google-cloud-kms-v1 0.10.2 → 0.13.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/AUTHENTICATION.md +6 -6
- data/README.md +14 -9
- data/lib/google/cloud/kms/v1/ekm_service/client.rb +731 -0
- data/lib/google/cloud/kms/v1/ekm_service/credentials.rb +52 -0
- data/lib/google/cloud/kms/v1/ekm_service/paths.rb +90 -0
- data/lib/google/cloud/kms/v1/ekm_service.rb +53 -0
- data/lib/google/cloud/kms/v1/ekm_service_pb.rb +80 -0
- data/lib/google/cloud/kms/v1/ekm_service_services_pb.rb +57 -0
- data/lib/google/cloud/kms/v1/iam_policy/client.rb +13 -4
- data/lib/google/cloud/kms/v1/iam_policy.rb +2 -1
- data/lib/google/cloud/kms/v1/key_management_service/client.rb +427 -276
- data/lib/google/cloud/kms/v1/resources_pb.rb +12 -2
- data/lib/google/cloud/kms/v1/service_pb.rb +2 -1
- data/lib/google/cloud/kms/v1/service_services_pb.rb +84 -48
- data/lib/google/cloud/kms/v1/version.rb +1 -1
- data/lib/google/cloud/kms/v1.rb +4 -1
- data/proto_docs/google/cloud/kms/v1/ekm_service.rb +226 -0
- data/proto_docs/google/cloud/kms/v1/resources.rb +299 -160
- data/proto_docs/google/cloud/kms/v1/service.rb +653 -412
- data/proto_docs/google/iam/v1/iam_policy.rb +8 -1
- data/proto_docs/google/iam/v1/options.rb +14 -4
- data/proto_docs/google/iam/v1/policy.rb +208 -38
- metadata +23 -22
@@ -1,13 +1,13 @@
|
|
1
1
|
# Generated by the protocol buffer compiler. DO NOT EDIT!
|
2
2
|
# source: google/cloud/kms/v1/resources.proto
|
3
3
|
|
4
|
+
require 'google/protobuf'
|
5
|
+
|
4
6
|
require 'google/api/field_behavior_pb'
|
5
7
|
require 'google/api/resource_pb'
|
6
8
|
require 'google/protobuf/duration_pb'
|
7
9
|
require 'google/protobuf/timestamp_pb'
|
8
10
|
require 'google/protobuf/wrappers_pb'
|
9
|
-
require 'google/api/annotations_pb'
|
10
|
-
require 'google/protobuf'
|
11
11
|
|
12
12
|
Google::Protobuf::DescriptorPool.generated_pool.build do
|
13
13
|
add_file("google/cloud/kms/v1/resources.proto", :syntax => :proto3) do
|
@@ -25,6 +25,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
25
25
|
map :labels, :string, :string, 10
|
26
26
|
optional :import_only, :bool, 13
|
27
27
|
optional :destroy_scheduled_duration, :message, 14, "google.protobuf.Duration"
|
28
|
+
optional :crypto_key_backend, :string, 15
|
28
29
|
oneof :rotation_schedule do
|
29
30
|
optional :rotation_period, :message, 8, "google.protobuf.Duration"
|
30
31
|
end
|
@@ -43,6 +44,12 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
43
44
|
add_message "google.cloud.kms.v1.KeyOperationAttestation" do
|
44
45
|
optional :format, :enum, 4, "google.cloud.kms.v1.KeyOperationAttestation.AttestationFormat"
|
45
46
|
optional :content, :bytes, 5
|
47
|
+
optional :cert_chains, :message, 6, "google.cloud.kms.v1.KeyOperationAttestation.CertificateChains"
|
48
|
+
end
|
49
|
+
add_message "google.cloud.kms.v1.KeyOperationAttestation.CertificateChains" do
|
50
|
+
repeated :cavium_certs, :string, 1
|
51
|
+
repeated :google_card_certs, :string, 2
|
52
|
+
repeated :google_partition_certs, :string, 3
|
46
53
|
end
|
47
54
|
add_enum "google.cloud.kms.v1.KeyOperationAttestation.AttestationFormat" do
|
48
55
|
value :ATTESTATION_FORMAT_UNSPECIFIED, 0
|
@@ -141,12 +148,14 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
141
148
|
end
|
142
149
|
