google-cloud-kms-v1 0.14.0 → 0.16.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b97af8383dd8f5fe6af2b2c709d433be4f6fc494f3af192186ab3f175ef0dc01
-  data.tar.gz: 82b337641b4c0f579971797f901b82db52ad268ca6f8429b3a66cf0aa3b92332
+  metadata.gz: 88ccb6ea1616c6e3d3e167aaf3d0e81795d897a8f07922ceb7fccfe0be5c1baa
+  data.tar.gz: 2d635e795aef36e90ff5fa04ab772fc982e6ec30d3855a8741d358edbee26809
 SHA512:
-  metadata.gz: 54f4de5518f911b9c5b076c96297b5d1f9ca5884019d5209afabcaa6d40d5add4c5492b0a50578186514fe1b6e7b60521c2145bb9302339bc8ea379bc877a7cc
-  data.tar.gz: a3ec3fdf9aadd418993c548d30527c7716b5e1e9e4adc9eff0e344448d93eeb4288c770bc7c1d73117e551cdba4dfae82d926a4c453c82b7c67b7e9082ef3a10
+  metadata.gz: ffcdda5aafc0cc3bef3e4b1dba6fea52819d282bf6af6a3d085802e2c447f5116c053d80fbc8978ee2540ed178ae5d9efbbf5316adf06f79ccfa641a30044e05
+  data.tar.gz: c16e58ed43dae8dbdafed46b687864cf1241dbc50ddec764406928cb9e702a30362d2862a63c6419f955f869bc28a8362fa1a1f51770acb79a6a075270927034

data/README.md

@@ -46,7 +46,7 @@ for general usage information.
 ## Enabling Logging
 
 To enable logging for this library, set the logger for the underlying [gRPC](https://github.com/grpc/grpc/tree/master/src/ruby) library.
-The logger that you set may be a Ruby stdlib [`Logger`](https://ruby-doc.org/stdlib/libdoc/logger/rdoc/Logger.html) as shown below,
+The logger that you set may be a Ruby stdlib [`Logger`](https://ruby-doc.org/current/stdlibs/logger/Logger.html) as shown below,
 or a [`Google::Cloud::Logging::Logger`](https://googleapis.dev/ruby/google-cloud-logging/latest)
 that will write logs to [Cloud Logging](https://cloud.google.com/logging/). See [grpc/logconfig.rb](https://github.com/grpc/grpc/blob/master/src/ruby/lib/grpc/logconfig.rb)
 and the gRPC [spec_helper.rb](https://github.com/grpc/grpc/blob/master/src/ruby/spec/spec_helper.rb) for additional information.

data/lib/google/cloud/kms/v1/key_management_service/client.rb

@@ -1522,7 +1522,7 @@ module Google
             #   @param options [::Gapic::CallOptions, ::Hash]
             #     Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
             #
-            # @overload import_crypto_key_version(parent: nil, crypto_key_version: nil, algorithm: nil, import_job: nil, rsa_aes_wrapped_key: nil)
+            # @overload import_crypto_key_version(parent: nil, crypto_key_version: nil, algorithm: nil, import_job: nil, wrapped_key: nil, rsa_aes_wrapped_key: nil)
             #   Pass arguments to `import_crypto_key_version` via keyword arguments. Note that at
             #   least one keyword argument is required. To specify no parameters, or to keep all
             #   the default parameter values, pass an empty Hash as a request object (see above).
@@ -1564,32 +1564,52 @@ module Google
             #     Required. The {::Google::Cloud::Kms::V1::ImportJob#name name} of the
             #     {::Google::Cloud::Kms::V1::ImportJob ImportJob} that was used to wrap this key
             #     material.
-            #   @param rsa_aes_wrapped_key [::String]
-            #     Wrapped key material produced with
-            #     {::Google::Cloud::Kms::V1::ImportJob::ImportMethod::RSA_OAEP_3072_SHA1_AES_256 RSA_OAEP_3072_SHA1_AES_256}
+            #   @param wrapped_key [::String]
+            #     Optional. The wrapped key material to import.
+            #
+            #     Before wrapping, key material must be formatted. If importing symmetric key
+            #     material, the expected key material format is plain bytes. If importing
+            #     asymmetric key material, the expected key material format is PKCS#8-encoded
+            #     DER (the PrivateKeyInfo structure from RFC 5208).
+            #
+            #     When wrapping with import methods
+            #     ({::Google::Cloud::Kms::V1::ImportJob::ImportMethod::RSA_OAEP_3072_SHA1_AES_256 RSA_OAEP_3072_SHA1_AES_256}
+            #     or
+            #     {::Google::Cloud::Kms::V1::ImportJob::ImportMethod::RSA_OAEP_4096_SHA1_AES_256 RSA_OAEP_4096_SHA1_AES_256}
+            #     or
+            #     {::Google::Cloud::Kms::V1::ImportJob::ImportMethod::RSA_OAEP_3072_SHA256_AES_256 RSA_OAEP_3072_SHA256_AES_256}
             #     or
-            #     {::Google::Cloud::Kms::V1::ImportJob::ImportMethod::RSA_OAEP_4096_SHA1_AES_256 RSA_OAEP_4096_SHA1_AES_256}.
+            #     {::Google::Cloud::Kms::V1::ImportJob::ImportMethod::RSA_OAEP_4096_SHA256_AES_256 RSA_OAEP_4096_SHA256_AES_256}),
             #
-            #     This field contains the concatenation of two wrapped keys:
+            #     this field must contain the concatenation of:
             #     <ol>
             #       <li>An ephemeral AES-256 wrapping key wrapped with the
             #           {::Google::Cloud::Kms::V1::ImportJob#public_key public_key} using
-            #           RSAES-OAEP with SHA-1/SHA-256, MGF1 with SHA-1/SHA-256, and an
-            #           empty label.
+            #           RSAES-OAEP with SHA-1/SHA-256, MGF1 with SHA-1/SHA-256, and an empty
+            #           label.
             #       </li>
-            #       <li>The key to be imported, wrapped with the ephemeral AES-256 key
-            #           using AES-KWP (RFC 5649).
+            #       <li>The formatted key to be imported, wrapped with the ephemeral AES-256
+            #           key using AES-KWP (RFC 5649).
             #       </li>
             #     </ol>
             #
-            #     If importing symmetric key material, it is expected that the unwrapped
-            #     key contains plain bytes. If importing asymmetric key material, it is
-            #     expected that the unwrapped key is in PKCS#8-encoded DER format (the
-            #     PrivateKeyInfo structure from RFC 5208).
-            #
             #     This format is the same as the format produced by PKCS#11 mechanism
             #     CKM_RSA_AES_KEY_WRAP.
             #
+            #     When wrapping with import methods
+            #     ({::Google::Cloud::Kms::V1::ImportJob::ImportMethod::RSA_OAEP_3072_SHA256 RSA_OAEP_3072_SHA256}
+            #     or
+            #     {::Google::Cloud::Kms::V1::ImportJob::ImportMethod::RSA_OAEP_4096_SHA256 RSA_OAEP_4096_SHA256}),
+            #
+            #     this field must contain the formatted key to be imported, wrapped with the
+            #     {::Google::Cloud::Kms::V1::ImportJob#public_key public_key} using RSAES-OAEP
+            #     with SHA-256, MGF1 with SHA-256, and an empty label.
+            #   @param rsa_aes_wrapped_key [::String]
+            #     Optional. This field has the same meaning as
+            #     {::Google::Cloud::Kms::V1::ImportCryptoKeyVersionRequest#wrapped_key wrapped_key}.
+            #     Prefer to use that field in new work. Either that field or this field
+            #     (but not both) must be specified.
+            #
             # @yield [response, operation] Access the result along with the RPC operation
             # @yieldparam response [::Google::Cloud::Kms::V1::CryptoKeyVersion]
             # @yieldparam operation [::GRPC::ActiveCall::Operation]
@@ -2265,7 +2285,9 @@ module Google
             #
             #     The maximum size depends on the key version's
             #     {::Google::Cloud::Kms::V1::CryptoKeyVersionTemplate#protection_level protection_level}.
-            #     For {::Google::Cloud::Kms::V1::ProtectionLevel::SOFTWARE SOFTWARE} keys, the
+            #     For {::Google::Cloud::Kms::V1::ProtectionLevel::SOFTWARE SOFTWARE},
+            #     {::Google::Cloud::Kms::V1::ProtectionLevel::EXTERNAL EXTERNAL}, and
+            #     {::Google::Cloud::Kms::V1::ProtectionLevel::EXTERNAL_VPC EXTERNAL_VPC} keys, the
             #     plaintext must be no larger than 64KiB. For
             #     {::Google::Cloud::Kms::V1::ProtectionLevel::HSM HSM} keys, the combined length of
             #     the plaintext and additional_authenticated_data fields must be no larger
@@ -2277,8 +2299,10 @@ module Google
             #
             #     The maximum size depends on the key version's
             #     {::Google::Cloud::Kms::V1::CryptoKeyVersionTemplate#protection_level protection_level}.
-            #     For {::Google::Cloud::Kms::V1::ProtectionLevel::SOFTWARE SOFTWARE} keys, the AAD
-            #     must be no larger than 64KiB. For
+            #     For {::Google::Cloud::Kms::V1::ProtectionLevel::SOFTWARE SOFTWARE},
+            #     {::Google::Cloud::Kms::V1::ProtectionLevel::EXTERNAL EXTERNAL}, and
+            #     {::Google::Cloud::Kms::V1::ProtectionLevel::EXTERNAL_VPC EXTERNAL_VPC} keys the
+            #     AAD must be no larger than 64KiB. For
             #     {::Google::Cloud::Kms::V1::ProtectionLevel::HSM HSM} keys, the combined length of
             #     the plaintext and additional_authenticated_data fields must be no larger
             #     than 8KiB.

data/lib/google/cloud/kms/v1/resources_pb.rb

@@ -97,6 +97,10 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       value :EC_SIGN_P384_SHA384, 13
       value :EC_SIGN_SECP256K1_SHA256, 31
       value :HMAC_SHA256, 32
+      value :HMAC_SHA1, 33
+      value :HMAC_SHA384, 34
+      value :HMAC_SHA512, 35
+      value :HMAC_SHA224, 36
       value :EXTERNAL_SYMMETRIC_ENCRYPTION, 18
     end
     add_enum "google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState" do
@@ -139,6 +143,10 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       value :IMPORT_METHOD_UNSPECIFIED, 0
       value :RSA_OAEP_3072_SHA1_AES_256, 1
       value :RSA_OAEP_4096_SHA1_AES_256, 2
+      value :RSA_OAEP_3072_SHA256_AES_256, 3
+      value :RSA_OAEP_4096_SHA256_AES_256, 4
+      value :RSA_OAEP_3072_SHA256, 5
+      value :RSA_OAEP_4096_SHA256, 6
     end
     add_enum "google.cloud.kms.v1.ImportJob.ImportJobState" do
       value :IMPORT_JOB_STATE_UNSPECIFIED, 0

data/lib/google/cloud/kms/v1/service_pb.rb

@@ -98,6 +98,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       optional :crypto_key_version, :string, 6
       optional :algorithm, :enum, 2, "google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm"
       optional :import_job, :string, 4
+      optional :wrapped_key, :bytes, 8
       oneof :wrapped_key_material do
         optional :rsa_aes_wrapped_key, :bytes, 5
       end

data/lib/google/cloud/kms/v1/version.rb

@@ -21,7 +21,7 @@ module Google
   module Cloud
     module Kms
       module V1
-        VERSION = "0.14.0"
+        VERSION = "0.16.0"
       end
     end
   end

data/proto_docs/google/api/client.rb

@@ -0,0 +1,318 @@
+# frozen_string_literal: true
+
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Google
+  module Api
+    # Required information for every language.
+    # @!attribute [rw] reference_docs_uri
+    #   @return [::String]
+    #     Link to automatically generated reference documentation.  Example:
+    #     https://cloud.google.com/nodejs/docs/reference/asset/latest
+    # @!attribute [rw] destinations
+    #   @return [::Array<::Google::Api::ClientLibraryDestination>]
+    #     The destination where API teams want this client library to be published.
+    class CommonLanguageSettings
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+    end
+
+    # Details about how and where to publish client libraries.
+    # @!attribute [rw] version
+    #   @return [::String]
+    #     Version of the API to apply these settings to.
+    # @!attribute [rw] launch_stage
+    #   @return [::Google::Api::LaunchStage]
+    #     Launch stage of this version of the API.
+    # @!attribute [rw] rest_numeric_enums
+    #   @return [::Boolean]
+    #     When using transport=rest, the client request will encode enums as
+    #     numbers rather than strings.
+    # @!attribute [rw] java_settings
+    #   @return [::Google::Api::JavaSettings]
+    #     Settings for legacy Java features, supported in the Service YAML.
+    # @!attribute [rw] cpp_settings
+    #   @return [::Google::Api::CppSettings]
+    #     Settings for C++ client libraries.
+    # @!attribute [rw] php_settings
+    #   @return [::Google::Api::PhpSettings]
+    #     Settings for PHP client libraries.
+    # @!attribute [rw] python_settings
+    #   @return [::Google::Api::PythonSettings]
+    #     Settings for Python client libraries.
+    # @!attribute [rw] node_settings
+    #   @return [::Google::Api::NodeSettings]
+    #     Settings for Node client libraries.
+    # @!attribute [rw] dotnet_settings
+    #   @return [::Google::Api::DotnetSettings]
+    #     Settings for .NET client libraries.
+    # @!attribute [rw] ruby_settings
+    #   @return [::Google::Api::RubySettings]
+    #     Settings for Ruby client libraries.
+    # @!attribute [rw] go_settings
+    #   @return [::Google::Api::GoSettings]
+    #     Settings for Go client libraries.
+    class ClientLibrarySettings
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+    end
+
+    # This message configures the settings for publishing [Google Cloud Client
+    # libraries](https://cloud.google.com/apis/docs/cloud-client-libraries)
+    # generated from the service config.
+    # @!attribute [rw] method_settings
+    #   @return [::Array<::Google::Api::MethodSettings>]
+    #     A list of API method settings, e.g. the behavior for methods that use the
+    #     long-running operation pattern.
+    # @!attribute [rw] new_issue_uri
+    #   @return [::String]
+    #     Link to a place that API users can report issues.  Example:
+    #     https://issuetracker.google.com/issues/new?component=190865&template=1161103
+    # @!attribute [rw] documentation_uri
+    #   @return [::String]
+    #     Link to product home page.  Example:
+    #     https://cloud.google.com/asset-inventory/docs/overview
+    # @!attribute [rw] api_short_name
+    #   @return [::String]
+    #     Used as a tracking tag when collecting data about the APIs developer
+    #     relations artifacts like docs, packages delivered to package managers,
+    #     etc.  Example: "speech".
+    # @!attribute [rw] github_label
+    #   @return [::String]
+    #     GitHub label to apply to issues and pull requests opened for this API.
+    # @!attribute [rw] codeowner_github_teams
+    #   @return [::Array<::String>]
+    #     GitHub teams to be added to CODEOWNERS in the directory in GitHub
+    #     containing source code for the client libraries for this API.
+    # @!attribute [rw] doc_tag_prefix
+    #   @return [::String]
+    #     A prefix used in sample code when demarking regions to be included in
+    #     documentation.
+    # @!attribute [rw] organization
+    #   @return [::Google::Api::ClientLibraryOrganization]
+    #     For whom the client library is being published.
+    # @!attribute [rw] library_settings
+    #   @return [::Array<::Google::Api::ClientLibrarySettings>]
+    #     Client library settings.  If the same version string appears multiple
+    #     times in this list, then the last one wins.  Settings from earlier
+    #     settings with the same version string are discarded.
+    class Publishing
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+    end
+
+    # Settings for Java client libraries.
+    # @!attribute [rw] library_package
+    #   @return [::String]
+    #     The package name to use in Java. Clobbers the java_package option
+    #     set in the protobuf. This should be used **only** by APIs
+    #     who have already set the language_settings.java.package_name" field
+    #     in gapic.yaml. API teams should use the protobuf java_package option
+    #     where possible.
+    #
+    #     Example of a YAML configuration::
+    #
+    #      publishing:
+    #        java_settings:
+    #          library_package: com.google.cloud.pubsub.v1
+    # @!attribute [rw] service_class_names
+    #   @return [::Google::Protobuf::Map{::String => ::String}]
+    #     Configure the Java class name to use instead of the service's for its
+    #     corresponding generated GAPIC client. Keys are fully-qualified
+    #     service names as they appear in the protobuf (including the full
+    #     the language_settings.java.interface_names" field in gapic.yaml. API
+    #     teams should otherwise use the service name as it appears in the
+    #     protobuf.
+    #
+    #     Example of a YAML configuration::
+    #
+    #      publishing:
+    #        java_settings:
+    #          service_class_names:
+    #            - google.pubsub.v1.Publisher: TopicAdmin
+    #            - google.pubsub.v1.Subscriber: SubscriptionAdmin
+    # @!attribute [rw] common
+    #   @return [::Google::Api::CommonLanguageSettings]
+    #     Some settings.
+    class JavaSettings
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+
+      # @!attribute [rw] key
+      #   @return [::String]
+      # @!attribute [rw] value
+      #   @return [::String]
+      class ServiceClassNamesEntry
+        include ::Google::Protobuf::MessageExts
+        extend ::Google::Protobuf::MessageExts::ClassMethods
+      end
+    end
+
+    # Settings for C++ client libraries.
+    # @!attribute [rw] common
+    #   @return [::Google::Api::CommonLanguageSettings]
+    #     Some settings.
+    class CppSettings
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+    end
+
+    # Settings for Php client libraries.
+    # @!attribute [rw] common
+    #   @return [::Google::Api::CommonLanguageSettings]
+    #     Some settings.
+    class PhpSettings
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+    end
+
+    # Settings for Python client libraries.
+    # @!attribute [rw] common
+    #   @return [::Google::Api::CommonLanguageSettings]
+    #     Some settings.
+    class PythonSettings
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+    end
+
+    # Settings for Node client libraries.
+    # @!attribute [rw] common
+    #   @return [::Google::Api::CommonLanguageSettings]
+    #     Some settings.
+    class NodeSettings
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+    end
+
+    # Settings for Dotnet client libraries.
+    # @!attribute [rw] common
+    #   @return [::Google::Api::CommonLanguageSettings]
+    #     Some settings.
+    class DotnetSettings
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+    end
+
+    # Settings for Ruby client libraries.
+    # @!attribute [rw] common
+    #   @return [::Google::Api::CommonLanguageSettings]
+    #     Some settings.
+    class RubySettings
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+    end
+
+    # Settings for Go client libraries.
+    # @!attribute [rw] common
+    #   @return [::Google::Api::CommonLanguageSettings]
+    #     Some settings.
+    class GoSettings
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+    end
+
+    # Describes the generator configuration for a method.
+    # @!attribute [rw] selector
+    #   @return [::String]
+    #     The fully qualified name of the method, for which the options below apply.
+    #     This is used to find the method to apply the options.
+    # @!attribute [rw] long_running
+    #   @return [::Google::Api::MethodSettings::LongRunning]
+    #     Describes settings to use for long-running operations when generating
+    #     API methods for RPCs. Complements RPCs that use the annotations in
+    #     google/longrunning/operations.proto.
+    #
+    #     Example of a YAML configuration::
+    #
+    #      publishing:
+    #        method_behavior:
+    #          - selector: CreateAdDomain
+    #            long_running:
+    #              initial_poll_delay:
+    #                seconds: 60 # 1 minute
+    #              poll_delay_multiplier: 1.5
+    #              max_poll_delay:
+    #                seconds: 360 # 6 minutes
+    #              total_poll_timeout:
+    #                 seconds: 54000 # 90 minutes
+    class MethodSettings
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+
+      # Describes settings to use when generating API methods that use the
+      # long-running operation pattern.
+      # All default values below are from those used in the client library
+      # generators (e.g.
+      # [Java](https://github.com/googleapis/gapic-generator-java/blob/04c2faa191a9b5a10b92392fe8482279c4404803/src/main/java/com/google/api/generator/gapic/composer/common/RetrySettingsComposer.java)).
+      # @!attribute [rw] initial_poll_delay
+      #   @return [::Google::Protobuf::Duration]
+      #     Initial delay after which the first poll request will be made.
+      #     Default value: 5 seconds.
+      # @!attribute [rw] poll_delay_multiplier
+      #   @return [::Float]
+      #     Multiplier to gradually increase delay between subsequent polls until it
+      #     reaches max_poll_delay.
+      #     Default value: 1.5.
+      # @!attribute [rw] max_poll_delay
+      #   @return [::Google::Protobuf::Duration]
+      #     Maximum time between two subsequent poll requests.
+      #     Default value: 45 seconds.
+      # @!attribute [rw] total_poll_timeout
+      #   @return [::Google::Protobuf::Duration]
+      #     Total polling timeout.
+      #     Default value: 5 minutes.
+      class LongRunning
+        include ::Google::Protobuf::MessageExts
+        extend ::Google::Protobuf::MessageExts::ClassMethods
+      end
+    end
+
+    # The organization for which the client libraries are being published.
+    # Affects the url where generated docs are published, etc.
+    module ClientLibraryOrganization
+      # Not useful.
+      CLIENT_LIBRARY_ORGANIZATION_UNSPECIFIED = 0
+
+      # Google Cloud Platform Org.
+      CLOUD = 1
+
+      # Ads (Advertising) Org.
+      ADS = 2
+
+      # Photos Org.
+      PHOTOS = 3
+
+      # Street View Org.
+      STREET_VIEW = 4
+    end
+
+    # To where should client libraries be published?
+    module ClientLibraryDestination
+      # Client libraries will neither be generated nor published to package
+      # managers.
+      CLIENT_LIBRARY_DESTINATION_UNSPECIFIED = 0
+
+      # Generate the client library in a repo under github.com/googleapis,
+      # but don't publish it to package managers.
+      GITHUB = 10
+
+      # Publish the library to package managers like nuget.org and npmjs.com.
+      PACKAGE_MANAGER = 20
+    end
+  end
+end

data/proto_docs/google/api/launch_stage.rb

@@ -0,0 +1,71 @@
+# frozen_string_literal: true
+
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Google
+  module Api
+    # The launch stage as defined by [Google Cloud Platform
+    # Launch Stages](https://cloud.google.com/terms/launch-stages).
+    module LaunchStage
+      # Do not use this default value.
+      LAUNCH_STAGE_UNSPECIFIED = 0
+
+      # The feature is not yet implemented. Users can not use it.
+      UNIMPLEMENTED = 6
+
+      # Prelaunch features are hidden from users and are only visible internally.
+      PRELAUNCH = 7
+
+      # Early Access features are limited to a closed group of testers. To use
+      # these features, you must sign up in advance and sign a Trusted Tester
+      # agreement (which includes confidentiality provisions). These features may
+      # be unstable, changed in backward-incompatible ways, and are not
+      # guaranteed to be released.
+      EARLY_ACCESS = 1
+
+      # Alpha is a limited availability test for releases before they are cleared
+      # for widespread use. By Alpha, all significant design issues are resolved
+      # and we are in the process of verifying functionality. Alpha customers
+      # need to apply for access, agree to applicable terms, and have their
+      # projects allowlisted. Alpha releases don't have to be feature complete,
+      # no SLAs are provided, and there are no technical support obligations, but
+      # they will be far enough along that customers can actually use them in
+      # test environments or for limited-use tests -- just like they would in
+      # normal production cases.
+      ALPHA = 2
+
+      # Beta is the point at which we are ready to open a release for any
+      # customer to use. There are no SLA or technical support obligations in a
+      # Beta release. Products will be complete from a feature perspective, but
+      # may have some open outstanding issues. Beta releases are suitable for
+      # limited production use cases.
+      BETA = 3
+
+      # GA features are open to all developers and are considered stable and
+      # fully qualified for production use.
+      GA = 4
+
+      # Deprecated features are scheduled to be shut down and removed. For more
+      # information, see the "Deprecation Policy" section of our [Terms of
+      # Service](https://cloud.google.com/terms/)
+      # and the [Google Cloud Platform Subject to the Deprecation
+      # Policy](https://cloud.google.com/terms/deprecation) documentation.
+      DEPRECATED = 5
+    end
+  end
+end

data/proto_docs/google/cloud/kms/v1/ekm_service.rb

@@ -21,7 +21,8 @@ module Google
   module Cloud
     module Kms
       module V1
-        # Request message for [KeyManagementService.ListEkmConnections][].
+        # Request message for
+        # {::Google::Cloud::Kms::V1::EkmService::Client#list_ekm_connections EkmService.ListEkmConnections}.
         # @!attribute [rw] parent
         #   @return [::String]
         #     Required. The resource name of the location associated with the
@@ -57,7 +58,8 @@ module Google
           extend ::Google::Protobuf::MessageExts::ClassMethods
         end
 
-        # Response message for [KeyManagementService.ListEkmConnections][].
+        # Response message for
+        # {::Google::Cloud::Kms::V1::EkmService::Client#list_ekm_connections EkmService.ListEkmConnections}.
         # @!attribute [rw] ekm_connections
         #   @return [::Array<::Google::Cloud::Kms::V1::EkmConnection>]
         #     The list of {::Google::Cloud::Kms::V1::EkmConnection EkmConnections}.
@@ -75,7 +77,8 @@ module Google
           extend ::Google::Protobuf::MessageExts::ClassMethods
         end
 
-        # Request message for [KeyManagementService.GetEkmConnection][].
+        # Request message for
+        # {::Google::Cloud::Kms::V1::EkmService::Client#get_ekm_connection EkmService.GetEkmConnection}.
         # @!attribute [rw] name
         #   @return [::String]
         #     Required. The {::Google::Cloud::Kms::V1::EkmConnection#name name} of the
@@ -85,7 +88,8 @@ module Google
           extend ::Google::Protobuf::MessageExts::ClassMethods
         end
 
-        # Request message for [KeyManagementService.CreateEkmConnection][].
+        # Request message for
+        # {::Google::Cloud::Kms::V1::EkmService::Client#create_ekm_connection EkmService.CreateEkmConnection}.
         # @!attribute [rw] parent
         #   @return [::String]
         #     Required. The resource name of the location associated with the
@@ -104,7 +108,8 @@ module Google
           extend ::Google::Protobuf::MessageExts::ClassMethods
         end
 
-        # Request message for [KeyManagementService.UpdateEkmConnection][].
+        # Request message for
+        # {::Google::Cloud::Kms::V1::EkmService::Client#update_ekm_connection EkmService.UpdateEkmConnection}.
         # @!attribute [rw] ekm_connection
         #   @return [::Google::Cloud::Kms::V1::EkmConnection]
         #     Required. {::Google::Cloud::Kms::V1::EkmConnection EkmConnection} with updated
@@ -185,9 +190,8 @@ module Google
         #     supported.
         # @!attribute [rw] etag
         #   @return [::String]
-        #     This checksum is computed by the server based on the value of other fields,
-        #     and may be sent on update requests to ensure the client has an up-to-date
-        #     value before proceeding.
+        #     Optional. Etag of the currently stored
+        #     {::Google::Cloud::Kms::V1::EkmConnection EkmConnection}.
         class EkmConnection
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -214,7 +218,8 @@ module Google
           # @!attribute [rw] server_certificates
           #   @return [::Array<::Google::Cloud::Kms::V1::Certificate>]
           #     Required. A list of leaf server certificates used to authenticate HTTPS
-          #     connections to the EKM replica.
+          #     connections to the EKM replica. Currently, a maximum of 10
+          #     {::Google::Cloud::Kms::V1::Certificate Certificate} is supported.
           class ServiceResolver
             include ::Google::Protobuf::MessageExts
             extend ::Google::Protobuf::MessageExts::ClassMethods

data/proto_docs/google/cloud/kms/v1/resources.rb

@@ -254,6 +254,9 @@ module Google
 
             # Cavium HSM attestation compressed with gzip. Note that this format is
             # defined by Cavium and subject to change at any time.
+            #
+            # See
+            # https://www.marvell.com/products/security-solutions/nitrox-hs-adapters/software-key-attestation.html.
             CAVIUM_V1_COMPRESSED = 3
 
             # Cavium HSM attestation V2 compressed with gzip. This is a new format
@@ -474,6 +477,18 @@ module Google
             # HMAC-SHA256 signing with a 256 bit key.
             HMAC_SHA256 = 32
 
+            # HMAC-SHA1 signing with a 160 bit key.
+            HMAC_SHA1 = 33
+
+            # HMAC-SHA384 signing with a 384 bit key.
+            HMAC_SHA384 = 34
+
+            # HMAC-SHA512 signing with a 512 bit key.
+            HMAC_SHA512 = 35
+
+            # HMAC-SHA224 signing with a 224 bit key.
+            HMAC_SHA224 = 36
+
             # Algorithm representing symmetric encryption by an external key manager.
             EXTERNAL_SYMMETRIC_ENCRYPTION = 18
           end
@@ -724,6 +739,34 @@ module Google
             # [RSA AES key wrap
             # mechanism](http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/cos01/pkcs11-curr-v2.40-cos01.html#_Toc408226908).
             RSA_OAEP_4096_SHA1_AES_256 = 2
+
+            # This ImportMethod represents the CKM_RSA_AES_KEY_WRAP key wrapping
+            # scheme defined in the PKCS #11 standard. In summary, this involves
+            # wrapping the raw key with an ephemeral AES key, and wrapping the
+            # ephemeral AES key with a 3072 bit RSA key. For more details, see
+            # [RSA AES key wrap
+            # mechanism](http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/cos01/pkcs11-curr-v2.40-cos01.html#_Toc408226908).
+            RSA_OAEP_3072_SHA256_AES_256 = 3
+
+            # This ImportMethod represents the CKM_RSA_AES_KEY_WRAP key wrapping
+            # scheme defined in the PKCS #11 standard. In summary, this involves
+            # wrapping the raw key with an ephemeral AES key, and wrapping the
+            # ephemeral AES key with a 4096 bit RSA key. For more details, see
+            # [RSA AES key wrap
+            # mechanism](http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/cos01/pkcs11-curr-v2.40-cos01.html#_Toc408226908).
+            RSA_OAEP_4096_SHA256_AES_256 = 4
+
+            # This ImportMethod represents RSAES-OAEP with a 3072 bit RSA key. The
+            # key material to be imported is wrapped directly with the RSA key. Due
+            # to technical limitations of RSA wrapping, this method cannot be used to
+            # wrap RSA keys for import.
+            RSA_OAEP_3072_SHA256 = 5
+
+            # This ImportMethod represents RSAES-OAEP with a 4096 bit RSA key. The
+            # key material to be imported is wrapped directly with the RSA key. Due
+            # to technical limitations of RSA wrapping, this method cannot be used to
+            # wrap RSA keys for import.
+            RSA_OAEP_4096_SHA256 = 6
           end
 
           # The state of the {::Google::Cloud::Kms::V1::ImportJob ImportJob}, indicating if

data/proto_docs/google/cloud/kms/v1/service.rb

@@ -413,32 +413,53 @@ module Google
         #     Required. The {::Google::Cloud::Kms::V1::ImportJob#name name} of the
         #     {::Google::Cloud::Kms::V1::ImportJob ImportJob} that was used to wrap this key
         #     material.
-        # @!attribute [rw] rsa_aes_wrapped_key
+        # @!attribute [rw] wrapped_key
         #   @return [::String]
-        #     Wrapped key material produced with
-        #     {::Google::Cloud::Kms::V1::ImportJob::ImportMethod::RSA_OAEP_3072_SHA1_AES_256 RSA_OAEP_3072_SHA1_AES_256}
+        #     Optional. The wrapped key material to import.
+        #
+        #     Before wrapping, key material must be formatted. If importing symmetric key
+        #     material, the expected key material format is plain bytes. If importing
+        #     asymmetric key material, the expected key material format is PKCS#8-encoded
+        #     DER (the PrivateKeyInfo structure from RFC 5208).
+        #
+        #     When wrapping with import methods
+        #     ({::Google::Cloud::Kms::V1::ImportJob::ImportMethod::RSA_OAEP_3072_SHA1_AES_256 RSA_OAEP_3072_SHA1_AES_256}
         #     or
-        #     {::Google::Cloud::Kms::V1::ImportJob::ImportMethod::RSA_OAEP_4096_SHA1_AES_256 RSA_OAEP_4096_SHA1_AES_256}.
+        #     {::Google::Cloud::Kms::V1::ImportJob::ImportMethod::RSA_OAEP_4096_SHA1_AES_256 RSA_OAEP_4096_SHA1_AES_256}
+        #     or
+        #     {::Google::Cloud::Kms::V1::ImportJob::ImportMethod::RSA_OAEP_3072_SHA256_AES_256 RSA_OAEP_3072_SHA256_AES_256}
+        #     or
+        #     {::Google::Cloud::Kms::V1::ImportJob::ImportMethod::RSA_OAEP_4096_SHA256_AES_256 RSA_OAEP_4096_SHA256_AES_256}),
         #
-        #     This field contains the concatenation of two wrapped keys:
+        #     this field must contain the concatenation of:
         #     <ol>
         #       <li>An ephemeral AES-256 wrapping key wrapped with the
         #           {::Google::Cloud::Kms::V1::ImportJob#public_key public_key} using
-        #           RSAES-OAEP with SHA-1/SHA-256, MGF1 with SHA-1/SHA-256, and an
-        #           empty label.
+        #           RSAES-OAEP with SHA-1/SHA-256, MGF1 with SHA-1/SHA-256, and an empty
+        #           label.
         #       </li>
-        #       <li>The key to be imported, wrapped with the ephemeral AES-256 key
-        #           using AES-KWP (RFC 5649).
+        #       <li>The formatted key to be imported, wrapped with the ephemeral AES-256
+        #           key using AES-KWP (RFC 5649).
         #       </li>
         #     </ol>
         #
-        #     If importing symmetric key material, it is expected that the unwrapped
-        #     key contains plain bytes. If importing asymmetric key material, it is
-        #     expected that the unwrapped key is in PKCS#8-encoded DER format (the
-        #     PrivateKeyInfo structure from RFC 5208).
-        #
         #     This format is the same as the format produced by PKCS#11 mechanism
         #     CKM_RSA_AES_KEY_WRAP.
+        #
+        #     When wrapping with import methods
+        #     ({::Google::Cloud::Kms::V1::ImportJob::ImportMethod::RSA_OAEP_3072_SHA256 RSA_OAEP_3072_SHA256}
+        #     or
+        #     {::Google::Cloud::Kms::V1::ImportJob::ImportMethod::RSA_OAEP_4096_SHA256 RSA_OAEP_4096_SHA256}),
+        #
+        #     this field must contain the formatted key to be imported, wrapped with the
+        #     {::Google::Cloud::Kms::V1::ImportJob#public_key public_key} using RSAES-OAEP
+        #     with SHA-256, MGF1 with SHA-256, and an empty label.
+        # @!attribute [rw] rsa_aes_wrapped_key
+        #   @return [::String]
+        #     Optional. This field has the same meaning as
+        #     {::Google::Cloud::Kms::V1::ImportCryptoKeyVersionRequest#wrapped_key wrapped_key}.
+        #     Prefer to use that field in new work. Either that field or this field
+        #     (but not both) must be specified.
         class ImportCryptoKeyVersionRequest
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -545,7 +566,9 @@ module Google
         #
         #     The maximum size depends on the key version's
         #     {::Google::Cloud::Kms::V1::CryptoKeyVersionTemplate#protection_level protection_level}.
-        #     For {::Google::Cloud::Kms::V1::ProtectionLevel::SOFTWARE SOFTWARE} keys, the
+        #     For {::Google::Cloud::Kms::V1::ProtectionLevel::SOFTWARE SOFTWARE},
+        #     {::Google::Cloud::Kms::V1::ProtectionLevel::EXTERNAL EXTERNAL}, and
+        #     {::Google::Cloud::Kms::V1::ProtectionLevel::EXTERNAL_VPC EXTERNAL_VPC} keys, the
         #     plaintext must be no larger than 64KiB. For
         #     {::Google::Cloud::Kms::V1::ProtectionLevel::HSM HSM} keys, the combined length of
         #     the plaintext and additional_authenticated_data fields must be no larger
@@ -558,8 +581,10 @@ module Google
         #
         #     The maximum size depends on the key version's
         #     {::Google::Cloud::Kms::V1::CryptoKeyVersionTemplate#protection_level protection_level}.
-        #     For {::Google::Cloud::Kms::V1::ProtectionLevel::SOFTWARE SOFTWARE} keys, the AAD
-        #     must be no larger than 64KiB. For
+        #     For {::Google::Cloud::Kms::V1::ProtectionLevel::SOFTWARE SOFTWARE},
+        #     {::Google::Cloud::Kms::V1::ProtectionLevel::EXTERNAL EXTERNAL}, and
+        #     {::Google::Cloud::Kms::V1::ProtectionLevel::EXTERNAL_VPC EXTERNAL_VPC} keys the
+        #     AAD must be no larger than 64KiB. For
         #     {::Google::Cloud::Kms::V1::ProtectionLevel::HSM HSM} keys, the combined length of
         #     the plaintext and additional_authenticated_data fields must be no larger
         #     than 8KiB.

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: google-cloud-kms-v1
 version: !ruby/object:Gem::Version
-  version: 0.14.0
+  version: 0.16.0
 platform: ruby
 authors:
 - Google LLC
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-10-21 00:00:00.000000000 Z
+date: 2022-12-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: gapic-common
@@ -230,7 +230,9 @@ files:
 - lib/google/cloud/kms/v1/service_services_pb.rb
 - lib/google/cloud/kms/v1/version.rb
 - proto_docs/README.md
+- proto_docs/google/api/client.rb
 - proto_docs/google/api/field_behavior.rb
+- proto_docs/google/api/launch_stage.rb
 - proto_docs/google/api/resource.rb
 - proto_docs/google/cloud/kms/v1/ekm_service.rb
 - proto_docs/google/cloud/kms/v1/resources.rb