google-cloud-kms-v1 0.17.0 → 0.18.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: '019a2267f33dda5561da56ed41cf332d8fd4b6fb3cb45587be780dc0db71460d'
-  data.tar.gz: bd72d7db29386ece91aed2c0eadfffa3ae802e4c57923d86c4de683d40ca06d4
+  metadata.gz: 5dd007295b6f2ec2dbd524910385762136fa4c92827ae2bf146dea3cd986395b
+  data.tar.gz: dad1b2dd3104df2b1169aaf28b420409be257c25430fb53a94b032f30c1b932e
 SHA512:
-  metadata.gz: 1a6a96462ae5e450a969e049c2ad9fb6c1e67fd6a49d19893a96c91933f24cde330b5d544cd347e6e271eff4647646e5caae299c159d64fbf9f46d37abbc137f
-  data.tar.gz: f822a78c784ef272766834567079b063847774afad91027b79309207c238d2161b5e6339cd3841389b06fec6dc295de32a790cccf08efc42e55c7fadf06ce624
+  metadata.gz: 3fcf9e9fedafc0005219bece87a5167fa96968560a659cc2d0ea68b272500933caf80435c665ee54e48c8c5b0551149ba60d98ff4869176067d85b7fc02bc04c
+  data.tar.gz: 6fb8eeb103261677363b217ba3e36e49a9815c64ac9afa0ff82d0b450fa9aeef89f91b24d35bef13333f702786fcdbbf2fb3b89ed338bec9ed5ebf80a909a73e

data/README.md

@@ -1,6 +1,6 @@
 # Ruby Client for the Cloud Key Management Service (KMS) V1 API
 
-API Client library for the Cloud Key Management Service (KMS) V1 API
+Manages keys and performs cryptographic operations in a central cloud service, for direct use by other cloud resources and applications.
 
 Manages keys and performs cryptographic operations in a central cloud service, for direct use by other cloud resources and applications.
 

data/lib/google/cloud/kms/v1/ekm_service/client.rb

@@ -578,6 +578,181 @@ module Google
               raise ::Google::Cloud::Error.from_error(e)
             end
 
