+        # example.com`, and not to any other principal, then you can add another 1,450
+        # principals to the `bindings` in the `Policy`.
         # Corresponds to the JSON property `bindings`
         # @return [Array<Google::Apis::CloudkmsV1::Binding>]
         attr_accessor :bindings
@@ -1581,31 +1943,31 @@ module Google
       
         # An Identity and Access Management (IAM) policy, which specifies access
         # controls for Google Cloud resources. A `Policy` is a collection of `bindings`.
-        # A `binding` binds one or more `members` to a single `role`. Members can be
-        # user accounts, service accounts, Google groups, and domains (such as G Suite).
-        # A `role` is a named list of permissions; each `role` can be an IAM predefined
-        # role or a user-created custom role. For some types of Google Cloud resources,
-        # a `binding` can also specify a `condition`, which is a logical expression that
-        # allows access to a resource only if the expression evaluates to `true`. A
-        # condition can add constraints based on attributes of the request, the resource,
-        # or both. To learn which resources support conditions in their IAM policies,
-        # see the [IAM documentation](https://cloud.google.com/iam/help/conditions/
-        # resource-policies). **JSON example:** ` "bindings": [ ` "role": "roles/
-        # resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "
-        # group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@
-        # appspot.gserviceaccount.com" ] `, ` "role": "roles/resourcemanager.
-        # organizationViewer", "members": [ "user:eve@example.com" ], "condition": ` "
-        # title": "expirable access", "description": "Does not grant access after Sep
-        # 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", `
-        # ` ], "etag": "BwWWja0YfJA=", "version": 3 ` **YAML example:** bindings: -
-        # members: - user:mike@example.com - group:admins@example.com - domain:google.
-        # com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/
-        # resourcemanager.organizationAdmin - members: - user:eve@example.com role:
-        # roles/resourcemanager.organizationViewer condition: title: expirable access
-        # description: Does not grant access after Sep 2020 expression: request.time <
-        # timestamp('2020-10-01T00:00:00.000Z') - etag: BwWWja0YfJA= - version: 3 For a
-        # description of IAM and its features, see the [IAM documentation](https://cloud.
-        # google.com/iam/docs/).
+        # A `binding` binds one or more `members`, or principals, to a single `role`.
+        # Principals can be user accounts, service accounts, Google groups, and domains (
+        # such as G Suite). A `role` is a named list of permissions; each `role` can be
+        # an IAM predefined role or a user-created custom role. For some types of Google
+        # Cloud resources, a `binding` can also specify a `condition`, which is a
+        # logical expression that allows access to a resource only if the expression
+        # evaluates to `true`. A condition can add constraints based on attributes of
+        # the request, the resource, or both. To learn which resources support
+        # conditions in their IAM policies, see the [IAM documentation](https://cloud.
+        # google.com/iam/help/conditions/resource-policies). **JSON example:** ` "
+        # bindings": [ ` "role": "roles/resourcemanager.organizationAdmin", "members": [
+        # "user:mike@example.com", "group:admins@example.com", "domain:google.com", "
+        # serviceAccount:my-project-id@appspot.gserviceaccount.com" ] `, ` "role": "
+        # roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com"
+        # ], "condition": ` "title": "expirable access", "description": "Does not grant
+        # access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:
+        # 00:00.000Z')", ` ` ], "etag": "BwWWja0YfJA=", "version": 3 ` **YAML example:**
+        # bindings: - members: - user:mike@example.com - group:admins@example.com -
+        # domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com
+        # role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.
+        # com role: roles/resourcemanager.organizationViewer condition: title: expirable
+        # access description: Does not grant access after Sep 2020 expression: request.
+        # time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For
+        # a description of IAM and its features, see the [IAM documentation](https://
+        # cloud.google.com/iam/docs/).
         # Corresponds to the JSON property `policy`
         # @return [Google::Apis::CloudkmsV1::Policy]
         attr_accessor :policy

data/lib/google/apis/cloudkms_v1/gem_version.rb

@@ -16,13 +16,13 @@ module Google
   module Apis
     module CloudkmsV1
       # Version of the google-apis-cloudkms_v1 gem
-      GEM_VERSION = "0.9.0"
+      GEM_VERSION = "0.13.0"
 
