google-cloud-kms-v1 0.19.0 → 0.21.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 69001e1b6b9a0e268ff0e9ddaf3ef9535c8e25428334d9d58fc59fdc3b21fb8c
-  data.tar.gz: 11fc0213ab299c96b8636a164e9ad5ffe536d9f3fa43b6d60d892d5f91005f01
+  metadata.gz: 359686bf360890c730516a1ad6df0583f2624726d0d13e0f6e7ab07ecbf48ebc
+  data.tar.gz: 9eeeb7594661333b65d6842cb3e65b8868c1c7b6a97222ed92a079bae3b4d20a
 SHA512:
-  metadata.gz: 4ba06d5d132693b236e02f44d4d752c742e336668f19fb0b8381af3e8931278ddeb0572cb4586d0c47249768ed6e3847b14bce5c0281862ac2425f57d0f801f1
-  data.tar.gz: 3005fd1d7e72bad8c8877453764a8974cc27538615958eb74b12ef4aac502b1dff059b355313558658144bd43486aa2e4a3435c9f4f03672ca84d15c37c1548a
+  metadata.gz: cd0305ad53291b43543b5b2b552c16b23099373684224367a6677573700b001a5d641f63b0c60a4f4bf96de4fba6dd91b3ad884eca5fcf723d3cfce8b0b0886e
+  data.tar.gz: b7cdc2bed32747a46d54bd95ee62953f5e2b1b7bd88d1f46da148c78629cb202117e8f2242a927a5c9e2790d44244a9f0cda9d79eb97c0aad0a98f77823aaa45

data/lib/google/cloud/kms/v1/ekm_service/client.rb

@@ -149,7 +149,7 @@ module Google
               credentials = @config.credentials
               # Use self-signed JWT if the endpoint is unchanged from default,
               # but only if the default endpoint does not have a region prefix.
-              enable_self_signed_jwt = @config.endpoint == Client.configure.endpoint &&
+              enable_self_signed_jwt = @config.endpoint == Configuration::DEFAULT_ENDPOINT &&
                                        !@config.endpoint.split(".").first.include?("-")
               credentials ||= Credentials.default scope: @config.scope,
                                                   enable_self_signed_jwt: enable_self_signed_jwt
@@ -925,7 +925,9 @@ module Google
             class Configuration
               extend ::Gapic::Config
 
-              config_attr :endpoint,      "cloudkms.googleapis.com", ::String
+              DEFAULT_ENDPOINT = "cloudkms.googleapis.com"
+
+              config_attr :endpoint,      DEFAULT_ENDPOINT, ::String
               config_attr :credentials,   nil do |value|
                 allowed = [::String, ::Hash, ::Proc, ::Symbol, ::Google::Auth::Credentials, ::Signet::OAuth2::Client, nil]
                 allowed += [::GRPC::Core::Channel, ::GRPC::Core::ChannelCredentials] if defined? ::GRPC

data/lib/google/cloud/kms/v1/ekm_service/rest/client.rb

@@ -145,7 +145,7 @@ module Google
                 credentials = @config.credentials
                 # Use self-signed JWT if the endpoint is unchanged from default,
                 # but only if the default endpoint does not have a region prefix.
-                enable_self_signed_jwt = @config.endpoint == Client.configure.endpoint &&
+                enable_self_signed_jwt = @config.endpoint == Configuration::DEFAULT_ENDPOINT &&
                                          !@config.endpoint.split(".").first.include?("-")
                 credentials ||= Credentials.default scope: @config.scope,
                                                     enable_self_signed_jwt: enable_self_signed_jwt
@@ -744,7 +744,9 @@ module Google
               class Configuration
                 extend ::Gapic::Config
 
-                config_attr :endpoint,      "cloudkms.googleapis.com", ::String
+                DEFAULT_ENDPOINT = "cloudkms.googleapis.com"
+
+                config_attr :endpoint,      DEFAULT_ENDPOINT, ::String
                 config_attr :credentials,   nil do |value|
                   allowed = [::String, ::Hash, ::Proc, ::Symbol, ::Google::Auth::Credentials, ::Signet::OAuth2::Client, nil]
                   allowed.any? { |klass| klass === value }

data/lib/google/cloud/kms/v1/ekm_service/rest/service_stub.rb

@@ -59,7 +59,7 @@ module Google
 
                 verb, uri, query_string_params, body = ServiceStub.transcode_list_ekm_connections_request request_pb
                 query_string_params = if query_string_params.any?
-                                        query_string_params.to_h { |p| p.split("=", 2) }
+                                        query_string_params.to_h { |p| p.split "=", 2 }
                                       else
                                         {}
                                       end
@@ -97,7 +97,7 @@ module Google
 
                 verb, uri, query_string_params, body = ServiceStub.transcode_get_ekm_connection_request request_pb
                 query_string_params = if query_string_params.any?
-                                        query_string_params.to_h { |p| p.split("=", 2) }
+                                        query_string_params.to_h { |p| p.split "=", 2 }
                                       else
                                         {}
                                       end
@@ -135,7 +135,7 @@ module Google
 
                 verb, uri, query_string_params, body = ServiceStub.transcode_create_ekm_connection_request request_pb
                 query_string_params = if query_string_params.any?
-                                        query_string_params.to_h { |p| p.split("=", 2) }
+                                        query_string_params.to_h { |p| p.split "=", 2 }
                                       else
                                         {}
                                       end
@@ -173,7 +173,7 @@ module Google
 
