google-cloud-kms-v1 0.10.1 → 0.12.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.yardopts +1 -1
- data/AUTHENTICATION.md +13 -31
- data/README.md +4 -4
- data/lib/google/cloud/kms/v1/ekm_service/client.rb +731 -0
- data/lib/google/cloud/kms/v1/ekm_service/credentials.rb +52 -0
- data/lib/google/cloud/kms/v1/ekm_service/paths.rb +90 -0
- data/lib/google/cloud/kms/v1/ekm_service.rb +53 -0
- data/lib/google/cloud/kms/v1/ekm_service_pb.rb +79 -0
- data/lib/google/cloud/kms/v1/ekm_service_services_pb.rb +57 -0
- data/lib/google/cloud/kms/v1/iam_policy/client.rb +13 -4
- data/lib/google/cloud/kms/v1/iam_policy.rb +2 -1
- data/lib/google/cloud/kms/v1/key_management_service/client.rb +427 -276
- data/lib/google/cloud/kms/v1/resources_pb.rb +10 -1
- data/lib/google/cloud/kms/v1/service_services_pb.rb +84 -48
- data/lib/google/cloud/kms/v1/version.rb +1 -1
- data/lib/google/cloud/kms/v1.rb +4 -1
- data/proto_docs/google/api/resource.rb +10 -71
- data/proto_docs/google/cloud/kms/v1/ekm_service.rb +226 -0
- data/proto_docs/google/cloud/kms/v1/resources.rb +299 -160
- data/proto_docs/google/cloud/kms/v1/service.rb +653 -412
- data/proto_docs/google/iam/v1/iam_policy.rb +8 -1
- data/proto_docs/google/iam/v1/options.rb +14 -4
- data/proto_docs/google/iam/v1/policy.rb +208 -38
- metadata +14 -13
@@ -299,12 +299,16 @@ module Google
|
|
299
299
|
#
|
300
300
|
# @param parent [::String]
|
301
301
|
# Required. The resource name of the location associated with the
|
302
|
-
# {::Google::Cloud::Kms::V1::KeyRing KeyRings}, in the format
|
302
|
+
# {::Google::Cloud::Kms::V1::KeyRing KeyRings}, in the format
|
303
|
+
# `projects/*/locations/*`.
|
303
304
|
# @param page_size [::Integer]
|
304
|
-
# Optional. Optional limit on the number of
|
305
|
-
#
|
306
|
-
#
|
307
|
-
#
|
305
|
+
# Optional. Optional limit on the number of
|
306
|
+
# {::Google::Cloud::Kms::V1::KeyRing KeyRings} to include in the response. Further
|
307
|
+
# {::Google::Cloud::Kms::V1::KeyRing KeyRings} can subsequently be obtained by
|
308
|
+
# including the
|
309
|
+
# {::Google::Cloud::Kms::V1::ListKeyRingsResponse#next_page_token ListKeyRingsResponse.next_page_token}
|
310
|
+
# in a subsequent request. If unspecified, the server will pick an
|
311
|
+
# appropriate default.
|
308
312
|
# @param page_token [::String]
|
309
313
|
# Optional. Optional pagination token, returned earlier via
|
310
314
|
# {::Google::Cloud::Kms::V1::ListKeyRingsResponse#next_page_token ListKeyRingsResponse.next_page_token}.
|
@@ -409,13 +413,16 @@ module Google
|
|
409
413
|
# the default parameter values, pass an empty Hash as a request object (see above).
|
410
414
|
#
|
411
415
|
# @param parent [::String]
|
412
|
-
# Required. The resource name of the {::Google::Cloud::Kms::V1::KeyRing KeyRing}
|
413
|
-
# `projects/*/locations/*/keyRings/*`.
|
416
|
+
# Required. The resource name of the {::Google::Cloud::Kms::V1::KeyRing KeyRing}
|
417
|
+
# to list, in the format `projects/*/locations/*/keyRings/*`.
|
414
418
|
# @param page_size [::Integer]
|
415
|
-
# Optional. Optional limit on the number of
|
416
|
-
#
|
417
|
-
#
|
418
|
-
#
|
419
|
+
# Optional. Optional limit on the number of
|
420
|
+
# {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} to include in the response.
|
421
|
+
# Further {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} can subsequently be
|
422
|
+
# obtained by including the
|
423
|
+
# {::Google::Cloud::Kms::V1::ListCryptoKeysResponse#next_page_token ListCryptoKeysResponse.next_page_token}
|
424
|
+
# in a subsequent request. If unspecified, the server will pick an
|
425
|
+
# appropriate default.
|
419
426
|
# @param page_token [::String]
|
420
427
|
# Optional. Optional pagination token, returned earlier via
|
421
428
|
# {::Google::Cloud::Kms::V1::ListCryptoKeysResponse#next_page_token ListCryptoKeysResponse.next_page_token}.
|
@@ -522,14 +529,17 @@ module Google
|
|
522
529
|
# the default parameter values, pass an empty Hash as a request object (see above).
|
523
530
|
#
|
524
531
|
# @param parent [::String]
|
525
|
-
# Required. The resource name of the
|
532
|
+
# Required. The resource name of the
|
533
|
+
# {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} to list, in the format
|
526
534
|
# `projects/*/locations/*/keyRings/*/cryptoKeys/*`.
|
527
535
|
# @param page_size [::Integer]
|
528
|
-
# Optional. Optional limit on the number of
|
529
|
-
#
|
530
|
-
#
|
531
|
-
#
|
532
|
-
#
|
536
|
+
# Optional. Optional limit on the number of
|
537
|
+
# {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersions} to include in the
|
538
|
+
# response. Further {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersions}
|
539
|
+
# can subsequently be obtained by including the
|
540
|
+
# {::Google::Cloud::Kms::V1::ListCryptoKeyVersionsResponse#next_page_token ListCryptoKeyVersionsResponse.next_page_token}
|
541
|
+
# in a subsequent request. If unspecified, the server will pick an
|
542
|
+
# appropriate default.
|
533
543
|
# @param page_token [::String]
|
534
544
|
# Optional. Optional pagination token, returned earlier via
|
535
545
|
# {::Google::Cloud::Kms::V1::ListCryptoKeyVersionsResponse#next_page_token ListCryptoKeyVersionsResponse.next_page_token}.
