google-cloud-kms-v1 0.1.0

data/lib/google/cloud/kms/v1/service_services_pb.rb

@@ -0,0 +1,150 @@
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# Source: google/cloud/kms/v1/service.proto for package 'google.cloud.kms.v1'
+# Original file comments:
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'grpc'
+require 'google/cloud/kms/v1/service_pb'
+
+module Google
+  module Cloud
+    module Kms
+      module V1
+        module KeyManagementService
+          # Google Cloud Key Management Service
+          #
+          # Manages cryptographic keys and operations using those keys. Implements a REST
+          # model with the following objects:
+          #
+          # * [KeyRing][google.cloud.kms.v1.KeyRing]
+          # * [CryptoKey][google.cloud.kms.v1.CryptoKey]
+          # * [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
+          # * [ImportJob][google.cloud.kms.v1.ImportJob]
+          #
+          # If you are using manual gRPC libraries, see
+          # [Using gRPC with Cloud KMS](https://cloud.google.com/kms/docs/grpc).
+          class Service
+
+            include GRPC::GenericService
+
+            self.marshal_class_method = :encode
+            self.unmarshal_class_method = :decode
+            self.service_name = 'google.cloud.kms.v1.KeyManagementService'
+
+            # Lists [KeyRings][google.cloud.kms.v1.KeyRing].
+            rpc :ListKeyRings, ListKeyRingsRequest, ListKeyRingsResponse
+            # Lists [CryptoKeys][google.cloud.kms.v1.CryptoKey].
+            rpc :ListCryptoKeys, ListCryptoKeysRequest, ListCryptoKeysResponse
+            # Lists [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion].
+            rpc :ListCryptoKeyVersions, ListCryptoKeyVersionsRequest, ListCryptoKeyVersionsResponse
+            # Lists [ImportJobs][google.cloud.kms.v1.ImportJob].
+            rpc :ListImportJobs, ListImportJobsRequest, ListImportJobsResponse
+            # Returns metadata for a given [KeyRing][google.cloud.kms.v1.KeyRing].
+            rpc :GetKeyRing, GetKeyRingRequest, KeyRing
+            # Returns metadata for a given [CryptoKey][google.cloud.kms.v1.CryptoKey], as well as its
+            # [primary][google.cloud.kms.v1.CryptoKey.primary] [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
+            rpc :GetCryptoKey, GetCryptoKeyRequest, CryptoKey
+            # Returns metadata for a given [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
+            rpc :GetCryptoKeyVersion, GetCryptoKeyVersionRequest, CryptoKeyVersion
+            # Returns the public key for the given [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. The
+            # [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
+            # [ASYMMETRIC_SIGN][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN] or
+            # [ASYMMETRIC_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_DECRYPT].
+            rpc :GetPublicKey, GetPublicKeyRequest, PublicKey
+            # Returns metadata for a given [ImportJob][google.cloud.kms.v1.ImportJob].
+            rpc :GetImportJob, GetImportJobRequest, ImportJob
+            # Create a new [KeyRing][google.cloud.kms.v1.KeyRing] in a given Project and Location.
+            rpc :CreateKeyRing, CreateKeyRingRequest, KeyRing
+            # Create a new [CryptoKey][google.cloud.kms.v1.CryptoKey] within a [KeyRing][google.cloud.kms.v1.KeyRing].
+            #
+            # [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] and
+            # [CryptoKey.version_template.algorithm][google.cloud.kms.v1.CryptoKeyVersionTemplate.algorithm]
+            # are required.
+            rpc :CreateCryptoKey, CreateCryptoKeyRequest, CryptoKey
+            # Create a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in a [CryptoKey][google.cloud.kms.v1.CryptoKey].
+            #
+            # The server will assign the next sequential id. If unset,
+            # [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to
+            # [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED].
+            rpc :CreateCryptoKeyVersion, CreateCryptoKeyVersionRequest, CryptoKeyVersion
+            # Imports a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] into an existing [CryptoKey][google.cloud.kms.v1.CryptoKey] using the
+            # wrapped key material provided in the request.
+            #
+            # The version ID will be assigned the next sequential id within the
+            # [CryptoKey][google.cloud.kms.v1.CryptoKey].
