google-cloud-kms-v1 0.10.2 → 0.13.0

Sign up to get free protection for your applications and to get access to all the features.
@@ -1,13 +1,13 @@
1
1
  # Generated by the protocol buffer compiler. DO NOT EDIT!
2
2
  # source: google/cloud/kms/v1/resources.proto
3
3
 
4
+ require 'google/protobuf'
5
+
4
6
  require 'google/api/field_behavior_pb'
5
7
  require 'google/api/resource_pb'
6
8
  require 'google/protobuf/duration_pb'
7
9
  require 'google/protobuf/timestamp_pb'
8
10
  require 'google/protobuf/wrappers_pb'
9
- require 'google/api/annotations_pb'
10
- require 'google/protobuf'
11
11
 
12
12
  Google::Protobuf::DescriptorPool.generated_pool.build do
13
13
  add_file("google/cloud/kms/v1/resources.proto", :syntax => :proto3) do
@@ -25,6 +25,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
25
25
  map :labels, :string, :string, 10
26
26
  optional :import_only, :bool, 13
27
27
  optional :destroy_scheduled_duration, :message, 14, "google.protobuf.Duration"
28
+ optional :crypto_key_backend, :string, 15
28
29
  oneof :rotation_schedule do
29
30
  optional :rotation_period, :message, 8, "google.protobuf.Duration"
30
31
  end
@@ -43,6 +44,12 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
43
44
  add_message "google.cloud.kms.v1.KeyOperationAttestation" do
44
45
  optional :format, :enum, 4, "google.cloud.kms.v1.KeyOperationAttestation.AttestationFormat"
45
46
  optional :content, :bytes, 5
47
+ optional :cert_chains, :message, 6, "google.cloud.kms.v1.KeyOperationAttestation.CertificateChains"
48
+ end
49
+ add_message "google.cloud.kms.v1.KeyOperationAttestation.CertificateChains" do
50
+ repeated :cavium_certs, :string, 1
51
+ repeated :google_card_certs, :string, 2
52
+ repeated :google_partition_certs, :string, 3
46
53
  end
47
54
  add_enum "google.cloud.kms.v1.KeyOperationAttestation.AttestationFormat" do
48
55
  value :ATTESTATION_FORMAT_UNSPECIFIED, 0
@@ -141,12 +148,14 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
141
148
  end
142
149
  add_message "google.cloud.kms.v1.ExternalProtectionLevelOptions" do
143
150
  optional :external_key_uri, :string, 1
151
+ optional :ekm_connection_key_path, :string, 2
144
152
  end
145
153
  add_enum "google.cloud.kms.v1.ProtectionLevel" do
146
154
  value :PROTECTION_LEVEL_UNSPECIFIED, 0
147
155
  value :SOFTWARE, 1
148
156
  value :HSM, 2
149
157
  value :EXTERNAL, 3
158
+ value :EXTERNAL_VPC, 4
150
159
  end
151
160
  end
152
161
  end
@@ -160,6 +169,7 @@ module Google
160
169
  CryptoKey::CryptoKeyPurpose = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose").enummodule
161
170
  CryptoKeyVersionTemplate = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.CryptoKeyVersionTemplate").msgclass
162
171
  KeyOperationAttestation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.KeyOperationAttestation").msgclass
172
+ KeyOperationAttestation::CertificateChains = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.KeyOperationAttestation.CertificateChains").msgclass
163
173
  KeyOperationAttestation::AttestationFormat = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.KeyOperationAttestation.AttestationFormat").enummodule
164
174
  CryptoKeyVersion = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.CryptoKeyVersion").msgclass
165
175
  CryptoKeyVersion::CryptoKeyVersionAlgorithm = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm").enummodule