|
@@ -636,13 +646,16 @@ module Google
|
|
636
646
|
# the default parameter values, pass an empty Hash as a request object (see above).
|
637
647
|
#
|
638
648
|
# @param parent [::String]
|
639
|
-
# Required. The resource name of the {::Google::Cloud::Kms::V1::KeyRing KeyRing}
|
640
|
-
# `projects/*/locations/*/keyRings/*`.
|
649
|
+
# Required. The resource name of the {::Google::Cloud::Kms::V1::KeyRing KeyRing}
|
650
|
+
# to list, in the format `projects/*/locations/*/keyRings/*`.
|
641
651
|
# @param page_size [::Integer]
|
642
|
-
# Optional. Optional limit on the number of
|
643
|
-
#
|
644
|
-
#
|
645
|
-
#
|
652
|
+
# Optional. Optional limit on the number of
|
653
|
+
# {::Google::Cloud::Kms::V1::ImportJob ImportJobs} to include in the response.
|
654
|
+
# Further {::Google::Cloud::Kms::V1::ImportJob ImportJobs} can subsequently be
|
655
|
+
# obtained by including the
|
656
|
+
# {::Google::Cloud::Kms::V1::ListImportJobsResponse#next_page_token ListImportJobsResponse.next_page_token}
|
657
|
+
# in a subsequent request. If unspecified, the server will pick an
|
658
|
+
# appropriate default.
|
646
659
|
# @param page_token [::String]
|
647
660
|
# Optional. Optional pagination token, returned earlier via
|
648
661
|
# {::Google::Cloud::Kms::V1::ListImportJobsResponse#next_page_token ListImportJobsResponse.next_page_token}.
|
@@ -747,7 +760,8 @@ module Google
|
|
747
760
|
# the default parameter values, pass an empty Hash as a request object (see above).
|
748
761
|
#
|
749
762
|
# @param name [::String]
|
750
|
-
# Required. The {::Google::Cloud::Kms::V1::KeyRing#name name} of the
|
763
|
+
# Required. The {::Google::Cloud::Kms::V1::KeyRing#name name} of the
|
764
|
+
# {::Google::Cloud::Kms::V1::KeyRing KeyRing} to get.
|
751
765
|
#
|
752
766
|
# @yield [response, operation] Access the result along with the RPC operation
|
753
767
|
# @yieldparam response [::Google::Cloud::Kms::V1::KeyRing]
|
@@ -814,8 +828,9 @@ module Google
|
|
814
828
|
end
|
815
829
|
|
816
830
|
##
|
817
|
-
# Returns metadata for a given {::Google::Cloud::Kms::V1::CryptoKey CryptoKey}, as
|
818
|
-
# {::Google::Cloud::Kms::V1::CryptoKey#primary primary}
|
831
|
+
# Returns metadata for a given {::Google::Cloud::Kms::V1::CryptoKey CryptoKey}, as
|
832
|
+
# well as its {::Google::Cloud::Kms::V1::CryptoKey#primary primary}
|
833
|
+
# {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}.
|
819
834
|
#
|
820
835
|
# @overload get_crypto_key(request, options = nil)
|
821
836
|
# Pass arguments to `get_crypto_key` via a request object, either of type
|
@@ -833,7 +848,8 @@ module Google
|
|
833
848
|
# the default parameter values, pass an empty Hash as a request object (see above).
|
834
849
|
#
|
835
850
|
# @param name [::String]
|
836
|
-
# Required. The {::Google::Cloud::Kms::V1::CryptoKey#name name} of the
|
851
|
+
# Required. The {::Google::Cloud::Kms::V1::CryptoKey#name name} of the
|
852
|
+
# {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} to get.
|
837
853
|
#
|
838
854
|
# @yield [response, operation] Access the result along with the RPC operation
|
839
855
|
# @yieldparam response [::Google::Cloud::Kms::V1::CryptoKey]
|
@@ -900,7 +916,8 @@ module Google
|
|
900
916
|
end
|
901
917
|
|
902
918
|
##
|
903
|
-
# Returns metadata for a given
|
919
|
+
# Returns metadata for a given
|
920
|
+
# {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}.
|
904
921
|
#
|
905
922
|
# @overload get_crypto_key_version(request, options = nil)
|
906
923
|
# Pass arguments to `get_crypto_key_version` via a request object, either of type
|
@@ -918,7 +935,8 @@ module Google
|
|
918
935
|
# the default parameter values, pass an empty Hash as a request object (see above).
|
919
936
|
#
|
920
937
|
# @param name [::String]
|
921
|
-
# Required. The {::Google::Cloud::Kms::V1::CryptoKeyVersion#name name} of the
|
938
|
+
# Required. The {::Google::Cloud::Kms::V1::CryptoKeyVersion#name name} of the
|
939
|
+
# {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to get.
|
922
940
|
#
|
923
941
|
# @yield [response, operation] Access the result along with the RPC operation
|
924
942
|
# @yieldparam response [::Google::Cloud::Kms::V1::CryptoKeyVersion]
|
@@ -985,9 +1003,11 @@ module Google
|
|
985
1003
|
end
|
986
1004
|
|
987
1005
|
##
|
988
|
-
# Returns the public key for the given
|
1006
|
+
# Returns the public key for the given
|
1007
|
+
# {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}. The
|
989
1008
|
# {::Google::Cloud::Kms::V1::CryptoKey#purpose CryptoKey.purpose} must be
|
990
|
-
# {::Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose::ASYMMETRIC_SIGN ASYMMETRIC_SIGN}
|
1009
|
+
# {::Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose::ASYMMETRIC_SIGN ASYMMETRIC_SIGN}
|
1010
|
+
# or
|
991
1011
|
# {::Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose::ASYMMETRIC_DECRYPT ASYMMETRIC_DECRYPT}.
|
992
1012
|
#
|
993
1013
|
# @overload get_public_key(request, options = nil)
|
@@ -1006,8 +1026,8 @@ module Google
|
|
1006
1026
|
# the default parameter values, pass an empty Hash as a request object (see above).
|
1007
1027
|
#
|
1008
1028
|
# @param name [::String]
|
1009
|
-
# Required. The {::Google::Cloud::Kms::V1::CryptoKeyVersion#name name} of the
|
1010
|
-
# get.
|
1029
|
+
# Required. The {::Google::Cloud::Kms::V1::CryptoKeyVersion#name name} of the
|
1030
|
+
# {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} public key to get.
|
1011
1031
|
#
|
1012
1032
|
# @yield [response, operation] Access the result along with the RPC operation
|
1013
1033
|
# @yieldparam response [::Google::Cloud::Kms::V1::PublicKey]
|
@@ -1092,7 +1112,8 @@ module Google
|
|
1092
1112
|
# the default parameter values, pass an empty Hash as a request object (see above).
|
1093
1113
|
#
|
1094
1114
|
# @param name [::String]
|
1095
|
-
# Required. The {::Google::Cloud::Kms::V1::ImportJob#name name} of the
|
1115
|
+
# Required. The {::Google::Cloud::Kms::V1::ImportJob#name name} of the
|
1116
|
+
# {::Google::Cloud::Kms::V1::ImportJob ImportJob} to get.
|
1096
1117
|
#
|
1097
1118
|
# @yield [response, operation] Access the result along with the RPC operation
|
1098
1119
|
# @yieldparam response [::Google::Cloud::Kms::V1::ImportJob]
|
@@ -1159,7 +1180,8 @@ module Google
|
|
1159
1180
|
end
|
1160
1181
|
|
1161
1182
|
##
|
1162
|
-
# Create a new {::Google::Cloud::Kms::V1::KeyRing KeyRing} in a given Project and
|
1183
|
+
# Create a new {::Google::Cloud::Kms::V1::KeyRing KeyRing} in a given Project and
|
1184
|
+
# Location.
|
1163
1185
|
#
|
1164
1186
|
# @overload create_key_ring(request, options = nil)
|
1165
1187
|
# Pass arguments to `create_key_ring` via a request object, either of type
|
@@ -1178,12 +1200,14 @@ module Google
|
|
1178
1200
|
#
|
1179
1201
|
# @param parent [::String]
|
1180
1202
|
# Required. The resource name of the location associated with the
|
1181
|
-
# {::Google::Cloud::Kms::V1::KeyRing KeyRings}, in the format
|
1203
|
+
# {::Google::Cloud::Kms::V1::KeyRing KeyRings}, in the format
|
1204
|
+
# `projects/*/locations/*`.
|
1182
1205
|
# @param key_ring_id [::String]
|
1183
1206
|
# Required. It must be unique within a location and match the regular
|
1184
1207
|
# expression `[a-zA-Z0-9_-]{1,63}`
|
1185
1208
|
# @param key_ring [::Google::Cloud::Kms::V1::KeyRing, ::Hash]
|
1186
|
-
# Required. A {::Google::Cloud::Kms::V1::KeyRing KeyRing} with initial field
|
1209
|
+
# Required. A {::Google::Cloud::Kms::V1::KeyRing KeyRing} with initial field
|
1210
|
+
# values.
|
1187
1211
|
#
|
1188
1212
|
# @yield [response, operation] Access the result along with the RPC operation
|
1189
1213
|
# @yieldparam response [::Google::Cloud::Kms::V1::KeyRing]
|
@@ -1250,7 +1274,8 @@ module Google
|
|
1250
1274
|
end
|
1251
1275
|
|
1252
1276
|
##
|
1253
|
-
# Create a new {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} within a
|
1277
|
+
# Create a new {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} within a
|
1278
|
+
# {::Google::Cloud::Kms::V1::KeyRing KeyRing}.
|
1254
1279
|
#
|
1255
1280
|
# {::Google::Cloud::Kms::V1::CryptoKey#purpose CryptoKey.purpose} and
|