+            rpc :ImportCryptoKeyVersion, ImportCryptoKeyVersionRequest, CryptoKeyVersion
+            # Create a new [ImportJob][google.cloud.kms.v1.ImportJob] within a [KeyRing][google.cloud.kms.v1.KeyRing].
+            #
+            # [ImportJob.import_method][google.cloud.kms.v1.ImportJob.import_method] is required.
+            rpc :CreateImportJob, CreateImportJobRequest, ImportJob
+            # Update a [CryptoKey][google.cloud.kms.v1.CryptoKey].
+            rpc :UpdateCryptoKey, UpdateCryptoKeyRequest, CryptoKey
+            # Update a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s metadata.
+            #
+            # [state][google.cloud.kms.v1.CryptoKeyVersion.state] may be changed between
+            # [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED] and
+            # [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED] using this
+            # method. See [DestroyCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion] and [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion] to
+            # move between other states.
+            rpc :UpdateCryptoKeyVersion, UpdateCryptoKeyVersionRequest, CryptoKeyVersion
+            # Encrypts data, so that it can only be recovered by a call to [Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt].
+            # The [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
+            # [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
+            rpc :Encrypt, EncryptRequest, EncryptResponse
+            # Decrypts data that was protected by [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. The [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
+            # must be [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
+            rpc :Decrypt, DecryptRequest, DecryptResponse
+            # Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
+            # ASYMMETRIC_SIGN, producing a signature that can be verified with the public
+            # key retrieved from [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey].
+            rpc :AsymmetricSign, AsymmetricSignRequest, AsymmetricSignResponse
+            # Decrypts data that was encrypted with a public key retrieved from
+            # [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey] corresponding to a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with
+            # [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] ASYMMETRIC_DECRYPT.
+            rpc :AsymmetricDecrypt, AsymmetricDecryptRequest, AsymmetricDecryptResponse
+            # Update the version of a [CryptoKey][google.cloud.kms.v1.CryptoKey] that will be used in [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt].
+            #
+            # Returns an error if called on an asymmetric key.
+            rpc :UpdateCryptoKeyPrimaryVersion, UpdateCryptoKeyPrimaryVersionRequest, CryptoKey
+            # Schedule a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] for destruction.
+            #
+            # Upon calling this method, [CryptoKeyVersion.state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to
+            # [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED]
+            # and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will be set to a time 24
+            # hours in the future, at which point the [state][google.cloud.kms.v1.CryptoKeyVersion.state]
+            # will be changed to
+            # [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED], and the key
+            # material will be irrevocably destroyed.
+            #
+            # Before the [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] is reached,
+            # [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion] may be called to reverse the process.
+            rpc :DestroyCryptoKeyVersion, DestroyCryptoKeyVersionRequest, CryptoKeyVersion
+            # Restore a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in the
+            # [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED]
+            # state.
+            #
+            # Upon restoration of the CryptoKeyVersion, [state][google.cloud.kms.v1.CryptoKeyVersion.state]
+            # will be set to [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED],
+            # and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will be cleared.
+            rpc :RestoreCryptoKeyVersion, RestoreCryptoKeyVersionRequest, CryptoKeyVersion
+          end
+
+          Stub = Service.rpc_stub_class
+        end
+      end
+    end
+  end
+end

