google-cloud-kms-v1 0.2.1 → 0.3.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +4 -0
- data/lib/google/cloud/kms/v1.rb +3 -0
- data/lib/google/cloud/kms/v1/iam_policy/client.rb +2 -2
- data/lib/google/cloud/kms/v1/key_management_service/client.rb +125 -27
- data/lib/google/cloud/kms/v1/resources_pb.rb +3 -0
- data/lib/google/cloud/kms/v1/service_pb.rb +16 -0
- data/lib/google/cloud/kms/v1/service_services_pb.rb +23 -23
- data/lib/google/cloud/kms/v1/version.rb +1 -1
- data/lib/google/iam/v1/iam_policy_services_pb.rb +3 -3
- data/proto_docs/google/api/resource.rb +50 -14
- data/proto_docs/google/cloud/kms/v1/resources.rb +23 -2
- data/proto_docs/google/cloud/kms/v1/service.rb +221 -0
- data/proto_docs/google/protobuf/wrappers.rb +121 -0
- metadata +6 -5
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 30584c9e98e0ffa23ec41d8ecdb01ac1afe6afc14f5fe44ab275b41ea80bfe3f
|
4
|
+
data.tar.gz: d1f8d8aa1668d3e840fbaf34cf0a2028e536df2cc5d95bdf1de990053a9d663d
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 471cd04d23a51ff4b22aba4e034963fff882ed3eb99ec860f4232745807bad18808744b64354fa579c9dd15ac46aa9a21e56752c4d6c0f4c7f5b3d06e90dd029
|
7
|
+
data.tar.gz: 79fbe0e0193f631b0d105b825cef1d32d30d286a7eb5f5f125de3d55ca632b1279f748898ddd50c80f787280af7fbf34462a01fa50fb65835a3d9823cee0624c
|
data/README.md
CHANGED
@@ -18,6 +18,7 @@ In order to use this library, you first need to go through the following steps:
|
|
18
18
|
|
19
19
|
1. [Select or create a Cloud Platform project.](https://console.cloud.google.com/project)
|
20
20
|
1. [Enable billing for your project.](https://cloud.google.com/billing/docs/how-to/modify-project#enable_billing_for_a_project)
|
21
|
+
1. [Enable the API.](https://console.cloud.google.com/apis/library/cloudkms.googleapis.com)
|
21
22
|
1. {file:AUTHENTICATION.md Set up authentication.}
|
22
23
|
|
23
24
|
## Quick Start
|
@@ -33,6 +34,9 @@ response = client.list_key_rings request
|
|
33
34
|
View the [Client Library Documentation](https://googleapis.dev/ruby/google-cloud-kms-v1/latest)
|
34
35
|
for class and method documentation.
|
35
36
|
|
37
|
+
See also the [Product Documentation](https://cloud.google.com/kms)
|
38
|
+
for general usage information.
|
39
|
+
|
36
40
|
## Enabling Logging
|
37
41
|
|
38
42
|
To enable logging for this library, set the logger for the underlying [gRPC](https://github.com/grpc/grpc/tree/master/src/ruby) library.
|
data/lib/google/cloud/kms/v1.rb
CHANGED
@@ -474,7 +474,7 @@ module Google
|
|
474
474
|
|
475
475
|
config_attr :endpoint, "cloudkms.googleapis.com", ::String
|
476
476
|
config_attr :credentials, nil do |value|
|
477
|
-
allowed = [::String, ::Hash, ::Proc, ::Google::Auth::Credentials, ::Signet::OAuth2::Client, nil]
|
477
|
+
allowed = [::String, ::Hash, ::Proc, ::Symbol, ::Google::Auth::Credentials, ::Signet::OAuth2::Client, nil]
|
478
478
|
allowed += [::GRPC::Core::Channel, ::GRPC::Core::ChannelCredentials] if defined? ::GRPC
|
479
479
|
allowed.any? { |klass| klass === value }
|
480
480
|
end
|
@@ -514,7 +514,7 @@ module Google
|
|
514
514
|
# Each configuration object is of type `Gapic::Config::Method` and includes
|
515
515
|
# the following configuration fields:
|
516
516
|
#
|
517
|
-
# * `timeout` (*type:* `Numeric`) - The call timeout in
|
517
|
+
# * `timeout` (*type:* `Numeric`) - The call timeout in seconds
|
518
518
|
# * `metadata` (*type:* `Hash{Symbol=>String}`) - Additional gRPC headers
|
519
519
|
# * `retry_policy (*type:* `Hash`) - The retry policy. The policy fields
|
520
520
|
# include the following keys:
|
@@ -81,7 +81,7 @@ module Google
|
|
81
81
|
initial_delay: 0.1,
|
82
82
|
max_delay: 60.0,
|
83
83
|
multiplier: 1.3,
|
84
|
-
retry_codes: [
|
84
|
+
retry_codes: [13, 14, 4]
|
85
85
|
}
|
86
86
|
|
87
87
|
default_config.rpcs.list_crypto_keys.timeout = 60.0
|
@@ -89,7 +89,7 @@ module Google
|
|
89
89
|
initial_delay: 0.1,
|
90
90
|
max_delay: 60.0,
|
91
91
|
multiplier: 1.3,
|
92
|
-
retry_codes: [
|
92
|
+
retry_codes: [13, 14, 4]
|
93
93
|
}
|
94
94
|
|
95
95
|