                 verb, uri, query_string_params, body = ServiceStub.transcode_update_ekm_connection_request request_pb
                 query_string_params = if query_string_params.any?
-                                        query_string_params.to_h { |p| p.split("=", 2) }
+                                        query_string_params.to_h { |p| p.split "=", 2 }
                                       else
                                         {}
                                       end
@@ -211,7 +211,7 @@ module Google
 
                 verb, uri, query_string_params, body = ServiceStub.transcode_get_ekm_config_request request_pb
                 query_string_params = if query_string_params.any?
-                                        query_string_params.to_h { |p| p.split("=", 2) }
+                                        query_string_params.to_h { |p| p.split "=", 2 }
                                       else
                                         {}
                                       end
@@ -249,7 +249,7 @@ module Google
 
                 verb, uri, query_string_params, body = ServiceStub.transcode_update_ekm_config_request request_pb
                 query_string_params = if query_string_params.any?
-                                        query_string_params.to_h { |p| p.split("=", 2) }
+                                        query_string_params.to_h { |p| p.split "=", 2 }
                                       else
                                         {}
                                       end
@@ -287,7 +287,7 @@ module Google
 
                 verb, uri, query_string_params, body = ServiceStub.transcode_verify_connectivity_request request_pb
                 query_string_params = if query_string_params.any?
-                                        query_string_params.to_h { |p| p.split("=", 2) }
+                                        query_string_params.to_h { |p| p.split "=", 2 }
                                       else
                                         {}
                                       end

data/lib/google/cloud/kms/v1/ekm_service_pb.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 # Generated by the protocol buffer compiler.  DO NOT EDIT!
 # source: google/cloud/kms/v1/ekm_service.proto
 
@@ -10,79 +11,33 @@ require 'google/api/resource_pb'
 require 'google/protobuf/field_mask_pb'
 require 'google/protobuf/timestamp_pb'
 