1256
1281
|
# {::Google::Cloud::Kms::V1::CryptoKeyVersionTemplate#algorithm CryptoKey.version_template.algorithm}
|
@@ -1272,17 +1297,21 @@ module Google
|
|
1272
1297
|
# the default parameter values, pass an empty Hash as a request object (see above).
|
1273
1298
|
#
|
1274
1299
|
# @param parent [::String]
|
1275
|
-
# Required. The {::Google::Cloud::Kms::V1::KeyRing#name name} of the KeyRing
|
1276
|
-
# {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys}.
|
1300
|
+
# Required. The {::Google::Cloud::Kms::V1::KeyRing#name name} of the KeyRing
|
1301
|
+
# associated with the {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys}.
|
1277
1302
|
# @param crypto_key_id [::String]
|
1278
1303
|
# Required. It must be unique within a KeyRing and match the regular
|
1279
1304
|
# expression `[a-zA-Z0-9_-]{1,63}`
|
1280
1305
|
# @param crypto_key [::Google::Cloud::Kms::V1::CryptoKey, ::Hash]
|
1281
|
-
# Required. A {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} with initial field
|
1306
|
+
# Required. A {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} with initial field
|
1307
|
+
# values.
|
1282
1308
|
# @param skip_initial_version_creation [::Boolean]
|
1283
|
-
# If set to true, the request will create a
|
1284
|
-
# {::Google::Cloud::Kms::V1::
|
1285
|
-
# {::Google::Cloud::Kms::V1::
|
1309
|
+
# If set to true, the request will create a
|
1310
|
+
# {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} without any
|
1311
|
+
# {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersions}. You must
|
1312
|
+
# manually call
|
1313
|
+
# {::Google::Cloud::Kms::V1::KeyManagementService::Client#create_crypto_key_version CreateCryptoKeyVersion}
|
1314
|
+
# or
|
1286
1315
|
# {::Google::Cloud::Kms::V1::KeyManagementService::Client#import_crypto_key_version ImportCryptoKeyVersion}
|
1287
1316
|
# before you can use this {::Google::Cloud::Kms::V1::CryptoKey CryptoKey}.
|
1288
1317
|
#
|
@@ -1351,7 +1380,8 @@ module Google
|
|
1351
1380
|
end
|
1352
1381
|
|
1353
1382
|
##
|
1354
|
-
# Create a new {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} in a
|
1383
|
+
# Create a new {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} in a
|
1384
|
+
# {::Google::Cloud::Kms::V1::CryptoKey CryptoKey}.
|
1355
1385
|
#
|
1356
1386
|
# The server will assign the next sequential id. If unset,
|
1357
1387
|
# {::Google::Cloud::Kms::V1::CryptoKeyVersion#state state} will be set to
|
@@ -1373,10 +1403,12 @@ module Google
|
|
1373
1403
|
# the default parameter values, pass an empty Hash as a request object (see above).
|
1374
1404
|
#
|
1375
1405
|
# @param parent [::String]
|
1376
|
-
# Required. The {::Google::Cloud::Kms::V1::CryptoKey#name name} of the
|
1377
|
-
#
|
1406
|
+
# Required. The {::Google::Cloud::Kms::V1::CryptoKey#name name} of the
|
1407
|
+
# {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} associated with the
|
1408
|
+
# {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersions}.
|
1378
1409
|
# @param crypto_key_version [::Google::Cloud::Kms::V1::CryptoKeyVersion, ::Hash]
|
1379
|
-
# Required. A {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} with
|
1410
|
+
# Required. A {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} with
|
1411
|
+
# initial field values.
|
1380
1412
|
#
|
1381
1413
|
# @yield [response, operation] Access the result along with the RPC operation
|
1382
1414
|
# @yieldparam response [::Google::Cloud::Kms::V1::CryptoKeyVersion]
|
@@ -1443,12 +1475,14 @@ module Google
|
|
1443
1475
|
end
|
1444
1476
|
|
1445
1477
|
##
|
1446
|
-
# Import wrapped key material into a
|
1478
|
+
# Import wrapped key material into a
|
1479
|
+
# {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}.
|
1447
1480
|
#
|
1448
|
-
# All requests must specify a {::Google::Cloud::Kms::V1::CryptoKey CryptoKey}. If
|
1449
|
-
#
|
1450
|
-
#
|
1451
|
-
#
|
1481
|
+
# All requests must specify a {::Google::Cloud::Kms::V1::CryptoKey CryptoKey}. If
|
1482
|
+
# a {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} is additionally
|
1483
|
+
# specified in the request, key material will be reimported into that
|
1484
|
+
# version. Otherwise, a new version will be created, and will be assigned the
|
1485
|
+
# next sequential id within the {::Google::Cloud::Kms::V1::CryptoKey CryptoKey}.
|
1452
1486
|
#
|
1453
1487
|
# @overload import_crypto_key_version(request, options = nil)
|
1454
1488
|
# Pass arguments to `import_crypto_key_version` via a request object, either of type
|
@@ -1466,34 +1500,42 @@ module Google
|
|
1466
1500
|
# the default parameter values, pass an empty Hash as a request object (see above).
|
1467
1501
|
#
|
1468
1502
|
# @param parent [::String]
|
1469
|
-
# Required. The {::Google::Cloud::Kms::V1::CryptoKey#name name} of the
|
1503
|
+
# Required. The {::Google::Cloud::Kms::V1::CryptoKey#name name} of the
|
1504
|
+
# {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} to be imported into.
|
1470
1505
|
#
|
1471
1506
|
# The create permission is only required on this key when creating a new
|
1472
1507
|
# {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}.
|
1473
1508
|
# @param crypto_key_version [::String]
|
1474
|
-
# Optional. The optional {::Google::Cloud::Kms::V1::CryptoKeyVersion#name name} of
|
1475
|
-
# {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to
|
1476
|
-
# If this field is not present, a new
|
1509
|
+
# Optional. The optional {::Google::Cloud::Kms::V1::CryptoKeyVersion#name name} of
|
1510
|
+
# an existing {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to
|
1511
|
+
# target for an import operation. If this field is not present, a new
|
1512
|
+
# {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} containing the
|
1477
1513
|
# supplied key material is created.
|
1478
1514
|
#
|
1479
1515
|
# If this field is present, the supplied key material is imported into
|
1480
|
-
# the existing {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}. To
|
1481
|
-
#
|
1482
|
-
# {::Google::Cloud::Kms::V1::
|
1483
|
-
#
|
1484
|
-
# {::Google::Cloud::Kms::V1::
|
1516
|
+
# the existing {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}. To
|
1517
|
+
# import into an existing
|
1518
|
+
# {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}, the
|
1519
|
+
# {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} must be a child of
|
1520
|
+
# {::Google::Cloud::Kms::V1::ImportCryptoKeyVersionRequest#parent ImportCryptoKeyVersionRequest.parent},
|
1521
|
+
# have been previously created via [ImportCryptoKeyVersion][], and be in
|
1522
|
+
# {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DESTROYED DESTROYED}
|
1523
|
+
# or
|
1485
1524
|
# {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::IMPORT_FAILED IMPORT_FAILED}
|
1486
1525
|
# state. The key material and algorithm must match the previous
|
1487
|
-
# {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} exactly if the
|
1526
|
+
# {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} exactly if the
|
1527
|
+
# {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} has ever contained
|
1488
1528
|
# key material.
|
1489
1529
|
# @param algorithm [::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionAlgorithm]
|
1490
|
-
# Required. The
|
1491
|
-
#
|
1492
|
-
#
|
1493
|
-
#
|
1530
|
+
# Required. The
|
1531
|
+
# {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionAlgorithm algorithm}
|
1532
|
+
# of the key being imported. This does not need to match the
|
1533
|
+
# {::Google::Cloud::Kms::V1::CryptoKey#version_template version_template} of the
|
1534
|
+
# {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} this version imports into.
|
1494
1535
|
# @param import_job [::String]
|
1495
|
-
# Required. The {::Google::Cloud::Kms::V1::ImportJob#name name} of the
|
1496
|
-
# wrap this key
|
1536
|
+
# Required. The {::Google::Cloud::Kms::V1::ImportJob#name name} of the
|
1537
|
+
# {::Google::Cloud::Kms::V1::ImportJob ImportJob} that was used to wrap this key
|
1538
|
+
# material.
|
1497
1539
|
# @param rsa_aes_wrapped_key [::String]
|
1498
1540
|
# Wrapped key material produced with
|