@@ -1,6 +1,8 @@
1
1
  # Generated by the protocol buffer compiler. DO NOT EDIT!
2
2
  # source: google/cloud/kms/v1/service.proto
3
3
 
4
+ require 'google/protobuf'
5
+
4
6
  require 'google/api/annotations_pb'
5
7
  require 'google/api/client_pb'
6
8
  require 'google/api/field_behavior_pb'
@@ -8,7 +10,6 @@ require 'google/api/resource_pb'
8
10
  require 'google/cloud/kms/v1/resources_pb'
9
11
  require 'google/protobuf/field_mask_pb'
10
12
  require 'google/protobuf/wrappers_pb'
11
- require 'google/protobuf'
12
13
 
13
14
  Google::Protobuf::DescriptorPool.generated_pool.build do
14
15
  add_file("google/cloud/kms/v1/service.proto", :syntax => :proto3) do
@@ -54,102 +54,138 @@ module Google
54
54
  rpc :ListImportJobs, ::Google::Cloud::Kms::V1::ListImportJobsRequest, ::Google::Cloud::Kms::V1::ListImportJobsResponse
55
55
  # Returns metadata for a given [KeyRing][google.cloud.kms.v1.KeyRing].
56
56
  rpc :GetKeyRing, ::Google::Cloud::Kms::V1::GetKeyRingRequest, ::Google::Cloud::Kms::V1::KeyRing
57
- # Returns metadata for a given [CryptoKey][google.cloud.kms.v1.CryptoKey], as well as its
58
- # [primary][google.cloud.kms.v1.CryptoKey.primary] [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
57
+ # Returns metadata for a given [CryptoKey][google.cloud.kms.v1.CryptoKey], as
58
+ # well as its [primary][google.cloud.kms.v1.CryptoKey.primary]
59
+ # [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
59
60
  rpc :GetCryptoKey, ::Google::Cloud::Kms::V1::GetCryptoKeyRequest, ::Google::Cloud::Kms::V1::CryptoKey
60
- # Returns metadata for a given [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
61
+ # Returns metadata for a given
62
+ # [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
61
63
  rpc :GetCryptoKeyVersion, ::Google::Cloud::Kms::V1::GetCryptoKeyVersionRequest, ::Google::Cloud::Kms::V1::CryptoKeyVersion
62
- # Returns the public key for the given [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. The
64
+ # Returns the public key for the given
65
+ # [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. The
63
66
  # [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
64
- # [ASYMMETRIC_SIGN][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN] or
67
+ # [ASYMMETRIC_SIGN][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN]
68
+ # or
65
69
  # [ASYMMETRIC_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_DECRYPT].
66
70
  rpc :GetPublicKey, ::Google::Cloud::Kms::V1::GetPublicKeyRequest, ::Google::Cloud::Kms::V1::PublicKey
67
71
  # Returns metadata for a given [ImportJob][google.cloud.kms.v1.ImportJob].
68
72
  rpc :GetImportJob, ::Google::Cloud::Kms::V1::GetImportJobRequest, ::Google::Cloud::Kms::V1::ImportJob
69
- # Create a new [KeyRing][google.cloud.kms.v1.KeyRing] in a given Project and Location.
73
+ # Create a new [KeyRing][google.cloud.kms.v1.KeyRing] in a given Project and
74
+ # Location.
70
75
  rpc :CreateKeyRing, ::Google::Cloud::Kms::V1::CreateKeyRingRequest, ::Google::Cloud::Kms::V1::KeyRing
71
- # Create a new [CryptoKey][google.cloud.kms.v1.CryptoKey] within a [KeyRing][google.cloud.kms.v1.KeyRing].
76
+ # Create a new [CryptoKey][google.cloud.kms.v1.CryptoKey] within a
77
+ # [KeyRing][google.cloud.kms.v1.KeyRing].
72
78
  #
73
79
  # [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] and
74
80
  # [CryptoKey.version_template.algorithm][google.cloud.kms.v1.CryptoKeyVersionTemplate.algorithm]
75
81
  # are required.
76
82
  rpc :CreateCryptoKey, ::Google::Cloud::Kms::V1::CreateCryptoKeyRequest, ::Google::Cloud::Kms::V1::CryptoKey
77
- # Create a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in a [CryptoKey][google.cloud.kms.v1.CryptoKey].
83
+ # Create a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in a
84
+ # [CryptoKey][google.cloud.kms.v1.CryptoKey].
78
85
  #
79
86
  # The server will assign the next sequential id. If unset,
80
87
  # [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to
81
88
  # [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED].
82
89
  rpc :CreateCryptoKeyVersion, ::Google::Cloud::Kms::V1::CreateCryptoKeyVersionRequest, ::Google::Cloud::Kms::V1::CryptoKeyVersion
83
- # Import wrapped key material into a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
90
+ # Import wrapped key material into a
91
+ # [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
84
92
  #
85
- # All requests must specify a [CryptoKey][google.cloud.kms.v1.CryptoKey]. If a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] is
86
- # additionally specified in the request, key material will be reimported into
87
- # that version. Otherwise, a new version will be created, and will be
88
- # assigned the next sequential id within the [CryptoKey][google.cloud.kms.v1.CryptoKey].