-Google::Protobuf::DescriptorPool.generated_pool.build do
-  add_file("google/cloud/kms/v1/ekm_service.proto", :syntax => :proto3) do
-    add_message "google.cloud.kms.v1.ListEkmConnectionsRequest" do
-      optional :parent, :string, 1
-      optional :page_size, :int32, 2
-      optional :page_token, :string, 3
-      optional :filter, :string, 4
-      optional :order_by, :string, 5
-    end
-    add_message "google.cloud.kms.v1.ListEkmConnectionsResponse" do
-      repeated :ekm_connections, :message, 1, "google.cloud.kms.v1.EkmConnection"
-      optional :next_page_token, :string, 2
-      optional :total_size, :int32, 3
-    end
-    add_message "google.cloud.kms.v1.GetEkmConnectionRequest" do
-      optional :name, :string, 1
-    end
-    add_message "google.cloud.kms.v1.CreateEkmConnectionRequest" do
-      optional :parent, :string, 1
-      optional :ekm_connection_id, :string, 2
-      optional :ekm_connection, :message, 3, "google.cloud.kms.v1.EkmConnection"
-    end
-    add_message "google.cloud.kms.v1.UpdateEkmConnectionRequest" do
-      optional :ekm_connection, :message, 1, "google.cloud.kms.v1.EkmConnection"
-      optional :update_mask, :message, 2, "google.protobuf.FieldMask"
-    end
-    add_message "google.cloud.kms.v1.GetEkmConfigRequest" do
-      optional :name, :string, 1
-    end
-    add_message "google.cloud.kms.v1.UpdateEkmConfigRequest" do
-      optional :ekm_config, :message, 1, "google.cloud.kms.v1.EkmConfig"
-      optional :update_mask, :message, 2, "google.protobuf.FieldMask"
-    end
-    add_message "google.cloud.kms.v1.Certificate" do
-      optional :raw_der, :bytes, 1
-      optional :parsed, :bool, 2
-      optional :issuer, :string, 3
-      optional :subject, :string, 4
-      repeated :subject_alternative_dns_names, :string, 5
-      optional :not_before_time, :message, 6, "google.protobuf.Timestamp"
-      optional :not_after_time, :message, 7, "google.protobuf.Timestamp"
-      optional :serial_number, :string, 8
-      optional :sha256_fingerprint, :string, 9
-    end
-    add_message "google.cloud.kms.v1.EkmConnection" do
-      optional :name, :string, 1
-      optional :create_time, :message, 2, "google.protobuf.Timestamp"
-      repeated :service_resolvers, :message, 3, "google.cloud.kms.v1.EkmConnection.ServiceResolver"
-      optional :etag, :string, 5
-      optional :key_management_mode, :enum, 6, "google.cloud.kms.v1.EkmConnection.KeyManagementMode"
-      optional :crypto_space_path, :string, 7
-    end
-    add_message "google.cloud.kms.v1.EkmConnection.ServiceResolver" do
-      optional :service_directory_service, :string, 1
-      optional :endpoint_filter, :string, 2
-      optional :hostname, :string, 3
-      repeated :server_certificates, :message, 4, "google.cloud.kms.v1.Certificate"
-    end
-    add_enum "google.cloud.kms.v1.EkmConnection.KeyManagementMode" do
-      value :KEY_MANAGEMENT_MODE_UNSPECIFIED, 0
-      value :MANUAL, 1
-      value :CLOUD_KMS, 2
-    end
-    add_message "google.cloud.kms.v1.EkmConfig" do
-      optional :name, :string, 1
-      optional :default_ekm_connection, :string, 2
-    end
-    add_message "google.cloud.kms.v1.VerifyConnectivityRequest" do
-      optional :name, :string, 1
-    end
-    add_message "google.cloud.kms.v1.VerifyConnectivityResponse" do
+
+descriptor_data = "\n%google/cloud/kms/v1/ekm_service.proto\x12\x13google.cloud.kms.v1\x1a\x1cgoogle/api/annotations.proto\x1a\x17google/api/client.proto\x1a\x1fgoogle/api/field_behavior.proto\x1a\x19google/api/resource.proto\x1a google/protobuf/field_mask.proto\x1a\x1fgoogle/protobuf/timestamp.proto\"\xb3\x01\n\x19ListEkmConnectionsRequest\x12\x39\n\x06parent\x18\x01 \x01(\tB)\xe0\x41\x02\xfa\x41#\n!locations.googleapis.com/Location\x12\x16\n\tpage_size\x18\x02 \x01(\x05\x42\x03\xe0\x41\x01\x12\x17\n\npage_token\x18\x03 \x01(\tB\x03\xe0\x41\x01\x12\x13\n\x06\x66ilter\x18\x04 \x01(\tB\x03\xe0\x41\x01\x12\x15\n\x08order_by\x18\x05 \x01(\tB\x03\xe0\x41\x01\"\x86\x01\n\x1aListEkmConnectionsResponse\x12;\n\x0f\x65km_connections\x18\x01 \x03(\x0b\x32\".google.cloud.kms.v1.EkmConnection\x12\x17\n\x0fnext_page_token\x18\x02 \x01(\t\x12\x12\n\ntotal_size\x18\x03 \x01(\x05\"V\n\x17GetEkmConnectionRequest\x12;\n\x04name\x18\x01 \x01(\tB-\xe0\x41\x02\xfa\x41\'\n%cloudkms.googleapis.com/EkmConnection\"\xb8\x01\n\x1a\x43reateEkmConnectionRequest\x12\x39\n\x06parent\x18\x01 \x01(\tB)\xe0\x41\x02\xfa\x41#\n!locations.googleapis.com/Location\x12\x1e\n\x11\x65km_connection_id\x18\x02 \x01(\tB\x03\xe0\x41\x02\x12?\n\x0e\x65km_connection\x18\x03 \x01(\x0b\x32\".google.cloud.kms.v1.EkmConnectionB\x03\xe0\x41\x02\"\x93\x01\n\x1aUpdateEkmConnectionRequest\x12?