1499
1541
|
# {::Google::Cloud::Kms::V1::ImportJob::ImportMethod::RSA_OAEP_3072_SHA1_AES_256 RSA_OAEP_3072_SHA1_AES_256}
|
@@ -1503,8 +1545,9 @@ module Google
|
|
1503
1545
|
# This field contains the concatenation of two wrapped keys:
|
1504
1546
|
# <ol>
|
1505
1547
|
# <li>An ephemeral AES-256 wrapping key wrapped with the
|
1506
|
-
# {::Google::Cloud::Kms::V1::ImportJob#public_key public_key} using
|
1507
|
-
# MGF1 with SHA-1, and an
|
1548
|
+
# {::Google::Cloud::Kms::V1::ImportJob#public_key public_key} using
|
1549
|
+
# RSAES-OAEP with SHA-1/SHA-256, MGF1 with SHA-1/SHA-256, and an
|
1550
|
+
# empty label.
|
1508
1551
|
# </li>
|
1509
1552
|
# <li>The key to be imported, wrapped with the ephemeral AES-256 key
|
1510
1553
|
# using AES-KWP (RFC 5649).
|
@@ -1584,9 +1627,11 @@ module Google
|
|
1584
1627
|
end
|
1585
1628
|
|
1586
1629
|
##
|
1587
|
-
# Create a new {::Google::Cloud::Kms::V1::ImportJob ImportJob} within a
|
1630
|
+
# Create a new {::Google::Cloud::Kms::V1::ImportJob ImportJob} within a
|
1631
|
+
# {::Google::Cloud::Kms::V1::KeyRing KeyRing}.
|
1588
1632
|
#
|
1589
|
-
# {::Google::Cloud::Kms::V1::ImportJob#import_method ImportJob.import_method} is
|
1633
|
+
# {::Google::Cloud::Kms::V1::ImportJob#import_method ImportJob.import_method} is
|
1634
|
+
# required.
|
1590
1635
|
#
|
1591
1636
|
# @overload create_import_job(request, options = nil)
|
1592
1637
|
# Pass arguments to `create_import_job` via a request object, either of type
|
@@ -1604,13 +1649,15 @@ module Google
|
|
1604
1649
|
# the default parameter values, pass an empty Hash as a request object (see above).
|
1605
1650
|
#
|
1606
1651
|
# @param parent [::String]
|
1607
|
-
# Required. The {::Google::Cloud::Kms::V1::KeyRing#name name} of the
|
1652
|
+
# Required. The {::Google::Cloud::Kms::V1::KeyRing#name name} of the
|
1653
|
+
# {::Google::Cloud::Kms::V1::KeyRing KeyRing} associated with the
|
1608
1654
|
# {::Google::Cloud::Kms::V1::ImportJob ImportJobs}.
|
1609
1655
|
# @param import_job_id [::String]
|
1610
1656
|
# Required. It must be unique within a KeyRing and match the regular
|
1611
1657
|
# expression `[a-zA-Z0-9_-]{1,63}`
|
1612
1658
|
# @param import_job [::Google::Cloud::Kms::V1::ImportJob, ::Hash]
|
1613
|
-
# Required. An {::Google::Cloud::Kms::V1::ImportJob ImportJob} with initial field
|
1659
|
+
# Required. An {::Google::Cloud::Kms::V1::ImportJob ImportJob} with initial field
|
1660
|
+
# values.
|
1614
1661
|
#
|
1615
1662
|
# @yield [response, operation] Access the result along with the RPC operation
|
1616
1663
|
# @yieldparam response [::Google::Cloud::Kms::V1::ImportJob]
|
@@ -1764,13 +1811,18 @@ module Google
|
|
1764
1811
|
end
|
1765
1812
|
|
1766
1813
|
##
|
1767
|
-
# Update a {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}'s
|
1814
|
+
# Update a {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}'s
|
1815
|
+
# metadata.
|
1768
1816
|
#
|
1769
1817
|
# {::Google::Cloud::Kms::V1::CryptoKeyVersion#state state} may be changed between
|
1770
|
-
# {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::ENABLED ENABLED}
|
1771
|
-
#
|
1772
|
-
#
|
1773
|
-
#
|
1818
|
+
# {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::ENABLED ENABLED}
|
1819
|
+
# and
|
1820
|
+
# {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DISABLED DISABLED}
|
1821
|
+
# using this method. See
|
1822
|
+
# {::Google::Cloud::Kms::V1::KeyManagementService::Client#destroy_crypto_key_version DestroyCryptoKeyVersion}
|
1823
|
+
# and
|
1824
|
+
# {::Google::Cloud::Kms::V1::KeyManagementService::Client#restore_crypto_key_version RestoreCryptoKeyVersion}
|
1825
|
+
# to move between other states.
|
1774
1826
|
#
|
1775
1827
|
# @overload update_crypto_key_version(request, options = nil)
|
1776
1828
|
# Pass arguments to `update_crypto_key_version` via a request object, either of type
|
@@ -1788,7 +1840,8 @@ module Google
|
|
1788
1840
|
# the default parameter values, pass an empty Hash as a request object (see above).
|
1789
1841
|
#
|
1790
1842
|
# @param crypto_key_version [::Google::Cloud::Kms::V1::CryptoKeyVersion, ::Hash]
|
1791
|
-
# Required. {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} with
|
1843
|
+
# Required. {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} with
|
1844
|
+
# updated values.
|
1792
1845
|
# @param update_mask [::Google::Protobuf::FieldMask, ::Hash]
|
1793
1846
|
# Required. List of fields to be updated in this request.
|
1794
1847
|
#
|
@@ -1857,7 +1910,9 @@ module Google
|
|
1857
1910
|
end
|
1858
1911
|
|
1859
1912
|
##
|
1860
|
-
# Update the version of a {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} that
|
1913
|
+
# Update the version of a {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} that
|
1914
|
+
# will be used in
|
1915
|
+
# {::Google::Cloud::Kms::V1::KeyManagementService::Client#encrypt Encrypt}.
|
1861
1916
|
#
|
1862
1917
|
# Returns an error if called on a key whose purpose is not
|
1863
1918
|
# {::Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose::ENCRYPT_DECRYPT ENCRYPT_DECRYPT}.
|
@@ -1878,9 +1933,11 @@ module Google
|
|
1878
1933
|
# the default parameter values, pass an empty Hash as a request object (see above).
|
1879
1934
|
#
|
1880
1935
|
# @param name [::String]
|
1881
|
-
# Required. The resource name of the
|
1936
|
+
# Required. The resource name of the
|
1937
|
+
# {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} to update.
|
1882
1938
|
# @param crypto_key_version_id [::String]
|
1883
|
-
# Required. The id of the child
|
1939
|
+
# Required. The id of the child
|
1940
|
+
# {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use as primary.
|
1884
1941
|
#
|
1885
1942
|
# @yield [response, operation] Access the result along with the RPC operation
|
1886
1943
|
# @yieldparam response [::Google::Cloud::Kms::V1::CryptoKey]
|
@@ -1947,19 +2004,27 @@ module Google
|
|
1947
2004
|
end
|
1948
2005
|
|
1949
2006
|
##
|
1950
|
-
# Schedule a {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} for
|
2007
|
+
# Schedule a {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} for
|
2008
|
+
# destruction.
|
1951
2009
|
#
|
1952
|
-
# Upon calling this method,
|
2010
|
+
# Upon calling this method,
|
2011
|
+
# {::Google::Cloud::Kms::V1::CryptoKeyVersion#state CryptoKeyVersion.state} will
|
2012
|
+
# be set to
|
1953
2013
|
# {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DESTROY_SCHEDULED DESTROY_SCHEDULED},
|
1954
|
-
# and {::Google::Cloud::Kms::V1::CryptoKeyVersion#destroy_time destroy_time} will
|
1955
|
-
#
|
1956
|
-
#
|
1957
|
-
#
|
1958
|
-
# {::Google::Cloud::Kms::V1::CryptoKeyVersion
|
1959
|
-
#
|
1960
|
-
#
|
1961
|
-
#
|
1962
|
-
#
|
2014
|
+
# and {::Google::Cloud::Kms::V1::CryptoKeyVersion#destroy_time destroy_time} will
|
2015
|
+
# be set to the time
|
2016
|
+
# {::Google::Cloud::Kms::V1::CryptoKey#destroy_scheduled_duration destroy_scheduled_duration}
|
2017
|
+
# in the future. At that time, the
|
2018
|
+
# {::Google::Cloud::Kms::V1::CryptoKeyVersion#state state} will automatically
|
2019
|
+
# change to
|
2020
|
+
# {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DESTROYED DESTROYED},
|
2021
|
+
# and the key material will be irrevocably destroyed.
|
2022
|
+
#
|
2023
|
+
# Before the
|
2024
|
+
# {::Google::Cloud::Kms::V1::CryptoKeyVersion#destroy_time destroy_time} is
|
2025
|
+
# reached,
|
2026
|
+
# {::Google::Cloud::Kms::V1::KeyManagementService::Client#restore_crypto_key_version RestoreCryptoKeyVersion}
|
2027
|
+
# may be called to reverse the process.
|
1963
2028
|
#
|
1964
2029
|
# @overload destroy_crypto_key_version(request, options = nil)
|
1965
2030
|
# Pass arguments to `destroy_crypto_key_version` via a request object, either of type
|
@@ -1977,7 +2042,8 @@ module Google
|
|
1977
2042
|
# the default parameter values, pass an empty Hash as a request object (see above).
|
1978
2043
|
#
|
1979
2044
|
# @param name [::String]
|
1980
|
-
# Required. The resource name of the
|
2045
|
+
# Required. The resource name of the
|
2046
|
+
# {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to destroy.
|
1981
2047
|
#
|
1982
2048