data/lib/google/cloud/kms/v1/version.rb

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Google
+  module Cloud
+    module Kms
+      module V1
+        VERSION = "0.1.0"
+      end
+    end
+  end
+end

data/lib/google/iam/v1/iam_policy_services_pb.rb

@@ -0,0 +1,81 @@
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# Source: google/iam/v1/iam_policy.proto for package 'google.iam.v1'
+# Original file comments:
+# Copyright 2019 Google LLC.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+
+require 'grpc'
+require 'google/iam/v1/iam_policy_pb'
+
+module Google
+  module Iam
+    module V1
+      module IAMPolicy
+        # ## API Overview
+        #
+        # Manages Identity and Access Management (IAM) policies.
+        #
+        # Any implementation of an API that offers access control features
+        # implements the google.iam.v1.IAMPolicy interface.
+        #
+        # ## Data model
+        #
+        # Access control is applied when a principal (user or service account), takes
+        # some action on a resource exposed by a service. Resources, identified by
+        # URI-like names, are the unit of access control specification. Service
+        # implementations can choose the granularity of access control and the
+        # supported permissions for their resources.
+        # For example one database service may allow access control to be
+        # specified only at the Table level, whereas another might allow access control
+        # to also be specified at the Column level.
+        #
+        # ## Policy Structure
+        #
+        # See google.iam.v1.Policy
+        #
+        # This is intentionally not a CRUD style API because access control policies
+        # are created and deleted implicitly with the resources to which they are
+        # attached.
+        class Service
+
+          include GRPC::GenericService
+
+          self.marshal_class_method = :encode
+          self.unmarshal_class_method = :decode
+          self.service_name = 'google.iam.v1.IAMPolicy'
+
+          # Sets the access control policy on the specified resource. Replaces any
+          # existing policy.
+          rpc :SetIamPolicy, SetIamPolicyRequest, Policy
+          # Gets the access control policy for a resource.
+          # Returns an empty policy if the resource exists and does not have a policy
+          # set.
+          rpc :GetIamPolicy, GetIamPolicyRequest, Policy
+          # Returns permissions that a caller has on the specified resource.
+          # If the resource does not exist, this will return an empty set of
+          # permissions, not a NOT_FOUND error.
+          #
+          # Note: This operation is designed to be used for building permission-aware
+          # UIs and command-line tools, not for authorization checking. This operation
+          # may "fail open" without warning.
+          rpc :TestIamPermissions, TestIamPermissionsRequest, TestIamPermissionsResponse
+        end
+
+        Stub = Service.rpc_stub_class
+      end
+    end
+  end
+end

data/proto_docs/README.md

@@ -0,0 +1,4 @@
+# Cloud Key Management Service (KMS) V1 Protocol Buffer Documentation
+
+These files are for the YARD documentation of the generated protobuf files.
+They are not intended to be required or loaded at runtime.

data/proto_docs/google/api/field_behavior.rb

@@ -0,0 +1,59 @@
+# frozen_string_literal: true
+
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Google
+  module Api
+    # An indicator of the behavior of a given field (for example, that a field
+    # is required in requests, or given as output but ignored as input).
+    # This **does not** change the behavior in protocol buffers itself; it only
+    # denotes the behavior and may affect how API tooling handles the field.
+    #
+    # Note: This enum **may** receive new values in the future.
+    module FieldBehavior
+      # Conventional default for enums. Do not use this.
+      FIELD_BEHAVIOR_UNSPECIFIED = 0
+
+      # Specifically denotes a field as optional.
+      # While all fields in protocol buffers are optional, this may be specified
+      # for emphasis if appropriate.
+      OPTIONAL = 1
+
+      # Denotes a field as required.
+      # This indicates that the field **must** be provided as part of the request,
+      # and failure to do so will cause an error (usually `INVALID_ARGUMENT`).
+      REQUIRED = 2
+
+      # Denotes a field as output only.
+      # This indicates that the field is provided in responses, but including the
+      # field in a request does nothing (the server *must* ignore it and
+      # *must not* throw an error as a result of the field's presence).
+      OUTPUT_ONLY = 3
+
+      # Denotes a field as input only.
+      # This indicates that the field is provided in requests, and the
+      # corresponding field is not included in output.
+      INPUT_ONLY = 4
+
+      # Denotes a field as immutable.
+      # This indicates that the field may be set once in a request to create a
+      # resource, but may not be changed thereafter.
+      IMMUTABLE = 5
+    end
+  end
+end