default_config.rpcs.list_crypto_key_versions.timeout = 60.0
|
@@ -97,7 +97,7 @@ module Google
|
|
97
97
|
initial_delay: 0.1,
|
98
98
|
max_delay: 60.0,
|
99
99
|
multiplier: 1.3,
|
100
|
-
retry_codes: [
|
100
|
+
retry_codes: [13, 14, 4]
|
101
101
|
}
|
102
102
|
|
103
103
|
default_config.rpcs.list_import_jobs.timeout = 60.0
|
@@ -105,7 +105,7 @@ module Google
|
|
105
105
|
initial_delay: 0.1,
|
106
106
|
max_delay: 60.0,
|
107
107
|
multiplier: 1.3,
|
108
|
-
retry_codes: [
|
108
|
+
retry_codes: [13, 14, 4]
|
109
109
|
}
|
110
110
|
|
111
111
|
default_config.rpcs.get_key_ring.timeout = 60.0
|
@@ -113,7 +113,7 @@ module Google
|
|
113
113
|
initial_delay: 0.1,
|
114
114
|
max_delay: 60.0,
|
115
115
|
multiplier: 1.3,
|
116
|
-
retry_codes: [
|
116
|
+
retry_codes: [13, 14, 4]
|
117
117
|
}
|
118
118
|
|
119
119
|
default_config.rpcs.get_crypto_key.timeout = 60.0
|
@@ -121,7 +121,7 @@ module Google
|
|
121
121
|
initial_delay: 0.1,
|
122
122
|
max_delay: 60.0,
|
123
123
|
multiplier: 1.3,
|
124
|
-
retry_codes: [
|
124
|
+
retry_codes: [13, 14, 4]
|
125
125
|
}
|
126
126
|
|
127
127
|
default_config.rpcs.get_crypto_key_version.timeout = 60.0
|
@@ -129,7 +129,7 @@ module Google
|
|
129
129
|
initial_delay: 0.1,
|
130
130
|
max_delay: 60.0,
|
131
131
|
multiplier: 1.3,
|
132
|
-
retry_codes: [
|
132
|
+
retry_codes: [13, 14, 4]
|
133
133
|
}
|
134
134
|
|
135
135
|
default_config.rpcs.get_public_key.timeout = 60.0
|
@@ -137,7 +137,7 @@ module Google
|
|
137
137
|
initial_delay: 0.1,
|
138
138
|
max_delay: 60.0,
|
139
139
|
multiplier: 1.3,
|
140
|
-
retry_codes: [
|
140
|
+
retry_codes: [13, 14, 4]
|
141
141
|
}
|
142
142
|
|
143
143
|
default_config.rpcs.get_import_job.timeout = 60.0
|
@@ -145,7 +145,7 @@ module Google
|
|
145
145
|
initial_delay: 0.1,
|
146
146
|
max_delay: 60.0,
|
147
147
|
multiplier: 1.3,
|
148
|
-
retry_codes: [
|
148
|
+
retry_codes: [13, 14, 4]
|
149
149
|
}
|
150
150
|
|
151
151
|
default_config.rpcs.create_key_ring.timeout = 60.0
|
@@ -153,7 +153,7 @@ module Google
|
|
153
153
|
initial_delay: 0.1,
|
154
154
|
max_delay: 60.0,
|
155
155
|
multiplier: 1.3,
|
156
|
-
retry_codes: [
|
156
|
+
retry_codes: [13, 14, 4]
|
157
157
|
}
|
158
158
|
|
159
159
|
default_config.rpcs.create_crypto_key.timeout = 60.0
|
@@ -161,7 +161,7 @@ module Google
|
|
161
161
|
initial_delay: 0.1,
|
162
162
|
max_delay: 60.0,
|
163
163
|
multiplier: 1.3,
|
164
|
-
retry_codes: [
|
164
|
+
retry_codes: [13, 14, 4]
|
165
165
|
}
|
166
166
|
|
167
167
|
default_config.rpcs.create_crypto_key_version.timeout = 60.0
|
@@ -173,7 +173,7 @@ module Google
|
|
173
173
|
initial_delay: 0.1,
|
174
174
|
max_delay: 60.0,
|
175
175
|
multiplier: 1.3,
|
176
|
-
retry_codes: [
|
176
|
+
retry_codes: [13, 14, 4]
|
177
177
|
}
|
178
178
|
|
179
179
|
default_config.rpcs.update_crypto_key.timeout = 60.0
|
@@ -181,7 +181,7 @@ module Google
|
|
181
181
|
initial_delay: 0.1,
|
182
182
|
max_delay: 60.0,
|
183
183
|
multiplier: 1.3,
|
184
|
-
retry_codes: [
|
184
|
+
retry_codes: [13, 14, 4]
|
185
185
|
}
|
186
186
|
|
187
187
|
default_config.rpcs.update_crypto_key_version.timeout = 60.0
|
@@ -189,7 +189,7 @@ module Google
|
|
189
189
|
initial_delay: 0.1,
|
190
190
|
max_delay: 60.0,
|
191
191
|
multiplier: 1.3,
|
192
|
-
retry_codes: [
|
192
|
+
retry_codes: [13, 14, 4]
|
193
193
|
}
|
194
194
|
|
195
195
|
default_config.rpcs.encrypt.timeout = 60.0
|
@@ -197,7 +197,7 @@ module Google
|
|
197
197
|
initial_delay: 0.1,
|
198
198
|
max_delay: 60.0,
|
199
199
|
multiplier: 1.3,
|
200
|
-
retry_codes: [
|
200
|
+
retry_codes: [13, 14, 4]
|
201
201
|
}
|
202
202
|
|
203
203
|
default_config.rpcs.decrypt.timeout = 60.0
|
@@ -205,7 +205,7 @@ module Google
|
|
205
205
|
initial_delay: 0.1,
|
206
206
|
max_delay: 60.0,
|
207
207
|
multiplier: 1.3,
|
208
|
-
retry_codes: [
|
208
|
+
retry_codes: [13, 14, 4]
|
209
209
|
}
|
210
210
|
|
211
211
|
default_config.rpcs.asymmetric_sign.timeout = 60.0
|
@@ -213,7 +213,7 @@ module Google
|
|
213
213
|
initial_delay: 0.1,
|
214
214
|
max_delay: 60.0,
|
215
215
|