93
+ # All requests must specify a [CryptoKey][google.cloud.kms.v1.CryptoKey]. If
94
+ # a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] is additionally
95
+ # specified in the request, key material will be reimported into that
96
+ # version. Otherwise, a new version will be created, and will be assigned the
97
+ # next sequential id within the [CryptoKey][google.cloud.kms.v1.CryptoKey].
89
98
  rpc :ImportCryptoKeyVersion, ::Google::Cloud::Kms::V1::ImportCryptoKeyVersionRequest, ::Google::Cloud::Kms::V1::CryptoKeyVersion
90
- # Create a new [ImportJob][google.cloud.kms.v1.ImportJob] within a [KeyRing][google.cloud.kms.v1.KeyRing].
99
+ # Create a new [ImportJob][google.cloud.kms.v1.ImportJob] within a
100
+ # [KeyRing][google.cloud.kms.v1.KeyRing].
91
101
  #
92
- # [ImportJob.import_method][google.cloud.kms.v1.ImportJob.import_method] is required.
102
+ # [ImportJob.import_method][google.cloud.kms.v1.ImportJob.import_method] is
103
+ # required.
93
104
  rpc :CreateImportJob, ::Google::Cloud::Kms::V1::CreateImportJobRequest, ::Google::Cloud::Kms::V1::ImportJob
94
105
  # Update a [CryptoKey][google.cloud.kms.v1.CryptoKey].
95
106
  rpc :UpdateCryptoKey, ::Google::Cloud::Kms::V1::UpdateCryptoKeyRequest, ::Google::Cloud::Kms::V1::CryptoKey
96
- # Update a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s metadata.
107
+ # Update a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s
108
+ # metadata.
97
109
  #
98
110
  # [state][google.cloud.kms.v1.CryptoKeyVersion.state] may be changed between
99
- # [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED] and
100
- # [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED] using this
101
- # method. See [DestroyCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion] and [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion] to
102
- # move between other states.
111
+ # [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED]
112
+ # and
113
+ # [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED]
114
+ # using this method. See
115
+ # [DestroyCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion]
116
+ # and
117
+ # [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion]
118
+ # to move between other states.
103
119
  rpc :UpdateCryptoKeyVersion, ::Google::Cloud::Kms::V1::UpdateCryptoKeyVersionRequest, ::Google::Cloud::Kms::V1::CryptoKeyVersion
104
- # Update the version of a [CryptoKey][google.cloud.kms.v1.CryptoKey] that will be used in [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt].
120
+ # Update the version of a [CryptoKey][google.cloud.kms.v1.CryptoKey] that
121
+ # will be used in
122
+ # [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt].
105
123
  #
106
124
  # Returns an error if called on a key whose purpose is not
107
125
  # [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
108
126
  rpc :UpdateCryptoKeyPrimaryVersion, ::Google::Cloud::Kms::V1::UpdateCryptoKeyPrimaryVersionRequest, ::Google::Cloud::Kms::V1::CryptoKey
109
- # Schedule a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] for destruction.
127
+ # Schedule a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] for
128
+ # destruction.
110
129
  #
111
- # Upon calling this method, [CryptoKeyVersion.state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to
130
+ # Upon calling this method,
131
+ # [CryptoKeyVersion.state][google.cloud.kms.v1.CryptoKeyVersion.state] will
132
+ # be set to
112
133
  # [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED],
113
- # and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will be set to the time
114
- # [destroy_scheduled_duration][google.cloud.kms.v1.CryptoKey.destroy_scheduled_duration] in the
115
- # future. At that time, the [state][google.cloud.kms.v1.CryptoKeyVersion.state] will
116
- # automatically change to
117
- # [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED], and the key
118
- # material will be irrevocably destroyed.
134
+ # and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will
135
+ # be set to the time
136
+ # [destroy_scheduled_duration][google.cloud.kms.v1.CryptoKey.destroy_scheduled_duration]
137
+ # in the future. At that time, the
138
+ # [state][google.cloud.kms.v1.CryptoKeyVersion.state] will automatically
139
+ # change to
140
+ # [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED],
141
+ # and the key material will be irrevocably destroyed.