data/proto_docs/google/api/resource.rb

@@ -0,0 +1,247 @@
+# frozen_string_literal: true
+
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Google
+  module Api
+    # A simple descriptor of a resource type.
+    #
+    # ResourceDescriptor annotates a resource message (either by means of a
+    # protobuf annotation or use in the service config), and associates the
+    # resource's schema, the resource type, and the pattern of the resource name.
+    #
+    # Example:
+    #
+    #     message Topic {
+    #       // Indicates this message defines a resource schema.
+    #       // Declares the resource type in the format of {service}/{kind}.
+    #       // For Kubernetes resources, the format is {api group}/{kind}.
+    #       option (google.api.resource) = {
+    #         type: "pubsub.googleapis.com/Topic"
+    #         name_descriptor: {
+    #           pattern: "projects/{project}/topics/{topic}"
+    #           parent_type: "cloudresourcemanager.googleapis.com/Project"
+    #           parent_name_extractor: "projects/{project}"
+    #         }
+    #       };
+    #     }
+    #
+    # The ResourceDescriptor Yaml config will look like:
+    #
+    #    resources:
+    #    - type: "pubsub.googleapis.com/Topic"
+    #      name_descriptor:
+    #        - pattern: "projects/\\{project}/topics/\\{topic}"
+    #          parent_type: "cloudresourcemanager.googleapis.com/Project"
+    #          parent_name_extractor: "projects/\\{project}"
+    #
+    # Sometimes, resources have multiple patterns, typically because they can
+    # live under multiple parents.
+    #
+    # Example:
+    #
+    #     message LogEntry {
+    #       option (google.api.resource) = {
+    #         type: "logging.googleapis.com/LogEntry"
+    #         name_descriptor: {
+    #           pattern: "projects/{project}/logs/{log}"
+    #           parent_type: "cloudresourcemanager.googleapis.com/Project"
+    #           parent_name_extractor: "projects/{project}"
+    #         }
+    #         name_descriptor: {
+    #           pattern: "folders/{folder}/logs/{log}"
+    #           parent_type: "cloudresourcemanager.googleapis.com/Folder"
+    #           parent_name_extractor: "folders/{folder}"
+    #         }
+    #         name_descriptor: {
+    #           pattern: "organizations/{organization}/logs/{log}"
+    #           parent_type: "cloudresourcemanager.googleapis.com/Organization"
+    #           parent_name_extractor: "organizations/{organization}"
+    #         }
+    #         name_descriptor: {
+    #           pattern: "billingAccounts/{billing_account}/logs/{log}"
+    #           parent_type: "billing.googleapis.com/BillingAccount"
+    #           parent_name_extractor: "billingAccounts/{billing_account}"
+    #         }
+    #       };
+    #     }
+    #
+    # The ResourceDescriptor Yaml config will look like:
+    #
+    #     resources:
+    #     - type: 'logging.googleapis.com/LogEntry'
+    #       name_descriptor:
+    #         - pattern: "projects/{project}/logs/{log}"
+    #           parent_type: "cloudresourcemanager.googleapis.com/Project"
+    #           parent_name_extractor: "projects/{project}"
+    #         - pattern: "folders/{folder}/logs/{log}"
+    #           parent_type: "cloudresourcemanager.googleapis.com/Folder"
+    #           parent_name_extractor: "folders/{folder}"
+    #         - pattern: "organizations/{organization}/logs/{log}"
+    #           parent_type: "cloudresourcemanager.googleapis.com/Organization"
+    #           parent_name_extractor: "organizations/{organization}"
+    #         - pattern: "billingAccounts/{billing_account}/logs/{log}"
+    #           parent_type: "billing.googleapis.com/BillingAccount"
+    #           parent_name_extractor: "billingAccounts/{billing_account}"
+    #
+    # For flexible resources, the resource name doesn't contain parent names, but
+    # the resource itself has parents for policy evaluation.
+    #
+    # Example:
+    #
+    #     message Shelf {
+    #       option (google.api.resource) = {
+    #         type: "library.googleapis.com/Shelf"
+    #         name_descriptor: {
+    #           pattern: "shelves/{shelf}"
+    #           parent_type: "cloudresourcemanager.googleapis.com/Project"
+    #         }
+    #         name_descriptor: {
+    #           pattern: "shelves/{shelf}"
+    #           parent_type: "cloudresourcemanager.googleapis.com/Folder"
+    #         }
+    #       };
+    #     }
+    #
+    # The ResourceDescriptor Yaml config will look like:
+    #
+    #     resources:
+    #     - type: 'library.googleapis.com/Shelf'
+    #       name_descriptor:
+    #         - pattern: "shelves/{shelf}"
+    #           parent_type: "cloudresourcemanager.googleapis.com/Project"
+    #         - pattern: "shelves/{shelf}"
+    #           parent_type: "cloudresourcemanager.googleapis.com/Folder"
+    # @!attribute [rw] type
+    #   @return [String]
+    #     The resource type. It must be in the format of