add_message "google.cloud.kms.v1.ExternalProtectionLevelOptions" do
|
143
150
|
optional :external_key_uri, :string, 1
|
151
|
+
optional :ekm_connection_key_path, :string, 2
|
144
152
|
end
|
145
153
|
add_enum "google.cloud.kms.v1.ProtectionLevel" do
|
146
154
|
value :PROTECTION_LEVEL_UNSPECIFIED, 0
|
147
155
|
value :SOFTWARE, 1
|
148
156
|
value :HSM, 2
|
149
157
|
value :EXTERNAL, 3
|
158
|
+
value :EXTERNAL_VPC, 4
|
150
159
|
end
|
151
160
|
end
|
152
161
|
end
|
@@ -160,6 +169,7 @@ module Google
|
|
160
169
|
CryptoKey::CryptoKeyPurpose = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose").enummodule
|
161
170
|
CryptoKeyVersionTemplate = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.CryptoKeyVersionTemplate").msgclass
|
162
171
|
KeyOperationAttestation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.KeyOperationAttestation").msgclass
|
172
|
+
KeyOperationAttestation::CertificateChains = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.KeyOperationAttestation.CertificateChains").msgclass
|
163
173
|
KeyOperationAttestation::AttestationFormat = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.KeyOperationAttestation.AttestationFormat").enummodule
|
164
174
|
CryptoKeyVersion = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.CryptoKeyVersion").msgclass
|
165
175
|
CryptoKeyVersion::CryptoKeyVersionAlgorithm = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm").enummodule
|
@@ -1,6 +1,8 @@
|
|
1
1
|
# Generated by the protocol buffer compiler. DO NOT EDIT!
|
2
2
|
# source: google/cloud/kms/v1/service.proto
|
3
3
|
|
4
|
+
require 'google/protobuf'
|
5
|
+
|
4
6
|
require 'google/api/annotations_pb'
|
5
7
|
require 'google/api/client_pb'
|
6
8
|
require 'google/api/field_behavior_pb'
|
@@ -8,7 +10,6 @@ require 'google/api/resource_pb'
|
|
8
10
|
require 'google/cloud/kms/v1/resources_pb'
|
9
11
|
require 'google/protobuf/field_mask_pb'
|
10
12
|
require 'google/protobuf/wrappers_pb'
|
11
|
-
require 'google/protobuf'
|
12
13
|
|
13
14
|
Google::Protobuf::DescriptorPool.generated_pool.build do
|
14
15
|
add_file("google/cloud/kms/v1/service.proto", :syntax => :proto3) do
|
@@ -54,102 +54,138 @@ module Google
|
|
54
54
|
rpc :ListImportJobs, ::Google::Cloud::Kms::V1::ListImportJobsRequest, ::Google::Cloud::Kms::V1::ListImportJobsResponse
|
55
55
|
# Returns metadata for a given [KeyRing][google.cloud.kms.v1.KeyRing].
|
56
56
|
rpc :GetKeyRing, ::Google::Cloud::Kms::V1::GetKeyRingRequest, ::Google::Cloud::Kms::V1::KeyRing
|
57
|
-
# Returns metadata for a given [CryptoKey][google.cloud.kms.v1.CryptoKey], as
|
58
|
-
# [primary][google.cloud.kms.v1.CryptoKey.primary]
|
57
|
+
# Returns metadata for a given [CryptoKey][google.cloud.kms.v1.CryptoKey], as
|
58
|
+
# well as its [primary][google.cloud.kms.v1.CryptoKey.primary]
|
59
|
+
# [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
|
59
60
|
rpc :GetCryptoKey, ::Google::Cloud::Kms::V1::GetCryptoKeyRequest, ::Google::Cloud::Kms::V1::CryptoKey
|
60
|
-
# Returns metadata for a given
|
61
|
+
# Returns metadata for a given
|
62
|
+
# [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
|
61
63
|
rpc :GetCryptoKeyVersion, ::Google::Cloud::Kms::V1::GetCryptoKeyVersionRequest, ::Google::Cloud::Kms::V1::CryptoKeyVersion
