google-cloud-kms-v1 0.10.2 → 0.13.0

data/lib/google/cloud/kms/v1/resources_pb.rb

@@ -1,13 +1,13 @@
 # Generated by the protocol buffer compiler.  DO NOT EDIT!
 # source: google/cloud/kms/v1/resources.proto
 
+require 'google/protobuf'
+
 require 'google/api/field_behavior_pb'
 require 'google/api/resource_pb'
 require 'google/protobuf/duration_pb'
 require 'google/protobuf/timestamp_pb'
 require 'google/protobuf/wrappers_pb'
-require 'google/api/annotations_pb'
-require 'google/protobuf'
 
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_file("google/cloud/kms/v1/resources.proto", :syntax => :proto3) do
@@ -25,6 +25,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       map :labels, :string, :string, 10
       optional :import_only, :bool, 13
       optional :destroy_scheduled_duration, :message, 14, "google.protobuf.Duration"
+      optional :crypto_key_backend, :string, 15
       oneof :rotation_schedule do
         optional :rotation_period, :message, 8, "google.protobuf.Duration"
       end
@@ -43,6 +44,12 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
     add_message "google.cloud.kms.v1.KeyOperationAttestation" do
       optional :format, :enum, 4, "google.cloud.kms.v1.KeyOperationAttestation.AttestationFormat"
       optional :content, :bytes, 5
+      optional :cert_chains, :message, 6, "google.cloud.kms.v1.KeyOperationAttestation.CertificateChains"
+    end
+    add_message "google.cloud.kms.v1.KeyOperationAttestation.CertificateChains" do
+      repeated :cavium_certs, :string, 1
+      repeated :google_card_certs, :string, 2
+      repeated :google_partition_certs, :string, 3
     end
     add_enum "google.cloud.kms.v1.KeyOperationAttestation.AttestationFormat" do
       value :ATTESTATION_FORMAT_UNSPECIFIED, 0
@@ -141,12 +148,14 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
     end
     add_message "google.cloud.kms.v1.ExternalProtectionLevelOptions" do
       optional :external_key_uri, :string, 1
+      optional :ekm_connection_key_path, :string, 2
     end
     add_enum "google.cloud.kms.v1.ProtectionLevel" do
       value :PROTECTION_LEVEL_UNSPECIFIED, 0
       value :SOFTWARE, 1
       value :HSM, 2
       value :EXTERNAL, 3
+      value :EXTERNAL_VPC, 4
     end
   end
 end
@@ -160,6 +169,7 @@ module Google
         CryptoKey::CryptoKeyPurpose = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose").enummodule
         CryptoKeyVersionTemplate = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.CryptoKeyVersionTemplate").msgclass
         KeyOperationAttestation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.KeyOperationAttestation").msgclass
+        KeyOperationAttestation::CertificateChains = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.KeyOperationAttestation.CertificateChains").msgclass
         KeyOperationAttestation::AttestationFormat = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.KeyOperationAttestation.AttestationFormat").enummodule
         CryptoKeyVersion = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.CryptoKeyVersion").msgclass
         CryptoKeyVersion::CryptoKeyVersionAlgorithm = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm").enummodule

data/lib/google/cloud/kms/v1/service_pb.rb

@@ -1,6 +1,8 @@
 # Generated by the protocol buffer compiler.  DO NOT EDIT!
 # source: google/cloud/kms/v1/service.proto
 
+require 'google/protobuf'
+
 require 'google/api/annotations_pb'
 require 'google/api/client_pb'
 require 'google/api/field_behavior_pb'
@@ -8,7 +10,6 @@ require 'google/api/resource_pb'
 require 'google/cloud/kms/v1/resources_pb'
 require 'google/protobuf/field_mask_pb'
 require 'google/protobuf/wrappers_pb'
-require 'google/protobuf'
 