119
142
  #
120
- # Before the [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] is reached,
121
- # [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion] may be called to reverse the process.
143
+ # Before the
144
+ # [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] is
145
+ # reached,
146
+ # [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion]
147
+ # may be called to reverse the process.
122
148
  rpc :DestroyCryptoKeyVersion, ::Google::Cloud::Kms::V1::DestroyCryptoKeyVersionRequest, ::Google::Cloud::Kms::V1::CryptoKeyVersion
123
149
  # Restore a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in the
124
150
  # [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED]
125
151
  # state.
126
152
  #
127
- # Upon restoration of the CryptoKeyVersion, [state][google.cloud.kms.v1.CryptoKeyVersion.state]
128
- # will be set to [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED],
129
- # and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will be cleared.
153
+ # Upon restoration of the CryptoKeyVersion,
154
+ # [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to
155
+ # [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED],
156
+ # and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will
157
+ # be cleared.
130
158
  rpc :RestoreCryptoKeyVersion, ::Google::Cloud::Kms::V1::RestoreCryptoKeyVersionRequest, ::Google::Cloud::Kms::V1::CryptoKeyVersion
131
- # Encrypts data, so that it can only be recovered by a call to [Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt].
132
- # The [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
159
+ # Encrypts data, so that it can only be recovered by a call to
160
+ # [Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt]. The
161
+ # [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
133
162
  # [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
134
163
  rpc :Encrypt, ::Google::Cloud::Kms::V1::EncryptRequest, ::Google::Cloud::Kms::V1::EncryptResponse
135
- # Decrypts data that was protected by [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. The [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
136
- # must be [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
164
+ # Decrypts data that was protected by
165
+ # [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. The
166
+ # [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
167
+ # [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
137
168
  rpc :Decrypt, ::Google::Cloud::Kms::V1::DecryptRequest, ::Google::Cloud::Kms::V1::DecryptResponse
138
- # Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
169
+ # Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
170
+ # with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
139
171
  # ASYMMETRIC_SIGN, producing a signature that can be verified with the public
140
- # key retrieved from [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey].
172
+ # key retrieved from
173
+ # [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey].
141
174
  rpc :AsymmetricSign, ::Google::Cloud::Kms::V1::AsymmetricSignRequest, ::Google::Cloud::Kms::V1::AsymmetricSignResponse
142
175
  # Decrypts data that was encrypted with a public key retrieved from
143
- # [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey] corresponding to a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with
144
- # [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] ASYMMETRIC_DECRYPT.
176
+ # [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey]
177
+ # corresponding to a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
178
+ # with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
179
+ # ASYMMETRIC_DECRYPT.
145
180
  rpc :AsymmetricDecrypt, ::Google::Cloud::Kms::V1::AsymmetricDecryptRequest, ::Google::Cloud::Kms::V1::AsymmetricDecryptResponse
146
- # Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
147
- # MAC, producing a tag that can be verified by another source with the
148
- # same key.
181
+ # Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
182
+ # with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] MAC,
183
+ # producing a tag that can be verified by another source with the same key.
149
184
  rpc :MacSign, ::Google::Cloud::Kms::V1::MacSignRequest, ::Google::Cloud::Kms::V1::MacSignResponse
150
- # Verifies MAC tag using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
151
- # MAC, and returns a response that indicates whether or not the verification
152
- # was successful.
185
+ # Verifies MAC tag using a
186
+ # [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with
187
+ # [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] MAC, and returns
188
+ # a response that indicates whether or not the verification was successful.
153
189
  rpc :MacVerify, ::Google::Cloud::Kms::V1::MacVerifyRequest, ::Google::Cloud::Kms::V1::MacVerifyResponse
154
190
  # Generate random bytes using the Cloud KMS randomness source in the provided
155
191
  # location.
@@ -21,7 +21,7 @@ module Google
21
21
  module Cloud
22
22
  module Kms
23
23
  module V1
24
- VERSION = "0.10.2"
24
+ VERSION = "0.13.0"
25
25
  end
26
26
  end
27
27
  end
@@ -16,6 +16,7 @@
16
16
 