+            ##
+            # Returns the {::Google::Cloud::Kms::V1::EkmConfig EkmConfig} singleton resource
+            # for a given project and location.
+            #
+            # @overload get_ekm_config(request, options = nil)
+            #   Pass arguments to `get_ekm_config` via a request object, either of type
+            #   {::Google::Cloud::Kms::V1::GetEkmConfigRequest} or an equivalent Hash.
+            #
+            #   @param request [::Google::Cloud::Kms::V1::GetEkmConfigRequest, ::Hash]
+            #     A request object representing the call parameters. Required. To specify no
+            #     parameters, or to keep all the default parameter values, pass an empty Hash.
+            #   @param options [::Gapic::CallOptions, ::Hash]
+            #     Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
+            #
+            # @overload get_ekm_config(name: nil)
+            #   Pass arguments to `get_ekm_config` via keyword arguments. Note that at
+            #   least one keyword argument is required. To specify no parameters, or to keep all
+            #   the default parameter values, pass an empty Hash as a request object (see above).
+            #
+            #   @param name [::String]
+            #     Required. The {::Google::Cloud::Kms::V1::EkmConfig#name name} of the
+            #     {::Google::Cloud::Kms::V1::EkmConfig EkmConfig} to get.
+            #
+            # @yield [response, operation] Access the result along with the RPC operation
+            # @yieldparam response [::Google::Cloud::Kms::V1::EkmConfig]
+            # @yieldparam operation [::GRPC::ActiveCall::Operation]
+            #
+            # @return [::Google::Cloud::Kms::V1::EkmConfig]
+            #
+            # @raise [::Google::Cloud::Error] if the RPC is aborted.
+            #
+            # @example Basic example
+            #   require "google/cloud/kms/v1"
+            #
+            #   # Create a client object. The client can be reused for multiple calls.
+            #   client = Google::Cloud::Kms::V1::EkmService::Client.new
+            #
+            #   # Create a request. To set request fields, pass in keyword arguments.
+            #   request = Google::Cloud::Kms::V1::GetEkmConfigRequest.new
+            #
+            #   # Call the get_ekm_config method.
+            #   result = client.get_ekm_config request
+            #
+            #   # The returned object is of type Google::Cloud::Kms::V1::EkmConfig.
+            #   p result
+            #
+            def get_ekm_config request, options = nil
+              raise ::ArgumentError, "request must be provided" if request.nil?
+
+              request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Kms::V1::GetEkmConfigRequest
+
+              # Converts hash and nil to an options object
+              options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
+
+              # Customize the options with defaults
+              metadata = @config.rpcs.get_ekm_config.metadata.to_h
+
+              # Set x-goog-api-client and x-goog-user-project headers
+              metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
+                lib_name: @config.lib_name, lib_version: @config.lib_version,
+                gapic_version: ::Google::Cloud::Kms::V1::VERSION
+              metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
+
+              header_params = {}
+              if request.name
+                header_params["name"] = request.name
+              end
+
+              request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
+              metadata[:"x-goog-request-params"] ||= request_params_header
+
+              options.apply_defaults timeout:      @config.rpcs.get_ekm_config.timeout,
+                                     metadata:     metadata,
+                                     retry_policy: @config.rpcs.get_ekm_config.retry_policy
+
+              options.apply_defaults timeout:      @config.timeout,
+                                     metadata:     @config.metadata,
+                                     retry_policy: @config.retry_policy
+
+              @ekm_service_stub.call_rpc :get_ekm_config, request, options: options do |response, operation|
+                yield response, operation if block_given?
+                return response
+              end
+            rescue ::GRPC::BadStatus => e
+              raise ::Google::Cloud::Error.from_error(e)
+            end
+
+            ##
+            # Updates the {::Google::Cloud::Kms::V1::EkmConfig EkmConfig} singleton resource
+            # for a given project and location.
+            #
+            # @overload update_ekm_config(request, options = nil)
+            #   Pass arguments to `update_ekm_config` via a request object, either of type
+            #   {::Google::Cloud::Kms::V1::UpdateEkmConfigRequest} or an equivalent Hash.
+            #
+            #   @param request [::Google::Cloud::Kms::V1::UpdateEkmConfigRequest, ::Hash]
+            #     A request object representing the call parameters. Required. To specify no
+            #     parameters, or to keep all the default parameter values, pass an empty Hash.
+            #   @param options [::Gapic::CallOptions, ::Hash]
+            #     Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
+            #
+            # @overload update_ekm_config(ekm_config: nil, update_mask: nil)
+            #   Pass arguments to `update_ekm_config` via keyword arguments. Note that at
+            #   least one keyword argument is required. To specify no parameters, or to keep all
+            #   the default parameter values, pass an empty Hash as a request object (see above).
+            #
+            #   @param ekm_config [::Google::Cloud::Kms::V1::EkmConfig, ::Hash]
+            #     Required. {::Google::Cloud::Kms::V1::EkmConfig EkmConfig} with updated values.
+            #   @param update_mask [::Google::Protobuf::FieldMask, ::Hash]
+            #     Required. List of fields to be updated in this request.
+            #
+            # @yield [response, operation] Access the result along with the RPC operation
+            # @yieldparam response [::Google::Cloud::Kms::V1::EkmConfig]
+            # @yieldparam operation [::GRPC::ActiveCall::Operation]
+            #
+            # @return [::Google::Cloud::Kms::V1::EkmConfig]
+            #
+            # @raise [::Google::Cloud::Error] if the RPC is aborted.
+            #
+            # @example Basic example
+            #   require "google/cloud/kms/v1"
+            #
+            #   # Create a client object. The client can be reused for multiple calls.
+            #   client = Google::Cloud::Kms::V1::EkmService::Client.new
+            #
+            #   # Create a request. To set request fields, pass in keyword arguments.
+            #   request = Google::Cloud::Kms::V1::UpdateEkmConfigRequest.new
+            #
+            #   # Call the update_ekm_config method.
+            #   result = client.update_ekm_config request
+            #
+            #   # The returned object is of type Google::Cloud::Kms::V1::EkmConfig.
+            #   p result
+            #
+            def update_ekm_config request, options = nil
+              raise ::ArgumentError, "request must be provided" if request.nil?
+
+              request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Kms::V1::UpdateEkmConfigRequest
+
+              # Converts hash and nil to an options object
+              options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
+
+              # Customize the options with defaults
+              metadata = @config.rpcs.update_ekm_config.metadata.to_h
+
+              # Set x-goog-api-client and x-goog-user-project headers
+              metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
+                lib_name: @config.lib_name, lib_version: @config.lib_version,
+                gapic_version: ::Google::Cloud::Kms::V1::VERSION
+              metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
+
+              header_params = {}
+              if request.ekm_config&.name
+                header_params["ekm_config.name"] = request.ekm_config.name
+              end
+
+              request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
+              metadata[:"x-goog-request-params"] ||= request_params_header
+
+              options.apply_defaults timeout:      @config.rpcs.update_ekm_config.timeout,
+                                     metadata:     metadata,
+                                     retry_policy: @config.rpcs.update_ekm_config.retry_policy
+
+              options.apply_defaults timeout:      @config.timeout,
+                                     metadata:     @config.metadata,
+                                     retry_policy: @config.retry_policy
+
+              @ekm_service_stub.call_rpc :update_ekm_config, request, options: options do |response, operation|
+                yield response, operation if block_given?
+                return response
+              end
+            rescue ::GRPC::BadStatus => e
+              raise ::Google::Cloud::Error.from_error(e)
+            end
+
             ##
             # Configuration class for the EkmService API.
             #
@@ -733,6 +908,16 @@ module Google
                 # @return [::Gapic::Config::Method]
                 #
                 attr_reader :update_ekm_connection
+                ##
+                # RPC-specific configuration for `get_ekm_config`
+                # @return [::Gapic::Config::Method]
+                #
+                attr_reader :get_ekm_config
+                ##
+                # RPC-specific configuration for `update_ekm_config`
+                # @return [::Gapic::Config::Method]
+                #
+                attr_reader :update_ekm_config
 