|
62
|
-
# Returns the public key for the given
|
64
|
+
# Returns the public key for the given
|
65
|
+
# [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. The
|
63
66
|
# [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
|
64
|
-
# [ASYMMETRIC_SIGN][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN]
|
67
|
+
# [ASYMMETRIC_SIGN][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN]
|
68
|
+
# or
|
65
69
|
# [ASYMMETRIC_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_DECRYPT].
|
66
70
|
rpc :GetPublicKey, ::Google::Cloud::Kms::V1::GetPublicKeyRequest, ::Google::Cloud::Kms::V1::PublicKey
|
67
71
|
# Returns metadata for a given [ImportJob][google.cloud.kms.v1.ImportJob].
|
68
72
|
rpc :GetImportJob, ::Google::Cloud::Kms::V1::GetImportJobRequest, ::Google::Cloud::Kms::V1::ImportJob
|
69
|
-
# Create a new [KeyRing][google.cloud.kms.v1.KeyRing] in a given Project and
|
73
|
+
# Create a new [KeyRing][google.cloud.kms.v1.KeyRing] in a given Project and
|
74
|
+
# Location.
|
70
75
|
rpc :CreateKeyRing, ::Google::Cloud::Kms::V1::CreateKeyRingRequest, ::Google::Cloud::Kms::V1::KeyRing
|
71
|
-
# Create a new [CryptoKey][google.cloud.kms.v1.CryptoKey] within a
|
76
|
+
# Create a new [CryptoKey][google.cloud.kms.v1.CryptoKey] within a
|
77
|
+
# [KeyRing][google.cloud.kms.v1.KeyRing].
|
72
78
|
#
|
73
79
|
# [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] and
|
74
80
|
# [CryptoKey.version_template.algorithm][google.cloud.kms.v1.CryptoKeyVersionTemplate.algorithm]
|
75
81
|
# are required.
|
76
82
|
rpc :CreateCryptoKey, ::Google::Cloud::Kms::V1::CreateCryptoKeyRequest, ::Google::Cloud::Kms::V1::CryptoKey
|
77
|
-
# Create a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in a
|
83
|
+
# Create a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in a
|
84
|
+
# [CryptoKey][google.cloud.kms.v1.CryptoKey].
|
78
85
|
#
|
79
86
|
# The server will assign the next sequential id. If unset,
|
80
87
|
# [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to
|
81
88
|
# [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED].
|
82
89
|
rpc :CreateCryptoKeyVersion, ::Google::Cloud::Kms::V1::CreateCryptoKeyVersionRequest, ::Google::Cloud::Kms::V1::CryptoKeyVersion
|
83
|
-
# Import wrapped key material into a
|
90
|
+
# Import wrapped key material into a
|
91
|
+
# [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
|
84
92
|
#
|
85
|
-
# All requests must specify a [CryptoKey][google.cloud.kms.v1.CryptoKey]. If
|
86
|
-
#
|
87
|
-
#
|
88
|
-
#
|
93
|
+
# All requests must specify a [CryptoKey][google.cloud.kms.v1.CryptoKey]. If
|
94
|
+
# a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] is additionally
|
95
|
+
# specified in the request, key material will be reimported into that
|
96
|
+
# version. Otherwise, a new version will be created, and will be assigned the
|
97
|
+
# next sequential id within the [CryptoKey][google.cloud.kms.v1.CryptoKey].
|
89
98
|
rpc :ImportCryptoKeyVersion, ::Google::Cloud::Kms::V1::ImportCryptoKeyVersionRequest, ::Google::Cloud::Kms::V1::CryptoKeyVersion
|
90
|
-
# Create a new [ImportJob][google.cloud.kms.v1.ImportJob] within a
|
99
|
+
# Create a new [ImportJob][google.cloud.kms.v1.ImportJob] within a
|
100
|
+
# [KeyRing][google.cloud.kms.v1.KeyRing].
|
91
101
|
#
|
92
|
-
# [ImportJob.import_method][google.cloud.kms.v1.ImportJob.import_method] is
|
102
|
+
# [ImportJob.import_method][google.cloud.kms.v1.ImportJob.import_method] is
|
103
|
+
# required.
|
93
104
|
rpc :CreateImportJob, ::Google::Cloud::Kms::V1::CreateImportJobRequest, ::Google::Cloud::Kms::V1::ImportJob
|
94
105
|
# Update a [CryptoKey][google.cloud.kms.v1.CryptoKey].
|
95
106
|
rpc :UpdateCryptoKey, ::Google::Cloud::Kms::V1::UpdateCryptoKeyRequest, ::Google::Cloud::Kms::V1::CryptoKey