       # Version of the code generator used to generate this client
       GENERATOR_VERSION = "0.4.0"
 
       # Revision of the discovery document this client was generated from
-      REVISION = "20210622"
+      REVISION = "20211018"
     end
   end
 end

data/lib/google/apis/cloudkms_v1/representations.rb

@@ -136,6 +136,18 @@ module Google
         include Google::Apis::Core::JsonObjectSupport
       end
       
+      class GenerateRandomBytesRequest
+        class Representation < Google::Apis::Core::JsonRepresentation; end
+      
+        include Google::Apis::Core::JsonObjectSupport
+      end
+      
+      class GenerateRandomBytesResponse
+        class Representation < Google::Apis::Core::JsonRepresentation; end
+      
+        include Google::Apis::Core::JsonObjectSupport
+      end
+      
       class ImportCryptoKeyVersionRequest
         class Representation < Google::Apis::Core::JsonRepresentation; end
       
@@ -202,6 +214,30 @@ module Google
         include Google::Apis::Core::JsonObjectSupport
       end
       
+      class MacSignRequest
+        class Representation < Google::Apis::Core::JsonRepresentation; end
+      
+        include Google::Apis::Core::JsonObjectSupport
+      end
+      
+      class MacSignResponse
+        class Representation < Google::Apis::Core::JsonRepresentation; end
+      
+        include Google::Apis::Core::JsonObjectSupport
+      end
+      
+      class MacVerifyRequest
+        class Representation < Google::Apis::Core::JsonRepresentation; end
+      
+        include Google::Apis::Core::JsonObjectSupport
+      end
+      
+      class MacVerifyResponse
+        class Representation < Google::Apis::Core::JsonRepresentation; end
+      
+        include Google::Apis::Core::JsonObjectSupport
+      end
+      
       class Policy
         class Representation < Google::Apis::Core::JsonRepresentation; end
       
@@ -271,6 +307,8 @@ module Google
       class AsymmetricSignRequest
         # @private
         class Representation < Google::Apis::Core::JsonRepresentation
+          property :data, :base64 => true, as: 'data'
+          property :data_crc32c, :numeric_string => true, as: 'dataCrc32c'
           property :digest, as: 'digest', class: Google::Apis::CloudkmsV1::Digest, decorator: Google::Apis::CloudkmsV1::Digest::Representation
       
           property :digest_crc32c, :numeric_string => true, as: 'digestCrc32c'
@@ -284,6 +322,7 @@ module Google
           property :protection_level, as: 'protectionLevel'
           property :signature, :base64 => true, as: 'signature'
           property :signature_crc32c, :numeric_string => true, as: 'signatureCrc32c'
+          property :verified_data_crc32c, as: 'verifiedDataCrc32c'
           property :verified_digest_crc32c, as: 'verifiedDigestCrc32c'
         end
       end
@@ -328,6 +367,8 @@ module Google
         # @private
         class Representation < Google::Apis::Core::JsonRepresentation
           property :create_time, as: 'createTime'
+          property :destroy_scheduled_duration, as: 'destroyScheduledDuration'
+          property :import_only, as: 'importOnly'
           hash :labels, as: 'labels'
           property :name, as: 'name'
           property :next_rotation_time, as: 'nextRotationTime'
@@ -357,6 +398,7 @@ module Google
           property :import_time, as: 'importTime'
           property :name, as: 'name'
           property :protection_level, as: 'protectionLevel'
+          property :reimport_eligible, as: 'reimportEligible'
           property :state, as: 'state'
         end
       end
@@ -443,10 +485,27 @@ module Google
         end
       end
       