                 # @private
                 def initialize parent_rpcs = nil
@@ -744,6 +929,10 @@ module Google
                   @create_ekm_connection = ::Gapic::Config::Method.new create_ekm_connection_config
                   update_ekm_connection_config = parent_rpcs.update_ekm_connection if parent_rpcs.respond_to? :update_ekm_connection
                   @update_ekm_connection = ::Gapic::Config::Method.new update_ekm_connection_config
+                  get_ekm_config_config = parent_rpcs.get_ekm_config if parent_rpcs.respond_to? :get_ekm_config
+                  @get_ekm_config = ::Gapic::Config::Method.new get_ekm_config_config
+                  update_ekm_config_config = parent_rpcs.update_ekm_config if parent_rpcs.respond_to? :update_ekm_config
+                  @update_ekm_config = ::Gapic::Config::Method.new update_ekm_config_config
 
                   yield self if block_given?
                 end

data/lib/google/cloud/kms/v1/ekm_service/paths.rb

@@ -24,6 +24,23 @@ module Google
         module EkmService
           # Path helper methods for the EkmService API.
           module Paths
+            ##
+            # Create a fully-qualified EkmConfig resource string.
+            #
+            # The resource will be in the following format:
+            #
+            # `projects/{project}/locations/{location}/ekmConfig`
+            #
+            # @param project [String]
+            # @param location [String]
+            #
+            # @return [::String]
+            def ekm_config_path project:, location:
+              raise ::ArgumentError, "project cannot contain /" if project.to_s.include? "/"
+
+              "projects/#{project}/locations/#{location}/ekmConfig"
+            end
+
             ##
             # Create a fully-qualified EkmConnection resource string.
             #

data/lib/google/cloud/kms/v1/ekm_service/rest/client.rb

@@ -475,6 +475,135 @@ module Google
                 raise ::Google::Cloud::Error.from_error(e)
               end
 