|
96
|
-
# Update a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s
|
107
|
+
# Update a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s
|
108
|
+
# metadata.
|
97
109
|
#
|
98
110
|
# [state][google.cloud.kms.v1.CryptoKeyVersion.state] may be changed between
|
99
|
-
# [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED]
|
100
|
-
#
|
101
|
-
#
|
102
|
-
#
|
111
|
+
# [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED]
|
112
|
+
# and
|
113
|
+
# [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED]
|
114
|
+
# using this method. See
|
115
|
+
# [DestroyCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion]
|
116
|
+
# and
|
117
|
+
# [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion]
|
118
|
+
# to move between other states.
|
103
119
|
rpc :UpdateCryptoKeyVersion, ::Google::Cloud::Kms::V1::UpdateCryptoKeyVersionRequest, ::Google::Cloud::Kms::V1::CryptoKeyVersion
|
104
|
-
# Update the version of a [CryptoKey][google.cloud.kms.v1.CryptoKey] that
|
120
|
+
# Update the version of a [CryptoKey][google.cloud.kms.v1.CryptoKey] that
|
121
|
+
# will be used in
|
122
|
+
# [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt].
|
105
123
|
#
|
106
124
|
# Returns an error if called on a key whose purpose is not
|
107
125
|
# [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
|
108
126
|
rpc :UpdateCryptoKeyPrimaryVersion, ::Google::Cloud::Kms::V1::UpdateCryptoKeyPrimaryVersionRequest, ::Google::Cloud::Kms::V1::CryptoKey
|
109
|
-
# Schedule a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] for
|
127
|
+
# Schedule a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] for
|
128
|
+
# destruction.
|
110
129
|
#
|
111
|
-
# Upon calling this method,
|
130
|
+
# Upon calling this method,
|
131
|
+
# [CryptoKeyVersion.state][google.cloud.kms.v1.CryptoKeyVersion.state] will
|
132
|
+
# be set to
|
112
133
|
# [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED],
|
113
|
-
# and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will
|
114
|
-
#
|
115
|
-
#
|
116
|
-
#
|
117
|
-
# [
|
118
|
-
#
|
134
|
+
# and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will
|
135
|
+
# be set to the time
|
136
|
+
# [destroy_scheduled_duration][google.cloud.kms.v1.CryptoKey.destroy_scheduled_duration]
|
137
|
+
# in the future. At that time, the
|
138
|
+
# [state][google.cloud.kms.v1.CryptoKeyVersion.state] will automatically
|
139
|
+
# change to
|
140
|
+
# [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED],
|
141
|
+
# and the key material will be irrevocably destroyed.
|
119
142
|
#
|
120
|
-
# Before the
|
121
|
-
# [
|
143
|
+
# Before the
|
144
|
+
# [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] is
|
145
|
+
# reached,
|
146
|
+
# [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion]
|
147
|
+
# may be called to reverse the process.
|
122
148
|
rpc :DestroyCryptoKeyVersion, ::Google::Cloud::Kms::V1::DestroyCryptoKeyVersionRequest, ::Google::Cloud::Kms::V1::CryptoKeyVersion
|
123
149
|
# Restore a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in the
|
124
150
|
# [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED]
|
125
151
|
# state.
|
126
152
|
#
|
127
|
-
# Upon restoration of the CryptoKeyVersion,
|
128
|
-
#
|
129
|
-
#
|
153
|
+
# Upon restoration of the CryptoKeyVersion,
|
154
|
+
# [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to
|
155
|
+
# [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED],
|
156
|
+
# and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will
|
157
|
+
# be cleared.
|
130
158
|
rpc :RestoreCryptoKeyVersion, ::Google::Cloud::Kms::V1::RestoreCryptoKeyVersionRequest, ::Google::Cloud::Kms::V1::CryptoKeyVersion
|
131
|
-
# Encrypts data, so that it can only be recovered by a call to
|
132
|
-
#
|
159
|
+
# Encrypts data, so that it can only be recovered by a call to
|
160
|
+
# [Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt]. The
|
161
|
+
# [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
|
133
162
|
# [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
|
134
163
|
rpc :Encrypt, ::Google::Cloud::Kms::V1::EncryptRequest, ::Google::Cloud::Kms::V1::EncryptResponse
|
135
|
-
# Decrypts data that was protected by
|
136
|
-
#
|
164
|
+
# Decrypts data that was protected by
|
165
|
+
# [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. The
|
166
|
+
# [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
|
167
|
+
# [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
|
137
168
|
rpc :Decrypt, ::Google::Cloud::Kms::V1::DecryptRequest, ::Google::Cloud::Kms::V1::DecryptResponse