\n\x0e\x65km_connection\x18\x01 \x01(\x0b\x32\".google.cloud.kms.v1.EkmConnectionB\x03\xe0\x41\x02\x12\x34\n\x0bupdate_mask\x18\x02 \x01(\x0b\x32\x1a.google.protobuf.FieldMaskB\x03\xe0\x41\x02\"N\n\x13GetEkmConfigRequest\x12\x37\n\x04name\x18\x01 \x01(\tB)\xe0\x41\x02\xfa\x41#\n!cloudkms.googleapis.com/EkmConfig\"\x87\x01\n\x16UpdateEkmConfigRequest\x12\x37\n\nekm_config\x18\x01 \x01(\x0b\x32\x1e.google.cloud.kms.v1.EkmConfigB\x03\xe0\x41\x02\x12\x34\n\x0bupdate_mask\x18\x02 \x01(\x0b\x32\x1a.google.protobuf.FieldMaskB\x03\xe0\x41\x02\"\xbf\x02\n\x0b\x43\x65rtificate\x12\x14\n\x07raw_der\x18\x01 \x01(\x0c\x42\x03\xe0\x41\x02\x12\x13\n\x06parsed\x18\x02 \x01(\x08\x42\x03\xe0\x41\x03\x12\x13\n\x06issuer\x18\x03 \x01(\tB\x03\xe0\x41\x03\x12\x14\n\x07subject\x18\x04 \x01(\tB\x03\xe0\x41\x03\x12*\n\x1dsubject_alternative_dns_names\x18\x05 \x03(\tB\x03\xe0\x41\x03\x12\x38\n\x0fnot_before_time\x18\x06 \x01(\x0b\x32\x1a.google.protobuf.TimestampB\x03\xe0\x41\x03\x12\x37\n\x0enot_after_time\x18\x07 \x01(\x0b\x32\x1a.google.protobuf.TimestampB\x03\xe0\x41\x03\x12\x1a\n\rserial_number\x18\x08 \x01(\tB\x03\xe0\x41\x03\x12\x1f\n\x12sha256_fingerprint\x18\t \x01(\tB\x03\xe0\x41\x03\"\xdd\x05\n\rEkmConnection\x12\x11\n\x04name\x18\x01 \x01(\tB\x03\xe0\x41\x03\x12\x34\n\x0b\x63reate_time\x18\x02 \x01(\x0b\x32\x1a.google.protobuf.TimestampB\x03\xe0\x41\x03\x12M\n\x11service_resolvers\x18\x03 \x03(\x0b\x32\x32.google.cloud.kms.v1.EkmConnection.ServiceResolver\x12\x11\n\x04\x65tag\x18\x05 \x01(\tB\x03\xe0\x41\x01\x12V\n\x13key_management_mode\x18\x06 \x01(\x0e\x32\x34.google.cloud.kms.v1.EkmConnection.KeyManagementModeB\x03\xe0\x41\x01\x12\x1e\n\x11\x63rypto_space_path\x18\x07 \x01(\tB\x03\xe0\x41\x01\x1a\xde\x01\n\x0fServiceResolver\x12R\n\x19service_directory_service\x18\x01 \x01(\tB/\xe0\x41\x02\xfa\x41)\n\'servicedirectory.googleapis.com/Service\x12\x1c\n\x0f\x65ndpoint_filter\x18\x02 \x01(\tB\x03\xe0\x41\x01\x12\x15\n\x08hostname\x18\x03 \x01(\tB\x03\xe0\x41\x02\x12\x42\n\x13server_certificates\x18\x04 \x03(\x0b\x32 .google.cloud.kms.v1.CertificateB\x03\xe0\x41\x02\"S\n\x11KeyManagementMode\x12#\n\x1fKEY_MANAGEMENT_MODE_UNSPECIFIED\x10\x00\x12\n\n\x06MANUAL\x10\x01\x12\r\n\tCLOUD_KMS\x10\x02:s\xea\x41p\n%cloudkms.googleapis.com/EkmConnection\x12Gprojects/{project}/locations/{location}/ekmConnections/{ekm_connection}\"\xc8\x01\n\tEkmConfig\x12\x11\n\x04name\x18\x01 \x01(\tB\x03\xe0\x41\x03\x12M\n\x16\x64\x65\x66\x61ult_ekm_connection\x18\x02 \x01(\tB-\xe0\x41\x01\xfa\x41\'\n%cloudkms.googleapis.com/EkmConnection:Y\xea\x41V\n!cloudkms.googleapis.com/EkmConfig\x12\x31projects/{project}/locations/{location}/ekmConfig\"X\n\x19VerifyConnectivityRequest\x12;\n\x04name\x18\x01 \x01(\tB-\xe0\x41\x02\xfa\x41\'\n%cloudkms.googleapis.com/EkmConnection\"\x1c\n\x1aVerifyConnectivityResponse2\xdc\x0b\n\nEkmService\x12\xba\x01\n\x12ListEkmConnections\x12..google.cloud.kms.v1.ListEkmConnectionsRequest\x1a/.google.cloud.kms.v1.ListEkmConnectionsResponse\"C\x82\xd3\xe4\x93\x02\x34\x12\x32/v1/{parent=projects/*/locations/*}/ekmConnections\xda\x41\x06parent\x12\xa7\x01\n\x10GetEkmConnection\x12,.google.cloud.kms.v1.GetEkmConnectionRequest\x1a\".google.cloud.kms.v1.EkmConnection\"A\x82\xd3\xe4\x93\x02\x34\x12\x32/v1/{name=projects/*/locations/*/ekmConnections/*}\xda\x41\x04name\x12\xe0\x01\n\x13\x43reateEkmConnection\x12/.google.cloud.kms.v1.CreateEkmConnectionRequest\x1a\".google.cloud.kms.v1.EkmConnection\"t\x82\xd3\xe4\x93\x02\x44\"2/v1/{parent=projects/*/locations/*}/ekmConnections:\x0e\x65km_connection\xda\x41\'parent,ekm_connection_id,ekm_connection\x12\xe2\x01\n\x13UpdateEkmConnection\x12/.google.cloud.kms.v1.UpdateEkmConnectionRequest\x1a\".google.cloud.kms.v1.EkmConnection\"v\x82\xd3\xe4\x93\x02S2A/v1/{ekm_connection.name=projects/*/locations/*/ekmConnections/*}:\x0e\x65km_connection\xda\x41\x1a\x65km_connection,update_mask\x12\x94\x01\n\x0cGetEkmConfig\x12(.google.cloud.kms.v1.GetEkmConfigRequest\x1a\x1e.google.cloud.kms.v1.EkmConfig\":\x82\xd3\xe4\x93\x02-\x12+/v1/{name=projects/*/locations/*/ekmConfig}\xda\x41\x04name\x12\xc3\x01\n\x0fUpdateEkmConfig\x12+.google.cloud.kms.v1.UpdateEkmConfigRequest\x1a\x1e.google.cloud.kms.v1.EkmConfig\"c\x82\xd3\xe4\x93\x02\x44\x32\x36/v1/{ekm_config.name=projects/*/locations/*/ekmConfig}:\nekm_config\xda\x41\x16\x65km_config,update_mask\x12\xcb\x01\n\x12VerifyConnectivity\x12..google.cloud.kms.v1.VerifyConnectivityRequest\x1a/.google.cloud.kms.v1.VerifyConnectivityResponse\"T\x82\xd3\xe4\x93\x02G\x12\x45/v1/{name=projects/*/locations/*/ekmConnections/*}:verifyConnectivity\xda\x41\x04name\x1at\xca\x41\x17\x63loudkms.googleapis.com\xd2\x41Whttps://www.googleapis.com/auth/cloud-platform,https://www.googleapis.com/auth/cloudkmsB\x85\x02\n\x17\x63om.google.cloud.kms.v1B\x0f\x45kmServiceProtoP\x01Z)cloud.google.com/go/kms/apiv1/kmspb;kmspb\xf8\x01\x01\xaa\x02\x13Google.Cloud.Kms.V1\xca\x02\x13Google\\Cloud\\Kms\\V1\xea\x41|\n\'servicedirectory.googleapis.com/Service\x12Qprojects/{project}/locations/{location}/namespaces/{namespace}/services/{service}b\x06proto3"
+
+pool = Google::Protobuf::DescriptorPool.generated_pool
+
+begin
+  pool.add_serialized_file(descriptor_data)
+rescue TypeError => e
+  # Compatibility code: will be removed in the next major version.
+  require 'google/protobuf/descriptor_pb'
+  parsed = Google::Protobuf::FileDescriptorProto.decode(descriptor_data)
+  parsed.clear_dependency
+  serialized = parsed.class.encode(parsed)
+  file = pool.add_serialized_file(serialized)
+  warn "Warning: Protobuf detected an import path issue while loading generated file #{__FILE__}"
+  imports = [
+    ["google.protobuf.FieldMask", "google/protobuf/field_mask.proto"],
+    ["google.protobuf.Timestamp", "google/protobuf/timestamp.proto"],
+  ]
+  imports.each do |type_name, expected_filename|
+    import_file = pool.lookup(type_name).file_descriptor
+    if import_file.name != expected_filename
+      warn "- #{file.name} imports #{expected_filename}, but that import was loaded as #{import_file.name}"
     end
   end
+  warn "Each proto file must use a consistent fully-qualified name."
+  warn "This will become an error in the next major version."
 end
 