+              ##
+              # Returns the {::Google::Cloud::Kms::V1::EkmConfig EkmConfig} singleton resource
+              # for a given project and location.
+              #
+              # @overload get_ekm_config(request, options = nil)
+              #   Pass arguments to `get_ekm_config` via a request object, either of type
+              #   {::Google::Cloud::Kms::V1::GetEkmConfigRequest} or an equivalent Hash.
+              #
+              #   @param request [::Google::Cloud::Kms::V1::GetEkmConfigRequest, ::Hash]
+              #     A request object representing the call parameters. Required. To specify no
+              #     parameters, or to keep all the default parameter values, pass an empty Hash.
+              #   @param options [::Gapic::CallOptions, ::Hash]
+              #     Overrides the default settings for this call, e.g, timeout, retries etc. Optional.
+              #
+              # @overload get_ekm_config(name: nil)
+              #   Pass arguments to `get_ekm_config` via keyword arguments. Note that at
+              #   least one keyword argument is required. To specify no parameters, or to keep all
+              #   the default parameter values, pass an empty Hash as a request object (see above).
+              #
+              #   @param name [::String]
+              #     Required. The {::Google::Cloud::Kms::V1::EkmConfig#name name} of the
+              #     {::Google::Cloud::Kms::V1::EkmConfig EkmConfig} to get.
+              # @yield [result, operation] Access the result along with the TransportOperation object
+              # @yieldparam result [::Google::Cloud::Kms::V1::EkmConfig]
+              # @yieldparam operation [::Gapic::Rest::TransportOperation]
+              #
+              # @return [::Google::Cloud::Kms::V1::EkmConfig]
+              #
+              # @raise [::Google::Cloud::Error] if the REST call is aborted.
+              def get_ekm_config request, options = nil
+                raise ::ArgumentError, "request must be provided" if request.nil?
+
+                request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Kms::V1::GetEkmConfigRequest
+
+                # Converts hash and nil to an options object
+                options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
+
+                # Customize the options with defaults
+                call_metadata = @config.rpcs.get_ekm_config.metadata.to_h
+
+                # Set x-goog-api-client and x-goog-user-project headers
+                call_metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
+                  lib_name: @config.lib_name, lib_version: @config.lib_version,
+                  gapic_version: ::Google::Cloud::Kms::V1::VERSION,
+                  transports_version_send: [:rest]
+
+                call_metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
+
+                options.apply_defaults timeout:      @config.rpcs.get_ekm_config.timeout,
+                                       metadata:     call_metadata,
+                                       retry_policy: @config.rpcs.get_ekm_config.retry_policy
+
+                options.apply_defaults timeout:      @config.timeout,
+                                       metadata:     @config.metadata,
+                                       retry_policy: @config.retry_policy
+
+                @ekm_service_stub.get_ekm_config request, options do |result, operation|
+                  yield result, operation if block_given?
+                  return result
+                end
+              rescue ::Gapic::Rest::Error => e
+                raise ::Google::Cloud::Error.from_error(e)
+              end
+
+              ##
+              # Updates the {::Google::Cloud::Kms::V1::EkmConfig EkmConfig} singleton resource
+              # for a given project and location.
+              #
+              # @overload update_ekm_config(request, options = nil)
+              #   Pass arguments to `update_ekm_config` via a request object, either of type
+              #   {::Google::Cloud::Kms::V1::UpdateEkmConfigRequest} or an equivalent Hash.
+              #
+              #   @param request [::Google::Cloud::Kms::V1::UpdateEkmConfigRequest, ::Hash]
+              #     A request object representing the call parameters. Required. To specify no
+              #     parameters, or to keep all the default parameter values, pass an empty Hash.
+              #   @param options [::Gapic::CallOptions, ::Hash]
+              #     Overrides the default settings for this call, e.g, timeout, retries etc. Optional.
+              #
+              # @overload update_ekm_config(ekm_config: nil, update_mask: nil)
+              #   Pass arguments to `update_ekm_config` via keyword arguments. Note that at
+              #   least one keyword argument is required. To specify no parameters, or to keep all
+              #   the default parameter values, pass an empty Hash as a request object (see above).
+              #
+              #   @param ekm_config [::Google::Cloud::Kms::V1::EkmConfig, ::Hash]
+              #     Required. {::Google::Cloud::Kms::V1::EkmConfig EkmConfig} with updated values.
+              #   @param update_mask [::Google::Protobuf::FieldMask, ::Hash]
+              #     Required. List of fields to be updated in this request.
+              # @yield [result, operation] Access the result along with the TransportOperation object
+              # @yieldparam result [::Google::Cloud::Kms::V1::EkmConfig]
+              # @yieldparam operation [::Gapic::Rest::TransportOperation]
+              #
+              # @return [::Google::Cloud::Kms::V1::EkmConfig]
+              #
+              # @raise [::Google::Cloud::Error] if the REST call is aborted.
+              def update_ekm_config request, options = nil
+                raise ::ArgumentError, "request must be provided" if request.nil?
+
+                request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Kms::V1::UpdateEkmConfigRequest
+
+                # Converts hash and nil to an options object
+                options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
+
+                # Customize the options with defaults
+                call_metadata = @config.rpcs.update_ekm_config.metadata.to_h
+
+                # Set x-goog-api-client and x-goog-user-project headers
+                call_metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
+                  lib_name: @config.lib_name, lib_version: @config.lib_version,
+                  gapic_version: ::Google::Cloud::Kms::V1::VERSION,
+                  transports_version_send: [:rest]
+
+                call_metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
+
+                options.apply_defaults timeout:      @config.rpcs.update_ekm_config.timeout,
+                                       metadata:     call_metadata,
+                                       retry_policy: @config.rpcs.update_ekm_config.retry_policy
+
+                options.apply_defaults timeout:      @config.timeout,
+                                       metadata:     @config.metadata,
+                                       retry_policy: @config.retry_policy
+
+                @ekm_service_stub.update_ekm_config request, options do |result, operation|
+                  yield result, operation if block_given?
+                  return result
+                end
+              rescue ::Gapic::Rest::Error => e
+                raise ::Google::Cloud::Error.from_error(e)
+              end
+
               ##
               # Configuration class for the EkmService REST API.
               #
@@ -625,6 +754,16 @@ module Google
                   # @return [::Gapic::Config::Method]
                   #
                   attr_reader :update_ekm_connection
+                  ##
+                  # RPC-specific configuration for `get_ekm_config`
+                  # @return [::Gapic::Config::Method]
+                  #
+                  attr_reader :get_ekm_config
+                  ##
+                  # RPC-specific configuration for `update_ekm_config`
+                  # @return [::Gapic::Config::Method]
+                  #
+                  attr_reader :update_ekm_config
 
                   # @private
                   def initialize parent_rpcs = nil
@@ -636,6 +775,10 @@ module Google
                     @create_ekm_connection = ::Gapic::Config::Method.new create_ekm_connection_config
                     update_ekm_connection_config = parent_rpcs.update_ekm_connection if parent_rpcs.respond_to? :update_ekm_connection
                     @update_ekm_connection = ::Gapic::Config::Method.new update_ekm_connection_config
+                    get_ekm_config_config = parent_rpcs.get_ekm_config if parent_rpcs.respond_to? :get_ekm_config
+                    @get_ekm_config = ::Gapic::Config::Method.new get_ekm_config_config
+                    update_ekm_config_config = parent_rpcs.update_ekm_config if parent_rpcs.respond_to? :update_ekm_config
+                    @update_ekm_config = ::Gapic::Config::Method.new update_ekm_config_config
 