|
138
|
-
# Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
|
169
|
+
# Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
|
170
|
+
# with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
|
139
171
|
# ASYMMETRIC_SIGN, producing a signature that can be verified with the public
|
140
|
-
# key retrieved from
|
172
|
+
# key retrieved from
|
173
|
+
# [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey].
|
141
174
|
rpc :AsymmetricSign, ::Google::Cloud::Kms::V1::AsymmetricSignRequest, ::Google::Cloud::Kms::V1::AsymmetricSignResponse
|
142
175
|
# Decrypts data that was encrypted with a public key retrieved from
|
143
|
-
# [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey]
|
144
|
-
# [
|
176
|
+
# [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey]
|
177
|
+
# corresponding to a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
|
178
|
+
# with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
|
179
|
+
# ASYMMETRIC_DECRYPT.
|
145
180
|
rpc :AsymmetricDecrypt, ::Google::Cloud::Kms::V1::AsymmetricDecryptRequest, ::Google::Cloud::Kms::V1::AsymmetricDecryptResponse
|
146
|
-
# Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
|
147
|
-
# MAC,
|
148
|
-
# same key.
|
181
|
+
# Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
|
182
|
+
# with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] MAC,
|
183
|
+
# producing a tag that can be verified by another source with the same key.
|
149
184
|
rpc :MacSign, ::Google::Cloud::Kms::V1::MacSignRequest, ::Google::Cloud::Kms::V1::MacSignResponse
|
150
|
-
# Verifies MAC tag using a
|
151
|
-
#
|
152
|
-
#
|
185
|
+
# Verifies MAC tag using a
|
186
|
+
# [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with
|
187
|
+
# [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] MAC, and returns
|
188
|
+
# a response that indicates whether or not the verification was successful.
|
153
189
|
rpc :MacVerify, ::Google::Cloud::Kms::V1::MacVerifyRequest, ::Google::Cloud::Kms::V1::MacVerifyResponse
|
154
190
|
# Generate random bytes using the Cloud KMS randomness source in the provided
|
155
191
|
# location.
|
data/lib/google/cloud/kms/v1.rb
CHANGED
@@ -16,6 +16,7 @@
|
|
16
16
|
|
17
17
|
# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
|
18
18
|
|
19
|
+
require "google/cloud/kms/v1/ekm_service"
|
19
20
|
require "google/cloud/kms/v1/key_management_service"
|
20
21
|
require "google/cloud/kms/v1/iam_policy"
|
21
22
|
require "google/cloud/kms/v1/version"