multiplier: 1.3,
|
216
|
-
retry_codes: [
|
216
|
+
retry_codes: [13, 14, 4]
|
217
217
|
}
|
218
218
|
|
219
219
|
default_config.rpcs.asymmetric_decrypt.timeout = 60.0
|
@@ -221,7 +221,7 @@ module Google
|
|
221
221
|
initial_delay: 0.1,
|
222
222
|
max_delay: 60.0,
|
223
223
|
multiplier: 1.3,
|
224
|
-
retry_codes: [
|
224
|
+
retry_codes: [13, 14, 4]
|
225
225
|
}
|
226
226
|
|
227
227
|
default_config.rpcs.update_crypto_key_primary_version.timeout = 60.0
|
@@ -229,7 +229,7 @@ module Google
|
|
229
229
|
initial_delay: 0.1,
|
230
230
|
max_delay: 60.0,
|
231
231
|
multiplier: 1.3,
|
232
|
-
retry_codes: [
|
232
|
+
retry_codes: [13, 14, 4]
|
233
233
|
}
|
234
234
|
|
235
235
|
default_config.rpcs.destroy_crypto_key_version.timeout = 60.0
|
@@ -237,7 +237,7 @@ module Google
|
|
237
237
|
initial_delay: 0.1,
|
238
238
|
max_delay: 60.0,
|
239
239
|
multiplier: 1.3,
|
240
|
-
retry_codes: [
|
240
|
+
retry_codes: [13, 14, 4]
|
241
241
|
}
|
242
242
|
|
243
243
|
default_config.rpcs.restore_crypto_key_version.timeout = 60.0
|
@@ -245,7 +245,7 @@ module Google
|
|
245
245
|
initial_delay: 0.1,
|
246
246
|
max_delay: 60.0,
|
247
247
|
multiplier: 1.3,
|
248
|
-
retry_codes: [
|
248
|
+
retry_codes: [13, 14, 4]
|
249
249
|
}
|
250
250
|
|
251
251
|
default_config
|
@@ -1572,7 +1572,7 @@ module Google
|
|
1572
1572
|
# @param options [::Gapic::CallOptions, ::Hash]
|
1573
1573
|
# Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
|
1574
1574
|
#
|
1575
|
-
# @overload encrypt(name: nil, plaintext: nil, additional_authenticated_data: nil)
|
1575
|
+
# @overload encrypt(name: nil, plaintext: nil, additional_authenticated_data: nil, plaintext_crc32c: nil, additional_authenticated_data_crc32c: nil)
|
1576
1576
|
# Pass arguments to `encrypt` via keyword arguments. Note that at
|
1577
1577
|
# least one keyword argument is required. To specify no parameters, or to keep all
|
1578
1578
|
# the default parameter values, pass an empty Hash as a request object (see above).
|
@@ -1602,6 +1602,39 @@ module Google
|
|
1602
1602
|
# 64KiB. For {::Google::Cloud::Kms::V1::ProtectionLevel::HSM HSM} keys, the combined length of the
|
1603
1603
|
# plaintext and additional_authenticated_data fields must be no larger than
|
1604
1604
|
# 8KiB.
|
1605
|
+
# @param plaintext_crc32c [::Google::Protobuf::Int64Value, ::Hash]
|
1606
|
+
# Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::EncryptRequest#plaintext EncryptRequest.plaintext}. If
|
1607
|
+
# specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the
|
1608
|
+
# received {::Google::Cloud::Kms::V1::EncryptRequest#plaintext EncryptRequest.plaintext} using this checksum.
|
1609
|
+
# {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
|
1610
|
+
# fails. If you receive a checksum error, your client should verify that
|
1611
|
+
# CRC32C({::Google::Cloud::Kms::V1::EncryptRequest#plaintext EncryptRequest.plaintext}) is equal to
|
1612
|
+
# {::Google::Cloud::Kms::V1::EncryptRequest#plaintext_crc32c EncryptRequest.plaintext_crc32c}, and if so, perform a limited number of
|
1613
|
+
# retries. A persistent mismatch may indicate an issue in your computation of
|
1614
|
+
# the CRC32C checksum.
|
1615
|
+
# Note: This field is defined as int64 for reasons of compatibility across
|
1616
|
+
# different languages. However, it is a non-negative integer, which will
|
1617
|
+
# never exceed 2^32-1, and can be safely downconverted to uint32 in languages
|
1618
|
+
# that support this type.
|
1619
|
+
#
|
1620
|
+
# NOTE: This field is in Beta.
|
1621
|
+
# @param additional_authenticated_data_crc32c [::Google::Protobuf::Int64Value, ::Hash]
|
1622
|
+
# Optional. An optional CRC32C checksum of the
|
1623
|
+
# {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data EncryptRequest.additional_authenticated_data}. If specified,
|
1624
|
+
# {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the received
|
1625
|
+
# {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data EncryptRequest.additional_authenticated_data} using this checksum.
|
1626
|
+
# {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
|
1627
|
+
# fails. If you receive a checksum error, your client should verify that
|
1628
|
+
# CRC32C({::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data EncryptRequest.additional_authenticated_data}) is equal to
|
1629
|
+
# {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data_crc32c EncryptRequest.additional_authenticated_data_crc32c}, and if so, perform
|
1630
|
+
# a limited number of retries. A persistent mismatch may indicate an issue in
|
1631
|
+
# your computation of the CRC32C checksum.
|
1632
|
+
# Note: This field is defined as int64 for reasons of compatibility across
|
1633
|
+
# different languages. However, it is a non-negative integer, which will
|
1634
|
+
# never exceed 2^32-1, and can be safely downconverted to uint32 in languages
|
1635
|
+
# that support this type.
|
1636
|
+
#
|
1637
|
+
# NOTE: This field is in Beta.
|
1605
1638
|
#
|
1606
1639
|
# @yield [response, operation] Access the result along with the RPC operation
|
1607
1640
|
# @yieldparam response [::Google::Cloud::Kms::V1::EncryptResponse]
|
@@ -1662,7 +1695,7 @@ module Google
|
|
1662
1695
|
# @param options [::Gapic::CallOptions, ::Hash]
|
1663
1696
|
# Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
|
1664
1697
|
#
|
1665
|
-
# @overload decrypt(name: nil, ciphertext: nil, additional_authenticated_data: nil)
|
1698
|
+
# @overload decrypt(name: nil, ciphertext: nil, additional_authenticated_data: nil, ciphertext_crc32c: nil, additional_authenticated_data_crc32c: nil)
|
1666
1699
|
# Pass arguments to `decrypt` via keyword arguments. Note that at
|
1667
1700
|
# least one keyword argument is required. To specify no parameters, or to keep all
|
1668
1701
|
# the default parameter values, pass an empty Hash as a request object (see above).
|
@@ -1676,6 +1709,39 @@ module Google
|
|
1676
1709
|
# @param additional_authenticated_data [::String]
|
1677
1710
|
# Optional. Optional data that must match the data originally supplied in
|
1678
1711
|
# {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data EncryptRequest.additional_authenticated_data}.
|
1712
|
+
# @param ciphertext_crc32c [::Google::Protobuf::Int64Value, ::Hash]
|
1713
|
+
# Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::DecryptRequest#ciphertext DecryptRequest.ciphertext}. If
|
1714
|
+
# specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the
|
1715
|
+
# received {::Google::Cloud::Kms::V1::DecryptRequest#ciphertext DecryptRequest.ciphertext} using this checksum.
|
1716
|
+
# {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
|
1717
|
+
# fails. If you receive a checksum error, your client should verify that
|
1718
|
+
# CRC32C({::Google::Cloud::Kms::V1::DecryptRequest#ciphertext DecryptRequest.ciphertext}) is equal to
|
1719
|
+
# {::Google::Cloud::Kms::V1::DecryptRequest#ciphertext_crc32c DecryptRequest.ciphertext_crc32c}, and if so, perform a limited number
|
1720
|
+
# of retries. A persistent mismatch may indicate an issue in your computation
|
1721
|
+
# of the CRC32C checksum.
|
1722
|
+
# Note: This field is defined as int64 for reasons of compatibility across
|
1723
|
+
# different languages. However, it is a non-negative integer, which will
|
1724
|
+
# never exceed 2^32-1, and can be safely downconverted to uint32 in languages
|
1725
|
+
# that support this type.
|
1726
|
+
#
|
1727
|
+
# NOTE: This field is in Beta.
|
1728
|
+
# @param additional_authenticated_data_crc32c [::Google::Protobuf::Int64Value, ::Hash]
|
1729
|
+
# Optional. An optional CRC32C checksum of the
|
1730
|
+
# {::Google::Cloud::Kms::V1::DecryptRequest#additional_authenticated_data DecryptRequest.additional_authenticated_data}. If specified,
|
1731
|
+
# {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the received
|
1732
|
+
# {::Google::Cloud::Kms::V1::DecryptRequest#additional_authenticated_data DecryptRequest.additional_authenticated_data} using this checksum.
|
1733
|
+
# {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
|
1734
|
+
# fails. If you receive a checksum error, your client should verify that
|
1735
|
+
# CRC32C({::Google::Cloud::Kms::V1::DecryptRequest#additional_authenticated_data DecryptRequest.additional_authenticated_data}) is equal to
|
1736
|
+
# {::Google::Cloud::Kms::V1::DecryptRequest#additional_authenticated_data_crc32c DecryptRequest.additional_authenticated_data_crc32c}, and if so, perform
|
1737
|
+
# a limited number of retries. A persistent mismatch may indicate an issue in
|
1738
|
+
# your computation of the CRC32C checksum.
|
1739
|
+
# Note: This field is defined as int64 for reasons of compatibility across
|
1740
|
+
# different languages. However, it is a non-negative integer, which will
|
1741
|
+
# never exceed 2^32-1, and can be safely downconverted to uint32 in languages
|
1742
|
+
# that support this type.
|
1743
|
+
#
|
1744
|
+
# NOTE: This field is in Beta.
|
1679
1745
|
#
|
1680
1746
|
# @yield [response, operation] Access the result along with the RPC operation
|
1681
1747
|
# @yieldparam response [::Google::Cloud::Kms::V1::DecryptResponse]
|
@@ -1737,7 +1803,7 @@ module Google
|
|
1737
1803
|
# @param options [::Gapic::CallOptions, ::Hash]
|
1738
1804
|
# Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
|
1739
1805
|
#
|
1740
|
-
# @overload asymmetric_sign(name: nil, digest: nil)
|
1806
|
+
# @overload asymmetric_sign(name: nil, digest: nil, digest_crc32c: nil)
|
1741
1807
|
# Pass arguments to `asymmetric_sign` via keyword arguments. Note that at
|
1742
1808
|
# least one keyword argument is required. To specify no parameters, or to keep all
|
1743
1809
|
# the default parameter values, pass an empty Hash as a request object (see above).
|
@@ -1748,6 +1814,22 @@ module Google
|
|
1748
1814
|
# Required. The digest of the data to sign. The digest must be produced with
|
1749
1815
|
# the same digest algorithm as specified by the key version's
|
1750
1816
|
# {::Google::Cloud::Kms::V1::CryptoKeyVersion#algorithm algorithm}.
|
1817
|
+
# @param digest_crc32c [::Google::Protobuf::Int64Value, ::Hash]
|
1818
|
+
# Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest AsymmetricSignRequest.digest}. If
|
1819
|
+
# specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the
|
1820
|
+
# received {::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest AsymmetricSignRequest.digest} using this checksum.
|
1821
|
+
# {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
|
1822
|
+
# fails. If you receive a checksum error, your client should verify that
|
1823
|
+
# CRC32C({::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest AsymmetricSignRequest.digest}) is equal to
|
1824
|
+
# {::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest_crc32c AsymmetricSignRequest.digest_crc32c}, and if so, perform a limited
|
1825
|
+
# number of retries. A persistent mismatch may indicate an issue in your
|
1826
|
+
# computation of the CRC32C checksum.
|
1827
|
+
# Note: This field is defined as int64 for reasons of compatibility across
|
1828
|
+
# different languages. However, it is a non-negative integer, which will
|
1829
|
+
# never exceed 2^32-1, and can be safely downconverted to uint32 in languages
|
1830
|
+
# that support this type.
|
1831
|
+
#
|
1832
|
+
# NOTE: This field is in Beta.
|
1751
1833
|
#
|
1752
1834
|
# @yield [response, operation] Access the result along with the RPC operation
|
1753
1835
|
# @yieldparam response [::Google::Cloud::Kms::V1::AsymmetricSignResponse]
|
@@ -1809,7 +1891,7 @@ module Google
|
|
1809
1891
|
# @param options [::Gapic::CallOptions, ::Hash]
|
1810
1892
|
# Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
|
1811
1893
|
#
|
1812
|
-
# @overload asymmetric_decrypt(name: nil, ciphertext: nil)
|
1894
|
+
# @overload asymmetric_decrypt(name: nil, ciphertext: nil, ciphertext_crc32c: nil)
|
1813
1895
|
# Pass arguments to `asymmetric_decrypt` via keyword arguments. Note that at
|
1814
1896
|
# least one keyword argument is required. To specify no parameters, or to keep all
|
1815
1897
|
# the default parameter values, pass an empty Hash as a request object (see above).
|
@@ -1820,6 +1902,22 @@ module Google
|
|
1820
1902
|
# @param ciphertext [::String]
|
1821
1903
|
# Required. The data encrypted with the named {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}'s public
|
1822
1904
|
# key using OAEP.
|
1905
|
+
# @param ciphertext_crc32c [::Google::Protobuf::Int64Value, ::Hash]
|
1906
|
+
# Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext AsymmetricDecryptRequest.ciphertext}.
|
1907
|
+
# If specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the
|
1908
|
+
# received {::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext AsymmetricDecryptRequest.ciphertext} using this checksum.
|
1909
|
+
# {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
|
1910
|
+
# fails. If you receive a checksum error, your client should verify that
|
1911
|
+
# CRC32C({::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext AsymmetricDecryptRequest.ciphertext}) is equal to
|
1912
|
+
# {::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext_crc32c AsymmetricDecryptRequest.ciphertext_crc32c}, and if so, perform a
|
1913
|
+
# limited number of retries. A persistent mismatch may indicate an issue in
|
1914
|
+
# your computation of the CRC32C checksum.
|
1915
|
+
# Note: This field is defined as int64 for reasons of compatibility across
|
1916
|
+
# different languages. However, it is a non-negative integer, which will
|
1917
|
+
# never exceed 2^32-1, and can be safely downconverted to uint32 in languages
|
1918
|
+
# that support this type.
|
1919
|
+
#
|
1920
|
+
# NOTE: This field is in Beta.
|
1823
1921
|
#
|
1824
1922
|
# @yield [response, operation] Access the result along with the RPC operation
|
1825
1923
|
# @yieldparam response [::Google::Cloud::Kms::V1::AsymmetricDecryptResponse]
|
@@ -2170,7 +2268,7 @@ module Google
|
|
2170
2268
|
|
2171
2269
|
config_attr :endpoint, "cloudkms.googleapis.com", ::String
|
2172
2270
|
config_attr :credentials, nil do |value|
|
2173
|
-
allowed = [::String, ::Hash, ::Proc, ::Google::Auth::Credentials, ::Signet::OAuth2::Client, nil]
|
2271
|
+
allowed = [::String, ::Hash, ::Proc, ::Symbol, ::Google::Auth::Credentials, ::Signet::OAuth2::Client, nil]
|
2174
2272
|
allowed += [::GRPC::Core::Channel, ::GRPC::Core::ChannelCredentials] if defined? ::GRPC
|
2175
2273
|
allowed.any? { |klass| klass === value }
|
2176
2274
|
end
|
@@ -2210,7 +2308,7 @@ module Google
|
|
2210
2308
|
# Each configuration object is of type `Gapic::Config::Method` and includes
|
2211
2309
|
# the following configuration fields:
|
2212
2310
|
#
|
2213
|
-
# * `timeout` (*type:* `Numeric`) - The call timeout in
|
2311
|
+
# * `timeout` (*type:* `Numeric`) - The call timeout in seconds
|
2214
2312
|
# * `metadata` (*type:* `Hash{Symbol=>String}`) - Additional gRPC headers
|
2215
2313
|
# * `retry_policy (*type:* `Hash`) - The retry policy. The policy fields
|
2216
2314
|
# include the following keys:
|
@@ -7,6 +7,7 @@ require 'google/api/field_behavior_pb'
|
|
7
7
|
require 'google/api/resource_pb'
|
8
8
|
require 'google/protobuf/duration_pb'
|
9
9
|
require 'google/protobuf/timestamp_pb'
|
10
|
+
require 'google/protobuf/wrappers_pb'
|
10
11
|
require 'google/api/annotations_pb'
|
11
12
|
Google::Protobuf::DescriptorPool.generated_pool.build do
|
12
13
|
add_file("google/cloud/kms/v1/resources.proto", :syntax => :proto3) do
|
@@ -96,6 +97,8 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
96
97
|
add_message "google.cloud.kms.v1.PublicKey" do
|
97
98
|
optional :pem, :string, 1
|
98
99
|
optional :algorithm, :enum, 2, "google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm"
|
100
|
+
optional :pem_crc32c, :message, 3, "google.protobuf.Int64Value"
|
101
|
+
optional :name, :string, 4
|
99
102
|
end
|
100
103
|
add_message "google.cloud.kms.v1.ImportJob" do
|
101
104
|
optional :name, :string, 1
|
@@ -9,6 +9,7 @@ require 'google/api/field_behavior_pb'
|
|
9
9
|
require 'google/api/resource_pb'
|
10
10
|
require 'google/cloud/kms/v1/resources_pb'
|
11
11
|
require 'google/protobuf/field_mask_pb'
|
12
|
+
require 'google/protobuf/wrappers_pb'
|
12
13
|
Google::Protobuf::DescriptorPool.generated_pool.build do
|
13
14
|
add_file("google/cloud/kms/v1/service.proto", :syntax => :proto3) do
|
14
15
|
add_message "google.cloud.kms.v1.ListKeyRingsRequest" do
|
@@ -116,32 +117,47 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
116
117
|
optional :name, :string, 1
|
117
118
|
optional :plaintext, :bytes, 2
|
118
119
|
optional :additional_authenticated_data, :bytes, 3
|
120
|
+
optional :plaintext_crc32c, :message, 7, "google.protobuf.Int64Value"
|
121
|
+
optional :additional_authenticated_data_crc32c, :message, 8, "google.protobuf.Int64Value"
|
119
122
|
end
|
120
123
|
add_message "google.cloud.kms.v1.DecryptRequest" do
|
121
124
|
optional :name, :string, 1
|
122
125
|
optional :ciphertext, :bytes, 2
|
123
126
|
optional :additional_authenticated_data, :bytes, 3
|
127
|
+
optional :ciphertext_crc32c, :message, 5, "google.protobuf.Int64Value"
|
128
|
+
optional :additional_authenticated_data_crc32c, :message, 6, "google.protobuf.Int64Value"
|
124
129
|
end
|
125
130
|
add_message "google.cloud.kms.v1.AsymmetricSignRequest" do
|
126
131
|
optional :name, :string, 1
|
127
132
|
optional :digest, :message, 3, "google.cloud.kms.v1.Digest"
|
133
|
+
optional :digest_crc32c, :message, 4, "google.protobuf.Int64Value"
|
128
134
|
end
|
129
135
|
add_message "google.cloud.kms.v1.AsymmetricDecryptRequest" do
|
130
136
|
optional :name, :string, 1
|
131
137
|
optional :ciphertext, :bytes, 3
|
138
|
+
optional :ciphertext_crc32c, :message, 4, "google.protobuf.Int64Value"
|
132
139
|
end
|
133
140
|
add_message "google.cloud.kms.v1.DecryptResponse" do
|
134
141
|
optional :plaintext, :bytes, 1
|
142
|
+
optional :plaintext_crc32c, :message, 2, "google.protobuf.Int64Value"
|
135
143
|
end
|
136
144
|
add_message "google.cloud.kms.v1.EncryptResponse" do
|
137
145
|
optional :name, :string, 1
|
138
146
|
optional :ciphertext, :bytes, 2
|
147
|
+
optional :ciphertext_crc32c, :message, 4, "google.protobuf.Int64Value"
|
148
|
+
optional :verified_plaintext_crc32c, :bool, 5
|
149
|
+
optional :verified_additional_authenticated_data_crc32c, :bool, 6
|
139
150
|
end
|
140
151
|
add_message "google.cloud.kms.v1.AsymmetricSignResponse" do
|
141
152
|
optional :signature, :bytes, 1
|
153
|
+
optional :signature_crc32c, :message, 2, "google.protobuf.Int64Value"
|
154
|
+
optional :verified_digest_crc32c, :bool, 3
|
155
|
+
optional :name, :string, 4
|
142
156
|
end
|
143
157
|
add_message "google.cloud.kms.v1.AsymmetricDecryptResponse" do
|
144
158
|
optional :plaintext, :bytes, 1
|
159
|
+
optional :plaintext_crc32c, :message, 2, "google.protobuf.Int64Value"
|
160
|
+
optional :verified_ciphertext_crc32c, :bool, 3
|
145
161
|
end
|
146
162
|
add_message "google.cloud.kms.v1.UpdateCryptoKeyPrimaryVersionRequest" do
|
147
163
|
optional :name, :string, 1
|
@@ -45,53 +45,53 @@ module Google
|
|
45
45
|
self.service_name = 'google.cloud.kms.v1.KeyManagementService'
|
46
46
|
|
47
47
|
# Lists [KeyRings][google.cloud.kms.v1.KeyRing].
|
48
|
-
rpc :ListKeyRings, ListKeyRingsRequest, ListKeyRingsResponse
|
48
|
+
rpc :ListKeyRings, ::Google::Cloud::Kms::V1::ListKeyRingsRequest, ::Google::Cloud::Kms::V1::ListKeyRingsResponse
|
49
49
|
# Lists [CryptoKeys][google.cloud.kms.v1.CryptoKey].
|
50
|
-
rpc :ListCryptoKeys, ListCryptoKeysRequest, ListCryptoKeysResponse
|
50
|
+
rpc :ListCryptoKeys, ::Google::Cloud::Kms::V1::ListCryptoKeysRequest, ::Google::Cloud::Kms::V1::ListCryptoKeysResponse
|
51
51
|
# Lists [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion].
|
52
|
-
rpc :ListCryptoKeyVersions, ListCryptoKeyVersionsRequest, ListCryptoKeyVersionsResponse
|
52
|
+
rpc :ListCryptoKeyVersions, ::Google::Cloud::Kms::V1::ListCryptoKeyVersionsRequest, ::Google::Cloud::Kms::V1::ListCryptoKeyVersionsResponse
|
53
53
|
# Lists [ImportJobs][google.cloud.kms.v1.ImportJob].
|
54
|
-
rpc :ListImportJobs, ListImportJobsRequest, ListImportJobsResponse
|
54
|
+
rpc :ListImportJobs, ::Google::Cloud::Kms::V1::ListImportJobsRequest, ::Google::Cloud::Kms::V1::ListImportJobsResponse
|
55
55
|
# Returns metadata for a given [KeyRing][google.cloud.kms.v1.KeyRing].
|
56
|
-
rpc :GetKeyRing, GetKeyRingRequest, KeyRing
|
56
|
+
rpc :GetKeyRing, ::Google::Cloud::Kms::V1::GetKeyRingRequest, ::Google::Cloud::Kms::V1::KeyRing
|
57
57
|
# Returns metadata for a given [CryptoKey][google.cloud.kms.v1.CryptoKey], as well as its
|
58
58
|
# [primary][google.cloud.kms.v1.CryptoKey.primary] [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
|
59
|
-
rpc :GetCryptoKey, GetCryptoKeyRequest, CryptoKey
|
59
|
+
rpc :GetCryptoKey, ::Google::Cloud::Kms::V1::GetCryptoKeyRequest, ::Google::Cloud::Kms::V1::CryptoKey
|
60
60
|
# Returns metadata for a given [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
|
61
|
-
rpc :GetCryptoKeyVersion, GetCryptoKeyVersionRequest, CryptoKeyVersion
|
61
|
+
rpc :GetCryptoKeyVersion, ::Google::Cloud::Kms::V1::GetCryptoKeyVersionRequest, ::Google::Cloud::Kms::V1::CryptoKeyVersion
|
62
62
|
# Returns the public key for the given [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. The
|
63
63
|
# [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
|
64
64
|
# [ASYMMETRIC_SIGN][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN] or
|
65
65
|
# [ASYMMETRIC_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_DECRYPT].
|
66
|
-
rpc :GetPublicKey, GetPublicKeyRequest, PublicKey
|
66
|
+
rpc :GetPublicKey, ::Google::Cloud::Kms::V1::GetPublicKeyRequest, ::Google::Cloud::Kms::V1::PublicKey
|
67
67
|
# Returns metadata for a given [ImportJob][google.cloud.kms.v1.ImportJob].
|
68
|
-
rpc :GetImportJob, GetImportJobRequest, ImportJob
|
68
|
+
rpc :GetImportJob, ::Google::Cloud::Kms::V1::GetImportJobRequest, ::Google::Cloud::Kms::V1::ImportJob
|
69
69
|
# Create a new [KeyRing][google.cloud.kms.v1.KeyRing] in a given Project and Location.
|
70
|
-
rpc :CreateKeyRing, CreateKeyRingRequest, KeyRing
|
70
|
+
rpc :CreateKeyRing, ::Google::Cloud::Kms::V1::CreateKeyRingRequest, ::Google::Cloud::Kms::V1::KeyRing
|
71
71
|
# Create a new [CryptoKey][google.cloud.kms.v1.CryptoKey] within a [KeyRing][google.cloud.kms.v1.KeyRing].
|
72
72
|
#
|
73
73
|
# [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] and
|
74
74
|
# [CryptoKey.version_template.algorithm][google.cloud.kms.v1.CryptoKeyVersionTemplate.algorithm]
|
75
75
|
# are required.
|
76
|
-
rpc :CreateCryptoKey, CreateCryptoKeyRequest, CryptoKey
|
76
|
+
rpc :CreateCryptoKey, ::Google::Cloud::Kms::V1::CreateCryptoKeyRequest, ::Google::Cloud::Kms::V1::CryptoKey
|
77
77
|
# Create a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in a [CryptoKey][google.cloud.kms.v1.CryptoKey].
|
78
78
|
#
|
79
79
|
# The server will assign the next sequential id. If unset,
|
80
80
|
# [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to
|
81
81
|
# [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED].
|
82
|
-
rpc :CreateCryptoKeyVersion, CreateCryptoKeyVersionRequest, CryptoKeyVersion
|
82
|
+
rpc :CreateCryptoKeyVersion, ::Google::Cloud::Kms::V1::CreateCryptoKeyVersionRequest, ::Google::Cloud::Kms::V1::CryptoKeyVersion
|
83
83
|
# Imports a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] into an existing [CryptoKey][google.cloud.kms.v1.CryptoKey] using the