                     yield self if block_given?
                   end

data/lib/google/cloud/kms/v1/ekm_service/rest/service_stub.rb

@@ -192,6 +192,82 @@ module Google
                 result
               end
 
+              ##
+              # Baseline implementation for the get_ekm_config REST call
+              #
+              # @param request_pb [::Google::Cloud::Kms::V1::GetEkmConfigRequest]
+              #   A request object representing the call parameters. Required.
+              # @param options [::Gapic::CallOptions]
+              #   Overrides the default settings for this call, e.g, timeout, retries etc. Optional.
+              #
+              # @yield [result, operation] Access the result along with the TransportOperation object
+              # @yieldparam result [::Google::Cloud::Kms::V1::EkmConfig]
+              # @yieldparam operation [::Gapic::Rest::TransportOperation]
+              #
+              # @return [::Google::Cloud::Kms::V1::EkmConfig]
+              #   A result object deserialized from the server's reply
+              def get_ekm_config request_pb, options = nil
+                raise ::ArgumentError, "request must be provided" if request_pb.nil?
+
+                verb, uri, query_string_params, body = ServiceStub.transcode_get_ekm_config_request request_pb
+                query_string_params = if query_string_params.any?
+                                        query_string_params.to_h { |p| p.split("=", 2) }
+                                      else
+                                        {}
+                                      end
+
+                response = @client_stub.make_http_request(
+                  verb,
+                  uri:     uri,
+                  body:    body || "",
+                  params:  query_string_params,
+                  options: options
+                )
+                operation = ::Gapic::Rest::TransportOperation.new response
+                result = ::Google::Cloud::Kms::V1::EkmConfig.decode_json response.body, ignore_unknown_fields: true
+
+                yield result, operation if block_given?
+                result
+              end
+
+              ##
+              # Baseline implementation for the update_ekm_config REST call
+              #
+              # @param request_pb [::Google::Cloud::Kms::V1::UpdateEkmConfigRequest]
+              #   A request object representing the call parameters. Required.
+              # @param options [::Gapic::CallOptions]
+              #   Overrides the default settings for this call, e.g, timeout, retries etc. Optional.
+              #
+              # @yield [result, operation] Access the result along with the TransportOperation object
+              # @yieldparam result [::Google::Cloud::Kms::V1::EkmConfig]
+              # @yieldparam operation [::Gapic::Rest::TransportOperation]
+              #
+              # @return [::Google::Cloud::Kms::V1::EkmConfig]
+              #   A result object deserialized from the server's reply
+              def update_ekm_config request_pb, options = nil
+                raise ::ArgumentError, "request must be provided" if request_pb.nil?
+
+                verb, uri, query_string_params, body = ServiceStub.transcode_update_ekm_config_request request_pb
+                query_string_params = if query_string_params.any?
+                                        query_string_params.to_h { |p| p.split("=", 2) }
+                                      else
+                                        {}
+                                      end
+
+                response = @client_stub.make_http_request(
+                  verb,
+                  uri:     uri,
+                  body:    body || "",
+                  params:  query_string_params,
+                  options: options
+                )
+                operation = ::Gapic::Rest::TransportOperation.new response
+                result = ::Google::Cloud::Kms::V1::EkmConfig.decode_json response.body, ignore_unknown_fields: true
+
+                yield result, operation if block_given?
+                result
+              end
+
               ##
               # @private
               #
@@ -277,6 +353,49 @@ module Google
                                                         )
                 transcoder.transcode request_pb
               end
+
+              ##
+              # @private
+              #
+              # GRPC transcoding helper method for the get_ekm_config REST call
+              #
+              # @param request_pb [::Google::Cloud::Kms::V1::GetEkmConfigRequest]
+              #   A request object representing the call parameters. Required.
+              # @return [Array(String, [String, nil], Hash{String => String})]
+              #   Uri, Body, Query string parameters
+              def self.transcode_get_ekm_config_request request_pb
+                transcoder = Gapic::Rest::GrpcTranscoder.new
+                                                        .with_bindings(
+                                                          uri_method: :get,
+                                                          uri_template: "/v1/{name}",
+                                                          matches: [
+                                                            ["name", %r{^projects/[^/]+/locations/[^/]+/ekmConfig/?$}, false]
+                                                          ]
+                                                        )
+                transcoder.transcode request_pb
+              end
+
+              ##
+              # @private
+              #
+              # GRPC transcoding helper method for the update_ekm_config REST call
+              #
+              # @param request_pb [::Google::Cloud::Kms::V1::UpdateEkmConfigRequest]
+              #   A request object representing the call parameters. Required.
+              # @return [Array(String, [String, nil], Hash{String => String})]
+              #   Uri, Body, Query string parameters
+              def self.transcode_update_ekm_config_request request_pb
+                transcoder = Gapic::Rest::GrpcTranscoder.new
+                                                        .with_bindings(
+                                                          uri_method: :patch,
+                                                          uri_template: "/v1/{ekm_config.name}",
+                                                          body: "ekm_config",
+                                                          matches: [
+                                                            ["ekm_config.name", %r{^projects/[^/]+/locations/[^/]+/ekmConfig/?$}, false]
+                                                          ]
+                                                        )
+                transcoder.transcode request_pb
+              end
             end
           end
         end