|
@@ -26,8 +27,10 @@ module Google
|
|
26
27
|
##
|
27
28
|
# To load this package, including all its services, and instantiate a client:
|
28
29
|
#
|
30
|
+
# @example
|
31
|
+
#
|
29
32
|
# require "google/cloud/kms/v1"
|
30
|
-
# client = ::Google::Cloud::Kms::V1::
|
33
|
+
# client = ::Google::Cloud::Kms::V1::EkmService::Client.new
|
31
34
|
#
|
32
35
|
module V1
|
33
36
|
end
|
@@ -0,0 +1,226 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
# Copyright 2022 Google LLC
|
4
|
+
#
|
5
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
6
|
+
# you may not use this file except in compliance with the License.
|
7
|
+
# You may obtain a copy of the License at
|
8
|
+
#
|
9
|
+
# https://www.apache.org/licenses/LICENSE-2.0
|
10
|
+
#
|
11
|
+
# Unless required by applicable law or agreed to in writing, software
|
12
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
13
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14
|
+
# See the License for the specific language governing permissions and
|
15
|
+
# limitations under the License.
|
16
|
+
|
17
|
+
# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
|
18
|
+
|
19
|
+
|
20
|
+
module Google
|
21
|
+
module Cloud
|
22
|
+
module Kms
|
23
|
+
module V1
|
24
|
+
# Request message for [KeyManagementService.ListEkmConnections][].
|
25
|
+
# @!attribute [rw] parent
|
26
|
+
# @return [::String]
|
27
|
+
# Required. The resource name of the location associated with the
|
28
|
+
# {::Google::Cloud::Kms::V1::EkmConnection EkmConnections} to list, in the format
|
29
|
+
# `projects/*/locations/*`.
|
30
|
+
# @!attribute [rw] page_size
|
31
|
+
# @return [::Integer]
|
32
|
+
# Optional. Optional limit on the number of
|
33
|
+
# {::Google::Cloud::Kms::V1::EkmConnection EkmConnections} to include in the
|
34
|
+
# response. Further {::Google::Cloud::Kms::V1::EkmConnection EkmConnections} can
|
35
|
+
# subsequently be obtained by including the
|
36
|
+
# {::Google::Cloud::Kms::V1::ListEkmConnectionsResponse#next_page_token ListEkmConnectionsResponse.next_page_token}
|
37
|
+
# in a subsequent request. If unspecified, the server will pick an
|
38
|
+
# appropriate default.
|
39
|
+
# @!attribute [rw] page_token
|
40
|
+
# @return [::String]
|
41
|
+
# Optional. Optional pagination token, returned earlier via
|
42
|
+
# {::Google::Cloud::Kms::V1::ListEkmConnectionsResponse#next_page_token ListEkmConnectionsResponse.next_page_token}.
|
43
|
+
# @!attribute [rw] filter
|
44
|
+
# @return [::String]
|
45
|
+
# Optional. Only include resources that match the filter in the response. For
|
46
|
+
# more information, see
|
47
|
+
# [Sorting and filtering list
|
48
|
+
# results](https://cloud.google.com/kms/docs/sorting-and-filtering).
|
49
|
+
# @!attribute [rw] order_by
|
50
|
+
# @return [::String]
|
51
|
+
# Optional. Specify how the results should be sorted. If not specified, the
|
52
|
+
# results will be sorted in the default order. For more information, see
|
53
|
+
# [Sorting and filtering list
|
54
|
+
# results](https://cloud.google.com/kms/docs/sorting-and-filtering).
|
55
|
+
class ListEkmConnectionsRequest
|
56
|
+
include ::Google::Protobuf::MessageExts
|
57
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
58
|
+
end
|
59
|
+
|
60
|
+
# Response message for [KeyManagementService.ListEkmConnections][].
|
61
|
+
# @!attribute [rw] ekm_connections
|
62
|
+
# @return [::Array<::Google::Cloud::Kms::V1::EkmConnection>]
|
63
|
+
# The list of {::Google::Cloud::Kms::V1::EkmConnection EkmConnections}.
|
64
|
+
# @!attribute [rw] next_page_token
|
65
|
+
# @return [::String]
|
66
|
+
# A token to retrieve next page of results. Pass this value in
|
67
|
+
# {::Google::Cloud::Kms::V1::ListEkmConnectionsRequest#page_token ListEkmConnectionsRequest.page_token}
|
68
|
+
# to retrieve the next page of results.
|
69
|
+
# @!attribute [rw] total_size
|
70
|
+
# @return [::Integer]
|
71
|
+
# The total number of {::Google::Cloud::Kms::V1::EkmConnection EkmConnections}
|
72
|
+
# that matched the query.
|
73
|
+
class ListEkmConnectionsResponse