+    #     \\{service_name}/\\{resource_type_kind}. The `resource_type_kind` must be
+    #     singular and must not include version numbers.
+    #
+    #     Example: `storage.googleapis.com/Bucket`
+    #
+    #     The value of the resource_type_kind must follow the regular expression
+    #     /[A-Za-z][a-zA-Z0-9]+/. It should start with an upper case character and
+    #     should use PascalCase (UpperCamelCase). The maximum number of
+    #     characters allowed for the `resource_type_kind` is 100.
+    # @!attribute [rw] pattern
+    #   @return [Array<String>]
+    #     Optional. The relative resource name pattern associated with this resource
+    #     type. The DNS prefix of the full resource name shouldn't be specified here.
+    #
+    #     The path pattern must follow the syntax, which aligns with HTTP binding
+    #     syntax:
+    #
+    #         Template = Segment { "/" Segment } ;
+    #         Segment = LITERAL | Variable ;
+    #         Variable = "{" LITERAL "}" ;
+    #
+    #     Examples:
+    #
+    #         - "projects/\\{project}/topics/\\{topic}"
+    #         - "projects/\\{project}/knowledgeBases/\\{knowledge_base}"
+    #
+    #     The components in braces correspond to the IDs for each resource in the
+    #     hierarchy. It is expected that, if multiple patterns are provided,
+    #     the same component name (e.g. "project") refers to IDs of the same
+    #     type of resource.
+    # @!attribute [rw] name_field
+    #   @return [String]
+    #     Optional. The field on the resource that designates the resource name
+    #     field. If omitted, this is assumed to be "name".
+    # @!attribute [rw] history
+    #   @return [Google::Api::ResourceDescriptor::History]
+    #     Optional. The historical or future-looking state of the resource pattern.
+    #
+    #     Example:
+    #
+    #         // The InspectTemplate message originally only supported resource
+    #         // names with organization, and project was added later.
+    #         message InspectTemplate {
+    #           option (google.api.resource) = {
+    #             type: "dlp.googleapis.com/InspectTemplate"
+    #             pattern:
+    #             "organizations/{organization}/inspectTemplates/{inspect_template}"
+    #             pattern: "projects/{project}/inspectTemplates/{inspect_template}"
+    #             history: ORIGINALLY_SINGLE_PATTERN
+    #           };
+    #         }
+    # @!attribute [rw] plural
+    #   @return [String]
+    #     The plural name used in the resource name, such as 'projects' for
+    #     the name of 'projects/\\{project}'. It is the same concept of the `plural`
+    #     field in k8s CRD spec
+    #     https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions/
+    # @!attribute [rw] singular
+    #   @return [String]
+    #     The same concept of the `singular` field in k8s CRD spec
+    #     https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions/
+    #     Such as "project" for the `resourcemanager.googleapis.com/Project` type.
+    class ResourceDescriptor
+      include Google::Protobuf::MessageExts
+      extend Google::Protobuf::MessageExts::ClassMethods
+
+      # A description of the historical or future-looking state of the
+      # resource pattern.
+      module History
+        # The "unset" value.
+        HISTORY_UNSPECIFIED = 0
+
+        # The resource originally had one pattern and launched as such, and
+        # additional patterns were added later.
+        ORIGINALLY_SINGLE_PATTERN = 1
+
+        # The resource has one pattern, but the API owner expects to add more
+        # later. (This is the inverse of ORIGINALLY_SINGLE_PATTERN, and prevents
+        # that from being necessary once there are multiple patterns.)
+        FUTURE_MULTI_PATTERN = 2
+      end
+    end
+
+    # Defines a proto annotation that describes a string field that refers to
+    # an API resource.
+    # @!attribute [rw] type
+    #   @return [String]
+    #     The resource type that the annotated field references.
+    #
+    #     Example:
+    #
+    #         message Subscription {
+    #           string topic = 2 [(google.api.resource_reference) = {
+    #             type: "pubsub.googleapis.com/Topic"
+    #           }];
+    #         }
+    # @!attribute [rw] child_type
+    #   @return [String]
+    #     The resource type of a child collection that the annotated field
+    #     references. This is useful for annotating the `parent` field that
+    #     doesn't have a fixed resource type.
+    #
+    #     Example:
+    #
+    #       message ListLogEntriesRequest {
+    #         string parent = 1 [(google.api.resource_reference) = {
+    #           child_type: "logging.googleapis.com/LogEntry"
+    #         };
+    #       }
+    class ResourceReference
+      include Google::Protobuf::MessageExts
+      extend Google::Protobuf::MessageExts::ClassMethods
+    end
+  end
+end