data/lib/google/cloud/kms/v1/ekm_service_pb.rb

@@ -36,6 +36,13 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       optional :ekm_connection, :message, 1, "google.cloud.kms.v1.EkmConnection"
       optional :update_mask, :message, 2, "google.protobuf.FieldMask"
     end
+    add_message "google.cloud.kms.v1.GetEkmConfigRequest" do
+      optional :name, :string, 1
+    end
+    add_message "google.cloud.kms.v1.UpdateEkmConfigRequest" do
+      optional :ekm_config, :message, 1, "google.cloud.kms.v1.EkmConfig"
+      optional :update_mask, :message, 2, "google.protobuf.FieldMask"
+    end
     add_message "google.cloud.kms.v1.Certificate" do
       optional :raw_der, :bytes, 1
       optional :parsed, :bool, 2
@@ -52,6 +59,8 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       optional :create_time, :message, 2, "google.protobuf.Timestamp"
       repeated :service_resolvers, :message, 3, "google.cloud.kms.v1.EkmConnection.ServiceResolver"
       optional :etag, :string, 5
+      optional :key_management_mode, :enum, 6, "google.cloud.kms.v1.EkmConnection.KeyManagementMode"
+      optional :crypto_space_path, :string, 7
     end
     add_message "google.cloud.kms.v1.EkmConnection.ServiceResolver" do
       optional :service_directory_service, :string, 1
@@ -59,6 +68,15 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       optional :hostname, :string, 3
       repeated :server_certificates, :message, 4, "google.cloud.kms.v1.Certificate"
     end
+    add_enum "google.cloud.kms.v1.EkmConnection.KeyManagementMode" do
+      value :KEY_MANAGEMENT_MODE_UNSPECIFIED, 0
+      value :MANUAL, 1
+      value :CLOUD_KMS, 2
+    end
+    add_message "google.cloud.kms.v1.EkmConfig" do
+      optional :name, :string, 1
+      optional :default_ekm_connection, :string, 2
+    end
   end
 end
 
@@ -71,9 +89,13 @@ module Google
         GetEkmConnectionRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.GetEkmConnectionRequest").msgclass
         CreateEkmConnectionRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.CreateEkmConnectionRequest").msgclass
         UpdateEkmConnectionRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.UpdateEkmConnectionRequest").msgclass
+        GetEkmConfigRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.GetEkmConfigRequest").msgclass
+        UpdateEkmConfigRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.UpdateEkmConfigRequest").msgclass
         Certificate = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.Certificate").msgclass
         EkmConnection = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.EkmConnection").msgclass
         EkmConnection::ServiceResolver = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.EkmConnection.ServiceResolver").msgclass
+        EkmConnection::KeyManagementMode = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.EkmConnection.KeyManagementMode").enummodule
+        EkmConfig = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.EkmConfig").msgclass
       end
     end
   end

data/lib/google/cloud/kms/v1/ekm_service_services_pb.rb

@@ -47,6 +47,12 @@ module Google
             rpc :CreateEkmConnection, ::Google::Cloud::Kms::V1::CreateEkmConnectionRequest, ::Google::Cloud::Kms::V1::EkmConnection
             # Updates an [EkmConnection][google.cloud.kms.v1.EkmConnection]'s metadata.
             rpc :UpdateEkmConnection, ::Google::Cloud::Kms::V1::UpdateEkmConnectionRequest, ::Google::Cloud::Kms::V1::EkmConnection
+            # Returns the [EkmConfig][google.cloud.kms.v1.EkmConfig] singleton resource
+            # for a given project and location.
+            rpc :GetEkmConfig, ::Google::Cloud::Kms::V1::GetEkmConfigRequest, ::Google::Cloud::Kms::V1::EkmConfig
+            # Updates the [EkmConfig][google.cloud.kms.v1.EkmConfig] singleton resource
+            # for a given project and location.
+            rpc :UpdateEkmConfig, ::Google::Cloud::Kms::V1::UpdateEkmConfigRequest, ::Google::Cloud::Kms::V1::EkmConfig
           end
 