|
74
|
+
include ::Google::Protobuf::MessageExts
|
75
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
76
|
+
end
|
77
|
+
|
78
|
+
# Request message for [KeyManagementService.GetEkmConnection][].
|
79
|
+
# @!attribute [rw] name
|
80
|
+
# @return [::String]
|
81
|
+
# Required. The {::Google::Cloud::Kms::V1::EkmConnection#name name} of the
|
82
|
+
# {::Google::Cloud::Kms::V1::EkmConnection EkmConnection} to get.
|
83
|
+
class GetEkmConnectionRequest
|
84
|
+
include ::Google::Protobuf::MessageExts
|
85
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
86
|
+
end
|
87
|
+
|
88
|
+
# Request message for [KeyManagementService.CreateEkmConnection][].
|
89
|
+
# @!attribute [rw] parent
|
90
|
+
# @return [::String]
|
91
|
+
# Required. The resource name of the location associated with the
|
92
|
+
# {::Google::Cloud::Kms::V1::EkmConnection EkmConnection}, in the format
|
93
|
+
# `projects/*/locations/*`.
|
94
|
+
# @!attribute [rw] ekm_connection_id
|
95
|
+
# @return [::String]
|
96
|
+
# Required. It must be unique within a location and match the regular
|
97
|
+
# expression `[a-zA-Z0-9_-]{1,63}`.
|
98
|
+
# @!attribute [rw] ekm_connection
|
99
|
+
# @return [::Google::Cloud::Kms::V1::EkmConnection]
|
100
|
+
# Required. An {::Google::Cloud::Kms::V1::EkmConnection EkmConnection} with
|
101
|
+
# initial field values.
|
102
|
+
class CreateEkmConnectionRequest
|
103
|
+
include ::Google::Protobuf::MessageExts
|
104
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
105
|
+
end
|
106
|
+
|
107
|
+
# Request message for [KeyManagementService.UpdateEkmConnection][].
|
108
|
+
# @!attribute [rw] ekm_connection
|
109
|
+
# @return [::Google::Cloud::Kms::V1::EkmConnection]
|
110
|
+
# Required. {::Google::Cloud::Kms::V1::EkmConnection EkmConnection} with updated
|
111
|
+
# values.
|
112
|
+
# @!attribute [rw] update_mask
|
113
|
+
# @return [::Google::Protobuf::FieldMask]
|
114
|
+
# Required. List of fields to be updated in this request.
|
115
|
+
class UpdateEkmConnectionRequest
|
116
|
+
include ::Google::Protobuf::MessageExts
|
117
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
118
|
+
end
|
119
|
+
|
120
|
+
# A {::Google::Cloud::Kms::V1::Certificate Certificate} represents an X.509
|
121
|
+
# certificate used to authenticate HTTPS connections to EKM replicas.
|
122
|
+
# @!attribute [rw] raw_der
|
123
|
+
# @return [::String]
|
124
|
+
# Required. The raw certificate bytes in DER format.
|
125
|
+
# @!attribute [r] parsed
|
126
|
+
# @return [::Boolean]
|
127
|
+
# Output only. True if the certificate was parsed successfully.
|
128
|
+
# @!attribute [r] issuer
|
129
|
+
# @return [::String]
|
130
|
+
# Output only. The issuer distinguished name in RFC 2253 format. Only present
|
131
|
+
# if {::Google::Cloud::Kms::V1::Certificate#parsed parsed} is true.
|
132
|
+
# @!attribute [r] subject
|
133
|
+
# @return [::String]
|
134
|
+
# Output only. The subject distinguished name in RFC 2253 format. Only
|
135
|
+
# present if {::Google::Cloud::Kms::V1::Certificate#parsed parsed} is true.
|
136
|
+
# @!attribute [r] subject_alternative_dns_names
|
137
|
+
# @return [::Array<::String>]
|
138
|
+
# Output only. The subject Alternative DNS names. Only present if
|
139
|
+
# {::Google::Cloud::Kms::V1::Certificate#parsed parsed} is true.
|
140
|
+
# @!attribute [r] not_before_time
|
141
|
+
# @return [::Google::Protobuf::Timestamp]
|
142
|
+
# Output only. The certificate is not valid before this time. Only present if
|
143
|
+
# {::Google::Cloud::Kms::V1::Certificate#parsed parsed} is true.
|
144
|
+
# @!attribute [r] not_after_time
|
145
|
+
# @return [::Google::Protobuf::Timestamp]
|
146
|
+
# Output only. The certificate is not valid after this time. Only present if
|
147
|
+
# {::Google::Cloud::Kms::V1::Certificate#parsed parsed} is true.
|
148
|
+
# @!attribute [r] serial_number
|
149
|
+
# @return [::String]
|
150
|
+
# Output only. The certificate serial number as a hex string. Only present if
|
151
|
+
# {::Google::Cloud::Kms::V1::Certificate#parsed parsed} is true.
|