 module Google

data/lib/google/cloud/kms/v1/key_management_service/client.rb

@@ -260,7 +260,7 @@ module Google
               credentials = @config.credentials
               # Use self-signed JWT if the endpoint is unchanged from default,
               # but only if the default endpoint does not have a region prefix.
-              enable_self_signed_jwt = @config.endpoint == Client.configure.endpoint &&
+              enable_self_signed_jwt = @config.endpoint == Configuration::DEFAULT_ENDPOINT &&
                                        !@config.endpoint.split(".").first.include?("-")
               credentials ||= Credentials.default scope: @config.scope,
                                                   enable_self_signed_jwt: enable_self_signed_jwt
@@ -2539,6 +2539,332 @@ module Google
               raise ::Google::Cloud::Error.from_error(e)
             end
 
+            ##
+            # Encrypts data using portable cryptographic primitives. Most users should
+            # choose {::Google::Cloud::Kms::V1::KeyManagementService::Client#encrypt Encrypt} and
+            # {::Google::Cloud::Kms::V1::KeyManagementService::Client#decrypt Decrypt} rather than
+            # their raw counterparts. The
+            # {::Google::Cloud::Kms::V1::CryptoKey#purpose CryptoKey.purpose} must be
+            # {::Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose::RAW_ENCRYPT_DECRYPT RAW_ENCRYPT_DECRYPT}.
+            #
+            # @overload raw_encrypt(request, options = nil)
+            #   Pass arguments to `raw_encrypt` via a request object, either of type
+            #   {::Google::Cloud::Kms::V1::RawEncryptRequest} or an equivalent Hash.
+            #
+            #   @param request [::Google::Cloud::Kms::V1::RawEncryptRequest, ::Hash]
+            #     A request object representing the call parameters. Required. To specify no
+            #     parameters, or to keep all the default parameter values, pass an empty Hash.
+            #   @param options [::Gapic::CallOptions, ::Hash]
+            #     Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
+            #
+            # @overload raw_encrypt(name: nil, plaintext: nil, additional_authenticated_data: nil, plaintext_crc32c: nil, additional_authenticated_data_crc32c: nil, initialization_vector: nil, initialization_vector_crc32c: nil)
+            #   Pass arguments to `raw_encrypt` via keyword arguments. Note that at
+            #   least one keyword argument is required. To specify no parameters, or to keep all
+            #   the default parameter values, pass an empty Hash as a request object (see above).
+            #
+            #   @param name [::String]
+            #     Required. The resource name of the
+            #     {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use for
+            #     encryption.
+            #   @param plaintext [::String]
+            #     Required. The data to encrypt. Must be no larger than 64KiB.
+            #
+            #     The maximum size depends on the key version's
+            #     {::Google::Cloud::Kms::V1::CryptoKeyVersionTemplate#protection_level protection_level}.
+            #     For {::Google::Cloud::Kms::V1::ProtectionLevel::SOFTWARE SOFTWARE} keys, the
+            #     plaintext must be no larger than 64KiB. For
+            #     {::Google::Cloud::Kms::V1::ProtectionLevel::HSM HSM} keys, the combined length of
+            #     the plaintext and additional_authenticated_data fields must be no larger
+            #     than 8KiB.
+            #   @param additional_authenticated_data [::String]
+            #     Optional. Optional data that, if specified, must also be provided during
+            #     decryption through
+            #     {::Google::Cloud::Kms::V1::RawDecryptRequest#additional_authenticated_data RawDecryptRequest.additional_authenticated_data}.
+            #
+            #     This field may only be used in conjunction with an
+            #     {::Google::Cloud::Kms::V1::CryptoKeyVersion#algorithm algorithm} that accepts
+            #     additional authenticated data (for example, AES-GCM).
+            #
+            #     The maximum size depends on the key version's
+            #     {::Google::Cloud::Kms::V1::CryptoKeyVersionTemplate#protection_level protection_level}.
+            #     For {::Google::Cloud::Kms::V1::ProtectionLevel::SOFTWARE SOFTWARE} keys, the
+            #     plaintext must be no larger than 64KiB. For
+            #     {::Google::Cloud::Kms::V1::ProtectionLevel::HSM HSM} keys, the combined length of
+            #     the plaintext and additional_authenticated_data fields must be no larger
+            #     than 8KiB.
+            #   @param plaintext_crc32c [::Google::Protobuf::Int64Value, ::Hash]
+            #     Optional. An optional CRC32C checksum of the
+            #     {::Google::Cloud::Kms::V1::RawEncryptRequest#plaintext RawEncryptRequest.plaintext}.
+            #     If specified,
+            #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will
+            #     verify the integrity of the received plaintext using this checksum.
+            #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will
+            #     report an error if the checksum verification fails. If you receive a
+            #     checksum error, your client should verify that CRC32C(plaintext) is equal
+            #     to plaintext_crc32c, and if so, perform a limited number of retries. A
+            #     persistent mismatch may indicate an issue in your computation of the CRC32C
+            #     checksum. Note: This field is defined as int64 for reasons of compatibility
+            #     across different languages. However, it is a non-negative integer, which
+            #     will never exceed 2^32-1, and can be safely downconverted to uint32 in
+            #     languages that support this type.
+            #   @param additional_authenticated_data_crc32c [::Google::Protobuf::Int64Value, ::Hash]
+            #     Optional. An optional CRC32C checksum of the
+            #     {::Google::Cloud::Kms::V1::RawEncryptRequest#additional_authenticated_data RawEncryptRequest.additional_authenticated_data}.
+            #     If specified,
+            #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will
+            #     verify the integrity of the received additional_authenticated_data using
+            #     this checksum.
+            #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will
+            #     report an error if the checksum verification fails. If you receive a
+            #     checksum error, your client should verify that
+            #     CRC32C(additional_authenticated_data) is equal to
+            #     additional_authenticated_data_crc32c, and if so, perform
+            #     a limited number of retries. A persistent mismatch may indicate an issue in
+            #     your computation of the CRC32C checksum.
+            #     Note: This field is defined as int64 for reasons of compatibility across
+            #     different languages. However, it is a non-negative integer, which will
+            #     never exceed 2^32-1, and can be safely downconverted to uint32 in languages
+            #     that support this type.
+            #   @param initialization_vector [::String]
+            #     Optional. A customer-supplied initialization vector that will be used for