           Stub = Service.rpc_stub_class

data/lib/google/cloud/kms/v1/resources_pb.rb

@@ -69,6 +69,8 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       optional :import_job, :string, 14
       optional :import_time, :message, 15, "google.protobuf.Timestamp"
       optional :import_failure_reason, :string, 16
+      optional :generation_failure_reason, :string, 19
+      optional :external_destruction_failure_reason, :string, 20
       optional :external_protection_level_options, :message, 17, "google.cloud.kms.v1.ExternalProtectionLevelOptions"
       optional :reimport_eligible, :bool, 18
     end
@@ -112,6 +114,9 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       value :DESTROY_SCHEDULED, 4
       value :PENDING_IMPORT, 6
       value :IMPORT_FAILED, 7
+      value :GENERATION_FAILED, 8
+      value :PENDING_EXTERNAL_DESTRUCTION, 9
+      value :EXTERNAL_DESTRUCTION_FAILED, 10
     end
     add_enum "google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionView" do
       value :CRYPTO_KEY_VERSION_VIEW_UNSPECIFIED, 0

data/lib/google/cloud/kms/v1/version.rb

@@ -21,7 +21,7 @@ module Google
   module Cloud
     module Kms
       module V1
-        VERSION = "0.17.0"
+        VERSION = "0.18.0"
       end
     end
   end

data/proto_docs/google/cloud/kms/v1/ekm_service.rb

@@ -122,6 +122,30 @@ module Google
           extend ::Google::Protobuf::MessageExts::ClassMethods
         end
 
+        # Request message for
+        # {::Google::Cloud::Kms::V1::EkmService::Client#get_ekm_config EkmService.GetEkmConfig}.
+        # @!attribute [rw] name
+        #   @return [::String]
+        #     Required. The {::Google::Cloud::Kms::V1::EkmConfig#name name} of the
+        #     {::Google::Cloud::Kms::V1::EkmConfig EkmConfig} to get.
+        class GetEkmConfigRequest
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # Request message for
+        # {::Google::Cloud::Kms::V1::EkmService::Client#update_ekm_config EkmService.UpdateEkmConfig}.
+        # @!attribute [rw] ekm_config
+        #   @return [::Google::Cloud::Kms::V1::EkmConfig]
+        #     Required. {::Google::Cloud::Kms::V1::EkmConfig EkmConfig} with updated values.
+        # @!attribute [rw] update_mask
+        #   @return [::Google::Protobuf::FieldMask]
+        #     Required. List of fields to be updated in this request.
+        class UpdateEkmConfigRequest
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
         # A {::Google::Cloud::Kms::V1::Certificate Certificate} represents an X.509
         # certificate used to authenticate HTTPS connections to EKM replicas.
         # @!attribute [rw] raw_der
@@ -192,6 +216,18 @@ module Google
         #   @return [::String]
         #     Optional. Etag of the currently stored
         #     {::Google::Cloud::Kms::V1::EkmConnection EkmConnection}.
+        # @!attribute [rw] key_management_mode
+        #   @return [::Google::Cloud::Kms::V1::EkmConnection::KeyManagementMode]
+        #     Optional. Describes who can perform control plane operations on the EKM. If
+        #     unset, this defaults to
+        #     {::Google::Cloud::Kms::V1::EkmConnection::KeyManagementMode::MANUAL MANUAL}.
+        # @!attribute [rw] crypto_space_path
+        #   @return [::String]
+        #     Optional. Identifies the EKM Crypto Space that this
+        #     {::Google::Cloud::Kms::V1::EkmConnection EkmConnection} maps to. Note: This
+        #     field is required if
+        #     {::Google::Cloud::Kms::V1::EkmConnection::KeyManagementMode KeyManagementMode} is
+        #     {::Google::Cloud::Kms::V1::EkmConnection::KeyManagementMode::CLOUD_KMS CLOUD_KMS}.
         class EkmConnection
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -224,6 +260,66 @@ module Google
             include ::Google::Protobuf::MessageExts
             extend ::Google::Protobuf::MessageExts::ClassMethods
           end
+
+          # {::Google::Cloud::Kms::V1::EkmConnection::KeyManagementMode KeyManagementMode}
+          # describes who can perform control plane cryptographic operations using this
+          # {::Google::Cloud::Kms::V1::EkmConnection EkmConnection}.
+          module KeyManagementMode
+            # Not specified.
+            KEY_MANAGEMENT_MODE_UNSPECIFIED = 0
+
+            # EKM-side key management operations on
+            # {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} created with this
+            # {::Google::Cloud::Kms::V1::EkmConnection EkmConnection} must be initiated from
+            # the EKM directly and cannot be performed from Cloud KMS. This means that:
+            # * When creating a
+            # {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} associated with
+            # this
+            #   {::Google::Cloud::Kms::V1::EkmConnection EkmConnection}, the caller must
+            #   supply the key path of pre-existing external key material that will be
+            #   linked to the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}.
+            # * Destruction of external key material cannot be requested via the
+            #   Cloud KMS API and must be performed directly in the EKM.
+            # * Automatic rotation of key material is not supported.
+            MANUAL = 1
+
+            # All {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} created with this
+            # {::Google::Cloud::Kms::V1::EkmConnection EkmConnection} use EKM-side key
+            # management operations initiated from Cloud KMS. This means that:
+            # * When a {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}
+            # associated with this {::Google::Cloud::Kms::V1::EkmConnection EkmConnection}
+            # is
+            #   created, the EKM automatically generates new key material and a new
+            #   key path. The caller cannot supply the key path of pre-existing
+            #   external key material.
+            # * Destruction of external key material associated with this
+            #   {::Google::Cloud::Kms::V1::EkmConnection EkmConnection} can be requested by
+            #   calling [DestroyCryptoKeyVersion][EkmService.DestroyCryptoKeyVersion].
+            # * Automatic rotation of key material is supported.
+            CLOUD_KMS = 2
+          end
+        end
+
+        # An {::Google::Cloud::Kms::V1::EkmConfig EkmConfig} is a singleton resource that
+        # represents configuration parameters that apply to all
+        # {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} and
+        # {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersions} with a
+        # {::Google::Cloud::Kms::V1::ProtectionLevel ProtectionLevel} of
+        # [EXTERNAL_VPC][CryptoKeyVersion.ProtectionLevel.EXTERNAL_VPC] in a given
+        # project and location.
+        # @!attribute [r] name
+        #   @return [::String]
+        #     Output only. The resource name for the
+        #     {::Google::Cloud::Kms::V1::EkmConfig EkmConfig} in the format
+        #     `projects/*/locations/*/ekmConfig`.
+        # @!attribute [rw] default_ekm_connection
+        #   @return [::String]
+        #     Optional. Resource name of the default
+        #     {::Google::Cloud::Kms::V1::EkmConnection EkmConnection}. Setting this field to
+        #     the empty string removes the default.
+        class EkmConfig
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
         end
       end
     end