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_file("google/cloud/kms/v1/service.proto", :syntax => :proto3) do

data/lib/google/cloud/kms/v1/service_services_pb.rb

@@ -54,102 +54,138 @@ module Google
             rpc :ListImportJobs, ::Google::Cloud::Kms::V1::ListImportJobsRequest, ::Google::Cloud::Kms::V1::ListImportJobsResponse
             # Returns metadata for a given [KeyRing][google.cloud.kms.v1.KeyRing].
             rpc :GetKeyRing, ::Google::Cloud::Kms::V1::GetKeyRingRequest, ::Google::Cloud::Kms::V1::KeyRing
-            # Returns metadata for a given [CryptoKey][google.cloud.kms.v1.CryptoKey], as well as its
-            # [primary][google.cloud.kms.v1.CryptoKey.primary] [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
+            # Returns metadata for a given [CryptoKey][google.cloud.kms.v1.CryptoKey], as
+            # well as its [primary][google.cloud.kms.v1.CryptoKey.primary]
+            # [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
             rpc :GetCryptoKey, ::Google::Cloud::Kms::V1::GetCryptoKeyRequest, ::Google::Cloud::Kms::V1::CryptoKey
-            # Returns metadata for a given [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
+            # Returns metadata for a given
+            # [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
             rpc :GetCryptoKeyVersion, ::Google::Cloud::Kms::V1::GetCryptoKeyVersionRequest, ::Google::Cloud::Kms::V1::CryptoKeyVersion
-            # Returns the public key for the given [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. The
+            # Returns the public key for the given
+            # [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. The
             # [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
-            # [ASYMMETRIC_SIGN][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN] or
+            # [ASYMMETRIC_SIGN][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN]
+            # or
             # [ASYMMETRIC_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_DECRYPT].
             rpc :GetPublicKey, ::Google::Cloud::Kms::V1::GetPublicKeyRequest, ::Google::Cloud::Kms::V1::PublicKey
             # Returns metadata for a given [ImportJob][google.cloud.kms.v1.ImportJob].
             rpc :GetImportJob, ::Google::Cloud::Kms::V1::GetImportJobRequest, ::Google::Cloud::Kms::V1::ImportJob
-            # Create a new [KeyRing][google.cloud.kms.v1.KeyRing] in a given Project and Location.
+            # Create a new [KeyRing][google.cloud.kms.v1.KeyRing] in a given Project and
+            # Location.
             rpc :CreateKeyRing, ::Google::Cloud::Kms::V1::CreateKeyRingRequest, ::Google::Cloud::Kms::V1::KeyRing
-            # Create a new [CryptoKey][google.cloud.kms.v1.CryptoKey] within a [KeyRing][google.cloud.kms.v1.KeyRing].
+            # Create a new [CryptoKey][google.cloud.kms.v1.CryptoKey] within a
+            # [KeyRing][google.cloud.kms.v1.KeyRing].
             #
             # [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] and
             # [CryptoKey.version_template.algorithm][google.cloud.kms.v1.CryptoKeyVersionTemplate.algorithm]
             # are required.
             rpc :CreateCryptoKey, ::Google::Cloud::Kms::V1::CreateCryptoKeyRequest, ::Google::Cloud::Kms::V1::CryptoKey
-            # Create a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in a [CryptoKey][google.cloud.kms.v1.CryptoKey].
+            # Create a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in a
+            # [CryptoKey][google.cloud.kms.v1.CryptoKey].
             #
             # The server will assign the next sequential id. If unset,
             # [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to
             # [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED].
             rpc :CreateCryptoKeyVersion, ::Google::Cloud::Kms::V1::CreateCryptoKeyVersionRequest, ::Google::Cloud::Kms::V1::CryptoKeyVersion
-            # Import wrapped key material into a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
+            # Import wrapped key material into a
+            # [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
             #
-            # All requests must specify a [CryptoKey][google.cloud.kms.v1.CryptoKey]. If a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] is
-            # additionally specified in the request, key material will be reimported into
-            # that version. Otherwise, a new version will be created, and will be
-            # assigned the next sequential id within the [CryptoKey][google.cloud.kms.v1.CryptoKey].
+            # All requests must specify a [CryptoKey][google.cloud.kms.v1.CryptoKey]. If
+            # a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] is additionally
+            # specified in the request, key material will be reimported into that
+            # version. Otherwise, a new version will be created, and will be assigned the
+            # next sequential id within the [CryptoKey][google.cloud.kms.v1.CryptoKey].
             rpc :ImportCryptoKeyVersion, ::Google::Cloud::Kms::V1::ImportCryptoKeyVersionRequest, ::Google::Cloud::Kms::V1::CryptoKeyVersion
-            # Create a new [ImportJob][google.cloud.kms.v1.ImportJob] within a [KeyRing][google.cloud.kms.v1.KeyRing].
+            # Create a new [ImportJob][google.cloud.kms.v1.ImportJob] within a
+            # [KeyRing][google.cloud.kms.v1.KeyRing].
             #
-            # [ImportJob.import_method][google.cloud.kms.v1.ImportJob.import_method] is required.
+            # [ImportJob.import_method][google.cloud.kms.v1.ImportJob.import_method] is
+            # required.
             rpc :CreateImportJob, ::Google::Cloud::Kms::V1::CreateImportJobRequest, ::Google::Cloud::Kms::V1::ImportJob
             # Update a [CryptoKey][google.cloud.kms.v1.CryptoKey].
             rpc :UpdateCryptoKey, ::Google::Cloud::Kms::V1::UpdateCryptoKeyRequest, ::Google::Cloud::Kms::V1::CryptoKey
-            # Update a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s metadata.
+            # Update a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s
+            # metadata.
             #
             # [state][google.cloud.kms.v1.CryptoKeyVersion.state] may be changed between
-            # [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED] and
-            # [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED] using this
-            # method. See [DestroyCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion] and [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion] to
-            # move between other states.
+            # [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED]
+            # and
+            # [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED]
+            # using this method. See
+            # [DestroyCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion]
+            # and
+            # [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion]
+            # to move between other states.
             rpc :UpdateCryptoKeyVersion, ::Google::Cloud::Kms::V1::UpdateCryptoKeyVersionRequest, ::Google::Cloud::Kms::V1::CryptoKeyVersion
-            # Update the version of a [CryptoKey][google.cloud.kms.v1.CryptoKey] that will be used in [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt].
+            # Update the version of a [CryptoKey][google.cloud.kms.v1.CryptoKey] that
+            # will be used in
+            # [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt].
             #
             # Returns an error if called on a key whose purpose is not
             # [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
             rpc :UpdateCryptoKeyPrimaryVersion, ::Google::Cloud::Kms::V1::UpdateCryptoKeyPrimaryVersionRequest, ::Google::Cloud::Kms::V1::CryptoKey
-            # Schedule a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] for destruction.
+            # Schedule a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] for
+            # destruction.
             #
-            # Upon calling this method, [CryptoKeyVersion.state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to
+            # Upon calling this method,
+            # [CryptoKeyVersion.state][google.cloud.kms.v1.CryptoKeyVersion.state] will
+            # be set to
             # [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED],
-            # and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will be set to the time
-            # [destroy_scheduled_duration][google.cloud.kms.v1.CryptoKey.destroy_scheduled_duration] in the
-            # future. At that time, the [state][google.cloud.kms.v1.CryptoKeyVersion.state] will
-            # automatically change to
-            # [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED], and the key
-            # material will be irrevocably destroyed.
+            # and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will
+            # be set to the time
+            # [destroy_scheduled_duration][google.cloud.kms.v1.CryptoKey.destroy_scheduled_duration]
+            # in the future. At that time, the
+            # [state][google.cloud.kms.v1.CryptoKeyVersion.state] will automatically
+            # change to
+            # [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED],
+            # and the key material will be irrevocably destroyed.
             #
-            # Before the [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] is reached,
-            # [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion] may be called to reverse the process.
+            # Before the
+            # [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] is
+            # reached,
+            # [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion]
+            # may be called to reverse the process.
             rpc :DestroyCryptoKeyVersion, ::Google::Cloud::Kms::V1::DestroyCryptoKeyVersionRequest, ::Google::Cloud::Kms::V1::CryptoKeyVersion
             # Restore a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in the
             # [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED]
             # state.
             #
-            # Upon restoration of the CryptoKeyVersion, [state][google.cloud.kms.v1.CryptoKeyVersion.state]
-            # will be set to [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED],
-            # and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will be cleared.
+            # Upon restoration of the CryptoKeyVersion,
+            # [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to
+            # [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED],
+            # and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will
+            # be cleared.
             rpc :RestoreCryptoKeyVersion, ::Google::Cloud::Kms::V1::RestoreCryptoKeyVersionRequest, ::Google::Cloud::Kms::V1::CryptoKeyVersion
-            # Encrypts data, so that it can only be recovered by a call to [Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt].
-            # The [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
+            # Encrypts data, so that it can only be recovered by a call to
+            # [Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt]. The
+            # [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
             # [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
             rpc :Encrypt, ::Google::Cloud::Kms::V1::EncryptRequest, ::Google::Cloud::Kms::V1::EncryptResponse
-            # Decrypts data that was protected by [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. The [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
-            # must be [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
+            # Decrypts data that was protected by
+            # [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. The
+            # [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
+            # [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
             rpc :Decrypt, ::Google::Cloud::Kms::V1::DecryptRequest, ::Google::Cloud::Kms::V1::DecryptResponse
-            # Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
+            # Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
+            # with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
             # ASYMMETRIC_SIGN, producing a signature that can be verified with the public
-            # key retrieved from [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey].
+            # key retrieved from
+            # [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey].
             rpc :AsymmetricSign, ::Google::Cloud::Kms::V1::AsymmetricSignRequest, ::Google::Cloud::Kms::V1::AsymmetricSignResponse
             # Decrypts data that was encrypted with a public key retrieved from
-            # [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey] corresponding to a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with
-            # [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] ASYMMETRIC_DECRYPT.
+            # [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey]
+            # corresponding to a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
+            # with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
+            # ASYMMETRIC_DECRYPT.
             rpc :AsymmetricDecrypt, ::Google::Cloud::Kms::V1::AsymmetricDecryptRequest, ::Google::Cloud::Kms::V1::AsymmetricDecryptResponse
-            # Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
-            # MAC, producing a tag that can be verified by another source with the
-            # same key.
+            # Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
+            # with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] MAC,
+            # producing a tag that can be verified by another source with the same key.
             rpc :MacSign, ::Google::Cloud::Kms::V1::MacSignRequest, ::Google::Cloud::Kms::V1::MacSignResponse
-            # Verifies MAC tag using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
-            # MAC, and returns a response that indicates whether or not the verification
-            # was successful.
+            # Verifies MAC tag using a
+            # [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with
+            # [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] MAC, and returns
+            # a response that indicates whether or not the verification was successful.
             rpc :MacVerify, ::Google::Cloud::Kms::V1::MacVerifyRequest, ::Google::Cloud::Kms::V1::MacVerifyResponse
             # Generate random bytes using the Cloud KMS randomness source in the provided
             # location.

data/lib/google/cloud/kms/v1/version.rb

@@ -21,7 +21,7 @@ module Google
   module Cloud
     module Kms
       module V1
-        VERSION = "0.10.2"
+        VERSION = "0.13.0"
       end
     end
   end

data/lib/google/cloud/kms/v1.rb

@@ -16,6 +16,7 @@
 
 # Auto-generated by gapic-generator-ruby. DO NOT EDIT!
 
+require "google/cloud/kms/v1/ekm_service"
 require "google/cloud/kms/v1/key_management_service"
 require "google/cloud/kms/v1/iam_policy"
 require "google/cloud/kms/v1/version"
@@ -26,8 +27,10 @@ module Google
       ##
       # To load this package, including all its services, and instantiate a client:
       #
+      # @example
+      #
       #     require "google/cloud/kms/v1"
-      #     client = ::Google::Cloud::Kms::V1::KeyManagementService::Client.new
+      #     client = ::Google::Cloud::Kms::V1::EkmService::Client.new
       #
       module V1
       end

data/proto_docs/google/cloud/kms/v1/ekm_service.rb

@@ -0,0 +1,226 @@
+# frozen_string_literal: true
+
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Google
+  module Cloud
+    module Kms
+      module V1
+        # Request message for [KeyManagementService.ListEkmConnections][].
+        # @!attribute [rw] parent
+        #   @return [::String]
+        #     Required. The resource name of the location associated with the
+        #     {::Google::Cloud::Kms::V1::EkmConnection EkmConnections} to list, in the format
+        #     `projects/*/locations/*`.
+        # @!attribute [rw] page_size
+        #   @return [::Integer]
+        #     Optional. Optional limit on the number of
+        #     {::Google::Cloud::Kms::V1::EkmConnection EkmConnections} to include in the
+        #     response. Further {::Google::Cloud::Kms::V1::EkmConnection EkmConnections} can
+        #     subsequently be obtained by including the
+        #     {::Google::Cloud::Kms::V1::ListEkmConnectionsResponse#next_page_token ListEkmConnectionsResponse.next_page_token}
+        #     in a subsequent request. If unspecified, the server will pick an
+        #     appropriate default.
+        # @!attribute [rw] page_token
+        #   @return [::String]
+        #     Optional. Optional pagination token, returned earlier via
+        #     {::Google::Cloud::Kms::V1::ListEkmConnectionsResponse#next_page_token ListEkmConnectionsResponse.next_page_token}.
+        # @!attribute [rw] filter
+        #   @return [::String]
+        #     Optional. Only include resources that match the filter in the response. For
+        #     more information, see
+        #     [Sorting and filtering list
+        #     results](https://cloud.google.com/kms/docs/sorting-and-filtering).
+        # @!attribute [rw] order_by
+        #   @return [::String]
+        #     Optional. Specify how the results should be sorted. If not specified, the
+        #     results will be sorted in the default order.  For more information, see
+        #     [Sorting and filtering list
+        #     results](https://cloud.google.com/kms/docs/sorting-and-filtering).
+        class ListEkmConnectionsRequest
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # Response message for [KeyManagementService.ListEkmConnections][].
+        # @!attribute [rw] ekm_connections
+        #   @return [::Array<::Google::Cloud::Kms::V1::EkmConnection>]
+        #     The list of {::Google::Cloud::Kms::V1::EkmConnection EkmConnections}.
+        # @!attribute [rw] next_page_token
+        #   @return [::String]
+        #     A token to retrieve next page of results. Pass this value in
+        #     {::Google::Cloud::Kms::V1::ListEkmConnectionsRequest#page_token ListEkmConnectionsRequest.page_token}
+        #     to retrieve the next page of results.
+        # @!attribute [rw] total_size
+        #   @return [::Integer]
+        #     The total number of {::Google::Cloud::Kms::V1::EkmConnection EkmConnections}
+        #     that matched the query.
+        class ListEkmConnectionsResponse
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # Request message for [KeyManagementService.GetEkmConnection][].
+        # @!attribute [rw] name
+        #   @return [::String]
+        #     Required. The {::Google::Cloud::Kms::V1::EkmConnection#name name} of the
+        #     {::Google::Cloud::Kms::V1::EkmConnection EkmConnection} to get.
+        class GetEkmConnectionRequest
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # Request message for [KeyManagementService.CreateEkmConnection][].
+        # @!attribute [rw] parent
+        #   @return [::String]
+        #     Required. The resource name of the location associated with the
+        #     {::Google::Cloud::Kms::V1::EkmConnection EkmConnection}, in the format
+        #     `projects/*/locations/*`.
+        # @!attribute [rw] ekm_connection_id
+        #   @return [::String]
+        #     Required. It must be unique within a location and match the regular
+        #     expression `[a-zA-Z0-9_-]{1,63}`.
+        # @!attribute [rw] ekm_connection
+        #   @return [::Google::Cloud::Kms::V1::EkmConnection]
+        #     Required. An {::Google::Cloud::Kms::V1::EkmConnection EkmConnection} with
+        #     initial field values.
+        class CreateEkmConnectionRequest
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # Request message for [KeyManagementService.UpdateEkmConnection][].
+        # @!attribute [rw] ekm_connection
+        #   @return [::Google::Cloud::Kms::V1::EkmConnection]
+        #     Required. {::Google::Cloud::Kms::V1::EkmConnection EkmConnection} with updated
+        #     values.
+        # @!attribute [rw] update_mask
+        #   @return [::Google::Protobuf::FieldMask]
+        #     Required. List of fields to be updated in this request.
+        class UpdateEkmConnectionRequest
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # A {::Google::Cloud::Kms::V1::Certificate Certificate} represents an X.509
+        # certificate used to authenticate HTTPS connections to EKM replicas.
+        # @!attribute [rw] raw_der
+        #   @return [::String]
+        #     Required. The raw certificate bytes in DER format.
+        # @!attribute [r] parsed
+        #   @return [::Boolean]
+        #     Output only. True if the certificate was parsed successfully.
+        # @!attribute [r] issuer
+        #   @return [::String]
+        #     Output only. The issuer distinguished name in RFC 2253 format. Only present
+        #     if {::Google::Cloud::Kms::V1::Certificate#parsed parsed} is true.
+        # @!attribute [r] subject
+        #   @return [::String]
+        #     Output only. The subject distinguished name in RFC 2253 format. Only
+        #     present if {::Google::Cloud::Kms::V1::Certificate#parsed parsed} is true.
+        # @!attribute [r] subject_alternative_dns_names
+        #   @return [::Array<::String>]
+        #     Output only. The subject Alternative DNS names. Only present if
+        #     {::Google::Cloud::Kms::V1::Certificate#parsed parsed} is true.
+        # @!attribute [r] not_before_time
+        #   @return [::Google::Protobuf::Timestamp]
+        #     Output only. The certificate is not valid before this time. Only present if
+        #     {::Google::Cloud::Kms::V1::Certificate#parsed parsed} is true.
+        # @!attribute [r] not_after_time
+        #   @return [::Google::Protobuf::Timestamp]
+        #     Output only. The certificate is not valid after this time. Only present if
+        #     {::Google::Cloud::Kms::V1::Certificate#parsed parsed} is true.
+        # @!attribute [r] serial_number
+        #   @return [::String]
+        #     Output only. The certificate serial number as a hex string. Only present if
+        #     {::Google::Cloud::Kms::V1::Certificate#parsed parsed} is true.
+        # @!attribute [r] sha256_fingerprint
+        #   @return [::String]
+        #     Output only. The SHA-256 certificate fingerprint as a hex string. Only
+        #     present if {::Google::Cloud::Kms::V1::Certificate#parsed parsed} is true.
+        class Certificate
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # An {::Google::Cloud::Kms::V1::EkmConnection EkmConnection} represents an
+        # individual EKM connection. It can be used for creating
+        # {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} and
+        # {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersions} with a
+        # {::Google::Cloud::Kms::V1::ProtectionLevel ProtectionLevel} of
+        # [EXTERNAL_VPC][CryptoKeyVersion.ProtectionLevel.EXTERNAL_VPC], as well as
+        # performing cryptographic operations using keys created within the
+        # {::Google::Cloud::Kms::V1::EkmConnection EkmConnection}.
+        # @!attribute [r] name
+        #   @return [::String]
+        #     Output only. The resource name for the
+        #     {::Google::Cloud::Kms::V1::EkmConnection EkmConnection} in the format
+        #     `projects/*/locations/*/ekmConnections/*`.
+        # @!attribute [r] create_time
+        #   @return [::Google::Protobuf::Timestamp]
+        #     Output only. The time at which the
+        #     {::Google::Cloud::Kms::V1::EkmConnection EkmConnection} was created.
+        # @!attribute [rw] service_resolvers
+        #   @return [::Array<::Google::Cloud::Kms::V1::EkmConnection::ServiceResolver>]
+        #     A list of
+        #     {::Google::Cloud::Kms::V1::EkmConnection::ServiceResolver ServiceResolvers} where
+        #     the EKM can be reached. There should be one ServiceResolver per EKM
+        #     replica. Currently, only a single
+        #     {::Google::Cloud::Kms::V1::EkmConnection::ServiceResolver ServiceResolver} is
+        #     supported.
+        # @!attribute [rw] etag
+        #   @return [::String]
+        #     This checksum is computed by the server based on the value of other fields,
+        #     and may be sent on update requests to ensure the client has an up-to-date
+        #     value before proceeding.
+        class EkmConnection
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+
+          # A {::Google::Cloud::Kms::V1::EkmConnection::ServiceResolver ServiceResolver}
+          # represents an EKM replica that can be reached within an
+          # {::Google::Cloud::Kms::V1::EkmConnection EkmConnection}.
+          # @!attribute [rw] service_directory_service
+          #   @return [::String]
+          #     Required. The resource name of the Service Directory service pointing to
+          #     an EKM replica, in the format
+          #     `projects/*/locations/*/namespaces/*/services/*`.
+          # @!attribute [rw] endpoint_filter
+          #   @return [::String]
+          #     Optional. The filter applied to the endpoints of the resolved service. If
+          #     no filter is specified, all endpoints will be considered. An endpoint
+          #     will be chosen arbitrarily from the filtered list for each request.
+          #
+          #     For endpoint filter syntax and examples, see
+          #     https://cloud.google.com/service-directory/docs/reference/rpc/google.cloud.servicedirectory.v1#resolveservicerequest.
+          # @!attribute [rw] hostname
+          #   @return [::String]
+          #     Required. The hostname of the EKM replica used at TLS and HTTP layers.
+          # @!attribute [rw] server_certificates
+          #   @return [::Array<::Google::Cloud::Kms::V1::Certificate>]
+          #     Required. A list of leaf server certificates used to authenticate HTTPS
+          #     connections to the EKM replica.
+          class ServiceResolver
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+          end
+        end
+      end
+    end
+  end
+end