|
# @yield [response, operation] Access the result along with the RPC operation
|
1983
2049
|
# @yieldparam response [::Google::Cloud::Kms::V1::CryptoKeyVersion]
|
@@ -2048,9 +2114,11 @@ module Google
|
|
2048
2114
|
# {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DESTROY_SCHEDULED DESTROY_SCHEDULED}
|
2049
2115
|
# state.
|
2050
2116
|
#
|
2051
|
-
# Upon restoration of the CryptoKeyVersion,
|
2052
|
-
#
|
2053
|
-
#
|
2117
|
+
# Upon restoration of the CryptoKeyVersion,
|
2118
|
+
# {::Google::Cloud::Kms::V1::CryptoKeyVersion#state state} will be set to
|
2119
|
+
# {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DISABLED DISABLED},
|
2120
|
+
# and {::Google::Cloud::Kms::V1::CryptoKeyVersion#destroy_time destroy_time} will
|
2121
|
+
# be cleared.
|
2054
2122
|
#
|
2055
2123
|
# @overload restore_crypto_key_version(request, options = nil)
|
2056
2124
|
# Pass arguments to `restore_crypto_key_version` via a request object, either of type
|
@@ -2068,7 +2136,8 @@ module Google
|
|
2068
2136
|
# the default parameter values, pass an empty Hash as a request object (see above).
|
2069
2137
|
#
|
2070
2138
|
# @param name [::String]
|
2071
|
-
# Required. The resource name of the
|
2139
|
+
# Required. The resource name of the
|
2140
|
+
# {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to restore.
|
2072
2141
|
#
|
2073
2142
|
# @yield [response, operation] Access the result along with the RPC operation
|
2074
2143
|
# @yieldparam response [::Google::Cloud::Kms::V1::CryptoKeyVersion]
|
@@ -2135,8 +2204,9 @@ module Google
|
|
2135
2204
|
end
|
2136
2205
|
|
2137
2206
|
##
|
2138
|
-
# Encrypts data, so that it can only be recovered by a call to
|
2139
|
-
#
|
2207
|
+
# Encrypts data, so that it can only be recovered by a call to
|
2208
|
+
# {::Google::Cloud::Kms::V1::KeyManagementService::Client#decrypt Decrypt}. The
|
2209
|
+
# {::Google::Cloud::Kms::V1::CryptoKey#purpose CryptoKey.purpose} must be
|
2140
2210
|
# {::Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose::ENCRYPT_DECRYPT ENCRYPT_DECRYPT}.
|
2141
2211
|
#
|
2142
2212
|
# @overload encrypt(request, options = nil)
|
@@ -2155,59 +2225,75 @@ module Google
|
|
2155
2225
|
# the default parameter values, pass an empty Hash as a request object (see above).
|
2156
2226
|
#
|
2157
2227
|
# @param name [::String]
|
2158
|
-
# Required. The resource name of the
|
2159
|
-
#
|
2228
|
+
# Required. The resource name of the
|
2229
|
+
# {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} or
|
2230
|
+
# {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use for
|
2231
|
+
# encryption.
|
2160
2232
|
#
|
2161
|
-
# If a {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} is specified, the server
|
2162
|
-
# {::Google::Cloud::Kms::V1::CryptoKey#primary primary version}.
|
2233
|
+
# If a {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} is specified, the server
|
2234
|
+
# will use its {::Google::Cloud::Kms::V1::CryptoKey#primary primary version}.
|
2163
2235
|
# @param plaintext [::String]
|
2164
2236
|
# Required. The data to encrypt. Must be no larger than 64KiB.
|
2165
2237
|
#
|
2166
2238
|
# The maximum size depends on the key version's
|
2167
|
-
# {::Google::Cloud::Kms::V1::CryptoKeyVersionTemplate#protection_level protection_level}.
|
2168
|
-
# {::Google::Cloud::Kms::V1::ProtectionLevel::SOFTWARE SOFTWARE} keys, the
|
2169
|
-
#
|
2170
|
-
#
|
2171
|
-
#
|
2239
|
+
# {::Google::Cloud::Kms::V1::CryptoKeyVersionTemplate#protection_level protection_level}.
|
2240
|
+
# For {::Google::Cloud::Kms::V1::ProtectionLevel::SOFTWARE SOFTWARE} keys, the
|
2241
|
+
# plaintext must be no larger than 64KiB. For
|
2242
|
+
# {::Google::Cloud::Kms::V1::ProtectionLevel::HSM HSM} keys, the combined length of
|
2243
|
+
# the plaintext and additional_authenticated_data fields must be no larger
|
2244
|
+
# than 8KiB.
|
2172
2245
|
# @param additional_authenticated_data [::String]
|
2173
|
-
# Optional. Optional data that, if specified, must also be provided during
|
2174
|
-
# through
|
2246
|
+
# Optional. Optional data that, if specified, must also be provided during
|
2247
|
+
# decryption through
|
2248
|
+
# {::Google::Cloud::Kms::V1::DecryptRequest#additional_authenticated_data DecryptRequest.additional_authenticated_data}.
|
2175
2249
|
#
|
2176
2250
|
# The maximum size depends on the key version's
|
2177
|
-
# {::Google::Cloud::Kms::V1::CryptoKeyVersionTemplate#protection_level protection_level}.
|
2178
|
-
# {::Google::Cloud::Kms::V1::ProtectionLevel::SOFTWARE SOFTWARE} keys, the AAD
|
2179
|
-
#
|
2180
|
-
#
|
2181
|
-
#
|
2251
|
+
# {::Google::Cloud::Kms::V1::CryptoKeyVersionTemplate#protection_level protection_level}.
|
2252
|
+
# For {::Google::Cloud::Kms::V1::ProtectionLevel::SOFTWARE SOFTWARE} keys, the AAD
|
2253
|
+
# must be no larger than 64KiB. For
|
2254
|
+
# {::Google::Cloud::Kms::V1::ProtectionLevel::HSM HSM} keys, the combined length of
|
2255
|
+
# the plaintext and additional_authenticated_data fields must be no larger
|
2256
|
+
# than 8KiB.
|
2182
2257
|
# @param plaintext_crc32c [::Google::Protobuf::Int64Value, ::Hash]
|
2183
|
-
# Optional. An optional CRC32C checksum of the
|
2184
|
-
#
|
2185
|
-
#
|
2186
|
-
# {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will
|
2187
|
-
#
|
2188
|
-
#
|
2189
|
-
#
|
2190
|
-
#
|
2191
|
-
# the
|
2192
|
-
#
|
2193
|
-
#
|
2194
|
-
#
|
2195
|
-
#
|
2258
|
+
# Optional. An optional CRC32C checksum of the
|
2259
|
+
# {::Google::Cloud::Kms::V1::EncryptRequest#plaintext EncryptRequest.plaintext}.
|
2260
|
+
# If specified,
|
2261
|
+
# {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will
|
2262
|
+
# verify the integrity of the received
|
2263
|
+
# {::Google::Cloud::Kms::V1::EncryptRequest#plaintext EncryptRequest.plaintext}
|
2264
|
+
# using this checksum.
|
2265
|
+
# {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will
|
2266
|
+
# report an error if the checksum verification fails. If you receive a
|
2267
|
+
# checksum error, your client should verify that
|
2268
|
+
# CRC32C({::Google::Cloud::Kms::V1::EncryptRequest#plaintext EncryptRequest.plaintext})
|
2269
|
+
# is equal to
|
2270
|
+
# {::Google::Cloud::Kms::V1::EncryptRequest#plaintext_crc32c EncryptRequest.plaintext_crc32c},
|
2271
|
+
# and if so, perform a limited number of retries. A persistent mismatch may
|
2272
|
+
# indicate an issue in your computation of the CRC32C checksum. Note: This
|
2273
|
+
# field is defined as int64 for reasons of compatibility across different
|
2274
|
+
# languages. However, it is a non-negative integer, which will never exceed
|
2275
|
+
# 2^32-1, and can be safely downconverted to uint32 in languages that support
|
2276
|
+
# this type.
|
2196
2277
|
# @param additional_authenticated_data_crc32c [::Google::Protobuf::Int64Value, ::Hash]
|
2197
2278
|
# Optional. An optional CRC32C checksum of the
|
2198
|
-
# {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data EncryptRequest.additional_authenticated_data}.
|
2199
|
-
#
|
2200
|
-
# {::Google::Cloud::Kms::V1::
|
2201
|
-
#
|
2202
|
-
#
|
2203
|
-
#
|
2204
|
-
# {::Google::Cloud::Kms::V1::
|
2205
|
-
#
|
2206
|
-
# your
|
2207
|
-
#
|
2208
|
-
#
|
2209
|
-
#
|
2210
|
-
#
|
2279
|
+
# {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data EncryptRequest.additional_authenticated_data}.
|
2280
|
+
# If specified,
|
2281
|
+
# {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will
|
2282
|
+
# verify the integrity of the received
|
2283
|
+
# {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data EncryptRequest.additional_authenticated_data}
|
2284
|
+
# using this checksum.
|
2285
|
+
# {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will
|
2286
|
+
# report an error if the checksum verification fails. If you receive a
|
2287
|
+
# checksum error, your client should verify that
|
2288
|
+
# CRC32C({::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data EncryptRequest.additional_authenticated_data})
|
2289
|
+
# is equal to
|
2290
|
+
# {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data_crc32c EncryptRequest.additional_authenticated_data_crc32c},