data/proto_docs/google/cloud/kms/v1/resources.rb

@@ -341,6 +341,17 @@ module Google
         #     Output only. The root cause of the most recent import failure. Only present
         #     if {::Google::Cloud::Kms::V1::CryptoKeyVersion#state state} is
         #     {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::IMPORT_FAILED IMPORT_FAILED}.
+        # @!attribute [r] generation_failure_reason
+        #   @return [::String]
+        #     Output only. The root cause of the most recent generation failure. Only
+        #     present if {::Google::Cloud::Kms::V1::CryptoKeyVersion#state state} is
+        #     {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::GENERATION_FAILED GENERATION_FAILED}.
+        # @!attribute [r] external_destruction_failure_reason
+        #   @return [::String]
+        #     Output only. The root cause of the most recent external destruction
+        #     failure. Only present if
+        #     {::Google::Cloud::Kms::V1::CryptoKeyVersion#state state} is
+        #     {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::EXTERNAL_DESTRUCTION_FAILED EXTERNAL_DESTRUCTION_FAILED}.
         # @!attribute [rw] external_protection_level_options
         #   @return [::Google::Cloud::Kms::V1::ExternalProtectionLevelOptions]
         #     ExternalProtectionLevelOptions stores a group of additional fields for
@@ -544,6 +555,23 @@ module Google
             # Additional details can be found in
             # {::Google::Cloud::Kms::V1::CryptoKeyVersion#import_failure_reason CryptoKeyVersion.import_failure_reason}.
             IMPORT_FAILED = 7
+
+            # This version was not generated successfully. It may not be used, enabled,
+            # disabled, or destroyed. Additional details can be found in
+            # {::Google::Cloud::Kms::V1::CryptoKeyVersion#generation_failure_reason CryptoKeyVersion.generation_failure_reason}.
+            GENERATION_FAILED = 8
+
+            # This version was destroyed, and it may not be used or enabled again.
+            # Cloud KMS is waiting for the corresponding key material residing in an
+            # external key manager to be destroyed.
+            PENDING_EXTERNAL_DESTRUCTION = 9
+
+            # This version was destroyed, and it may not be used or enabled again.
+            # However, Cloud KMS could not confirm that the corresponding key material
+            # residing in an external key manager was destroyed. Additional details can
+            # be found in
+            # {::Google::Cloud::Kms::V1::CryptoKeyVersion#external_destruction_failure_reason CryptoKeyVersion.external_destruction_failure_reason}.
+            EXTERNAL_DESTRUCTION_FAILED = 10
           end
 
           # A view for {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}s.

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: google-cloud-kms-v1
 version: !ruby/object:Gem::Version
-  version: 0.17.0
+  version: 0.18.0
 platform: ruby
 authors:
 - Google LLC
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2023-02-17 00:00:00.000000000 Z
+date: 2023-03-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: gapic-common
@@ -16,7 +16,7 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.17.1
+        version: 0.18.0
     - - "<"
       - !ruby/object:Gem::Version
         version: 2.a
@@ -26,7 +26,7 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.17.1
+        version: 0.18.0
     - - "<"
       - !ruby/object:Gem::Version
         version: 2.a
@@ -273,5 +273,6 @@ requirements: []
 rubygems_version: 3.4.2
 signing_key: 
 specification_version: 4
-summary: API Client library for the Cloud Key Management Service (KMS) V1 API
+summary: Manages keys and performs cryptographic operations in a central cloud service,
+  for direct use by other cloud resources and applications.
 test_files: []