+      class GenerateRandomBytesRequest
+        # @private
+        class Representation < Google::Apis::Core::JsonRepresentation
+          property :length_bytes, as: 'lengthBytes'
+          property :protection_level, as: 'protectionLevel'
+        end
+      end
+      
+      class GenerateRandomBytesResponse
+        # @private
+        class Representation < Google::Apis::Core::JsonRepresentation
+          property :data, :base64 => true, as: 'data'
+          property :data_crc32c, :numeric_string => true, as: 'dataCrc32c'
+        end
+      end
+      
       class ImportCryptoKeyVersionRequest
         # @private
         class Representation < Google::Apis::Core::JsonRepresentation
           property :algorithm, as: 'algorithm'
+          property :crypto_key_version, as: 'cryptoKeyVersion'
           property :import_job, as: 'importJob'
           property :rsa_aes_wrapped_key, :base64 => true, as: 'rsaAesWrappedKey'
         end
@@ -556,6 +615,47 @@ module Google
         end
       end
       
+      class MacSignRequest
+        # @private
+        class Representation < Google::Apis::Core::JsonRepresentation
+          property :data, :base64 => true, as: 'data'
+          property :data_crc32c, :numeric_string => true, as: 'dataCrc32c'
+        end
+      end
+      
+      class MacSignResponse
+        # @private
+        class Representation < Google::Apis::Core::JsonRepresentation
+          property :mac, :base64 => true, as: 'mac'
+          property :mac_crc32c, :numeric_string => true, as: 'macCrc32c'
+          property :name, as: 'name'
+          property :protection_level, as: 'protectionLevel'
+          property :verified_data_crc32c, as: 'verifiedDataCrc32c'
+        end
+      end
+      
+      class MacVerifyRequest
+        # @private
+        class Representation < Google::Apis::Core::JsonRepresentation
+          property :data, :base64 => true, as: 'data'
+          property :data_crc32c, :numeric_string => true, as: 'dataCrc32c'
+          property :mac, :base64 => true, as: 'mac'
+          property :mac_crc32c, :numeric_string => true, as: 'macCrc32c'
+        end
+      end
+      
+      class MacVerifyResponse
+        # @private
+        class Representation < Google::Apis::Core::JsonRepresentation
+          property :name, as: 'name'
+          property :protection_level, as: 'protectionLevel'
+          property :success, as: 'success'
+          property :verified_data_crc32c, as: 'verifiedDataCrc32c'
+          property :verified_mac_crc32c, as: 'verifiedMacCrc32c'
+          property :verified_success_integrity, as: 'verifiedSuccessIntegrity'
+        end
+      end
+      
       class Policy
         # @private
         class Representation < Google::Apis::Core::JsonRepresentation

data/lib/google/apis/cloudkms_v1/service.rb

@@ -50,6 +50,41 @@ module Google
           @batch_path = 'batch'
         end
         
+        # Generate random bytes using the Cloud KMS randomness source in the provided
+        # location.
+        # @param [String] location
+        #   The project-specific location in which to generate random bytes. For example, "
+        #   projects/my-project/locations/us-central1".
+        # @param [Google::Apis::CloudkmsV1::GenerateRandomBytesRequest] generate_random_bytes_request_object
+        # @param [String] fields
+        #   Selector specifying which fields to include in a partial response.
+        # @param [String] quota_user
+        #   Available to use for quota purposes for server-side applications. Can be any
+        #   arbitrary string assigned to a user, but should not exceed 40 characters.
+        # @param [Google::Apis::RequestOptions] options
+        #   Request-specific options
+        #
+        # @yield [result, err] Result & error if block supplied
+        # @yieldparam result [Google::Apis::CloudkmsV1::GenerateRandomBytesResponse] parsed result object
+        # @yieldparam err [StandardError] error object if request failed
+        #
+        # @return [Google::Apis::CloudkmsV1::GenerateRandomBytesResponse]
+        #
+        # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
+        # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
+        # @raise [Google::Apis::AuthorizationError] Authorization is required
+        def generate_location_random_bytes(location, generate_random_bytes_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
+          command = make_simple_command(:post, 'v1/{+location}:generateRandomBytes', options)
+          command.request_representation = Google::Apis::CloudkmsV1::GenerateRandomBytesRequest::Representation
+          command.request_object = generate_random_bytes_request_object
+          command.response_representation = Google::Apis::CloudkmsV1::GenerateRandomBytesResponse::Representation
+          command.response_class = Google::Apis::CloudkmsV1::GenerateRandomBytesResponse
+          command.params['location'] = location unless location.nil?
+          command.query['fields'] = fields unless fields.nil?
+          command.query['quotaUser'] = quota_user unless quota_user.nil?
+          execute_or_queue_command(command, &block)
+        end
+        
         # Gets information about a location.
         # @param [String] name
         #   Resource name for the location.
@@ -848,11 +883,11 @@ module Google
         end
         