152
|
+
# @!attribute [r] sha256_fingerprint
|
153
|
+
# @return [::String]
|
154
|
+
# Output only. The SHA-256 certificate fingerprint as a hex string. Only
|
155
|
+
# present if {::Google::Cloud::Kms::V1::Certificate#parsed parsed} is true.
|
156
|
+
class Certificate
|
157
|
+
include ::Google::Protobuf::MessageExts
|
158
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
159
|
+
end
|
160
|
+
|
161
|
+
# An {::Google::Cloud::Kms::V1::EkmConnection EkmConnection} represents an
|
162
|
+
# individual EKM connection. It can be used for creating
|
163
|
+
# {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} and
|
164
|
+
# {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersions} with a
|
165
|
+
# {::Google::Cloud::Kms::V1::ProtectionLevel ProtectionLevel} of
|
166
|
+
# [EXTERNAL_VPC][CryptoKeyVersion.ProtectionLevel.EXTERNAL_VPC], as well as
|
167
|
+
# performing cryptographic operations using keys created within the
|
168
|
+
# {::Google::Cloud::Kms::V1::EkmConnection EkmConnection}.
|
169
|
+
# @!attribute [r] name
|
170
|
+
# @return [::String]
|
171
|
+
# Output only. The resource name for the
|
172
|
+
# {::Google::Cloud::Kms::V1::EkmConnection EkmConnection} in the format
|
173
|
+
# `projects/*/locations/*/ekmConnections/*`.
|
174
|
+
# @!attribute [r] create_time
|
175
|
+
# @return [::Google::Protobuf::Timestamp]
|
176
|
+
# Output only. The time at which the
|
177
|
+
# {::Google::Cloud::Kms::V1::EkmConnection EkmConnection} was created.
|
178
|
+
# @!attribute [rw] service_resolvers
|
179
|
+
# @return [::Array<::Google::Cloud::Kms::V1::EkmConnection::ServiceResolver>]
|
180
|
+
# A list of
|
181
|
+
# {::Google::Cloud::Kms::V1::EkmConnection::ServiceResolver ServiceResolvers} where
|
182
|
+
# the EKM can be reached. There should be one ServiceResolver per EKM
|
183
|
+
# replica. Currently, only a single
|
184
|
+
# {::Google::Cloud::Kms::V1::EkmConnection::ServiceResolver ServiceResolver} is
|
185
|
+
# supported.
|
186
|
+
# @!attribute [rw] etag
|
187
|
+
# @return [::String]
|
188
|
+
# This checksum is computed by the server based on the value of other fields,
|
189
|
+
# and may be sent on update requests to ensure the client has an up-to-date
|
190
|
+
# value before proceeding.
|
191
|
+
class EkmConnection
|
192
|
+
include ::Google::Protobuf::MessageExts
|
193
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
194
|
+
|
195
|
+
# A {::Google::Cloud::Kms::V1::EkmConnection::ServiceResolver ServiceResolver}
|
196
|
+
# represents an EKM replica that can be reached within an
|
197
|
+
# {::Google::Cloud::Kms::V1::EkmConnection EkmConnection}.
|
198
|
+
# @!attribute [rw] service_directory_service
|
199
|
+
# @return [::String]
|
200
|
+
# Required. The resource name of the Service Directory service pointing to
|
201
|
+
# an EKM replica, in the format
|
202
|
+
# `projects/*/locations/*/namespaces/*/services/*`.
|
203
|
+
# @!attribute [rw] endpoint_filter
|
204
|
+
# @return [::String]
|
205
|
+
# Optional. The filter applied to the endpoints of the resolved service. If
|
206
|
+
# no filter is specified, all endpoints will be considered. An endpoint
|
207
|
+
# will be chosen arbitrarily from the filtered list for each request.
|
208
|
+
#
|
209
|
+
# For endpoint filter syntax and examples, see
|
210
|
+
# https://cloud.google.com/service-directory/docs/reference/rpc/google.cloud.servicedirectory.v1#resolveservicerequest.
|
211
|
+
# @!attribute [rw] hostname
|
212
|
+
# @return [::String]
|
213
|
+
# Required. The hostname of the EKM replica used at TLS and HTTP layers.
|
214
|
+
# @!attribute [rw] server_certificates
|
215
|
+
# @return [::Array<::Google::Cloud::Kms::V1::Certificate>]
|
216
|
+
# Required. A list of leaf server certificates used to authenticate HTTPS
|
217
|
+
# connections to the EKM replica.
|
218
|
+
class ServiceResolver
|
219
|
+
include ::Google::Protobuf::MessageExts
|
220
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
221
|
+
end
|
222
|
+
end
|
223
|
+
end
|
224
|
+
end
|
225
|
+
end
|
226
|
+
end
|