+            #     encryption. If it is not provided for AES-CBC and AES-CTR, one will be
+            #     generated. It will be returned in
+            #     {::Google::Cloud::Kms::V1::RawEncryptResponse#initialization_vector RawEncryptResponse.initialization_vector}.
+            #   @param initialization_vector_crc32c [::Google::Protobuf::Int64Value, ::Hash]
+            #     Optional. An optional CRC32C checksum of the
+            #     {::Google::Cloud::Kms::V1::RawEncryptRequest#initialization_vector RawEncryptRequest.initialization_vector}.
+            #     If specified,
+            #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will
+            #     verify the integrity of the received initialization_vector using this
+            #     checksum. {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}
+            #     will report an error if the checksum verification fails. If you receive a
+            #     checksum error, your client should verify that
+            #     CRC32C(initialization_vector) is equal to
+            #     initialization_vector_crc32c, and if so, perform
+            #     a limited number of retries. A persistent mismatch may indicate an issue in
+            #     your computation of the CRC32C checksum.
+            #     Note: This field is defined as int64 for reasons of compatibility across
+            #     different languages. However, it is a non-negative integer, which will
+            #     never exceed 2^32-1, and can be safely downconverted to uint32 in languages
+            #     that support this type.
+            #
+            # @yield [response, operation] Access the result along with the RPC operation
+            # @yieldparam response [::Google::Cloud::Kms::V1::RawEncryptResponse]
+            # @yieldparam operation [::GRPC::ActiveCall::Operation]
+            #
+            # @return [::Google::Cloud::Kms::V1::RawEncryptResponse]
+            #
+            # @raise [::Google::Cloud::Error] if the RPC is aborted.
+            #
+            # @example Basic example
+            #   require "google/cloud/kms/v1"
+            #
+            #   # Create a client object. The client can be reused for multiple calls.
+            #   client = Google::Cloud::Kms::V1::KeyManagementService::Client.new
+            #
+            #   # Create a request. To set request fields, pass in keyword arguments.
+            #   request = Google::Cloud::Kms::V1::RawEncryptRequest.new
+            #
+            #   # Call the raw_encrypt method.
+            #   result = client.raw_encrypt request
+            #
+            #   # The returned object is of type Google::Cloud::Kms::V1::RawEncryptResponse.
+            #   p result
+            #
+            def raw_encrypt request, options = nil
+              raise ::ArgumentError, "request must be provided" if request.nil?
+
+              request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Kms::V1::RawEncryptRequest
+
+              # Converts hash and nil to an options object
+              options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
+
+              # Customize the options with defaults
+              metadata = @config.rpcs.raw_encrypt.metadata.to_h
+
+              # Set x-goog-api-client and x-goog-user-project headers
+              metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
+                lib_name: @config.lib_name, lib_version: @config.lib_version,
+                gapic_version: ::Google::Cloud::Kms::V1::VERSION
+              metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
+
+              header_params = {}
+              if request.name
+                header_params["name"] = request.name
+              end
+
+              request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
+              metadata[:"x-goog-request-params"] ||= request_params_header
+
+              options.apply_defaults timeout:      @config.rpcs.raw_encrypt.timeout,
+                                     metadata:     metadata,
+                                     retry_policy: @config.rpcs.raw_encrypt.retry_policy
+
+              options.apply_defaults timeout:      @config.timeout,
+                                     metadata:     @config.metadata,
+                                     retry_policy: @config.retry_policy
+
+              @key_management_service_stub.call_rpc :raw_encrypt, request, options: options do |response, operation|
+                yield response, operation if block_given?
+                return response
+              end
+            rescue ::GRPC::BadStatus => e
+              raise ::Google::Cloud::Error.from_error(e)
+            end
+
+            ##
+            # Decrypts data that was originally encrypted using a raw cryptographic
+            # mechanism. The {::Google::Cloud::Kms::V1::CryptoKey#purpose CryptoKey.purpose}
+            # must be
+            # {::Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose::RAW_ENCRYPT_DECRYPT RAW_ENCRYPT_DECRYPT}.
+            #
+            # @overload raw_decrypt(request, options = nil)
+            #   Pass arguments to `raw_decrypt` via a request object, either of type
+            #   {::Google::Cloud::Kms::V1::RawDecryptRequest} or an equivalent Hash.
+            #
+            #   @param request [::Google::Cloud::Kms::V1::RawDecryptRequest, ::Hash]
+            #     A request object representing the call parameters. Required. To specify no
+            #     parameters, or to keep all the default parameter values, pass an empty Hash.
+            #   @param options [::Gapic::CallOptions, ::Hash]
+            #     Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
+            #
+            # @overload raw_decrypt(name: nil, ciphertext: nil, additional_authenticated_data: nil, initialization_vector: nil, tag_length: nil, ciphertext_crc32c: nil, additional_authenticated_data_crc32c: nil, initialization_vector_crc32c: nil)
+            #   Pass arguments to `raw_decrypt` via keyword arguments. Note that at
+            #   least one keyword argument is required. To specify no parameters, or to keep all
+            #   the default parameter values, pass an empty Hash as a request object (see above).
+            #
+            #   @param name [::String]
+            #     Required. The resource name of the
+            #     {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use for
+            #     decryption.
+            #   @param ciphertext [::String]
+            #     Required. The encrypted data originally returned in
+            #     {::Google::Cloud::Kms::V1::RawEncryptResponse#ciphertext RawEncryptResponse.ciphertext}.
+            #   @param additional_authenticated_data [::String]
+            #     Optional. Optional data that must match the data originally supplied in
+            #     {::Google::Cloud::Kms::V1::RawEncryptRequest#additional_authenticated_data RawEncryptRequest.additional_authenticated_data}.
+            #   @param initialization_vector [::String]
+            #     Required. The initialization vector (IV) used during encryption, which must
+            #     match the data originally provided in
+            #     {::Google::Cloud::Kms::V1::RawEncryptResponse#initialization_vector RawEncryptResponse.initialization_vector}.
+            #   @param tag_length [::Integer]
+            #     The length of the authentication tag that is appended to the end of