         # Schedule a CryptoKeyVersion for destruction. Upon calling this method,
-        # CryptoKeyVersion.state will be set to DESTROY_SCHEDULED and destroy_time will
-        # be set to a time 24 hours in the future, at which point the state will be
-        # changed to DESTROYED, and the key material will be irrevocably destroyed.
-        # Before the destroy_time is reached, RestoreCryptoKeyVersion may be called to
-        # reverse the process.
+        # CryptoKeyVersion.state will be set to DESTROY_SCHEDULED, and destroy_time will
+        # be set to the time destroy_scheduled_duration in the future. At that time, the
+        # state will automatically change to DESTROYED, and the key material will be
+        # irrevocably destroyed. Before the destroy_time is reached,
+        # RestoreCryptoKeyVersion may be called to reverse the process.
         # @param [String] name
         #   Required. The resource name of the CryptoKeyVersion to destroy.
         # @param [Google::Apis::CloudkmsV1::DestroyCryptoKeyVersionRequest] destroy_crypto_key_version_request_object
@@ -946,11 +981,14 @@ module Google
           execute_or_queue_command(command, &block)
         end
         
-        # Imports a new CryptoKeyVersion into an existing CryptoKey using the wrapped
-        # key material provided in the request. The version ID will be assigned the next
-        # sequential id within the CryptoKey.
+        # Import wrapped key material into a CryptoKeyVersion. All requests must specify
+        # a CryptoKey. If a CryptoKeyVersion is additionally specified in the request,
+        # key material will be reimported into that version. Otherwise, a new version
+        # will be created, and will be assigned the next sequential id within the
+        # CryptoKey.
         # @param [String] parent
-        #   Required. The name of the CryptoKey to be imported into.
+        #   Required. The name of the CryptoKey to be imported into. The create permission
+        #   is only required on this key when creating a new CryptoKeyVersion.
         # @param [Google::Apis::CloudkmsV1::ImportCryptoKeyVersionRequest] import_crypto_key_version_request_object
         # @param [String] fields
         #   Selector specifying which fields to include in a partial response.
@@ -1036,6 +1074,75 @@ module Google
           execute_or_queue_command(command, &block)
         end
         