17
17
  # Auto-generated by gapic-generator-ruby. DO NOT EDIT!
18
18
 
19
+ require "google/cloud/kms/v1/ekm_service"
19
20
  require "google/cloud/kms/v1/key_management_service"
20
21
  require "google/cloud/kms/v1/iam_policy"
21
22
  require "google/cloud/kms/v1/version"
@@ -26,8 +27,10 @@ module Google
26
27
  ##
27
28
  # To load this package, including all its services, and instantiate a client:
28
29
  #
30
+ # @example
31
+ #
29
32
  # require "google/cloud/kms/v1"
30
- # client = ::Google::Cloud::Kms::V1::KeyManagementService::Client.new
33
+ # client = ::Google::Cloud::Kms::V1::EkmService::Client.new
31
34
  #
32
35
  module V1
33
36
  end
@@ -0,0 +1,226 @@
1
+ # frozen_string_literal: true
2
+
3
+ # Copyright 2022 Google LLC
4
+ #
5
+ # Licensed under the Apache License, Version 2.0 (the "License");
6
+ # you may not use this file except in compliance with the License.
7
+ # You may obtain a copy of the License at
8
+ #
9
+ # https://www.apache.org/licenses/LICENSE-2.0
10
+ #
11
+ # Unless required by applicable law or agreed to in writing, software
12
+ # distributed under the License is distributed on an "AS IS" BASIS,
13
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+ # See the License for the specific language governing permissions and
15
+ # limitations under the License.
16
+
17
+ # Auto-generated by gapic-generator-ruby. DO NOT EDIT!
18
+
19
+
20
+ module Google
21
+ module Cloud
22
+ module Kms
23
+ module V1
24
+ # Request message for [KeyManagementService.ListEkmConnections][].
25
+ # @!attribute [rw] parent
26
+ # @return [::String]
27
+ # Required. The resource name of the location associated with the
28
+ # {::Google::Cloud::Kms::V1::EkmConnection EkmConnections} to list, in the format
29
+ # `projects/*/locations/*`.
30
+ # @!attribute [rw] page_size
31
+ # @return [::Integer]
32
+ # Optional. Optional limit on the number of
33
+ # {::Google::Cloud::Kms::V1::EkmConnection EkmConnections} to include in the
34
+ # response. Further {::Google::Cloud::Kms::V1::EkmConnection EkmConnections} can
35
+ # subsequently be obtained by including the
36
+ # {::Google::Cloud::Kms::V1::ListEkmConnectionsResponse#next_page_token ListEkmConnectionsResponse.next_page_token}
37
+ # in a subsequent request. If unspecified, the server will pick an
38
+ # appropriate default.
39
+ # @!attribute [rw] page_token
40
+ # @return [::String]
41
+ # Optional. Optional pagination token, returned earlier via
42
+ # {::Google::Cloud::Kms::V1::ListEkmConnectionsResponse#next_page_token ListEkmConnectionsResponse.next_page_token}.
43
+ # @!attribute [rw] filter
44
+ # @return [::String]
45
+ # Optional. Only include resources that match the filter in the response. For
46
+ # more information, see
47
+ # [Sorting and filtering list
48
+ # results](https://cloud.google.com/kms/docs/sorting-and-filtering).
49
+ # @!attribute [rw] order_by
50
+ # @return [::String]
51
+ # Optional. Specify how the results should be sorted. If not specified, the
52
+ # results will be sorted in the default order. For more information, see
53
+ # [Sorting and filtering list
54
+ # results](https://cloud.google.com/kms/docs/sorting-and-filtering).
55
+ class ListEkmConnectionsRequest
56
+ include ::Google::Protobuf::MessageExts
57
+ extend ::Google::Protobuf::MessageExts::ClassMethods
58
+ end
59
+
60
+ # Response message for [KeyManagementService.ListEkmConnections][].
61
+ # @!attribute [rw] ekm_connections
62
+ # @return [::Array<::Google::Cloud::Kms::V1::EkmConnection>]
63
+ # The list of {::Google::Cloud::Kms::V1::EkmConnection EkmConnections}.
64
+ # @!attribute [rw] next_page_token
65
+ # @return [::String]
66
+ # A token to retrieve next page of results. Pass this value in
67
+ # {::Google::Cloud::Kms::V1::ListEkmConnectionsRequest#page_token ListEkmConnectionsRequest.page_token}
68
+ # to retrieve the next page of results.
69
+ # @!attribute [rw] total_size
70
+ # @return [::Integer]
71
+ # The total number of {::Google::Cloud::Kms::V1::EkmConnection EkmConnections}
72
+ # that matched the query.