|
2291
|
+
# and if so, perform a limited number of retries. A persistent mismatch may
|
2292
|
+
# indicate an issue in your computation of the CRC32C checksum. Note: This
|
2293
|
+
# field is defined as int64 for reasons of compatibility across different
|
2294
|
+
# languages. However, it is a non-negative integer, which will never exceed
|
2295
|
+
# 2^32-1, and can be safely downconverted to uint32 in languages that support
|
2296
|
+
# this type.
|
2211
2297
|
#
|
2212
2298
|
# @yield [response, operation] Access the result along with the RPC operation
|
2213
2299
|
# @yieldparam response [::Google::Cloud::Kms::V1::EncryptResponse]
|
@@ -2274,8 +2360,10 @@ module Google
|
|
2274
2360
|
end
|
2275
2361
|
|
2276
2362
|
##
|
2277
|
-
# Decrypts data that was protected by
|
2278
|
-
#
|
2363
|
+
# Decrypts data that was protected by
|
2364
|
+
# {::Google::Cloud::Kms::V1::KeyManagementService::Client#encrypt Encrypt}. The
|
2365
|
+
# {::Google::Cloud::Kms::V1::CryptoKey#purpose CryptoKey.purpose} must be
|
2366
|
+
# {::Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose::ENCRYPT_DECRYPT ENCRYPT_DECRYPT}.
|
2279
2367
|
#
|
2280
2368
|
# @overload decrypt(request, options = nil)
|
2281
2369
|
# Pass arguments to `decrypt` via a request object, either of type
|
@@ -2293,8 +2381,9 @@ module Google
|
|
2293
2381
|
# the default parameter values, pass an empty Hash as a request object (see above).
|
2294
2382
|
#
|
2295
2383
|
# @param name [::String]
|
2296
|
-
# Required. The resource name of the
|
2297
|
-
#
|
2384
|
+
# Required. The resource name of the
|
2385
|
+
# {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} to use for decryption. The
|
2386
|
+
# server will choose the appropriate version.
|
2298
2387
|
# @param ciphertext [::String]
|
2299
2388
|
# Required. The encrypted data originally returned in
|
2300
2389
|
# {::Google::Cloud::Kms::V1::EncryptResponse#ciphertext EncryptResponse.ciphertext}.
|
@@ -2302,34 +2391,45 @@ module Google
|
|
2302
2391
|
# Optional. Optional data that must match the data originally supplied in
|
2303
2392
|
# {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data EncryptRequest.additional_authenticated_data}.
|
2304
2393
|
# @param ciphertext_crc32c [::Google::Protobuf::Int64Value, ::Hash]
|
2305
|
-
# Optional. An optional CRC32C checksum of the
|
2306
|
-
#
|
2307
|
-
#
|
2308
|
-
# {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will
|
2309
|
-
#
|
2310
|
-
#
|
2311
|
-
#
|
2312
|
-
#
|
2313
|
-
#
|
2314
|
-
#
|
2315
|
-
#
|
2316
|
-
#
|
2317
|
-
#
|
2394
|
+
# Optional. An optional CRC32C checksum of the
|
2395
|
+
# {::Google::Cloud::Kms::V1::DecryptRequest#ciphertext DecryptRequest.ciphertext}.
|
2396
|
+
# If specified,
|
2397
|
+
# {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will
|
2398
|
+
# verify the integrity of the received
|
2399
|
+
# {::Google::Cloud::Kms::V1::DecryptRequest#ciphertext DecryptRequest.ciphertext}
|
2400
|
+
# using this checksum.
|
2401
|
+
# {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will
|
2402
|
+
# report an error if the checksum verification fails. If you receive a
|
2403
|
+
# checksum error, your client should verify that
|
2404
|
+
# CRC32C({::Google::Cloud::Kms::V1::DecryptRequest#ciphertext DecryptRequest.ciphertext})
|
2405
|
+
# is equal to
|
2406
|
+
# {::Google::Cloud::Kms::V1::DecryptRequest#ciphertext_crc32c DecryptRequest.ciphertext_crc32c},
|
2407
|
+
# and if so, perform a limited number of retries. A persistent mismatch may
|
2408
|
+
# indicate an issue in your computation of the CRC32C checksum. Note: This
|
2409
|
+
# field is defined as int64 for reasons of compatibility across different
|
2410
|
+
# languages. However, it is a non-negative integer, which will never exceed
|
2411
|
+
# 2^32-1, and can be safely downconverted to uint32 in languages that support
|
2412
|
+
# this type.
|
2318
2413
|
# @param additional_authenticated_data_crc32c [::Google::Protobuf::Int64Value, ::Hash]
|
2319
2414
|
# Optional. An optional CRC32C checksum of the
|
2320
|
-
# {::Google::Cloud::Kms::V1::DecryptRequest#additional_authenticated_data DecryptRequest.additional_authenticated_data}.
|
2321
|
-
#
|
2322
|
-
# {::Google::Cloud::Kms::V1::
|
2323
|
-
#
|
2324
|
-
#
|
2325
|
-
#
|
2326
|
-
# {::Google::Cloud::Kms::V1::
|
2327
|
-
#
|
2328
|
-
# your
|
2329
|
-
#
|
2330
|
-
#
|
2331
|
-
#
|
2332
|
-
#
|
2415
|
+
# {::Google::Cloud::Kms::V1::DecryptRequest#additional_authenticated_data DecryptRequest.additional_authenticated_data}.
|
2416
|
+
# If specified,
|
2417
|
+
# {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will
|
2418
|
+
# verify the integrity of the received
|
2419
|
+
# {::Google::Cloud::Kms::V1::DecryptRequest#additional_authenticated_data DecryptRequest.additional_authenticated_data}
|
2420
|
+
# using this checksum.
|
2421
|
+
# {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will
|
2422
|
+
# report an error if the checksum verification fails. If you receive a
|
2423
|
+
# checksum error, your client should verify that
|
2424
|
+
# CRC32C({::Google::Cloud::Kms::V1::DecryptRequest#additional_authenticated_data DecryptRequest.additional_authenticated_data})
|
2425
|
+
# is equal to
|
2426
|
+
# {::Google::Cloud::Kms::V1::DecryptRequest#additional_authenticated_data_crc32c DecryptRequest.additional_authenticated_data_crc32c},
