google-cloud-kms-v1 0.15.0 → 0.17.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (22) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +1 -1
  3. data/lib/google/cloud/kms/v1/bindings_override.rb +231 -0
  4. data/lib/google/cloud/kms/v1/ekm_service/client.rb +4 -6
  5. data/lib/google/cloud/kms/v1/ekm_service/rest/client.rb +650 -0
  6. data/lib/google/cloud/kms/v1/ekm_service/rest/service_stub.rb +286 -0
  7. data/lib/google/cloud/kms/v1/ekm_service/rest.rb +57 -0
  8. data/lib/google/cloud/kms/v1/ekm_service.rb +7 -1
  9. data/lib/google/cloud/kms/v1/key_management_service/client.rb +58 -42
  10. data/lib/google/cloud/kms/v1/key_management_service/rest/client.rb +2843 -0
  11. data/lib/google/cloud/kms/v1/key_management_service/rest/service_stub.rb +1599 -0
  12. data/lib/google/cloud/kms/v1/key_management_service/rest.rb +64 -0
  13. data/lib/google/cloud/kms/v1/key_management_service.rb +7 -1
  14. data/lib/google/cloud/kms/v1/resources_pb.rb +4 -0
  15. data/lib/google/cloud/kms/v1/rest.rb +39 -0
  16. data/lib/google/cloud/kms/v1/service_pb.rb +1 -0
  17. data/lib/google/cloud/kms/v1/version.rb +1 -1
  18. data/lib/google/cloud/kms/v1.rb +7 -2
  19. data/proto_docs/google/cloud/kms/v1/ekm_service.rb +14 -9
  20. data/proto_docs/google/cloud/kms/v1/resources.rb +31 -0
  21. data/proto_docs/google/cloud/kms/v1/service.rb +42 -17
  22. metadata +19 -11
data/lib/google/cloud/kms/v1/ekm_service/rest/service_stub.rb ADDED
@@ -0,0 +1,286 @@
1
+ # frozen_string_literal: true
2
+
3
+ # Copyright 2023 Google LLC
4
+ #
5
+ # Licensed under the Apache License, Version 2.0 (the "License");
6
+ # you may not use this file except in compliance with the License.
7
+ # You may obtain a copy of the License at
8
+ #
9
+ # https://www.apache.org/licenses/LICENSE-2.0
10
+ #
11
+ # Unless required by applicable law or agreed to in writing, software
12
+ # distributed under the License is distributed on an "AS IS" BASIS,
13
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+ # See the License for the specific language governing permissions and
15
+ # limitations under the License.
16
+
17
+ # Auto-generated by gapic-generator-ruby. DO NOT EDIT!
18
+
19
+ require "google/cloud/kms/v1/ekm_service_pb"
20
+
21
+ module Google
22
+ module Cloud
23
+ module Kms
24
+ module V1
25
+ module EkmService
26
+ module Rest
27
+ ##
28
+ # REST service stub for the EkmService service.
29
+ # Service stub contains baseline method implementations
30
+ # including transcoding, making the REST call, and deserialing the response.
31
+ #
32
+ class ServiceStub
33
+ def initialize endpoint:, credentials:
34
+ # These require statements are intentionally placed here to initialize
35
+ # the REST modules only when it's required.
36
+ require "gapic/rest"
37
+
38
+ @client_stub = ::Gapic::Rest::ClientStub.new endpoint: endpoint, credentials: credentials,
39
+ numeric_enums: true,
40
+ raise_faraday_errors: false
41
+ end
42
+
43
+ ##
44
+ # Baseline implementation for the list_ekm_connections REST call
45
+ #
46
+ # @param request_pb [::Google::Cloud::Kms::V1::ListEkmConnectionsRequest]
47
+ # A request object representing the call parameters. Required.
48
+ # @param options [::Gapic::CallOptions]
49
+ # Overrides the default settings for this call, e.g, timeout, retries etc. Optional.
50
+ #
51
+ # @yield [result, operation] Access the result along with the TransportOperation object
52
+ # @yieldparam result [::Google::Cloud::Kms::V1::ListEkmConnectionsResponse]
53
+ # @yieldparam operation [::Gapic::Rest::TransportOperation]
54
+ #
55
+ # @return [::Google::Cloud::Kms::V1::ListEkmConnectionsResponse]
56
+ # A result object deserialized from the server's reply
57
+ def list_ekm_connections request_pb, options = nil
58
+ raise ::ArgumentError, "request must be provided" if request_pb.nil?