73
+ class ListEkmConnectionsResponse
74
+ include ::Google::Protobuf::MessageExts
75
+ extend ::Google::Protobuf::MessageExts::ClassMethods
76
+ end
77
+
78
+ # Request message for [KeyManagementService.GetEkmConnection][].
79
+ # @!attribute [rw] name
80
+ # @return [::String]
81
+ # Required. The {::Google::Cloud::Kms::V1::EkmConnection#name name} of the
82
+ # {::Google::Cloud::Kms::V1::EkmConnection EkmConnection} to get.
83
+ class GetEkmConnectionRequest
84
+ include ::Google::Protobuf::MessageExts
85
+ extend ::Google::Protobuf::MessageExts::ClassMethods
86
+ end
87
+
88
+ # Request message for [KeyManagementService.CreateEkmConnection][].
89
+ # @!attribute [rw] parent
90
+ # @return [::String]
91
+ # Required. The resource name of the location associated with the
92
+ # {::Google::Cloud::Kms::V1::EkmConnection EkmConnection}, in the format
93
+ # `projects/*/locations/*`.
94
+ # @!attribute [rw] ekm_connection_id
95
+ # @return [::String]
96
+ # Required. It must be unique within a location and match the regular
97
+ # expression `[a-zA-Z0-9_-]{1,63}`.
98
+ # @!attribute [rw] ekm_connection
99
+ # @return [::Google::Cloud::Kms::V1::EkmConnection]
100
+ # Required. An {::Google::Cloud::Kms::V1::EkmConnection EkmConnection} with
101
+ # initial field values.
102
+ class CreateEkmConnectionRequest
103
+ include ::Google::Protobuf::MessageExts
104
+ extend ::Google::Protobuf::MessageExts::ClassMethods
105
+ end
106
+
107
+ # Request message for [KeyManagementService.UpdateEkmConnection][].
108
+ # @!attribute [rw] ekm_connection
109
+ # @return [::Google::Cloud::Kms::V1::EkmConnection]
110
+ # Required. {::Google::Cloud::Kms::V1::EkmConnection EkmConnection} with updated
111
+ # values.
112
+ # @!attribute [rw] update_mask
113
+ # @return [::Google::Protobuf::FieldMask]
114
+ # Required. List of fields to be updated in this request.
115
+ class UpdateEkmConnectionRequest
116
+ include ::Google::Protobuf::MessageExts
117
+ extend ::Google::Protobuf::MessageExts::ClassMethods
118
+ end
119
+
120
+ # A {::Google::Cloud::Kms::V1::Certificate Certificate} represents an X.509
121
+ # certificate used to authenticate HTTPS connections to EKM replicas.
122
+ # @!attribute [rw] raw_der
123
+ # @return [::String]
124
+ # Required. The raw certificate bytes in DER format.
125
+ # @!attribute [r] parsed
126
+ # @return [::Boolean]
127
+ # Output only. True if the certificate was parsed successfully.
128
+ # @!attribute [r] issuer
129
+ # @return [::String]
130
+ # Output only. The issuer distinguished name in RFC 2253 format. Only present
131
+ # if {::Google::Cloud::Kms::V1::Certificate#parsed parsed} is true.
132
+ # @!attribute [r] subject
133
+ # @return [::String]
134
+ # Output only. The subject distinguished name in RFC 2253 format. Only
135
+ # present if {::Google::Cloud::Kms::V1::Certificate#parsed parsed} is true.
136
+ # @!attribute [r] subject_alternative_dns_names
137
+ # @return [::Array<::String>]
138
+ # Output only. The subject Alternative DNS names. Only present if
139
+ # {::Google::Cloud::Kms::V1::Certificate#parsed parsed} is true.
140
+ # @!attribute [r] not_before_time
141
+ # @return [::Google::Protobuf::Timestamp]
142
+ # Output only. The certificate is not valid before this time. Only present if
143
+ # {::Google::Cloud::Kms::V1::Certificate#parsed parsed} is true.
144
+ # @!attribute [r] not_after_time
145
+ # @return [::Google::Protobuf::Timestamp]
146
+ # Output only. The certificate is not valid after this time. Only present if
147
+ # {::Google::Cloud::Kms::V1::Certificate#parsed parsed} is true.
148
+ # @!attribute [r] serial_number
149
+ # @return [::String]
150
+ # Output only. The certificate serial number as a hex string. Only present if
151
+ # {::Google::Cloud::Kms::V1::Certificate#parsed parsed} is true.
152
+ # @!attribute [r] sha256_fingerprint
153
+ # @return [::String]
154
+ # Output only. The SHA-256 certificate fingerprint as a hex string. Only
155
+ # present if {::Google::Cloud::Kms::V1::Certificate#parsed parsed} is true.
156
+ class Certificate
157
+ include ::Google::Protobuf::MessageExts
158
+ extend ::Google::Protobuf::MessageExts::ClassMethods
159
+ end
160
+
161
+ # An {::Google::Cloud::Kms::V1::EkmConnection EkmConnection} represents an
162
+ # individual EKM connection. It can be used for creating
163
+ # {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} and
164
+ # {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersions} with a
165
+ # {::Google::Cloud::Kms::V1::ProtectionLevel ProtectionLevel} of
166
+ # [EXTERNAL_VPC][CryptoKeyVersion.ProtectionLevel.EXTERNAL_VPC], as well as
167
+ # performing cryptographic operations using keys created within the
168
+ # {::Google::Cloud::Kms::V1::EkmConnection EkmConnection}.
169
+ # @!attribute [r] name
170
+ # @return [::String]
171
+ # Output only. The resource name for the
172
+ # {::Google::Cloud::Kms::V1::EkmConnection EkmConnection} in the format
173
+ # `projects/*/locations/*/ekmConnections/*`.
174
+ # @!attribute [r] create_time
175
+ # @return [::Google::Protobuf::Timestamp]
176
+ # Output only. The time at which the
177
+ # {::Google::Cloud::Kms::V1::EkmConnection EkmConnection} was created.
178
+ # @!attribute [rw] service_resolvers
179
+ # @return [::Array<::Google::Cloud::Kms::V1::EkmConnection::ServiceResolver>]
180
+ # A list of
181
+ # {::Google::Cloud::Kms::V1::EkmConnection::ServiceResolver ServiceResolvers} where
182
+ # the EKM can be reached. There should be one ServiceResolver per EKM
183
+ # replica. Currently, only a single
184
+ # {::Google::Cloud::Kms::V1::EkmConnection::ServiceResolver ServiceResolver} is
185
+ # supported.
186
+ # @!attribute [rw] etag
187
+ # @return [::String]
188
+ # This checksum is computed by the server based on the value of other fields,
189
+ # and may be sent on update requests to ensure the client has an up-to-date
190
+ # value before proceeding.
191
+ class EkmConnection
192
+ include ::Google::Protobuf::MessageExts
193
+ extend ::Google::Protobuf::MessageExts::ClassMethods
194
+
195
+ # A {::Google::Cloud::Kms::V1::EkmConnection::ServiceResolver ServiceResolver}
196
+ # represents an EKM replica that can be reached within an
197
+ # {::Google::Cloud::Kms::V1::EkmConnection EkmConnection}.
198
+ # @!attribute [rw] service_directory_service
199
+ # @return [::String]
200
+ # Required. The resource name of the Service Directory service pointing to
201
+ # an EKM replica, in the format
202
+ # `projects/*/locations/*/namespaces/*/services/*`.
203
+ # @!attribute [rw] endpoint_filter
204
+ # @return [::String]
205
+ # Optional. The filter applied to the endpoints of the resolved service. If
206
+ # no filter is specified, all endpoints will be considered. An endpoint
207
+ # will be chosen arbitrarily from the filtered list for each request.
208
+ #
209
+ # For endpoint filter syntax and examples, see
210
+ # https://cloud.google.com/service-directory/docs/reference/rpc/google.cloud.servicedirectory.v1#resolveservicerequest.
211
+ # @!attribute [rw] hostname
212
+ # @return [::String]
213
+ # Required. The hostname of the EKM replica used at TLS and HTTP layers.
214
+ # @!attribute [rw] server_certificates
215
+ # @return [::Array<::Google::Cloud::Kms::V1::Certificate>]
216
+ # Required. A list of leaf server certificates used to authenticate HTTPS
217
+ # connections to the EKM replica.
218
+ class ServiceResolver
219
+ include ::Google::Protobuf::MessageExts
220
+ extend ::Google::Protobuf::MessageExts::ClassMethods
221
+ end
222
+ end
223
+ end
224
+ end
225
+ end
226
+ end