|
2427
|
+
# and if so, perform a limited number of retries. A persistent mismatch may
|
2428
|
+
# indicate an issue in your computation of the CRC32C checksum. Note: This
|
2429
|
+
# field is defined as int64 for reasons of compatibility across different
|
2430
|
+
# languages. However, it is a non-negative integer, which will never exceed
|
2431
|
+
# 2^32-1, and can be safely downconverted to uint32 in languages that support
|
2432
|
+
# this type.
|
2333
2433
|
#
|
2334
2434
|
# @yield [response, operation] Access the result along with the RPC operation
|
2335
2435
|
# @yieldparam response [::Google::Cloud::Kms::V1::DecryptResponse]
|
@@ -2396,9 +2496,11 @@ module Google
|
|
2396
2496
|
end
|
2397
2497
|
|
2398
2498
|
##
|
2399
|
-
# Signs data using a {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}
|
2499
|
+
# Signs data using a {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}
|
2500
|
+
# with {::Google::Cloud::Kms::V1::CryptoKey#purpose CryptoKey.purpose}
|
2400
2501
|
# ASYMMETRIC_SIGN, producing a signature that can be verified with the public
|
2401
|
-
# key retrieved from
|
2502
|
+
# key retrieved from
|
2503
|
+
# {::Google::Cloud::Kms::V1::KeyManagementService::Client#get_public_key GetPublicKey}.
|
2402
2504
|
#
|
2403
2505
|
# @overload asymmetric_sign(request, options = nil)
|
2404
2506
|
# Pass arguments to `asymmetric_sign` via a request object, either of type
|
@@ -2416,43 +2518,62 @@ module Google
|
|
2416
2518
|
# the default parameter values, pass an empty Hash as a request object (see above).
|
2417
2519
|
#
|
2418
2520
|
# @param name [::String]
|
2419
|
-
# Required. The resource name of the
|
2521
|
+
# Required. The resource name of the
|
2522
|
+
# {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use for
|
2523
|
+
# signing.
|
2420
2524
|
# @param digest [::Google::Cloud::Kms::V1::Digest, ::Hash]
|
2421
2525
|
# Optional. The digest of the data to sign. The digest must be produced with
|
2422
2526
|
# the same digest algorithm as specified by the key version's
|
2423
2527
|
# {::Google::Cloud::Kms::V1::CryptoKeyVersion#algorithm algorithm}.
|
2528
|
+
#
|
2529
|
+
# This field may not be supplied if
|
2530
|
+
# {::Google::Cloud::Kms::V1::AsymmetricSignRequest#data AsymmetricSignRequest.data}
|
2531
|
+
# is supplied.
|
2424
2532
|
# @param digest_crc32c [::Google::Protobuf::Int64Value, ::Hash]
|
2425
|
-
# Optional. An optional CRC32C checksum of the
|
2426
|
-
#
|
2427
|
-
#
|
2428
|
-
# {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will
|
2429
|
-
#
|
2430
|
-
#
|
2431
|
-
#
|
2432
|
-
#
|
2433
|
-
#
|
2434
|
-
#
|
2435
|
-
#
|
2436
|
-
#
|
2437
|
-
#
|
2533
|
+
# Optional. An optional CRC32C checksum of the
|
2534
|
+
# {::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest AsymmetricSignRequest.digest}.
|
2535
|
+
# If specified,
|
2536
|
+
# {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will
|
2537
|
+
# verify the integrity of the received
|
2538
|
+
# {::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest AsymmetricSignRequest.digest}
|
2539
|
+
# using this checksum.
|
2540
|
+
# {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will
|
2541
|
+
# report an error if the checksum verification fails. If you receive a
|
2542
|
+
# checksum error, your client should verify that
|
2543
|
+
# CRC32C({::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest AsymmetricSignRequest.digest})
|
2544
|
+
# is equal to
|
2545
|
+
# {::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest_crc32c AsymmetricSignRequest.digest_crc32c},
|
2546
|
+
# and if so, perform a limited number of retries. A persistent mismatch may
|
2547
|
+
# indicate an issue in your computation of the CRC32C checksum. Note: This
|
2548
|
+
# field is defined as int64 for reasons of compatibility across different
|
2549
|
+
# languages. However, it is a non-negative integer, which will never exceed
|
2550
|
+
# 2^32-1, and can be safely downconverted to uint32 in languages that support
|
2551
|
+
# this type.
|
2438
2552
|
# @param data [::String]
|
2439
|
-
# Optional.
|
2440
|
-
#
|
2441
|
-
#
|
2553
|
+
# Optional. The data to sign.
|
2554
|
+
# It can't be supplied if
|
2555
|
+
# {::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest AsymmetricSignRequest.digest}
|
2556
|
+
# is supplied.
|
2442
2557
|
# @param data_crc32c [::Google::Protobuf::Int64Value, ::Hash]
|
2443
|
-
# Optional. An optional CRC32C checksum of the
|
2444
|
-
#
|
2445
|
-
#
|
2446
|
-
# {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will
|
2447
|
-
#
|
2448
|
-
#
|
2449
|
-
#
|
2450
|
-
#
|
2451
|
-
#
|
2452
|
-
#
|
2453
|
-
#
|
2454
|
-
#
|
2455
|
-
#
|
2558
|
+
# Optional. An optional CRC32C checksum of the
|
2559
|
+
# {::Google::Cloud::Kms::V1::AsymmetricSignRequest#data AsymmetricSignRequest.data}.
|
2560
|
+
# If specified,
|
2561
|
+
# {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will
|
2562
|
+
# verify the integrity of the received
|
2563
|
+
# {::Google::Cloud::Kms::V1::AsymmetricSignRequest#data AsymmetricSignRequest.data}
|
2564
|
+
# using this checksum.
|
2565
|
+
# {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will
|
2566
|
+
# report an error if the checksum verification fails. If you receive a
|
2567
|
+
# checksum error, your client should verify that
|
2568
|
+
# CRC32C({::Google::Cloud::Kms::V1::AsymmetricSignRequest#data AsymmetricSignRequest.data})
|
2569
|
+
# is equal to
|
2570
|
+
# {::Google::Cloud::Kms::V1::AsymmetricSignRequest#data_crc32c AsymmetricSignRequest.data_crc32c},
|
2571
|
+
# and if so, perform a limited number of retries. A persistent mismatch may
|
2572
|
+
# indicate an issue in your computation of the CRC32C checksum. Note: This
|
2573
|
+
# field is defined as int64 for reasons of compatibility across different
|
2574
|
+
# languages. However, it is a non-negative integer, which will never exceed
|
2575
|
+
# 2^32-1, and can be safely downconverted to uint32 in languages that support
|
2576
|
+
# this type.
|
2456
2577
|
#
|
2457
2578
|
# @yield [response, operation] Access the result along with the RPC operation
|
2458
2579
|
# @yieldparam response [::Google::Cloud::Kms::V1::AsymmetricSignResponse]
|
@@ -2520,8 +2641,10 @@ module Google
|
|
2520
2641
|
|
2521
2642
|
##
|
2522
2643
|
# Decrypts data that was encrypted with a public key retrieved from
|
2523
|
-
# {::Google::Cloud::Kms::V1::KeyManagementService::Client#get_public_key GetPublicKey}
|
2524
|
-
# {::Google::Cloud::Kms::V1::
|
2644
|
+
# {::Google::Cloud::Kms::V1::KeyManagementService::Client#get_public_key GetPublicKey}
|
2645
|
+
# corresponding to a {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}
|
2646
|
+
# with {::Google::Cloud::Kms::V1::CryptoKey#purpose CryptoKey.purpose}
|
2647
|
+
# ASYMMETRIC_DECRYPT.
|
2525
2648
|
#
|
2526
2649
|
# @overload asymmetric_decrypt(request, options = nil)
|
2527
2650
|
# Pass arguments to `asymmetric_decrypt` via a request object, either of type
|
@@ -2539,25 +2662,33 @@ module Google
|
|
2539
2662
|
# the default parameter values, pass an empty Hash as a request object (see above).
|
2540
2663
|
#
|
2541
2664
|
# @param name [::String]
|
2542
|
-
# Required. The resource name of the
|
2665
|
+
# Required. The resource name of the
|
2666
|
+
# {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use for
|
2543
2667
|
# decryption.
|
2544
2668
|
# @param ciphertext [::String]
|
2545
|
-
# Required. The data encrypted with the named
|
2546
|
-
# key using
|
2669
|
+
# Required. The data encrypted with the named
|
2670
|
+
# {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}'s public key using
|
2671
|
+
# OAEP.
|
2547
2672
|
# @param ciphertext_crc32c [::Google::Protobuf::Int64Value, ::Hash]
|
2548
|
-
# Optional. An optional CRC32C checksum of the
|
2549
|
-
#
|
2550
|
-
#
|
2551
|
-
# {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will
|
2552
|
-
#
|
2553
|
-
#
|
2554
|
-
#
|
2555
|
-
#
|
2556
|
-
#
|
2557
|
-
#
|
2558
|
-
#
|
2559
|
-
#
|
2560
|
-
#
|
2673
|
+
# Optional. An optional CRC32C checksum of the
|
2674
|
+
# {::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext AsymmetricDecryptRequest.ciphertext}.
|
2675
|
+
# If specified,
|
2676
|
+
# {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will
|
2677
|
+
# verify the integrity of the received
|
2678
|
+
# {::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext AsymmetricDecryptRequest.ciphertext}
|
2679
|
+
# using this checksum.
|
2680
|
+
# {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will
|
2681
|
+
# report an error if the checksum verification fails. If you receive a
|
2682
|
+
# checksum error, your client should verify that
|
2683
|
+
# CRC32C({::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext AsymmetricDecryptRequest.ciphertext})
|
2684
|
+
# is equal to
|
2685
|
+
# {::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext_crc32c AsymmetricDecryptRequest.ciphertext_crc32c},
|
2686
|
+
# and if so, perform a limited number of retries. A persistent mismatch may
|
2687
|
+
# indicate an issue in your computation of the CRC32C checksum. Note: This
|
2688