+            #     the ciphertext. If unspecified (0), the default value for the key's
+            #     algorithm will be used (for AES-GCM, the default value is 16).
+            #   @param ciphertext_crc32c [::Google::Protobuf::Int64Value, ::Hash]
+            #     Optional. An optional CRC32C checksum of the
+            #     {::Google::Cloud::Kms::V1::RawDecryptRequest#ciphertext RawDecryptRequest.ciphertext}.
+            #     If specified,
+            #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will
+            #     verify the integrity of the received ciphertext using this checksum.
+            #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will
+            #     report an error if the checksum verification fails. If you receive a
+            #     checksum error, your client should verify that CRC32C(ciphertext) is equal
+            #     to ciphertext_crc32c, and if so, perform a limited number of retries. A
+            #     persistent mismatch may indicate an issue in your computation of the CRC32C
+            #     checksum. Note: This field is defined as int64 for reasons of compatibility
+            #     across different languages. However, it is a non-negative integer, which
+            #     will never exceed 2^32-1, and can be safely downconverted to uint32 in
+            #     languages that support this type.
+            #   @param additional_authenticated_data_crc32c [::Google::Protobuf::Int64Value, ::Hash]
+            #     Optional. An optional CRC32C checksum of the
+            #     {::Google::Cloud::Kms::V1::RawDecryptRequest#additional_authenticated_data RawDecryptRequest.additional_authenticated_data}.
+            #     If specified,
+            #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will
+            #     verify the integrity of the received additional_authenticated_data using
+            #     this checksum.
+            #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will
+            #     report an error if the checksum verification fails. If you receive a
+            #     checksum error, your client should verify that
+            #     CRC32C(additional_authenticated_data) is equal to
+            #     additional_authenticated_data_crc32c, and if so, perform
+            #     a limited number of retries. A persistent mismatch may indicate an issue in
+            #     your computation of the CRC32C checksum.
+            #     Note: This field is defined as int64 for reasons of compatibility across
+            #     different languages. However, it is a non-negative integer, which will
+            #     never exceed 2^32-1, and can be safely downconverted to uint32 in languages
+            #     that support this type.
+            #   @param initialization_vector_crc32c [::Google::Protobuf::Int64Value, ::Hash]
+            #     Optional. An optional CRC32C checksum of the
+            #     {::Google::Cloud::Kms::V1::RawDecryptRequest#initialization_vector RawDecryptRequest.initialization_vector}.
+            #     If specified,
+            #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will
+            #     verify the integrity of the received initialization_vector using this
+            #     checksum. {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}
+            #     will report an error if the checksum verification fails. If you receive a
+            #     checksum error, your client should verify that
+            #     CRC32C(initialization_vector) is equal to initialization_vector_crc32c, and
+            #     if so, perform a limited number of retries. A persistent mismatch may
+            #     indicate an issue in your computation of the CRC32C checksum.
+            #     Note: This field is defined as int64 for reasons of compatibility across
+            #     different languages. However, it is a non-negative integer, which will
+            #     never exceed 2^32-1, and can be safely downconverted to uint32 in languages
+            #     that support this type.
+            #
+            # @yield [response, operation] Access the result along with the RPC operation
+            # @yieldparam response [::Google::Cloud::Kms::V1::RawDecryptResponse]
+            # @yieldparam operation [::GRPC::ActiveCall::Operation]
+            #
+            # @return [::Google::Cloud::Kms::V1::RawDecryptResponse]
+            #
+            # @raise [::Google::Cloud::Error] if the RPC is aborted.
+            #
+            # @example Basic example
+            #   require "google/cloud/kms/v1"
+            #
+            #   # Create a client object. The client can be reused for multiple calls.
+            #   client = Google::Cloud::Kms::V1::KeyManagementService::Client.new
+            #
+            #   # Create a request. To set request fields, pass in keyword arguments.
+            #   request = Google::Cloud::Kms::V1::RawDecryptRequest.new
+            #
+            #   # Call the raw_decrypt method.
+            #   result = client.raw_decrypt request
+            #
+            #   # The returned object is of type Google::Cloud::Kms::V1::RawDecryptResponse.
+            #   p result
+            #
+            def raw_decrypt request, options = nil
+              raise ::ArgumentError, "request must be provided" if request.nil?
+
+              request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Kms::V1::RawDecryptRequest
+
+              # Converts hash and nil to an options object
+              options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
+
+              # Customize the options with defaults
+              metadata = @config.rpcs.raw_decrypt.metadata.to_h
+
+              # Set x-goog-api-client and x-goog-user-project headers
+              metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
+                lib_name: @config.lib_name, lib_version: @config.lib_version,
+                gapic_version: ::Google::Cloud::Kms::V1::VERSION
+              metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
+
+              header_params = {}
+              if request.name
+                header_params["name"] = request.name
+              end
+
+              request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
+              metadata[:"x-goog-request-params"] ||= request_params_header
+
+              options.apply_defaults timeout:      @config.rpcs.raw_decrypt.timeout,
+                                     metadata:     metadata,
+                                     retry_policy: @config.rpcs.raw_decrypt.retry_policy
+
+              options.apply_defaults timeout:      @config.timeout,
+                                     metadata:     @config.metadata,
+                                     retry_policy: @config.retry_policy
+
+              @key_management_service_stub.call_rpc :raw_decrypt, request, options: options do |response, operation|
+                yield response, operation if block_given?
+                return response
+              end
+            rescue ::GRPC::BadStatus => e
+              raise ::Google::Cloud::Error.from_error(e)
+            end
+
             ##
             # Signs data using a {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}
             # with {::Google::Cloud::Kms::V1::CryptoKey#purpose CryptoKey.purpose}
@@ -3217,7 +3543,9 @@ module Google
             class Configuration
               extend ::Gapic::Config
 
-              config_attr :endpoint,      "cloudkms.googleapis.com", ::String
+              DEFAULT_ENDPOINT = "cloudkms.googleapis.com"
+
+              config_attr :endpoint,      DEFAULT_ENDPOINT, ::String
               config_attr :credentials,   nil do |value|
                 allowed = [::String, ::Hash, ::Proc, ::Symbol, ::Google::Auth::Credentials, ::Signet::OAuth2::Client, nil]
                 allowed += [::GRPC::Core::Channel, ::GRPC::Core::ChannelCredentials] if defined? ::GRPC
@@ -3376,6 +3704,16 @@ module Google
                 #
                 attr_reader :decrypt
                 ##
+                # RPC-specific configuration for `raw_encrypt`
+                # @return [::Gapic::Config::Method]
+                #
+                attr_reader :raw_encrypt
+                ##
+                # RPC-specific configuration for `raw_decrypt`
+                # @return [::Gapic::Config::Method]
+                #
+                attr_reader :raw_decrypt
+                ##
                 # RPC-specific configuration for `asymmetric_sign`
                 # @return [::Gapic::Config::Method]
                 #
@@ -3445,6 +3783,10 @@ module Google
                   @encrypt = ::Gapic::Config::Method.new encrypt_config
                   decrypt_config = parent_rpcs.decrypt if parent_rpcs.respond_to? :decrypt
                   @decrypt = ::Gapic::Config::Method.new decrypt_config
+                  raw_encrypt_config = parent_rpcs.raw_encrypt if parent_rpcs.respond_to? :raw_encrypt
+                  @raw_encrypt = ::Gapic::Config::Method.new raw_encrypt_config
+                  raw_decrypt_config = parent_rpcs.raw_decrypt if parent_rpcs.respond_to? :raw_decrypt
+                  @raw_decrypt = ::Gapic::Config::Method.new raw_decrypt_config
                   asymmetric_sign_config = parent_rpcs.asymmetric_sign if parent_rpcs.respond_to? :asymmetric_sign
                   @asymmetric_sign = ::Gapic::Config::Method.new asymmetric_sign_config
                   asymmetric_decrypt_config = parent_rpcs.asymmetric_decrypt if parent_rpcs.respond_to? :asymmetric_decrypt