59
+
60
+ verb, uri, query_string_params, body = ServiceStub.transcode_list_ekm_connections_request request_pb
61
+ query_string_params = if query_string_params.any?
62
+ query_string_params.to_h { |p| p.split("=", 2) }
63
+ else
64
+ {}
65
+ end
66
+
67
+ response = @client_stub.make_http_request(
68
+ verb,
69
+ uri: uri,
70
+ body: body || "",
71
+ params: query_string_params,
72
+ options: options
73
+ )
74
+ operation = ::Gapic::Rest::TransportOperation.new response
75
+ result = ::Google::Cloud::Kms::V1::ListEkmConnectionsResponse.decode_json response.body, ignore_unknown_fields: true
76
+
77
+ yield result, operation if block_given?
78
+ result
79
+ end
80
+
81
+ ##
82
+ # Baseline implementation for the get_ekm_connection REST call
83
+ #
84
+ # @param request_pb [::Google::Cloud::Kms::V1::GetEkmConnectionRequest]
85
+ # A request object representing the call parameters. Required.
86
+ # @param options [::Gapic::CallOptions]
87
+ # Overrides the default settings for this call, e.g, timeout, retries etc. Optional.
88
+ #
89
+ # @yield [result, operation] Access the result along with the TransportOperation object
90
+ # @yieldparam result [::Google::Cloud::Kms::V1::EkmConnection]
91
+ # @yieldparam operation [::Gapic::Rest::TransportOperation]
92
+ #
93
+ # @return [::Google::Cloud::Kms::V1::EkmConnection]
94
+ # A result object deserialized from the server's reply
95
+ def get_ekm_connection request_pb, options = nil
96
+ raise ::ArgumentError, "request must be provided" if request_pb.nil?
97
+
98
+ verb, uri, query_string_params, body = ServiceStub.transcode_get_ekm_connection_request request_pb
99
+ query_string_params = if query_string_params.any?
100
+ query_string_params.to_h { |p| p.split("=", 2) }
101
+ else
102
+ {}
103
+ end
104
+
105
+ response = @client_stub.make_http_request(
106
+ verb,
107
+ uri: uri,
108
+ body: body || "",
109
+ params: query_string_params,
110
+ options: options
111
+ )
112
+ operation = ::Gapic::Rest::TransportOperation.new response
113
+ result = ::Google::Cloud::Kms::V1::EkmConnection.decode_json response.body, ignore_unknown_fields: true
114
+
115
+ yield result, operation if block_given?
116
+ result
117
+ end
118
+
119
+ ##
120
+ # Baseline implementation for the create_ekm_connection REST call
121
+ #
122
+ # @param request_pb [::Google::Cloud::Kms::V1::CreateEkmConnectionRequest]
123
+ # A request object representing the call parameters. Required.
124
+ # @param options [::Gapic::CallOptions]
125
+ # Overrides the default settings for this call, e.g, timeout, retries etc. Optional.
126
+ #
127
+ # @yield [result, operation] Access the result along with the TransportOperation object
128
+ # @yieldparam result [::Google::Cloud::Kms::V1::EkmConnection]
129
+ # @yieldparam operation [::Gapic::Rest::TransportOperation]
130
+ #
131
+ # @return [::Google::Cloud::Kms::V1::EkmConnection]
132
+ # A result object deserialized from the server's reply
133
+ def create_ekm_connection request_pb, options = nil
134
+ raise ::ArgumentError, "request must be provided" if request_pb.nil?
135
+
136
+ verb, uri, query_string_params, body = ServiceStub.transcode_create_ekm_connection_request request_pb
137
+ query_string_params = if query_string_params.any?
138
+ query_string_params.to_h { |p| p.split("=", 2) }
139
+ else
140
+ {}
141
+ end
142
+
143
+ response = @client_stub.make_http_request(
144
+ verb,
145
+ uri: uri,
146
+ body: body || "",
147
+ params: query_string_params,
148
+ options: options
149
+ )
150
+ operation = ::Gapic::Rest::TransportOperation.new response
151
+ result = ::Google::Cloud::Kms::V1::EkmConnection.decode_json response.body, ignore_unknown_fields: true
152
+
153
+ yield result, operation if block_given?
154
+ result
155
+ end
156
+
157
+ ##
158
+ # Baseline implementation for the update_ekm_connection REST call
159
+ #
160
+ # @param request_pb [::Google::Cloud::Kms::V1::UpdateEkmConnectionRequest]
161
+ # A request object representing the call parameters. Required.
162
+ # @param options [::Gapic::CallOptions]
163
+ # Overrides the default settings for this call, e.g, timeout, retries etc. Optional.
164
+ #
165
+ # @yield [result, operation] Access the result along with the TransportOperation object
166
+ # @yieldparam result [::Google::Cloud::Kms::V1::EkmConnection]
167
+ # @yieldparam operation [::Gapic::Rest::TransportOperation]
168
+ #
169
+ # @return [::Google::Cloud::Kms::V1::EkmConnection]
170
+ # A result object deserialized from the server's reply
171
+ def update_ekm_connection request_pb, options = nil
172
+ raise ::ArgumentError, "request must be provided" if request_pb.nil?
173
+
174
+ verb, uri, query_string_params, body = ServiceStub.transcode_update_ekm_connection_request request_pb
175
+ query_string_params = if query_string_params.any?
176
+ query_string_params.to_h { |p| p.split("=", 2) }
177
+ else
178
+ {}
179
+ end
180
+
181
+ response = @client_stub.make_http_request(
182
+ verb,
183
+ uri: uri,
184
+ body: body || "",
185
+ params: query_string_params,
186
+ options: options
187
+ )
188
+ operation = ::Gapic::Rest::TransportOperation.new response
189
+ result = ::Google::Cloud::Kms::V1::EkmConnection.decode_json response.body, ignore_unknown_fields: true
190
+
191
+ yield result, operation if block_given?
192
+ result
193
+ end
194
+
195
+ ##
196
+ # @private
197
+ #
198
+ # GRPC transcoding helper method for the list_ekm_connections REST call
199
+ #
200
+ # @param request_pb [::Google::Cloud::Kms::V1::ListEkmConnectionsRequest]
201
+ # A request object representing the call parameters. Required.
202
+ # @return [Array(String, [String, nil], Hash{String => String})]
203
+ # Uri, Body, Query string parameters
204
+ def self.transcode_list_ekm_connections_request request_pb
205
+ transcoder = Gapic::Rest::GrpcTranscoder.new
206
+ .with_bindings(
207
+ uri_method: :get,
208
+ uri_template: "/v1/{parent}/ekmConnections",
209
+ matches: [
210
+ ["parent", %r{^projects/[^/]+/locations/[^/]+/?$}, false]
211
+ ]
212
+ )
213
+ transcoder.transcode request_pb
214
+ end
215
+
216
+ ##
217
+ # @private
218
+ #
219
+ # GRPC transcoding helper method for the get_ekm_connection REST call
220
+ #
221
+ # @param request_pb [::Google::Cloud::Kms::V1::GetEkmConnectionRequest]
222
+ # A request object representing the call parameters. Required.
223
+ # @return [Array(String, [String, nil], Hash{String => String})]
224
+ # Uri, Body, Query string parameters
225
+ def self.transcode_get_ekm_connection_request request_pb
226
+ transcoder = Gapic::Rest::GrpcTranscoder.new
227
+ .with_bindings(
228
+ uri_method: :get,
229
+ uri_template: "/v1/{name}",
230
+ matches: [
231
+ ["name", %r{^projects/[^/]+/locations/[^/]+/ekmConnections/[^/]+/?$}, false]
232
+ ]
233
+ )
234
+ transcoder.transcode request_pb
235
+ end
236
+
237
+ ##
238
+ # @private
239
+ #
240
+ # GRPC transcoding helper method for the create_ekm_connection REST call
241
+ #
242
+ # @param request_pb [::Google::Cloud::Kms::V1::CreateEkmConnectionRequest]
243
+ # A request object representing the call parameters. Required.