+        # Signs data using a CryptoKeyVersion with CryptoKey.purpose MAC, producing a
+        # tag that can be verified by another source with the same key.
+        # @param [String] name
+        #   Required. The resource name of the CryptoKeyVersion to use for signing.
+        # @param [Google::Apis::CloudkmsV1::MacSignRequest] mac_sign_request_object
+        # @param [String] fields
+        #   Selector specifying which fields to include in a partial response.
+        # @param [String] quota_user
+        #   Available to use for quota purposes for server-side applications. Can be any
+        #   arbitrary string assigned to a user, but should not exceed 40 characters.
+        # @param [Google::Apis::RequestOptions] options
+        #   Request-specific options
+        #
+        # @yield [result, err] Result & error if block supplied
+        # @yieldparam result [Google::Apis::CloudkmsV1::MacSignResponse] parsed result object
+        # @yieldparam err [StandardError] error object if request failed
+        #
+        # @return [Google::Apis::CloudkmsV1::MacSignResponse]
+        #
+        # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
+        # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
+        # @raise [Google::Apis::AuthorizationError] Authorization is required
+        def mac_crypto_key_version_sign(name, mac_sign_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
+          command = make_simple_command(:post, 'v1/{+name}:macSign', options)
+          command.request_representation = Google::Apis::CloudkmsV1::MacSignRequest::Representation
+          command.request_object = mac_sign_request_object
+          command.response_representation = Google::Apis::CloudkmsV1::MacSignResponse::Representation
+          command.response_class = Google::Apis::CloudkmsV1::MacSignResponse
+          command.params['name'] = name unless name.nil?
+          command.query['fields'] = fields unless fields.nil?
+          command.query['quotaUser'] = quota_user unless quota_user.nil?
+          execute_or_queue_command(command, &block)
+        end
+        
+        # Verifies MAC tag using a CryptoKeyVersion with CryptoKey.purpose MAC, and
+        # returns a response that indicates whether or not the verification was
+        # successful.
+        # @param [String] name
+        #   Required. The resource name of the CryptoKeyVersion to use for verification.
+        # @param [Google::Apis::CloudkmsV1::MacVerifyRequest] mac_verify_request_object
+        # @param [String] fields
+        #   Selector specifying which fields to include in a partial response.
+        # @param [String] quota_user
+        #   Available to use for quota purposes for server-side applications. Can be any
+        #   arbitrary string assigned to a user, but should not exceed 40 characters.
+        # @param [Google::Apis::RequestOptions] options
+        #   Request-specific options
+        #
+        # @yield [result, err] Result & error if block supplied
+        # @yieldparam result [Google::Apis::CloudkmsV1::MacVerifyResponse] parsed result object
+        # @yieldparam err [StandardError] error object if request failed
+        #
+        # @return [Google::Apis::CloudkmsV1::MacVerifyResponse]
+        #
+        # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
+        # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
+        # @raise [Google::Apis::AuthorizationError] Authorization is required
+        def mac_crypto_key_version_verify(name, mac_verify_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
+          command = make_simple_command(:post, 'v1/{+name}:macVerify', options)
+          command.request_representation = Google::Apis::CloudkmsV1::MacVerifyRequest::Representation
+          command.request_object = mac_verify_request_object
+          command.response_representation = Google::Apis::CloudkmsV1::MacVerifyResponse::Representation
+          command.response_class = Google::Apis::CloudkmsV1::MacVerifyResponse
+          command.params['name'] = name unless name.nil?
+          command.query['fields'] = fields unless fields.nil?
+          command.query['quotaUser'] = quota_user unless quota_user.nil?
+          execute_or_queue_command(command, &block)
+        end
+        
         # Update a CryptoKeyVersion's metadata. state may be changed between ENABLED and
         # DISABLED using this method. See DestroyCryptoKeyVersion and
         # RestoreCryptoKeyVersion to move between other states.

data/lib/google/apis/cloudkms_v1.rb

@@ -30,7 +30,7 @@ module Google
       # This is NOT the gem version.
       VERSION = 'V1'
 
-      # See, edit, configure, and delete your Google Cloud Platform data
+      # See, edit, configure, and delete your Google Cloud data and see the email address for your Google Account.
       AUTH_CLOUD_PLATFORM = 'https://www.googleapis.com/auth/cloud-platform'
 
       # View and manage your keys and secrets stored in Cloud Key Management Service

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: google-apis-cloudkms_v1
 version: !ruby/object:Gem::Version
-  version: 0.9.0
+  version: 0.13.0
 platform: ruby
 authors:
 - Google LLC
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-07-05 00:00:00.000000000 Z
+date: 2021-10-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: google-apis-core
@@ -57,9 +57,9 @@ licenses:
 - Apache-2.0
 metadata:
   bug_tracker_uri: https://github.com/googleapis/google-api-ruby-client/issues
-  changelog_uri: https://github.com/googleapis/google-api-ruby-client/tree/master/generated/google-apis-cloudkms_v1/CHANGELOG.md
-  documentation_uri: https://googleapis.dev/ruby/google-apis-cloudkms_v1/v0.9.0
-  source_code_uri: https://github.com/googleapis/google-api-ruby-client/tree/master/generated/google-apis-cloudkms_v1
+  changelog_uri: https://github.com/googleapis/google-api-ruby-client/tree/main/generated/google-apis-cloudkms_v1/CHANGELOG.md
+  documentation_uri: https://googleapis.dev/ruby/google-apis-cloudkms_v1/v0.13.0
+  source_code_uri: https://github.com/googleapis/google-api-ruby-client/tree/main/generated/google-apis-cloudkms_v1
 post_install_message: 
 rdoc_options: []
 require_paths: