google-cloud-kms-v1 0.2.1 → 0.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 334c3ff0c8c684f59c549b670032d57c432b272c2ce41517ab98cf77d8f07586
4
- data.tar.gz: c2cf9a6005cbd74ba7e410b927808f3cb2bd43a8c43fdee4992450ee1124d406
3
+ metadata.gz: 30584c9e98e0ffa23ec41d8ecdb01ac1afe6afc14f5fe44ab275b41ea80bfe3f
4
+ data.tar.gz: d1f8d8aa1668d3e840fbaf34cf0a2028e536df2cc5d95bdf1de990053a9d663d
5
5
  SHA512:
6
- metadata.gz: f3f93c759613ea8878352067533741ab1451a5117362b8d07e2dbcf47069d30e7f280c6457749fa239087f2cfc82bb8b63e4dd77f634bb469333046e8c21618d
7
- data.tar.gz: 3e244ed32592d623f79de9b70a901c9e479afc44a11640703e629bab6557fa2785d48dac1338e5cd81d25fa384c5bf6dd8535d481146584bf010d4ed35c509ce
6
+ metadata.gz: 471cd04d23a51ff4b22aba4e034963fff882ed3eb99ec860f4232745807bad18808744b64354fa579c9dd15ac46aa9a21e56752c4d6c0f4c7f5b3d06e90dd029
7
+ data.tar.gz: 79fbe0e0193f631b0d105b825cef1d32d30d286a7eb5f5f125de3d55ca632b1279f748898ddd50c80f787280af7fbf34462a01fa50fb65835a3d9823cee0624c
data/README.md CHANGED
@@ -18,6 +18,7 @@ In order to use this library, you first need to go through the following steps:
18
18
 
19
19
  1. [Select or create a Cloud Platform project.](https://console.cloud.google.com/project)
20
20
  1. [Enable billing for your project.](https://cloud.google.com/billing/docs/how-to/modify-project#enable_billing_for_a_project)
21
+ 1. [Enable the API.](https://console.cloud.google.com/apis/library/cloudkms.googleapis.com)
21
22
  1. {file:AUTHENTICATION.md Set up authentication.}
22
23
 
23
24
  ## Quick Start
@@ -33,6 +34,9 @@ response = client.list_key_rings request
33
34
  View the [Client Library Documentation](https://googleapis.dev/ruby/google-cloud-kms-v1/latest)
34
35
  for class and method documentation.
35
36
 
37
+ See also the [Product Documentation](https://cloud.google.com/kms)
38
+ for general usage information.
39
+
36
40
  ## Enabling Logging
37
41
 
38
42
  To enable logging for this library, set the logger for the underlying [gRPC](https://github.com/grpc/grpc/tree/master/src/ruby) library.
@@ -34,3 +34,6 @@ module Google
34
34
  end
35
35
  end
36
36
  end
37
+
38
+ helper_path = ::File.join __dir__, "v1", "_helpers.rb"
39
+ require "google/cloud/kms/v1/_helpers" if ::File.file? helper_path
@@ -474,7 +474,7 @@ module Google
474
474
 
475
475
  config_attr :endpoint, "cloudkms.googleapis.com", ::String
476
476
  config_attr :credentials, nil do |value|
477
- allowed = [::String, ::Hash, ::Proc, ::Google::Auth::Credentials, ::Signet::OAuth2::Client, nil]
477
+ allowed = [::String, ::Hash, ::Proc, ::Symbol, ::Google::Auth::Credentials, ::Signet::OAuth2::Client, nil]
478
478
  allowed += [::GRPC::Core::Channel, ::GRPC::Core::ChannelCredentials] if defined? ::GRPC
479
479
  allowed.any? { |klass| klass === value }
480
480
  end
@@ -514,7 +514,7 @@ module Google
514
514
  # Each configuration object is of type `Gapic::Config::Method` and includes
515
515
  # the following configuration fields:
516
516
  #
517
- # * `timeout` (*type:* `Numeric`) - The call timeout in milliseconds
517
+ # * `timeout` (*type:* `Numeric`) - The call timeout in seconds
518
518
  # * `metadata` (*type:* `Hash{Symbol=>String}`) - Additional gRPC headers
519
519
  # * `retry_policy (*type:* `Hash`) - The retry policy. The policy fields
520
520
  # include the following keys:
@@ -81,7 +81,7 @@ module Google
81
81
  initial_delay: 0.1,
82
82
  max_delay: 60.0,
83
83
  multiplier: 1.3,
84
- retry_codes: ["INTERNAL", "UNAVAILABLE", "DEADLINE_EXCEEDED"]
84
+ retry_codes: [13, 14, 4]
85
85
  }
86
86
 
87
87
  default_config.rpcs.list_crypto_keys.timeout = 60.0
@@ -89,7 +89,7 @@ module Google
89
89
  initial_delay: 0.1,
90
90
  max_delay: 60.0,
91
91
  multiplier: 1.3,
92
- retry_codes: ["INTERNAL", "UNAVAILABLE", "DEADLINE_EXCEEDED"]
92
+ retry_codes: [13, 14, 4]
93
93
  }
94
94
 
95
95
  default_config.rpcs.list_crypto_key_versions.timeout = 60.0
@@ -97,7 +97,7 @@ module Google
97
97
  initial_delay: 0.1,
98
98
  max_delay: 60.0,
99
99
  multiplier: 1.3,
100
- retry_codes: ["INTERNAL", "UNAVAILABLE", "DEADLINE_EXCEEDED"]
100
+ retry_codes: [13, 14, 4]
101
101
  }
102
102
 
103
103
  default_config.rpcs.list_import_jobs.timeout = 60.0
@@ -105,7 +105,7 @@ module Google
105
105
  initial_delay: 0.1,
106
106
  max_delay: 60.0,
107
107
  multiplier: 1.3,
108
- retry_codes: ["INTERNAL", "UNAVAILABLE", "DEADLINE_EXCEEDED"]
108
+ retry_codes: [13, 14, 4]
109
109
  }
110
110
 
111
111
  default_config.rpcs.get_key_ring.timeout = 60.0
@@ -113,7 +113,7 @@ module Google
113
113
  initial_delay: 0.1,
114
114
  max_delay: 60.0,
115
115
  multiplier: 1.3,
116
- retry_codes: ["INTERNAL", "UNAVAILABLE", "DEADLINE_EXCEEDED"]
116
+ retry_codes: [13, 14, 4]
117
117
  }
118
118
 
119
119
  default_config.rpcs.get_crypto_key.timeout = 60.0
@@ -121,7 +121,7 @@ module Google
121
121
  initial_delay: 0.1,
122
122
  max_delay: 60.0,
123
123
  multiplier: 1.3,
124
- retry_codes: ["INTERNAL", "UNAVAILABLE", "DEADLINE_EXCEEDED"]
124
+ retry_codes: [13, 14, 4]
125
125
  }
126
126
 
127
127
  default_config.rpcs.get_crypto_key_version.timeout = 60.0
@@ -129,7 +129,7 @@ module Google
129
129
  initial_delay: 0.1,
130
130
  max_delay: 60.0,
131
131
  multiplier: 1.3,
132
- retry_codes: ["INTERNAL", "UNAVAILABLE", "DEADLINE_EXCEEDED"]
132
+ retry_codes: [13, 14, 4]
133
133
  }
134
134
 
135
135
  default_config.rpcs.get_public_key.timeout = 60.0
@@ -137,7 +137,7 @@ module Google
137
137
  initial_delay: 0.1,
138
138
  max_delay: 60.0,
139
139
  multiplier: 1.3,
140
- retry_codes: ["INTERNAL", "UNAVAILABLE", "DEADLINE_EXCEEDED"]
140
+ retry_codes: [13, 14, 4]
141
141
  }
142
142
 
143
143
  default_config.rpcs.get_import_job.timeout = 60.0
@@ -145,7 +145,7 @@ module Google
145
145
  initial_delay: 0.1,
146
146
  max_delay: 60.0,
147
147
  multiplier: 1.3,
148
- retry_codes: ["INTERNAL", "UNAVAILABLE", "DEADLINE_EXCEEDED"]
148
+ retry_codes: [13, 14, 4]
149
149
  }
150
150
 
151
151
  default_config.rpcs.create_key_ring.timeout = 60.0
@@ -153,7 +153,7 @@ module Google
153
153
  initial_delay: 0.1,
154
154
  max_delay: 60.0,
155
155
  multiplier: 1.3,
156
- retry_codes: ["INTERNAL", "UNAVAILABLE", "DEADLINE_EXCEEDED"]
156
+ retry_codes: [13, 14, 4]
157
157
  }
158
158
 
159
159
  default_config.rpcs.create_crypto_key.timeout = 60.0
@@ -161,7 +161,7 @@ module Google
161
161
  initial_delay: 0.1,
162
162
  max_delay: 60.0,
163
163
  multiplier: 1.3,
164
- retry_codes: ["INTERNAL", "UNAVAILABLE", "DEADLINE_EXCEEDED"]
164
+ retry_codes: [13, 14, 4]
165
165
  }
166
166
 
167
167
  default_config.rpcs.create_crypto_key_version.timeout = 60.0
@@ -173,7 +173,7 @@ module Google
173
173
  initial_delay: 0.1,
174
174
  max_delay: 60.0,
175
175
  multiplier: 1.3,
176
- retry_codes: ["INTERNAL", "UNAVAILABLE", "DEADLINE_EXCEEDED"]
176
+ retry_codes: [13, 14, 4]
177
177
  }
178
178
 
179
179
  default_config.rpcs.update_crypto_key.timeout = 60.0
@@ -181,7 +181,7 @@ module Google
181
181
  initial_delay: 0.1,
182
182
  max_delay: 60.0,
183
183
  multiplier: 1.3,
184
- retry_codes: ["INTERNAL", "UNAVAILABLE", "DEADLINE_EXCEEDED"]
184
+ retry_codes: [13, 14, 4]
185
185
  }
186
186
 
187
187
  default_config.rpcs.update_crypto_key_version.timeout = 60.0
@@ -189,7 +189,7 @@ module Google
189
189
  initial_delay: 0.1,
190
190
  max_delay: 60.0,
191
191
  multiplier: 1.3,
192
- retry_codes: ["INTERNAL", "UNAVAILABLE", "DEADLINE_EXCEEDED"]
192
+ retry_codes: [13, 14, 4]
193
193
  }
194
194
 
195
195
  default_config.rpcs.encrypt.timeout = 60.0
@@ -197,7 +197,7 @@ module Google
197
197
  initial_delay: 0.1,
198
198
  max_delay: 60.0,
199
199
  multiplier: 1.3,
200
- retry_codes: ["INTERNAL", "UNAVAILABLE", "DEADLINE_EXCEEDED"]
200
+ retry_codes: [13, 14, 4]
201
201
  }
202
202
 
203
203
  default_config.rpcs.decrypt.timeout = 60.0
@@ -205,7 +205,7 @@ module Google
205
205
  initial_delay: 0.1,
206
206
  max_delay: 60.0,
207
207
  multiplier: 1.3,
208
- retry_codes: ["INTERNAL", "UNAVAILABLE", "DEADLINE_EXCEEDED"]
208
+ retry_codes: [13, 14, 4]
209
209
  }
210
210
 
211
211
  default_config.rpcs.asymmetric_sign.timeout = 60.0
@@ -213,7 +213,7 @@ module Google
213
213
  initial_delay: 0.1,
214
214
  max_delay: 60.0,
215
215
  multiplier: 1.3,
216
- retry_codes: ["INTERNAL", "UNAVAILABLE", "DEADLINE_EXCEEDED"]
216
+ retry_codes: [13, 14, 4]
217
217
  }
218
218
 
219
219
  default_config.rpcs.asymmetric_decrypt.timeout = 60.0
@@ -221,7 +221,7 @@ module Google
221
221
  initial_delay: 0.1,
222
222
  max_delay: 60.0,
223
223
  multiplier: 1.3,
224
- retry_codes: ["INTERNAL", "UNAVAILABLE", "DEADLINE_EXCEEDED"]
224
+ retry_codes: [13, 14, 4]
225
225
  }
226
226
 
227
227
  default_config.rpcs.update_crypto_key_primary_version.timeout = 60.0
@@ -229,7 +229,7 @@ module Google
229
229
  initial_delay: 0.1,
230
230
  max_delay: 60.0,
231
231
  multiplier: 1.3,
232
- retry_codes: ["INTERNAL", "UNAVAILABLE", "DEADLINE_EXCEEDED"]
232
+ retry_codes: [13, 14, 4]
233
233
  }
234
234
 
235
235
  default_config.rpcs.destroy_crypto_key_version.timeout = 60.0
@@ -237,7 +237,7 @@ module Google
237
237
  initial_delay: 0.1,
238
238
  max_delay: 60.0,
239
239
  multiplier: 1.3,
240
- retry_codes: ["INTERNAL", "UNAVAILABLE", "DEADLINE_EXCEEDED"]
240
+ retry_codes: [13, 14, 4]
241
241
  }
242
242
 
243
243
  default_config.rpcs.restore_crypto_key_version.timeout = 60.0
@@ -245,7 +245,7 @@ module Google
245
245
  initial_delay: 0.1,
246
246
  max_delay: 60.0,
247
247
  multiplier: 1.3,
248
- retry_codes: ["INTERNAL", "UNAVAILABLE", "DEADLINE_EXCEEDED"]
248
+ retry_codes: [13, 14, 4]
249
249
  }
250
250
 
251
251
  default_config
@@ -1572,7 +1572,7 @@ module Google
1572
1572
  # @param options [::Gapic::CallOptions, ::Hash]
1573
1573
  # Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
1574
1574
  #
1575
- # @overload encrypt(name: nil, plaintext: nil, additional_authenticated_data: nil)
1575
+ # @overload encrypt(name: nil, plaintext: nil, additional_authenticated_data: nil, plaintext_crc32c: nil, additional_authenticated_data_crc32c: nil)
1576
1576
  # Pass arguments to `encrypt` via keyword arguments. Note that at
1577
1577
  # least one keyword argument is required. To specify no parameters, or to keep all
1578
1578
  # the default parameter values, pass an empty Hash as a request object (see above).
@@ -1602,6 +1602,39 @@ module Google
1602
1602
  # 64KiB. For {::Google::Cloud::Kms::V1::ProtectionLevel::HSM HSM} keys, the combined length of the
1603
1603
  # plaintext and additional_authenticated_data fields must be no larger than
1604
1604
  # 8KiB.
1605
+ # @param plaintext_crc32c [::Google::Protobuf::Int64Value, ::Hash]
1606
+ # Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::EncryptRequest#plaintext EncryptRequest.plaintext}. If
1607
+ # specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the
1608
+ # received {::Google::Cloud::Kms::V1::EncryptRequest#plaintext EncryptRequest.plaintext} using this checksum.
1609
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
1610
+ # fails. If you receive a checksum error, your client should verify that
1611
+ # CRC32C({::Google::Cloud::Kms::V1::EncryptRequest#plaintext EncryptRequest.plaintext}) is equal to
1612
+ # {::Google::Cloud::Kms::V1::EncryptRequest#plaintext_crc32c EncryptRequest.plaintext_crc32c}, and if so, perform a limited number of
1613
+ # retries. A persistent mismatch may indicate an issue in your computation of
1614
+ # the CRC32C checksum.
1615
+ # Note: This field is defined as int64 for reasons of compatibility across
1616
+ # different languages. However, it is a non-negative integer, which will
1617
+ # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
1618
+ # that support this type.
1619
+ #
1620
+ # NOTE: This field is in Beta.
1621
+ # @param additional_authenticated_data_crc32c [::Google::Protobuf::Int64Value, ::Hash]
1622
+ # Optional. An optional CRC32C checksum of the
1623
+ # {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data EncryptRequest.additional_authenticated_data}. If specified,
1624
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the received
1625
+ # {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data EncryptRequest.additional_authenticated_data} using this checksum.
1626
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
1627
+ # fails. If you receive a checksum error, your client should verify that
1628
+ # CRC32C({::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data EncryptRequest.additional_authenticated_data}) is equal to
1629
+ # {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data_crc32c EncryptRequest.additional_authenticated_data_crc32c}, and if so, perform
1630
+ # a limited number of retries. A persistent mismatch may indicate an issue in
1631
+ # your computation of the CRC32C checksum.
1632
+ # Note: This field is defined as int64 for reasons of compatibility across
1633
+ # different languages. However, it is a non-negative integer, which will
1634
+ # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
1635
+ # that support this type.
1636
+ #
1637
+ # NOTE: This field is in Beta.
1605
1638
  #
1606
1639
  # @yield [response, operation] Access the result along with the RPC operation
1607
1640
  # @yieldparam response [::Google::Cloud::Kms::V1::EncryptResponse]
@@ -1662,7 +1695,7 @@ module Google
1662
1695
  # @param options [::Gapic::CallOptions, ::Hash]
1663
1696
  # Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
1664
1697
  #
1665
- # @overload decrypt(name: nil, ciphertext: nil, additional_authenticated_data: nil)
1698
+ # @overload decrypt(name: nil, ciphertext: nil, additional_authenticated_data: nil, ciphertext_crc32c: nil, additional_authenticated_data_crc32c: nil)
1666
1699
  # Pass arguments to `decrypt` via keyword arguments. Note that at
1667
1700
  # least one keyword argument is required. To specify no parameters, or to keep all
1668
1701
  # the default parameter values, pass an empty Hash as a request object (see above).
@@ -1676,6 +1709,39 @@ module Google
1676
1709
  # @param additional_authenticated_data [::String]
1677
1710
  # Optional. Optional data that must match the data originally supplied in
1678
1711
  # {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data EncryptRequest.additional_authenticated_data}.
1712
+ # @param ciphertext_crc32c [::Google::Protobuf::Int64Value, ::Hash]
1713
+ # Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::DecryptRequest#ciphertext DecryptRequest.ciphertext}. If
1714
+ # specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the
1715
+ # received {::Google::Cloud::Kms::V1::DecryptRequest#ciphertext DecryptRequest.ciphertext} using this checksum.
1716
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
1717
+ # fails. If you receive a checksum error, your client should verify that
1718
+ # CRC32C({::Google::Cloud::Kms::V1::DecryptRequest#ciphertext DecryptRequest.ciphertext}) is equal to
1719
+ # {::Google::Cloud::Kms::V1::DecryptRequest#ciphertext_crc32c DecryptRequest.ciphertext_crc32c}, and if so, perform a limited number
1720
+ # of retries. A persistent mismatch may indicate an issue in your computation
1721
+ # of the CRC32C checksum.
1722
+ # Note: This field is defined as int64 for reasons of compatibility across
1723
+ # different languages. However, it is a non-negative integer, which will
1724
+ # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
1725
+ # that support this type.
1726
+ #
1727
+ # NOTE: This field is in Beta.
1728
+ # @param additional_authenticated_data_crc32c [::Google::Protobuf::Int64Value, ::Hash]
1729
+ # Optional. An optional CRC32C checksum of the
1730
+ # {::Google::Cloud::Kms::V1::DecryptRequest#additional_authenticated_data DecryptRequest.additional_authenticated_data}. If specified,
1731
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the received
1732
+ # {::Google::Cloud::Kms::V1::DecryptRequest#additional_authenticated_data DecryptRequest.additional_authenticated_data} using this checksum.
1733
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
1734
+ # fails. If you receive a checksum error, your client should verify that
1735
+ # CRC32C({::Google::Cloud::Kms::V1::DecryptRequest#additional_authenticated_data DecryptRequest.additional_authenticated_data}) is equal to
1736
+ # {::Google::Cloud::Kms::V1::DecryptRequest#additional_authenticated_data_crc32c DecryptRequest.additional_authenticated_data_crc32c}, and if so, perform
1737
+ # a limited number of retries. A persistent mismatch may indicate an issue in
1738
+ # your computation of the CRC32C checksum.
1739
+ # Note: This field is defined as int64 for reasons of compatibility across
1740
+ # different languages. However, it is a non-negative integer, which will
1741
+ # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
1742
+ # that support this type.
1743
+ #
1744
+ # NOTE: This field is in Beta.
1679
1745
  #
1680
1746
  # @yield [response, operation] Access the result along with the RPC operation
1681
1747
  # @yieldparam response [::Google::Cloud::Kms::V1::DecryptResponse]
@@ -1737,7 +1803,7 @@ module Google
1737
1803
  # @param options [::Gapic::CallOptions, ::Hash]
1738
1804
  # Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
1739
1805
  #
1740
- # @overload asymmetric_sign(name: nil, digest: nil)
1806
+ # @overload asymmetric_sign(name: nil, digest: nil, digest_crc32c: nil)
1741
1807
  # Pass arguments to `asymmetric_sign` via keyword arguments. Note that at
1742
1808
  # least one keyword argument is required. To specify no parameters, or to keep all
1743
1809
  # the default parameter values, pass an empty Hash as a request object (see above).
@@ -1748,6 +1814,22 @@ module Google
1748
1814
  # Required. The digest of the data to sign. The digest must be produced with
1749
1815
  # the same digest algorithm as specified by the key version's
1750
1816
  # {::Google::Cloud::Kms::V1::CryptoKeyVersion#algorithm algorithm}.
1817
+ # @param digest_crc32c [::Google::Protobuf::Int64Value, ::Hash]
1818
+ # Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest AsymmetricSignRequest.digest}. If
1819
+ # specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the
1820
+ # received {::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest AsymmetricSignRequest.digest} using this checksum.
1821
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
1822
+ # fails. If you receive a checksum error, your client should verify that
1823
+ # CRC32C({::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest AsymmetricSignRequest.digest}) is equal to
1824
+ # {::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest_crc32c AsymmetricSignRequest.digest_crc32c}, and if so, perform a limited
1825
+ # number of retries. A persistent mismatch may indicate an issue in your
1826
+ # computation of the CRC32C checksum.
1827
+ # Note: This field is defined as int64 for reasons of compatibility across
1828
+ # different languages. However, it is a non-negative integer, which will
1829
+ # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
1830
+ # that support this type.
1831
+ #
1832
+ # NOTE: This field is in Beta.
1751
1833
  #
1752
1834
  # @yield [response, operation] Access the result along with the RPC operation
1753
1835
  # @yieldparam response [::Google::Cloud::Kms::V1::AsymmetricSignResponse]
@@ -1809,7 +1891,7 @@ module Google
1809
1891
  # @param options [::Gapic::CallOptions, ::Hash]
1810
1892
  # Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
1811
1893
  #
1812
- # @overload asymmetric_decrypt(name: nil, ciphertext: nil)
1894
+ # @overload asymmetric_decrypt(name: nil, ciphertext: nil, ciphertext_crc32c: nil)
1813
1895
  # Pass arguments to `asymmetric_decrypt` via keyword arguments. Note that at
1814
1896
  # least one keyword argument is required. To specify no parameters, or to keep all
1815
1897
  # the default parameter values, pass an empty Hash as a request object (see above).
@@ -1820,6 +1902,22 @@ module Google
1820
1902
  # @param ciphertext [::String]
1821
1903
  # Required. The data encrypted with the named {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}'s public
1822
1904
  # key using OAEP.
1905
+ # @param ciphertext_crc32c [::Google::Protobuf::Int64Value, ::Hash]
1906
+ # Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext AsymmetricDecryptRequest.ciphertext}.
1907
+ # If specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the
1908
+ # received {::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext AsymmetricDecryptRequest.ciphertext} using this checksum.
1909
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
1910
+ # fails. If you receive a checksum error, your client should verify that
1911
+ # CRC32C({::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext AsymmetricDecryptRequest.ciphertext}) is equal to
1912
+ # {::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext_crc32c AsymmetricDecryptRequest.ciphertext_crc32c}, and if so, perform a
1913
+ # limited number of retries. A persistent mismatch may indicate an issue in
1914
+ # your computation of the CRC32C checksum.
1915
+ # Note: This field is defined as int64 for reasons of compatibility across
1916
+ # different languages. However, it is a non-negative integer, which will
1917
+ # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
1918
+ # that support this type.
1919
+ #
1920
+ # NOTE: This field is in Beta.
1823
1921
  #
1824
1922
  # @yield [response, operation] Access the result along with the RPC operation
1825
1923
  # @yieldparam response [::Google::Cloud::Kms::V1::AsymmetricDecryptResponse]
@@ -2170,7 +2268,7 @@ module Google
2170
2268
 
2171
2269
  config_attr :endpoint, "cloudkms.googleapis.com", ::String
2172
2270
  config_attr :credentials, nil do |value|
2173
- allowed = [::String, ::Hash, ::Proc, ::Google::Auth::Credentials, ::Signet::OAuth2::Client, nil]
2271
+ allowed = [::String, ::Hash, ::Proc, ::Symbol, ::Google::Auth::Credentials, ::Signet::OAuth2::Client, nil]
2174
2272
  allowed += [::GRPC::Core::Channel, ::GRPC::Core::ChannelCredentials] if defined? ::GRPC
2175
2273
  allowed.any? { |klass| klass === value }
2176
2274
  end
@@ -2210,7 +2308,7 @@ module Google
2210
2308
  # Each configuration object is of type `Gapic::Config::Method` and includes
2211
2309
  # the following configuration fields:
2212
2310
  #
2213
- # * `timeout` (*type:* `Numeric`) - The call timeout in milliseconds
2311
+ # * `timeout` (*type:* `Numeric`) - The call timeout in seconds
2214
2312
  # * `metadata` (*type:* `Hash{Symbol=>String}`) - Additional gRPC headers
2215
2313
  # * `retry_policy (*type:* `Hash`) - The retry policy. The policy fields
2216
2314
  # include the following keys:
@@ -7,6 +7,7 @@ require 'google/api/field_behavior_pb'
7
7
  require 'google/api/resource_pb'
8
8
  require 'google/protobuf/duration_pb'
9
9
  require 'google/protobuf/timestamp_pb'
10
+ require 'google/protobuf/wrappers_pb'
10
11
  require 'google/api/annotations_pb'
11
12
  Google::Protobuf::DescriptorPool.generated_pool.build do
12
13
  add_file("google/cloud/kms/v1/resources.proto", :syntax => :proto3) do
@@ -96,6 +97,8 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
96
97
  add_message "google.cloud.kms.v1.PublicKey" do
97
98
  optional :pem, :string, 1
98
99
  optional :algorithm, :enum, 2, "google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm"
100
+ optional :pem_crc32c, :message, 3, "google.protobuf.Int64Value"
101
+ optional :name, :string, 4
99
102
  end
100
103
  add_message "google.cloud.kms.v1.ImportJob" do
101
104
  optional :name, :string, 1
@@ -9,6 +9,7 @@ require 'google/api/field_behavior_pb'
9
9
  require 'google/api/resource_pb'
10
10
  require 'google/cloud/kms/v1/resources_pb'
11
11
  require 'google/protobuf/field_mask_pb'
12
+ require 'google/protobuf/wrappers_pb'
12
13
  Google::Protobuf::DescriptorPool.generated_pool.build do
13
14
  add_file("google/cloud/kms/v1/service.proto", :syntax => :proto3) do
14
15
  add_message "google.cloud.kms.v1.ListKeyRingsRequest" do
@@ -116,32 +117,47 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
116
117
  optional :name, :string, 1
117
118
  optional :plaintext, :bytes, 2
118
119
  optional :additional_authenticated_data, :bytes, 3
120
+ optional :plaintext_crc32c, :message, 7, "google.protobuf.Int64Value"
121
+ optional :additional_authenticated_data_crc32c, :message, 8, "google.protobuf.Int64Value"
119
122
  end
120
123
  add_message "google.cloud.kms.v1.DecryptRequest" do
121
124
  optional :name, :string, 1
122
125
  optional :ciphertext, :bytes, 2
123
126
  optional :additional_authenticated_data, :bytes, 3
127
+ optional :ciphertext_crc32c, :message, 5, "google.protobuf.Int64Value"
128
+ optional :additional_authenticated_data_crc32c, :message, 6, "google.protobuf.Int64Value"
124
129
  end
125
130
  add_message "google.cloud.kms.v1.AsymmetricSignRequest" do
126
131
  optional :name, :string, 1
127
132
  optional :digest, :message, 3, "google.cloud.kms.v1.Digest"
133
+ optional :digest_crc32c, :message, 4, "google.protobuf.Int64Value"
128
134
  end
129
135
  add_message "google.cloud.kms.v1.AsymmetricDecryptRequest" do
130
136
  optional :name, :string, 1
131
137
  optional :ciphertext, :bytes, 3
138
+ optional :ciphertext_crc32c, :message, 4, "google.protobuf.Int64Value"
132
139
  end
133
140
  add_message "google.cloud.kms.v1.DecryptResponse" do
134
141
  optional :plaintext, :bytes, 1
142
+ optional :plaintext_crc32c, :message, 2, "google.protobuf.Int64Value"
135
143
  end
136
144
  add_message "google.cloud.kms.v1.EncryptResponse" do
137
145
  optional :name, :string, 1
138
146
  optional :ciphertext, :bytes, 2
147
+ optional :ciphertext_crc32c, :message, 4, "google.protobuf.Int64Value"
148
+ optional :verified_plaintext_crc32c, :bool, 5
149
+ optional :verified_additional_authenticated_data_crc32c, :bool, 6
139
150
  end
140
151
  add_message "google.cloud.kms.v1.AsymmetricSignResponse" do
141
152
  optional :signature, :bytes, 1
153
+ optional :signature_crc32c, :message, 2, "google.protobuf.Int64Value"
154
+ optional :verified_digest_crc32c, :bool, 3
155
+ optional :name, :string, 4
142
156
  end
143
157
  add_message "google.cloud.kms.v1.AsymmetricDecryptResponse" do
144
158
  optional :plaintext, :bytes, 1
159
+ optional :plaintext_crc32c, :message, 2, "google.protobuf.Int64Value"
160
+ optional :verified_ciphertext_crc32c, :bool, 3
145
161
  end
146
162
  add_message "google.cloud.kms.v1.UpdateCryptoKeyPrimaryVersionRequest" do
147
163
  optional :name, :string, 1
@@ -45,53 +45,53 @@ module Google
45
45
  self.service_name = 'google.cloud.kms.v1.KeyManagementService'
46
46
 
47
47
  # Lists [KeyRings][google.cloud.kms.v1.KeyRing].
48
- rpc :ListKeyRings, ListKeyRingsRequest, ListKeyRingsResponse
48
+ rpc :ListKeyRings, ::Google::Cloud::Kms::V1::ListKeyRingsRequest, ::Google::Cloud::Kms::V1::ListKeyRingsResponse
49
49
  # Lists [CryptoKeys][google.cloud.kms.v1.CryptoKey].
50
- rpc :ListCryptoKeys, ListCryptoKeysRequest, ListCryptoKeysResponse
50
+ rpc :ListCryptoKeys, ::Google::Cloud::Kms::V1::ListCryptoKeysRequest, ::Google::Cloud::Kms::V1::ListCryptoKeysResponse
51
51
  # Lists [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion].
52
- rpc :ListCryptoKeyVersions, ListCryptoKeyVersionsRequest, ListCryptoKeyVersionsResponse
52
+ rpc :ListCryptoKeyVersions, ::Google::Cloud::Kms::V1::ListCryptoKeyVersionsRequest, ::Google::Cloud::Kms::V1::ListCryptoKeyVersionsResponse
53
53
  # Lists [ImportJobs][google.cloud.kms.v1.ImportJob].
54
- rpc :ListImportJobs, ListImportJobsRequest, ListImportJobsResponse
54
+ rpc :ListImportJobs, ::Google::Cloud::Kms::V1::ListImportJobsRequest, ::Google::Cloud::Kms::V1::ListImportJobsResponse
55
55
  # Returns metadata for a given [KeyRing][google.cloud.kms.v1.KeyRing].
56
- rpc :GetKeyRing, GetKeyRingRequest, KeyRing
56
+ rpc :GetKeyRing, ::Google::Cloud::Kms::V1::GetKeyRingRequest, ::Google::Cloud::Kms::V1::KeyRing
57
57
  # Returns metadata for a given [CryptoKey][google.cloud.kms.v1.CryptoKey], as well as its
58
58
  # [primary][google.cloud.kms.v1.CryptoKey.primary] [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
59
- rpc :GetCryptoKey, GetCryptoKeyRequest, CryptoKey
59
+ rpc :GetCryptoKey, ::Google::Cloud::Kms::V1::GetCryptoKeyRequest, ::Google::Cloud::Kms::V1::CryptoKey
60
60
  # Returns metadata for a given [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
61
- rpc :GetCryptoKeyVersion, GetCryptoKeyVersionRequest, CryptoKeyVersion
61
+ rpc :GetCryptoKeyVersion, ::Google::Cloud::Kms::V1::GetCryptoKeyVersionRequest, ::Google::Cloud::Kms::V1::CryptoKeyVersion
62
62
  # Returns the public key for the given [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. The
63
63
  # [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
64
64
  # [ASYMMETRIC_SIGN][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN] or
65
65
  # [ASYMMETRIC_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_DECRYPT].
66
- rpc :GetPublicKey, GetPublicKeyRequest, PublicKey
66
+ rpc :GetPublicKey, ::Google::Cloud::Kms::V1::GetPublicKeyRequest, ::Google::Cloud::Kms::V1::PublicKey
67
67
  # Returns metadata for a given [ImportJob][google.cloud.kms.v1.ImportJob].
68
- rpc :GetImportJob, GetImportJobRequest, ImportJob
68
+ rpc :GetImportJob, ::Google::Cloud::Kms::V1::GetImportJobRequest, ::Google::Cloud::Kms::V1::ImportJob
69
69
  # Create a new [KeyRing][google.cloud.kms.v1.KeyRing] in a given Project and Location.
70
- rpc :CreateKeyRing, CreateKeyRingRequest, KeyRing
70
+ rpc :CreateKeyRing, ::Google::Cloud::Kms::V1::CreateKeyRingRequest, ::Google::Cloud::Kms::V1::KeyRing
71
71
  # Create a new [CryptoKey][google.cloud.kms.v1.CryptoKey] within a [KeyRing][google.cloud.kms.v1.KeyRing].
72
72
  #
73
73
  # [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] and
74
74
  # [CryptoKey.version_template.algorithm][google.cloud.kms.v1.CryptoKeyVersionTemplate.algorithm]
75
75
  # are required.
76
- rpc :CreateCryptoKey, CreateCryptoKeyRequest, CryptoKey
76
+ rpc :CreateCryptoKey, ::Google::Cloud::Kms::V1::CreateCryptoKeyRequest, ::Google::Cloud::Kms::V1::CryptoKey
77
77
  # Create a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in a [CryptoKey][google.cloud.kms.v1.CryptoKey].
78
78
  #
79
79
  # The server will assign the next sequential id. If unset,
80
80
  # [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to
81
81
  # [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED].
82
- rpc :CreateCryptoKeyVersion, CreateCryptoKeyVersionRequest, CryptoKeyVersion
82
+ rpc :CreateCryptoKeyVersion, ::Google::Cloud::Kms::V1::CreateCryptoKeyVersionRequest, ::Google::Cloud::Kms::V1::CryptoKeyVersion
83
83
  # Imports a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] into an existing [CryptoKey][google.cloud.kms.v1.CryptoKey] using the
84
84
  # wrapped key material provided in the request.
85
85
  #
86
86
  # The version ID will be assigned the next sequential id within the
87
87
  # [CryptoKey][google.cloud.kms.v1.CryptoKey].
88
- rpc :ImportCryptoKeyVersion, ImportCryptoKeyVersionRequest, CryptoKeyVersion
88
+ rpc :ImportCryptoKeyVersion, ::Google::Cloud::Kms::V1::ImportCryptoKeyVersionRequest, ::Google::Cloud::Kms::V1::CryptoKeyVersion
89
89
  # Create a new [ImportJob][google.cloud.kms.v1.ImportJob] within a [KeyRing][google.cloud.kms.v1.KeyRing].
90
90
  #
91
91
  # [ImportJob.import_method][google.cloud.kms.v1.ImportJob.import_method] is required.
92
- rpc :CreateImportJob, CreateImportJobRequest, ImportJob
92
+ rpc :CreateImportJob, ::Google::Cloud::Kms::V1::CreateImportJobRequest, ::Google::Cloud::Kms::V1::ImportJob
93
93
  # Update a [CryptoKey][google.cloud.kms.v1.CryptoKey].
94
- rpc :UpdateCryptoKey, UpdateCryptoKeyRequest, CryptoKey
94
+ rpc :UpdateCryptoKey, ::Google::Cloud::Kms::V1::UpdateCryptoKeyRequest, ::Google::Cloud::Kms::V1::CryptoKey
95
95
  # Update a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s metadata.
96
96
  #
97
97
  # [state][google.cloud.kms.v1.CryptoKeyVersion.state] may be changed between
@@ -99,26 +99,26 @@ module Google
99
99
  # [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED] using this
100
100
  # method. See [DestroyCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion] and [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion] to
101
101
  # move between other states.
102
- rpc :UpdateCryptoKeyVersion, UpdateCryptoKeyVersionRequest, CryptoKeyVersion
102
+ rpc :UpdateCryptoKeyVersion, ::Google::Cloud::Kms::V1::UpdateCryptoKeyVersionRequest, ::Google::Cloud::Kms::V1::CryptoKeyVersion
103
103
  # Encrypts data, so that it can only be recovered by a call to [Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt].
104
104
  # The [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
105
105
  # [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
106
- rpc :Encrypt, EncryptRequest, EncryptResponse
106
+ rpc :Encrypt, ::Google::Cloud::Kms::V1::EncryptRequest, ::Google::Cloud::Kms::V1::EncryptResponse
107
107
  # Decrypts data that was protected by [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. The [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
108
108
  # must be [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
109
- rpc :Decrypt, DecryptRequest, DecryptResponse
109
+ rpc :Decrypt, ::Google::Cloud::Kms::V1::DecryptRequest, ::Google::Cloud::Kms::V1::DecryptResponse
110
110
  # Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
111
111
  # ASYMMETRIC_SIGN, producing a signature that can be verified with the public
112
112
  # key retrieved from [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey].
113
- rpc :AsymmetricSign, AsymmetricSignRequest, AsymmetricSignResponse
113
+ rpc :AsymmetricSign, ::Google::Cloud::Kms::V1::AsymmetricSignRequest, ::Google::Cloud::Kms::V1::AsymmetricSignResponse
114
114
  # Decrypts data that was encrypted with a public key retrieved from
115
115
  # [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey] corresponding to a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with
116
116
  # [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] ASYMMETRIC_DECRYPT.
117
- rpc :AsymmetricDecrypt, AsymmetricDecryptRequest, AsymmetricDecryptResponse
117
+ rpc :AsymmetricDecrypt, ::Google::Cloud::Kms::V1::AsymmetricDecryptRequest, ::Google::Cloud::Kms::V1::AsymmetricDecryptResponse
118
118
  # Update the version of a [CryptoKey][google.cloud.kms.v1.CryptoKey] that will be used in [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt].
119
119
  #
120
120
  # Returns an error if called on an asymmetric key.
121
- rpc :UpdateCryptoKeyPrimaryVersion, UpdateCryptoKeyPrimaryVersionRequest, CryptoKey
121
+ rpc :UpdateCryptoKeyPrimaryVersion, ::Google::Cloud::Kms::V1::UpdateCryptoKeyPrimaryVersionRequest, ::Google::Cloud::Kms::V1::CryptoKey
122
122
  # Schedule a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] for destruction.
123
123
  #
124
124
  # Upon calling this method, [CryptoKeyVersion.state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to
@@ -131,7 +131,7 @@ module Google
131
131
  #
132
132
  # Before the [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] is reached,
133
133
  # [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion] may be called to reverse the process.
134
- rpc :DestroyCryptoKeyVersion, DestroyCryptoKeyVersionRequest, CryptoKeyVersion
134
+ rpc :DestroyCryptoKeyVersion, ::Google::Cloud::Kms::V1::DestroyCryptoKeyVersionRequest, ::Google::Cloud::Kms::V1::CryptoKeyVersion
135
135
  # Restore a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in the
136
136
  # [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED]
137
137
  # state.
@@ -139,7 +139,7 @@ module Google
139
139
  # Upon restoration of the CryptoKeyVersion, [state][google.cloud.kms.v1.CryptoKeyVersion.state]
140
140
  # will be set to [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED],
141
141
  # and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will be cleared.
142
- rpc :RestoreCryptoKeyVersion, RestoreCryptoKeyVersionRequest, CryptoKeyVersion
142
+ rpc :RestoreCryptoKeyVersion, ::Google::Cloud::Kms::V1::RestoreCryptoKeyVersionRequest, ::Google::Cloud::Kms::V1::CryptoKeyVersion
143
143
  end
144
144
 
145
145
  Stub = Service.rpc_stub_class
@@ -21,7 +21,7 @@ module Google
21
21
  module Cloud
22
22
  module Kms
23
23
  module V1
24
- VERSION = "0.2.1"
24
+ VERSION = "0.3.1"
25
25
  end
26
26
  end
27
27
  end
@@ -59,11 +59,11 @@ module Google
59
59
 
60
60
  # Sets the access control policy on the specified resource. Replaces any
61
61
  # existing policy.
62
- rpc :SetIamPolicy, SetIamPolicyRequest, Policy
62
+ rpc :SetIamPolicy, ::Google::Iam::V1::SetIamPolicyRequest, ::Google::Iam::V1::Policy
63
63
  # Gets the access control policy for a resource.
64
64
  # Returns an empty policy if the resource exists and does not have a policy
65
65
  # set.
66
- rpc :GetIamPolicy, GetIamPolicyRequest, Policy
66
+ rpc :GetIamPolicy, ::Google::Iam::V1::GetIamPolicyRequest, ::Google::Iam::V1::Policy
67
67
  # Returns permissions that a caller has on the specified resource.
68
68
  # If the resource does not exist, this will return an empty set of
69
69
  # permissions, not a NOT_FOUND error.
@@ -71,7 +71,7 @@ module Google
71
71
  # Note: This operation is designed to be used for building permission-aware
72
72
  # UIs and command-line tools, not for authorization checking. This operation
73
73
  # may "fail open" without warning.
74
- rpc :TestIamPermissions, TestIamPermissionsRequest, TestIamPermissionsResponse
74
+ rpc :TestIamPermissions, ::Google::Iam::V1::TestIamPermissionsRequest, ::Google::Iam::V1::TestIamPermissionsResponse
75
75
  end
76
76
 
77
77
  Stub = Service.rpc_stub_class
@@ -43,12 +43,12 @@ module Google
43
43
  #
44
44
  # The ResourceDescriptor Yaml config will look like:
45
45
  #
46
- # resources:
47
- # - type: "pubsub.googleapis.com/Topic"
48
- # name_descriptor:
49
- # - pattern: "projects/\\{project}/topics/\\{topic}"
50
- # parent_type: "cloudresourcemanager.googleapis.com/Project"
51
- # parent_name_extractor: "projects/\\{project}"
46
+ # resources:
47
+ # - type: "pubsub.googleapis.com/Topic"
48
+ # name_descriptor:
49
+ # - pattern: "projects/{project}/topics/{topic}"
50
+ # parent_type: "cloudresourcemanager.googleapis.com/Project"
51
+ # parent_name_extractor: "projects/{project}"
52
52
  #
53
53
  # Sometimes, resources have multiple patterns, typically because they can
54
54
  # live under multiple parents.
@@ -183,15 +183,24 @@ module Google
183
183
  # }
184
184
  # @!attribute [rw] plural
185
185
  # @return [::String]
186
- # The plural name used in the resource name, such as 'projects' for
187
- # the name of 'projects/\\{project}'. It is the same concept of the `plural`
188
- # field in k8s CRD spec
186
+ # The plural name used in the resource name and permission names, such as
187
+ # 'projects' for the resource name of 'projects/\\{project}' and the permission
188
+ # name of 'cloudresourcemanager.googleapis.com/projects.get'. It is the same
189
+ # concept of the `plural` field in k8s CRD spec
189
190
  # https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions/
191
+ #
192
+ # Note: The plural form is required even for singleton resources. See
193
+ # https://aip.dev/156
190
194
  # @!attribute [rw] singular
191
195
  # @return [::String]
192
196
  # The same concept of the `singular` field in k8s CRD spec
193
197
  # https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions/
194
198
  # Such as "project" for the `resourcemanager.googleapis.com/Project` type.
199
+ # @!attribute [rw] style
200
+ # @return [::Array<::Google::Api::ResourceDescriptor::Style>]
201
+ # Style flag(s) for this resource.
202
+ # These indicate that a resource is expected to conform to a given
203
+ # style. See the specific style flags for additional information.
195
204
  class ResourceDescriptor
196
205
  include ::Google::Protobuf::MessageExts
197
206
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -211,6 +220,22 @@ module Google
211
220
  # that from being necessary once there are multiple patterns.)
212
221
  FUTURE_MULTI_PATTERN = 2
213
222
  end
223
+
224
+ # A flag representing a specific style that a resource claims to conform to.
225
+ module Style
226
+ # The unspecified value. Do not use.
227
+ STYLE_UNSPECIFIED = 0
228
+
229
+ # This resource is intended to be "declarative-friendly".
230
+ #
231
+ # Declarative-friendly resources must be more strictly consistent, and
232
+ # setting this to true communicates to tools that this resource should
233
+ # adhere to declarative-friendly expectations.
234
+ #
235
+ # Note: This is used by the API linter (linter.aip.dev) to enable
236
+ # additional checks.
237
+ DECLARATIVE_FRIENDLY = 1
238
+ end
214
239
  end
215
240
 
216
241
  # Defines a proto annotation that describes a string field that refers to
@@ -226,6 +251,17 @@ module Google
226
251
  # type: "pubsub.googleapis.com/Topic"
227
252
  # }];
228
253
  # }
254
+ #
255
+ # Occasionally, a field may reference an arbitrary resource. In this case,
256
+ # APIs use the special value * in their resource reference.
257
+ #
258
+ # Example:
259
+ #
260
+ # message GetIamPolicyRequest {
261
+ # string resource = 2 [(google.api.resource_reference) = {
262
+ # type: "*"
263
+ # }];
264
+ # }
229
265
  # @!attribute [rw] child_type
230
266
  # @return [::String]
231
267
  # The resource type of a child collection that the annotated field
@@ -234,11 +270,11 @@ module Google
234
270
  #
235
271
  # Example:
236
272
  #
237
- # message ListLogEntriesRequest {
238
- # string parent = 1 [(google.api.resource_reference) = {
239
- # child_type: "logging.googleapis.com/LogEntry"
240
- # };
241
- # }
273
+ # message ListLogEntriesRequest {
274
+ # string parent = 1 [(google.api.resource_reference) = {
275
+ # child_type: "logging.googleapis.com/LogEntry"
276
+ # };
277
+ # }
242
278
  class ResourceReference
243
279
  include ::Google::Protobuf::MessageExts
244
280
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -37,8 +37,8 @@ module Google
37
37
  # A {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} represents a logical key that can be used for cryptographic
38
38
  # operations.
39
39
  #
40
- # A {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} is made up of one or more {::Google::Cloud::Kms::V1::CryptoKeyVersion versions}, which
41
- # represent the actual key material used in cryptographic operations.
40
+ # A {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} is made up of zero or more {::Google::Cloud::Kms::V1::CryptoKeyVersion versions},
41
+ # which represent the actual key material used in cryptographic operations.
42
42
  # @!attribute [r] name
43
43
  # @return [::String]
44
44
  # Output only. The resource name for this {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} in the format
@@ -410,6 +410,27 @@ module Google
410
410
  # @return [::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionAlgorithm]
411
411
  # The {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionAlgorithm Algorithm} associated
412
412
  # with this key.
413
+ # @!attribute [rw] pem_crc32c
414
+ # @return [::Google::Protobuf::Int64Value]
415
+ # Integrity verification field. A CRC32C checksum of the returned
416
+ # {::Google::Cloud::Kms::V1::PublicKey#pem PublicKey.pem}. An integrity check of {::Google::Cloud::Kms::V1::PublicKey#pem PublicKey.pem} can be performed
417
+ # by computing the CRC32C checksum of {::Google::Cloud::Kms::V1::PublicKey#pem PublicKey.pem} and
418
+ # comparing your results to this field. Discard the response in case of
419
+ # non-matching checksum values, and perform a limited number of retries. A
420
+ # persistent mismatch may indicate an issue in your computation of the CRC32C
421
+ # checksum.
422
+ # Note: This field is defined as int64 for reasons of compatibility across
423
+ # different languages. However, it is a non-negative integer, which will
424
+ # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
425
+ # that support this type.
426
+ #
427
+ # NOTE: This field is in Beta.
428
+ # @!attribute [rw] name
429
+ # @return [::String]
430
+ # The {::Google::Cloud::Kms::V1::CryptoKeyVersion#name name} of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} public key.
431
+ # Provided here for verification.
432
+ #
433
+ # NOTE: This field is in Beta.
413
434
  class PublicKey
414
435
  include ::Google::Protobuf::MessageExts
415
436
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -437,6 +437,41 @@ module Google
437
437
  # 64KiB. For {::Google::Cloud::Kms::V1::ProtectionLevel::HSM HSM} keys, the combined length of the
438
438
  # plaintext and additional_authenticated_data fields must be no larger than
439
439
  # 8KiB.
440
+ # @!attribute [rw] plaintext_crc32c
441
+ # @return [::Google::Protobuf::Int64Value]
442
+ # Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::EncryptRequest#plaintext EncryptRequest.plaintext}. If
443
+ # specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the
444
+ # received {::Google::Cloud::Kms::V1::EncryptRequest#plaintext EncryptRequest.plaintext} using this checksum.
445
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
446
+ # fails. If you receive a checksum error, your client should verify that
447
+ # CRC32C({::Google::Cloud::Kms::V1::EncryptRequest#plaintext EncryptRequest.plaintext}) is equal to
448
+ # {::Google::Cloud::Kms::V1::EncryptRequest#plaintext_crc32c EncryptRequest.plaintext_crc32c}, and if so, perform a limited number of
449
+ # retries. A persistent mismatch may indicate an issue in your computation of
450
+ # the CRC32C checksum.
451
+ # Note: This field is defined as int64 for reasons of compatibility across
452
+ # different languages. However, it is a non-negative integer, which will
453
+ # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
454
+ # that support this type.
455
+ #
456
+ # NOTE: This field is in Beta.
457
+ # @!attribute [rw] additional_authenticated_data_crc32c
458
+ # @return [::Google::Protobuf::Int64Value]
459
+ # Optional. An optional CRC32C checksum of the
460
+ # {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data EncryptRequest.additional_authenticated_data}. If specified,
461
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the received
462
+ # {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data EncryptRequest.additional_authenticated_data} using this checksum.
463
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
464
+ # fails. If you receive a checksum error, your client should verify that
465
+ # CRC32C({::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data EncryptRequest.additional_authenticated_data}) is equal to
466
+ # {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data_crc32c EncryptRequest.additional_authenticated_data_crc32c}, and if so, perform
467
+ # a limited number of retries. A persistent mismatch may indicate an issue in
468
+ # your computation of the CRC32C checksum.
469
+ # Note: This field is defined as int64 for reasons of compatibility across
470
+ # different languages. However, it is a non-negative integer, which will
471
+ # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
472
+ # that support this type.
473
+ #
474
+ # NOTE: This field is in Beta.
440
475
  class EncryptRequest
441
476
  include ::Google::Protobuf::MessageExts
442
477
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -455,6 +490,41 @@ module Google
455
490
  # @return [::String]
456
491
  # Optional. Optional data that must match the data originally supplied in
457
492
  # {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data EncryptRequest.additional_authenticated_data}.
493
+ # @!attribute [rw] ciphertext_crc32c
494
+ # @return [::Google::Protobuf::Int64Value]
495
+ # Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::DecryptRequest#ciphertext DecryptRequest.ciphertext}. If
496
+ # specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the
497
+ # received {::Google::Cloud::Kms::V1::DecryptRequest#ciphertext DecryptRequest.ciphertext} using this checksum.
498
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
499
+ # fails. If you receive a checksum error, your client should verify that
500
+ # CRC32C({::Google::Cloud::Kms::V1::DecryptRequest#ciphertext DecryptRequest.ciphertext}) is equal to
501
+ # {::Google::Cloud::Kms::V1::DecryptRequest#ciphertext_crc32c DecryptRequest.ciphertext_crc32c}, and if so, perform a limited number
502
+ # of retries. A persistent mismatch may indicate an issue in your computation
503
+ # of the CRC32C checksum.
504
+ # Note: This field is defined as int64 for reasons of compatibility across
505
+ # different languages. However, it is a non-negative integer, which will
506
+ # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
507
+ # that support this type.
508
+ #
509
+ # NOTE: This field is in Beta.
510
+ # @!attribute [rw] additional_authenticated_data_crc32c
511
+ # @return [::Google::Protobuf::Int64Value]
512
+ # Optional. An optional CRC32C checksum of the
513
+ # {::Google::Cloud::Kms::V1::DecryptRequest#additional_authenticated_data DecryptRequest.additional_authenticated_data}. If specified,
514
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the received
515
+ # {::Google::Cloud::Kms::V1::DecryptRequest#additional_authenticated_data DecryptRequest.additional_authenticated_data} using this checksum.
516
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
517
+ # fails. If you receive a checksum error, your client should verify that
518
+ # CRC32C({::Google::Cloud::Kms::V1::DecryptRequest#additional_authenticated_data DecryptRequest.additional_authenticated_data}) is equal to
519
+ # {::Google::Cloud::Kms::V1::DecryptRequest#additional_authenticated_data_crc32c DecryptRequest.additional_authenticated_data_crc32c}, and if so, perform
520
+ # a limited number of retries. A persistent mismatch may indicate an issue in
521
+ # your computation of the CRC32C checksum.
522
+ # Note: This field is defined as int64 for reasons of compatibility across
523
+ # different languages. However, it is a non-negative integer, which will
524
+ # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
525
+ # that support this type.
526
+ #
527
+ # NOTE: This field is in Beta.
458
528
  class DecryptRequest
459
529
  include ::Google::Protobuf::MessageExts
460
530
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -469,6 +539,23 @@ module Google
469
539
  # Required. The digest of the data to sign. The digest must be produced with
470
540
  # the same digest algorithm as specified by the key version's
471
541
  # {::Google::Cloud::Kms::V1::CryptoKeyVersion#algorithm algorithm}.
542
+ # @!attribute [rw] digest_crc32c
543
+ # @return [::Google::Protobuf::Int64Value]
544
+ # Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest AsymmetricSignRequest.digest}. If
545
+ # specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the
546
+ # received {::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest AsymmetricSignRequest.digest} using this checksum.
547
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
548
+ # fails. If you receive a checksum error, your client should verify that
549
+ # CRC32C({::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest AsymmetricSignRequest.digest}) is equal to
550
+ # {::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest_crc32c AsymmetricSignRequest.digest_crc32c}, and if so, perform a limited
551
+ # number of retries. A persistent mismatch may indicate an issue in your
552
+ # computation of the CRC32C checksum.
553
+ # Note: This field is defined as int64 for reasons of compatibility across
554
+ # different languages. However, it is a non-negative integer, which will
555
+ # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
556
+ # that support this type.
557
+ #
558
+ # NOTE: This field is in Beta.
472
559
  class AsymmetricSignRequest
473
560
  include ::Google::Protobuf::MessageExts
474
561
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -483,6 +570,23 @@ module Google
483
570
  # @return [::String]
484
571
  # Required. The data encrypted with the named {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}'s public
485
572
  # key using OAEP.
573
+ # @!attribute [rw] ciphertext_crc32c
574
+ # @return [::Google::Protobuf::Int64Value]
575
+ # Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext AsymmetricDecryptRequest.ciphertext}.
576
+ # If specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the
577
+ # received {::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext AsymmetricDecryptRequest.ciphertext} using this checksum.
578
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
579
+ # fails. If you receive a checksum error, your client should verify that
580
+ # CRC32C({::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext AsymmetricDecryptRequest.ciphertext}) is equal to
581
+ # {::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext_crc32c AsymmetricDecryptRequest.ciphertext_crc32c}, and if so, perform a
582
+ # limited number of retries. A persistent mismatch may indicate an issue in
583
+ # your computation of the CRC32C checksum.
584
+ # Note: This field is defined as int64 for reasons of compatibility across
585
+ # different languages. However, it is a non-negative integer, which will
586
+ # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
587
+ # that support this type.
588
+ #
589
+ # NOTE: This field is in Beta.
486
590
  class AsymmetricDecryptRequest
487
591
  include ::Google::Protobuf::MessageExts
488
592
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -492,6 +596,23 @@ module Google
492
596
  # @!attribute [rw] plaintext
493
597
  # @return [::String]
494
598
  # The decrypted data originally supplied in {::Google::Cloud::Kms::V1::EncryptRequest#plaintext EncryptRequest.plaintext}.
599
+ # @!attribute [rw] plaintext_crc32c
600
+ # @return [::Google::Protobuf::Int64Value]
601
+ # Integrity verification field. A CRC32C checksum of the returned
602
+ # {::Google::Cloud::Kms::V1::DecryptResponse#plaintext DecryptResponse.plaintext}. An integrity check of
603
+ # {::Google::Cloud::Kms::V1::DecryptResponse#plaintext DecryptResponse.plaintext} can be performed by computing the CRC32C
604
+ # checksum of {::Google::Cloud::Kms::V1::DecryptResponse#plaintext DecryptResponse.plaintext} and comparing your results to
605
+ # this field. Discard the response in case of non-matching checksum values,
606
+ # and perform a limited number of retries. A persistent mismatch may indicate
607
+ # an issue in your computation of the CRC32C checksum. Note: receiving this
608
+ # response message indicates that {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} is able to
609
+ # successfully decrypt the {::Google::Cloud::Kms::V1::DecryptRequest#ciphertext ciphertext}.
610
+ # Note: This field is defined as int64 for reasons of compatibility across
611
+ # different languages. However, it is a non-negative integer, which will
612
+ # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
613
+ # that support this type.
614
+ #
615
+ # NOTE: This field is in Beta.
495
616
  class DecryptResponse
496
617
  include ::Google::Protobuf::MessageExts
497
618
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -505,6 +626,46 @@ module Google
505
626
  # @!attribute [rw] ciphertext
506
627
  # @return [::String]
507
628
  # The encrypted data.
629
+ # @!attribute [rw] ciphertext_crc32c
630
+ # @return [::Google::Protobuf::Int64Value]
631
+ # Integrity verification field. A CRC32C checksum of the returned
632
+ # {::Google::Cloud::Kms::V1::EncryptResponse#ciphertext EncryptResponse.ciphertext}. An integrity check of
633
+ # {::Google::Cloud::Kms::V1::EncryptResponse#ciphertext EncryptResponse.ciphertext} can be performed by computing the CRC32C
634
+ # checksum of {::Google::Cloud::Kms::V1::EncryptResponse#ciphertext EncryptResponse.ciphertext} and comparing your results to
635
+ # this field. Discard the response in case of non-matching checksum values,
636
+ # and perform a limited number of retries. A persistent mismatch may indicate
637
+ # an issue in your computation of the CRC32C checksum.
638
+ # Note: This field is defined as int64 for reasons of compatibility across
639
+ # different languages. However, it is a non-negative integer, which will
640
+ # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
641
+ # that support this type.
642
+ #
643
+ # NOTE: This field is in Beta.
644
+ # @!attribute [rw] verified_plaintext_crc32c
645
+ # @return [::Boolean]
646
+ # Integrity verification field. A flag indicating whether
647
+ # {::Google::Cloud::Kms::V1::EncryptRequest#plaintext_crc32c EncryptRequest.plaintext_crc32c} was received by
648
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} and used for the integrity verification of the
649
+ # {::Google::Cloud::Kms::V1::EncryptRequest#plaintext plaintext}. A false value of this field
650
+ # indicates either that {::Google::Cloud::Kms::V1::EncryptRequest#plaintext_crc32c EncryptRequest.plaintext_crc32c} was left unset or
651
+ # that it was not delivered to {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}. If you've set
652
+ # {::Google::Cloud::Kms::V1::EncryptRequest#plaintext_crc32c EncryptRequest.plaintext_crc32c} but this field is still false, discard
653
+ # the response and perform a limited number of retries.
654
+ #
655
+ # NOTE: This field is in Beta.
656
+ # @!attribute [rw] verified_additional_authenticated_data_crc32c
657
+ # @return [::Boolean]
658
+ # Integrity verification field. A flag indicating whether
659
+ # {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data_crc32c EncryptRequest.additional_authenticated_data_crc32c} was received by
660
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} and used for the integrity verification of the
661
+ # {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data AAD}. A false value of this
662
+ # field indicates either that
663
+ # {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data_crc32c EncryptRequest.additional_authenticated_data_crc32c} was left unset or
664
+ # that it was not delivered to {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}. If you've set
665
+ # {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data_crc32c EncryptRequest.additional_authenticated_data_crc32c} but this field is
666
+ # still false, discard the response and perform a limited number of retries.
667
+ #
668
+ # NOTE: This field is in Beta.
508
669
  class EncryptResponse
509
670
  include ::Google::Protobuf::MessageExts
510
671
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -514,6 +675,39 @@ module Google
514
675
  # @!attribute [rw] signature
515
676
  # @return [::String]
516
677
  # The created signature.
678
+ # @!attribute [rw] signature_crc32c
679
+ # @return [::Google::Protobuf::Int64Value]
680
+ # Integrity verification field. A CRC32C checksum of the returned
681
+ # {::Google::Cloud::Kms::V1::AsymmetricSignResponse#signature AsymmetricSignResponse.signature}. An integrity check of
682
+ # {::Google::Cloud::Kms::V1::AsymmetricSignResponse#signature AsymmetricSignResponse.signature} can be performed by computing the
683
+ # CRC32C checksum of {::Google::Cloud::Kms::V1::AsymmetricSignResponse#signature AsymmetricSignResponse.signature} and comparing your
684
+ # results to this field. Discard the response in case of non-matching
685
+ # checksum values, and perform a limited number of retries. A persistent
686
+ # mismatch may indicate an issue in your computation of the CRC32C checksum.
687
+ # Note: This field is defined as int64 for reasons of compatibility across
688
+ # different languages. However, it is a non-negative integer, which will
689
+ # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
690
+ # that support this type.
691
+ #
692
+ # NOTE: This field is in Beta.
693
+ # @!attribute [rw] verified_digest_crc32c
694
+ # @return [::Boolean]
695
+ # Integrity verification field. A flag indicating whether
696
+ # {::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest_crc32c AsymmetricSignRequest.digest_crc32c} was received by
697
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} and used for the integrity verification of the
698
+ # {::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest digest}. A false value of this field
699
+ # indicates either that {::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest_crc32c AsymmetricSignRequest.digest_crc32c} was left
700
+ # unset or that it was not delivered to {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}. If you've
701
+ # set {::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest_crc32c AsymmetricSignRequest.digest_crc32c} but this field is still false,
702
+ # discard the response and perform a limited number of retries.
703
+ #
704
+ # NOTE: This field is in Beta.
705
+ # @!attribute [rw] name
706
+ # @return [::String]
707
+ # The resource name of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} used for signing. Check
708
+ # this field to verify that the intended resource was used for signing.
709
+ #
710
+ # NOTE: This field is in Beta.
517
711
  class AsymmetricSignResponse
518
712
  include ::Google::Protobuf::MessageExts
519
713
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -523,6 +717,33 @@ module Google
523
717
  # @!attribute [rw] plaintext
524
718
  # @return [::String]
525
719
  # The decrypted data originally encrypted with the matching public key.
720
+ # @!attribute [rw] plaintext_crc32c
721
+ # @return [::Google::Protobuf::Int64Value]
722
+ # Integrity verification field. A CRC32C checksum of the returned
723
+ # {::Google::Cloud::Kms::V1::AsymmetricDecryptResponse#plaintext AsymmetricDecryptResponse.plaintext}. An integrity check of
724
+ # {::Google::Cloud::Kms::V1::AsymmetricDecryptResponse#plaintext AsymmetricDecryptResponse.plaintext} can be performed by computing the
725
+ # CRC32C checksum of {::Google::Cloud::Kms::V1::AsymmetricDecryptResponse#plaintext AsymmetricDecryptResponse.plaintext} and comparing
726
+ # your results to this field. Discard the response in case of non-matching
727
+ # checksum values, and perform a limited number of retries. A persistent
728
+ # mismatch may indicate an issue in your computation of the CRC32C checksum.
729
+ # Note: This field is defined as int64 for reasons of compatibility across
730
+ # different languages. However, it is a non-negative integer, which will
731
+ # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
732
+ # that support this type.
733
+ #
734
+ # NOTE: This field is in Beta.
735
+ # @!attribute [rw] verified_ciphertext_crc32c
736
+ # @return [::Boolean]
737
+ # Integrity verification field. A flag indicating whether
738
+ # {::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext_crc32c AsymmetricDecryptRequest.ciphertext_crc32c} was received by
739
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} and used for the integrity verification of the
740
+ # {::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext ciphertext}. A false value of this
741
+ # field indicates either that {::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext_crc32c AsymmetricDecryptRequest.ciphertext_crc32c}
742
+ # was left unset or that it was not delivered to {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}. If
743
+ # you've set {::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext_crc32c AsymmetricDecryptRequest.ciphertext_crc32c} but this field is
744
+ # still false, discard the response and perform a limited number of retries.
745
+ #
746
+ # NOTE: This field is in Beta.
526
747
  class AsymmetricDecryptResponse
527
748
  include ::Google::Protobuf::MessageExts
528
749
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -0,0 +1,121 @@
1
+ # frozen_string_literal: true
2
+
3
+ # Copyright 2020 Google LLC
4
+ #
5
+ # Licensed under the Apache License, Version 2.0 (the "License");
6
+ # you may not use this file except in compliance with the License.
7
+ # You may obtain a copy of the License at
8
+ #
9
+ # https://www.apache.org/licenses/LICENSE-2.0
10
+ #
11
+ # Unless required by applicable law or agreed to in writing, software
12
+ # distributed under the License is distributed on an "AS IS" BASIS,
13
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+ # See the License for the specific language governing permissions and
15
+ # limitations under the License.
16
+
17
+ # Auto-generated by gapic-generator-ruby. DO NOT EDIT!
18
+
19
+
20
+ module Google
21
+ module Protobuf
22
+ # Wrapper message for `double`.
23
+ #
24
+ # The JSON representation for `DoubleValue` is JSON number.
25
+ # @!attribute [rw] value
26
+ # @return [::Float]
27
+ # The double value.
28
+ class DoubleValue
29
+ include ::Google::Protobuf::MessageExts
30
+ extend ::Google::Protobuf::MessageExts::ClassMethods
31
+ end
32
+
33
+ # Wrapper message for `float`.
34
+ #
35
+ # The JSON representation for `FloatValue` is JSON number.
36
+ # @!attribute [rw] value
37
+ # @return [::Float]
38
+ # The float value.
39
+ class FloatValue
40
+ include ::Google::Protobuf::MessageExts
41
+ extend ::Google::Protobuf::MessageExts::ClassMethods
42
+ end
43
+
44
+ # Wrapper message for `int64`.
45
+ #
46
+ # The JSON representation for `Int64Value` is JSON string.
47
+ # @!attribute [rw] value
48
+ # @return [::Integer]
49
+ # The int64 value.
50
+ class Int64Value
51
+ include ::Google::Protobuf::MessageExts
52
+ extend ::Google::Protobuf::MessageExts::ClassMethods
53
+ end
54
+
55
+ # Wrapper message for `uint64`.
56
+ #
57
+ # The JSON representation for `UInt64Value` is JSON string.
58
+ # @!attribute [rw] value
59
+ # @return [::Integer]
60
+ # The uint64 value.
61
+ class UInt64Value
62
+ include ::Google::Protobuf::MessageExts
63
+ extend ::Google::Protobuf::MessageExts::ClassMethods
64
+ end
65
+
66
+ # Wrapper message for `int32`.
67
+ #
68
+ # The JSON representation for `Int32Value` is JSON number.
69
+ # @!attribute [rw] value
70
+ # @return [::Integer]
71
+ # The int32 value.
72
+ class Int32Value
73
+ include ::Google::Protobuf::MessageExts
74
+ extend ::Google::Protobuf::MessageExts::ClassMethods
75
+ end
76
+
77
+ # Wrapper message for `uint32`.
78
+ #
79
+ # The JSON representation for `UInt32Value` is JSON number.
80
+ # @!attribute [rw] value
81
+ # @return [::Integer]
82
+ # The uint32 value.
83
+ class UInt32Value
84
+ include ::Google::Protobuf::MessageExts
85
+ extend ::Google::Protobuf::MessageExts::ClassMethods
86
+ end
87
+
88
+ # Wrapper message for `bool`.
89
+ #
90
+ # The JSON representation for `BoolValue` is JSON `true` and `false`.
91
+ # @!attribute [rw] value
92
+ # @return [::Boolean]
93
+ # The bool value.
94
+ class BoolValue
95
+ include ::Google::Protobuf::MessageExts
96
+ extend ::Google::Protobuf::MessageExts::ClassMethods
97
+ end
98
+
99
+ # Wrapper message for `string`.
100
+ #
101
+ # The JSON representation for `StringValue` is JSON string.
102
+ # @!attribute [rw] value
103
+ # @return [::String]
104
+ # The string value.
105
+ class StringValue
106
+ include ::Google::Protobuf::MessageExts
107
+ extend ::Google::Protobuf::MessageExts::ClassMethods
108
+ end
109
+
110
+ # Wrapper message for `bytes`.
111
+ #
112
+ # The JSON representation for `BytesValue` is JSON string.
113
+ # @!attribute [rw] value
114
+ # @return [::String]
115
+ # The bytes value.
116
+ class BytesValue
117
+ include ::Google::Protobuf::MessageExts
118
+ extend ::Google::Protobuf::MessageExts::ClassMethods
119
+ end
120
+ end
121
+ end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: google-cloud-kms-v1
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.1
4
+ version: 0.3.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Google LLC
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-06-08 00:00:00.000000000 Z
11
+ date: 2021-01-20 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: gapic-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - "~>"
18
18
  - !ruby/object:Gem::Version
19
- version: '0.2'
19
+ version: '0.3'
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - "~>"
25
25
  - !ruby/object:Gem::Version
26
- version: '0.2'
26
+ version: '0.3'
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: google-cloud-errors
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -206,6 +206,7 @@ files:
206
206
  - proto_docs/google/protobuf/duration.rb
207
207
  - proto_docs/google/protobuf/field_mask.rb
208
208
  - proto_docs/google/protobuf/timestamp.rb
209
+ - proto_docs/google/protobuf/wrappers.rb
209
210
  - proto_docs/google/type/expr.rb
210
211
  homepage: https://github.com/googleapis/google-cloud-ruby
211
212
  licenses:
@@ -226,7 +227,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
226
227
  - !ruby/object:Gem::Version
227
228
  version: '0'
228
229
  requirements: []
229
- rubygems_version: 3.1.3
230
+ rubygems_version: 3.2.6
230
231
  signing_key:
231
232
  specification_version: 4
232
233
  summary: API Client library for the Cloud Key Management Service (KMS) V1 API