244
+ # @return [Array(String, [String, nil], Hash{String => String})]
245
+ # Uri, Body, Query string parameters
246
+ def self.transcode_create_ekm_connection_request request_pb
247
+ transcoder = Gapic::Rest::GrpcTranscoder.new
248
+ .with_bindings(
249
+ uri_method: :post,
250
+ uri_template: "/v1/{parent}/ekmConnections",
251
+ body: "ekm_connection",
252
+ matches: [
253
+ ["parent", %r{^projects/[^/]+/locations/[^/]+/?$}, false]
254
+ ]
255
+ )
256
+ transcoder.transcode request_pb
257
+ end
258
+
259
+ ##
260
+ # @private
261
+ #
262
+ # GRPC transcoding helper method for the update_ekm_connection REST call
263
+ #
264
+ # @param request_pb [::Google::Cloud::Kms::V1::UpdateEkmConnectionRequest]
265
+ # A request object representing the call parameters. Required.
266
+ # @return [Array(String, [String, nil], Hash{String => String})]
267
+ # Uri, Body, Query string parameters
268
+ def self.transcode_update_ekm_connection_request request_pb
269
+ transcoder = Gapic::Rest::GrpcTranscoder.new
270
+ .with_bindings(
271
+ uri_method: :patch,
272
+ uri_template: "/v1/{ekm_connection.name}",
273
+ body: "ekm_connection",
274
+ matches: [
275
+ ["ekm_connection.name", %r{^projects/[^/]+/locations/[^/]+/ekmConnections/[^/]+/?$}, false]
276
+ ]
277
+ )
278
+ transcoder.transcode request_pb
279
+ end
280
+ end
281
+ end
282
+ end
283
+ end
284
+ end
285
+ end
286
+ end
data/lib/google/cloud/kms/v1/ekm_service/rest.rb ADDED
@@ -0,0 +1,57 @@
1
+ # frozen_string_literal: true
2
+
3
+ # Copyright 2023 Google LLC
4
+ #
5
+ # Licensed under the Apache License, Version 2.0 (the "License");
6
+ # you may not use this file except in compliance with the License.
7
+ # You may obtain a copy of the License at
8
+ #
9
+ # https://www.apache.org/licenses/LICENSE-2.0
10
+ #
11
+ # Unless required by applicable law or agreed to in writing, software
12
+ # distributed under the License is distributed on an "AS IS" BASIS,
13
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+ # See the License for the specific language governing permissions and
15
+ # limitations under the License.
16
+
17
+ # Auto-generated by gapic-generator-ruby. DO NOT EDIT!
18
+
19
+ require "gapic/rest"
20
+ require "gapic/config"
21
+ require "gapic/config/method"
22
+
23
+ require "google/cloud/kms/v1/version"
24
+ require "google/cloud/kms/v1/bindings_override"
25
+
26
+ require "google/cloud/kms/v1/ekm_service/credentials"
27
+ require "google/cloud/kms/v1/ekm_service/paths"
28
+ require "google/cloud/kms/v1/ekm_service/rest/client"
29
+
30
+ module Google
31
+ module Cloud
32
+ module Kms
33
+ module V1
34
+ ##
35
+ # Google Cloud Key Management EKM Service
36
+ #
37
+ # Manages external cryptographic keys and operations using those keys.
38
+ # Implements a REST model with the following objects:
39
+ # * {::Google::Cloud::Kms::V1::EkmConnection EkmConnection}
40
+ #
41
+ # To load this service and instantiate a REST client:
42
+ #
43
+ # require "google/cloud/kms/v1/ekm_service/rest"
44
+ # client = ::Google::Cloud::Kms::V1::EkmService::Rest::Client.new
45
+ #
46
+ module EkmService
47
+ # Client for the REST transport
48
+ module Rest
49
+ end
50
+ end
51
+ end
52
+ end
53
+ end
54
+ end
55
+
56
+ helper_path = ::File.join __dir__, "rest", "helpers.rb"
57
+ require "google/cloud/kms/v1/ekm_service/rest/helpers" if ::File.file? helper_path
data/lib/google/cloud/kms/v1/ekm_service.rb CHANGED
@@ -25,6 +25,7 @@ require "google/cloud/kms/v1/version"
25
25
  require "google/cloud/kms/v1/ekm_service/credentials"
26
26
  require "google/cloud/kms/v1/ekm_service/paths"
27
27
  require "google/cloud/kms/v1/ekm_service/client"
28
+ require "google/cloud/kms/v1/ekm_service/rest"
28
29
 
29
30
  module Google
30
31
  module Cloud
@@ -37,11 +38,16 @@ module Google
37
38
  # Implements a REST model with the following objects:
38
39
  # * {::Google::Cloud::Kms::V1::EkmConnection EkmConnection}
39
40
  #
40
- # To load this service and instantiate a client:
41
+ # @example Load this service and instantiate a gRPC client
41
42
  #
42
43
  # require "google/cloud/kms/v1/ekm_service"
43
44
  # client = ::Google::Cloud::Kms::V1::EkmService::Client.new
44
45
  #
46
+ # @example Load this service and instantiate a REST client
47
+ #
48
+ # require "google/cloud/kms/v1/ekm_service/rest"
49
+ # client = ::Google::Cloud::Kms::V1::EkmService::Rest::Client.new
50
+ #
45
51
  module EkmService
46
52
  end
47
53
  end
data/lib/google/cloud/kms/v1/key_management_service/client.rb CHANGED
@@ -371,13 +371,11 @@ module Google
371
371
  # # Call the list_key_rings method.
372
372
  # result = client.list_key_rings request
373
373
  #
374
- # # The returned object is of type Gapic::PagedEnumerable. You can
375
- # # iterate over all elements by calling #each, and the enumerable
376
- # # will lazily make API calls to fetch subsequent pages. Other
377
- # # methods are also available for managing paging directly.
378
- # result.each do |response|
374
+ # # The returned object is of type Gapic::PagedEnumerable. You can iterate
375
+ # # over elements, and API calls will be issued to fetch pages as needed.
376
+ # result.each do |item|
379
377
  # # Each element is of type ::Google::Cloud::Kms::V1::KeyRing.
380
- # p response
378
+ # p item
381
379
  # end
382
380
  #
383
381
  def list_key_rings request, options = nil
@@ -487,13 +485,11 @@ module Google
487
485
  # # Call the list_crypto_keys method.
488
486
  # result = client.list_crypto_keys request
489
487
  #
490
- # # The returned object is of type Gapic::PagedEnumerable. You can
491
- # # iterate over all elements by calling #each, and the enumerable
492
- # # will lazily make API calls to fetch subsequent pages. Other
493
- # # methods are also available for managing paging directly.
494
- # result.each do |response|
488
+ # # The returned object is of type Gapic::PagedEnumerable. You can iterate
489
+ # # over elements, and API calls will be issued to fetch pages as needed.
490
+ # result.each do |item|
495
491
  # # Each element is of type ::Google::Cloud::Kms::V1::CryptoKey.
496
- # p response
492
+ # p item
497
493
  # end
498
494
  #
499
495
  def list_crypto_keys request, options = nil
@@ -604,13 +600,11 @@ module Google
604
600
  # # Call the list_crypto_key_versions method.
605
601
  # result = client.list_crypto_key_versions request
606
602
  #
607
- # # The returned object is of type Gapic::PagedEnumerable. You can
608
- # # iterate over all elements by calling #each, and the enumerable
609
- # # will lazily make API calls to fetch subsequent pages. Other
610
- # # methods are also available for managing paging directly.
611
- # result.each do |response|
603
+ # # The returned object is of type Gapic::PagedEnumerable. You can iterate
604
+ # # over elements, and API calls will be issued to fetch pages as needed.
605
+ # result.each do |item|
612
606
  # # Each element is of type ::Google::Cloud::Kms::V1::CryptoKeyVersion.
613
- # p response
607
+ # p item
614
608
  # end
615
609
  #
616
610
  def list_crypto_key_versions request, options = nil
@@ -718,13 +712,11 @@ module Google
718
712
  # # Call the list_import_jobs method.
719
713
  # result = client.list_import_jobs request
720
714
  #
721
- # # The returned object is of type Gapic::PagedEnumerable. You can
722
- # # iterate over all elements by calling #each, and the enumerable
723
- # # will lazily make API calls to fetch subsequent pages. Other
724
- # # methods are also available for managing paging directly.
725
- # result.each do |response|
715
+ # # The returned object is of type Gapic::PagedEnumerable. You can iterate
716
+ # # over elements, and API calls will be issued to fetch pages as needed.
717
+ # result.each do |item|
726
718
  # # Each element is of type ::Google::Cloud::Kms::V1::ImportJob.
727
- # p response
719
+ # p item
728
720
  # end
729
721
  #
730
722
  def list_import_jobs request, options = nil
@@ -1522,7 +1514,7 @@ module Google
1522
1514
  # @param options [::Gapic::CallOptions, ::Hash]
1523
1515
  # Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
1524
1516
  #
1525
- # @overload import_crypto_key_version(parent: nil, crypto_key_version: nil, algorithm: nil, import_job: nil, rsa_aes_wrapped_key: nil)
1517
+ # @overload import_crypto_key_version(parent: nil, crypto_key_version: nil, algorithm: nil, import_job: nil, wrapped_key: nil, rsa_aes_wrapped_key: nil)
1526
1518
  # Pass arguments to `import_crypto_key_version` via keyword arguments. Note that at
1527
1519
  # least one keyword argument is required. To specify no parameters, or to keep all
1528
1520
  # the default parameter values, pass an empty Hash as a request object (see above).
@@ -1564,32 +1556,52 @@ module Google
1564
1556
  # Required. The {::Google::Cloud::Kms::V1::ImportJob#name name} of the
1565
1557
  # {::Google::Cloud::Kms::V1::ImportJob ImportJob} that was used to wrap this key
1566
1558
  # material.
1567
- # @param rsa_aes_wrapped_key [::String]
1568
- # Wrapped key material produced with
1569
- # {::Google::Cloud::Kms::V1::ImportJob::ImportMethod::RSA_OAEP_3072_SHA1_AES_256 RSA_OAEP_3072_SHA1_AES_256}
1559
+ # @param wrapped_key [::String]
1560
+ # Optional. The wrapped key material to import.
1561
+ #
1562
+ # Before wrapping, key material must be formatted. If importing symmetric key
1563
+ # material, the expected key material format is plain bytes. If importing
1564
+ # asymmetric key material, the expected key material format is PKCS#8-encoded
1565
+ # DER (the PrivateKeyInfo structure from RFC 5208).
1566
+ #
1567
+ # When wrapping with import methods
1568
+ # ({::Google::Cloud::Kms::V1::ImportJob::ImportMethod::RSA_OAEP_3072_SHA1_AES_256 RSA_OAEP_3072_SHA1_AES_256}
1569
+ # or
1570
+ # {::Google::Cloud::Kms::V1::ImportJob::ImportMethod::RSA_OAEP_4096_SHA1_AES_256 RSA_OAEP_4096_SHA1_AES_256}
1571
+ # or
1572
+ # {::Google::Cloud::Kms::V1::ImportJob::ImportMethod::RSA_OAEP_3072_SHA256_AES_256 RSA_OAEP_3072_SHA256_AES_256}
1570
1573
  # or
1571
- # {::Google::Cloud::Kms::V1::ImportJob::ImportMethod::RSA_OAEP_4096_SHA1_AES_256 RSA_OAEP_4096_SHA1_AES_256}.
1574
+ # {::Google::Cloud::Kms::V1::ImportJob::ImportMethod::RSA_OAEP_4096_SHA256_AES_256 RSA_OAEP_4096_SHA256_AES_256}),
1572
1575
  #
1573
- # This field contains the concatenation of two wrapped keys:
1576
+ # this field must contain the concatenation of:
1574
1577
  # <ol>
1575
1578
  # <li>An ephemeral AES-256 wrapping key wrapped with the
1576
1579
  # {::Google::Cloud::Kms::V1::ImportJob#public_key public_key} using
1577
- # RSAES-OAEP with SHA-1/SHA-256, MGF1 with SHA-1/SHA-256, and an
1578
- # empty label.
1580
+ # RSAES-OAEP with SHA-1/SHA-256, MGF1 with SHA-1/SHA-256, and an empty
1581
+ # label.
1579
1582
  # </li>
1580
- # <li>The key to be imported, wrapped with the ephemeral AES-256 key
1581
- # using AES-KWP (RFC 5649).
1583
+ # <li>The formatted key to be imported, wrapped with the ephemeral AES-256
1584
+ # key using AES-KWP (RFC 5649).
1582
1585
  # </li>
1583
1586
  # </ol>
1584
1587
  #
1585
- # If importing symmetric key material, it is expected that the unwrapped
1586
- # key contains plain bytes. If importing asymmetric key material, it is
1587
- # expected that the unwrapped key is in PKCS#8-encoded DER format (the
1588
- # PrivateKeyInfo structure from RFC 5208).
1589
- #
1590
1588
  # This format is the same as the format produced by PKCS#11 mechanism
1591
1589
  # CKM_RSA_AES_KEY_WRAP.
1592
1590
  #
1591
+ # When wrapping with import methods
1592
+ # ({::Google::Cloud::Kms::V1::ImportJob::ImportMethod::RSA_OAEP_3072_SHA256 RSA_OAEP_3072_SHA256}
1593
+ # or
1594
+ # {::Google::Cloud::Kms::V1::ImportJob::ImportMethod::RSA_OAEP_4096_SHA256 RSA_OAEP_4096_SHA256}),
1595
+ #
1596
+ # this field must contain the formatted key to be imported, wrapped with the
1597
+ # {::Google::Cloud::Kms::V1::ImportJob#public_key public_key} using RSAES-OAEP
1598
+ # with SHA-256, MGF1 with SHA-256, and an empty label.
1599
+ # @param rsa_aes_wrapped_key [::String]
1600
+ # Optional. This field has the same meaning as
1601
+ # {::Google::Cloud::Kms::V1::ImportCryptoKeyVersionRequest#wrapped_key wrapped_key}.
1602
+ # Prefer to use that field in new work. Either that field or this field
1603
+ # (but not both) must be specified.
1604
+ #
1593
1605
  # @yield [response, operation] Access the result along with the RPC operation
1594
1606
  # @yieldparam response [::Google::Cloud::Kms::V1::CryptoKeyVersion]
1595
1607
  # @yieldparam operation [::GRPC::ActiveCall::Operation]
@@ -2265,7 +2277,9 @@ module Google
2265
2277
  #
2266
2278
  # The maximum size depends on the key version's
2267
2279
  # {::Google::Cloud::Kms::V1::CryptoKeyVersionTemplate#protection_level protection_level}.
2268
- # For {::Google::Cloud::Kms::V1::ProtectionLevel::SOFTWARE SOFTWARE} keys, the
2280
+ # For {::Google::Cloud::Kms::V1::ProtectionLevel::SOFTWARE SOFTWARE},
2281
+ # {::Google::Cloud::Kms::V1::ProtectionLevel::EXTERNAL EXTERNAL}, and
2282
+ # {::Google::Cloud::Kms::V1::ProtectionLevel::EXTERNAL_VPC EXTERNAL_VPC} keys, the
2269
2283
  # plaintext must be no larger than 64KiB. For
2270
2284
  # {::Google::Cloud::Kms::V1::ProtectionLevel::HSM HSM} keys, the combined length of
2271
2285
  # the plaintext and additional_authenticated_data fields must be no larger
@@ -2277,8 +2291,10 @@ module Google
2277
2291
  #
2278
2292
  # The maximum size depends on the key version's
2279
2293
  # {::Google::Cloud::Kms::V1::CryptoKeyVersionTemplate#protection_level protection_level}.
2280
- # For {::Google::Cloud::Kms::V1::ProtectionLevel::SOFTWARE SOFTWARE} keys, the AAD
2281
- # must be no larger than 64KiB. For
2294
+ # For {::Google::Cloud::Kms::V1::ProtectionLevel::SOFTWARE SOFTWARE},
2295
+ # {::Google::Cloud::Kms::V1::ProtectionLevel::EXTERNAL EXTERNAL}, and
2296
+ # {::Google::Cloud::Kms::V1::ProtectionLevel::EXTERNAL_VPC EXTERNAL_VPC} keys the
2297
+ # AAD must be no larger than 64KiB. For
2282
2298
  # {::Google::Cloud::Kms::V1::ProtectionLevel::HSM HSM} keys, the combined length of
2283
2299
  # the plaintext and additional_authenticated_data fields must be no larger
2284
2300
  # than 8KiB.