|
+
# field is defined as int64 for reasons of compatibility across different
|
2689
|
+
# languages. However, it is a non-negative integer, which will never exceed
|
2690
|
+
# 2^32-1, and can be safely downconverted to uint32 in languages that support
|
2691
|
+
# this type.
|
2561
2692
|
#
|
2562
2693
|
# @yield [response, operation] Access the result along with the RPC operation
|
2563
2694
|
# @yieldparam response [::Google::Cloud::Kms::V1::AsymmetricDecryptResponse]
|
@@ -2624,9 +2755,9 @@ module Google
|
|
2624
2755
|
end
|
2625
2756
|
|
2626
2757
|
##
|
2627
|
-
# Signs data using a {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}
|
2628
|
-
#
|
2629
|
-
# same key.
|
2758
|
+
# Signs data using a {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}
|
2759
|
+
# with {::Google::Cloud::Kms::V1::CryptoKey#purpose CryptoKey.purpose} MAC,
|
2760
|
+
# producing a tag that can be verified by another source with the same key.
|
2630
2761
|
#
|
2631
2762
|
# @overload mac_sign(request, options = nil)
|
2632
2763
|
# Pass arguments to `mac_sign` via a request object, either of type
|
@@ -2644,24 +2775,30 @@ module Google
|
|
2644
2775
|
# the default parameter values, pass an empty Hash as a request object (see above).
|
2645
2776
|
#
|
2646
2777
|
# @param name [::String]
|
2647
|
-
# Required. The resource name of the
|
2778
|
+
# Required. The resource name of the
|
2779
|
+
# {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use for
|
2780
|
+
# signing.
|
2648
2781
|
# @param data [::String]
|
2649
|
-
# Required. The data to sign. The MAC tag is computed over this data field
|
2650
|
-
# the specific algorithm.
|
2782
|
+
# Required. The data to sign. The MAC tag is computed over this data field
|
2783
|
+
# based on the specific algorithm.
|
2651
2784
|
# @param data_crc32c [::Google::Protobuf::Int64Value, ::Hash]
|
2652
|
-
# Optional. An optional CRC32C checksum of the
|
2653
|
-
#
|
2654
|
-
#
|
2655
|
-
#
|
2656
|
-
#
|
2657
|
-
#
|
2658
|
-
#
|
2659
|
-
#
|
2660
|
-
#
|
2661
|
-
#
|
2662
|
-
#
|
2663
|
-
#
|
2664
|
-
#
|
2785
|
+
# Optional. An optional CRC32C checksum of the
|
2786
|
+
# {::Google::Cloud::Kms::V1::MacSignRequest#data MacSignRequest.data}. If
|
2787
|
+
# specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}
|
2788
|
+
# will verify the integrity of the received
|
2789
|
+
# {::Google::Cloud::Kms::V1::MacSignRequest#data MacSignRequest.data} using this
|
2790
|
+
# checksum. {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}
|
2791
|
+
# will report an error if the checksum verification fails. If you receive a
|
2792
|
+
# checksum error, your client should verify that
|
2793
|
+
# CRC32C({::Google::Cloud::Kms::V1::MacSignRequest#data MacSignRequest.data}) is
|
2794
|
+
# equal to
|
2795
|
+
# {::Google::Cloud::Kms::V1::MacSignRequest#data_crc32c MacSignRequest.data_crc32c},
|
2796
|
+
# and if so, perform a limited number of retries. A persistent mismatch may
|
2797
|
+
# indicate an issue in your computation of the CRC32C checksum. Note: This
|
2798
|
+
# field is defined as int64 for reasons of compatibility across different
|
2799
|
+
# languages. However, it is a non-negative integer, which will never exceed
|
2800
|
+
# 2^32-1, and can be safely downconverted to uint32 in languages that support
|
2801
|
+
# this type.
|
2665
2802
|
#
|
2666
2803
|
# @yield [response, operation] Access the result along with the RPC operation
|
2667
2804
|
# @yieldparam response [::Google::Cloud::Kms::V1::MacSignResponse]
|
@@ -2728,9 +2865,10 @@ module Google
|
|
2728
2865
|
end
|
2729
2866
|
|
2730
2867
|
##
|
2731
|
-
# Verifies MAC tag using a
|
2732
|
-
#
|
2733
|
-
#
|
2868
|
+
# Verifies MAC tag using a
|
2869
|
+
# {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} with
|
2870
|
+
# {::Google::Cloud::Kms::V1::CryptoKey#purpose CryptoKey.purpose} MAC, and returns
|
2871
|
+
# a response that indicates whether or not the verification was successful.
|
2734
2872
|
#
|
2735
2873
|
# @overload mac_verify(request, options = nil)
|
2736
2874
|
# Pass arguments to `mac_verify` via a request object, either of type
|
@@ -2748,40 +2886,51 @@ module Google
|
|
2748
2886
|
# the default parameter values, pass an empty Hash as a request object (see above).
|
2749
2887
|
#
|
2750
2888
|
# @param name [::String]
|
2751
|
-
# Required. The resource name of the
|
2889
|
+
# Required. The resource name of the
|
2890
|
+
# {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use for
|
2891
|
+
# verification.
|
2752
2892
|
# @param data [::String]
|
2753
|
-
# Required. The data used previously as a
|
2754
|
-
#
|
2893
|
+
# Required. The data used previously as a
|
2894
|
+
# {::Google::Cloud::Kms::V1::MacSignRequest#data MacSignRequest.data} to generate
|
2895
|
+
# the MAC tag.
|
2755
2896
|
# @param data_crc32c [::Google::Protobuf::Int64Value, ::Hash]
|
2756
|
-
# Optional. An optional CRC32C checksum of the
|
2757
|
-
#
|
2758
|
-
#
|
2759
|
-
#
|
2760
|
-
#
|
2761
|
-
#
|
2762
|
-
# {::Google::Cloud::Kms::V1::
|
2763
|
-
#
|
2764
|
-
#
|
2765
|
-
#
|
2766
|
-
#
|
2767
|
-
#
|
2768
|
-
#
|
2897
|
+
# Optional. An optional CRC32C checksum of the
|
2898
|
+
# {::Google::Cloud::Kms::V1::MacVerifyRequest#data MacVerifyRequest.data}. If
|
2899
|
+
# specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}
|
2900
|
+
# will verify the integrity of the received
|
2901
|
+
# {::Google::Cloud::Kms::V1::MacVerifyRequest#data MacVerifyRequest.data} using
|
2902
|
+
# this checksum.
|
2903
|
+
# {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will
|
2904
|
+
# report an error if the checksum verification fails. If you receive a
|
2905
|
+
# checksum error, your client should verify that
|
2906
|
+
# CRC32C({::Google::Cloud::Kms::V1::MacVerifyRequest#data MacVerifyRequest.data})
|
2907
|
+
# is equal to
|
2908
|
+
# {::Google::Cloud::Kms::V1::MacVerifyRequest#data_crc32c MacVerifyRequest.data_crc32c},
|
2909
|
+
# and if so, perform a limited number of retries. A persistent mismatch may
|
2910
|
+
# indicate an issue in your computation of the CRC32C checksum. Note: This
|
2911
|
+
# field is defined as int64 for reasons of compatibility across different
|
2912
|
+
# languages. However, it is a non-negative integer, which will never exceed
|
2913
|
+
# 2^32-1, and can be safely downconverted to uint32 in languages that support
|
2914
|
+
# this type.
|
2769
2915
|
# @param mac [::String]
|
2770
2916
|
# Required. The signature to verify.
|
2771
2917
|
# @param mac_crc32c [::Google::Protobuf::Int64Value, ::Hash]
|
2772
|
-
# Optional. An optional CRC32C checksum of the
|
2773
|
-
#
|
2774
|
-
#
|
2775
|
-
#
|
2776
|
-
#
|
2918
|
+
# Optional. An optional CRC32C checksum of the
|
2919
|
+
# {::Google::Cloud::Kms::V1::MacVerifyRequest#mac MacVerifyRequest.mac}. If
|
2920
|
+
# specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}
|
2921
|
+
# will verify the integrity of the received
|
2922
|
+
# {::Google::Cloud::Kms::V1::MacVerifyRequest#mac MacVerifyRequest.mac} using this
|
2923
|
+
# checksum. {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}
|
2924
|
+
# will report an error if the checksum verification fails. If you receive a
|
2925
|
+
# checksum error, your client should verify that
|
2777
2926
|
# CRC32C([MacVerifyRequest.tag][]) is equal to
|
2778
|
-
# {::Google::Cloud::Kms::V1::MacVerifyRequest#mac_crc32c MacVerifyRequest.mac_crc32c},
|
2779
|
-
# number of retries. A persistent mismatch may
|
2780
|
-
# computation of the CRC32C checksum.
|
2781
|
-
#
|
2782
|
-
#
|
2783
|
-
#
|
2784
|
-
#
|
2927
|
+
# {::Google::Cloud::Kms::V1::MacVerifyRequest#mac_crc32c MacVerifyRequest.mac_crc32c},
|
2928
|
+
# and if so, perform a limited number of retries. A persistent mismatch may
|
2929
|
+
# indicate an issue in your computation of the CRC32C checksum. Note: This
|
2930
|
+
# field is defined as int64 for reasons of compatibility across different
|
2931
|
+
# languages. However, it is a non-negative integer, which will never exceed
|
2932
|
+
# 2^32-1, and can be safely downconverted to uint32 in languages that support
|
2933
|
+
# this type.
|
2785
2934
|
#
|
2786
2935
|
# @yield [response, operation] Access the result along with the RPC operation
|
2787
2936
|
# @yieldparam response [::Google::Cloud::Kms::V1::MacVerifyResponse]
|
@@ -2873,8 +3022,10 @@ module Google
|
|
2873
3022
|
# The length in bytes of the amount of randomness to retrieve. Minimum 8
|
2874
3023
|
# bytes, maximum 1024 bytes.
|
2875
3024
|
# @param protection_level [::Google::Cloud::Kms::V1::ProtectionLevel]
|
2876
|
-
# The {::Google::Cloud::Kms::V1::ProtectionLevel ProtectionLevel} to use when
|
2877
|
-
#
|
3025
|
+
# The {::Google::Cloud::Kms::V1::ProtectionLevel ProtectionLevel} to use when
|
3026
|
+
# generating the random data. Currently, only
|
3027
|
+
# {::Google::Cloud::Kms::V1::ProtectionLevel::HSM HSM} protection level is
|
3028
|
+
# supported.
|
2878
3029
|
#
|
2879
3030
|
# @yield [response, operation] Access the result along with the RPC operation
|
2880
3031
|
# @yieldparam response [::Google::Cloud::Kms::V1::GenerateRandomBytesResponse]
|