|
84
84
|
# wrapped key material provided in the request.
|
85
85
|
#
|
86
86
|
# The version ID will be assigned the next sequential id within the
|
87
87
|
# [CryptoKey][google.cloud.kms.v1.CryptoKey].
|
88
|
-
rpc :ImportCryptoKeyVersion, ImportCryptoKeyVersionRequest, CryptoKeyVersion
|
88
|
+
rpc :ImportCryptoKeyVersion, ::Google::Cloud::Kms::V1::ImportCryptoKeyVersionRequest, ::Google::Cloud::Kms::V1::CryptoKeyVersion
|
89
89
|
# Create a new [ImportJob][google.cloud.kms.v1.ImportJob] within a [KeyRing][google.cloud.kms.v1.KeyRing].
|
90
90
|
#
|
91
91
|
# [ImportJob.import_method][google.cloud.kms.v1.ImportJob.import_method] is required.
|
92
|
-
rpc :CreateImportJob, CreateImportJobRequest, ImportJob
|
92
|
+
rpc :CreateImportJob, ::Google::Cloud::Kms::V1::CreateImportJobRequest, ::Google::Cloud::Kms::V1::ImportJob
|
93
93
|
# Update a [CryptoKey][google.cloud.kms.v1.CryptoKey].
|
94
|
-
rpc :UpdateCryptoKey, UpdateCryptoKeyRequest, CryptoKey
|
94
|
+
rpc :UpdateCryptoKey, ::Google::Cloud::Kms::V1::UpdateCryptoKeyRequest, ::Google::Cloud::Kms::V1::CryptoKey
|
95
95
|
# Update a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s metadata.
|
96
96
|
#
|
97
97
|
# [state][google.cloud.kms.v1.CryptoKeyVersion.state] may be changed between
|
@@ -99,26 +99,26 @@ module Google
|
|
99
99
|
# [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED] using this
|
100
100
|
# method. See [DestroyCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion] and [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion] to
|
101
101
|
# move between other states.
|
102
|
-
rpc :UpdateCryptoKeyVersion, UpdateCryptoKeyVersionRequest, CryptoKeyVersion
|
102
|
+
rpc :UpdateCryptoKeyVersion, ::Google::Cloud::Kms::V1::UpdateCryptoKeyVersionRequest, ::Google::Cloud::Kms::V1::CryptoKeyVersion
|
103
103
|
# Encrypts data, so that it can only be recovered by a call to [Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt].
|
104
104
|
# The [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
|
105
105
|
# [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
|
106
|
-
rpc :Encrypt, EncryptRequest, EncryptResponse
|
106
|
+
rpc :Encrypt, ::Google::Cloud::Kms::V1::EncryptRequest, ::Google::Cloud::Kms::V1::EncryptResponse
|
107
107
|
# Decrypts data that was protected by [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. The [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
|
108
108
|
# must be [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
|
109
|
-
rpc :Decrypt, DecryptRequest, DecryptResponse
|
109
|
+
rpc :Decrypt, ::Google::Cloud::Kms::V1::DecryptRequest, ::Google::Cloud::Kms::V1::DecryptResponse
|
110
110
|
# Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
|
111
111
|
# ASYMMETRIC_SIGN, producing a signature that can be verified with the public
|
112
112
|
# key retrieved from [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey].
|
113
|
-
rpc :AsymmetricSign, AsymmetricSignRequest, AsymmetricSignResponse
|
113
|
+
rpc :AsymmetricSign, ::Google::Cloud::Kms::V1::AsymmetricSignRequest, ::Google::Cloud::Kms::V1::AsymmetricSignResponse
|
114
114
|
# Decrypts data that was encrypted with a public key retrieved from
|
115
115
|
# [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey] corresponding to a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with
|
116
116
|
# [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] ASYMMETRIC_DECRYPT.
|
117
|
-
rpc :AsymmetricDecrypt, AsymmetricDecryptRequest, AsymmetricDecryptResponse
|
117
|
+
rpc :AsymmetricDecrypt, ::Google::Cloud::Kms::V1::AsymmetricDecryptRequest, ::Google::Cloud::Kms::V1::AsymmetricDecryptResponse
|
118
118
|
# Update the version of a [CryptoKey][google.cloud.kms.v1.CryptoKey] that will be used in [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt].
|
119
119
|
#
|
120
120
|
# Returns an error if called on an asymmetric key.
|
121
|
-
rpc :UpdateCryptoKeyPrimaryVersion, UpdateCryptoKeyPrimaryVersionRequest, CryptoKey
|
121
|
+
rpc :UpdateCryptoKeyPrimaryVersion, ::Google::Cloud::Kms::V1::UpdateCryptoKeyPrimaryVersionRequest, ::Google::Cloud::Kms::V1::CryptoKey
|
122
122
|
# Schedule a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] for destruction.
|
123
123
|
#
|
124
124
|
# Upon calling this method, [CryptoKeyVersion.state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to
|
@@ -131,7 +131,7 @@ module Google
|
|
131
131
|
#
|
132
132
|
# Before the [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] is reached,
|
133
133
|
# [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion] may be called to reverse the process.
|
134
|
-
rpc :DestroyCryptoKeyVersion, DestroyCryptoKeyVersionRequest, CryptoKeyVersion
|
134
|
+
rpc :DestroyCryptoKeyVersion, ::Google::Cloud::Kms::V1::DestroyCryptoKeyVersionRequest, ::Google::Cloud::Kms::V1::CryptoKeyVersion
|
135
135
|
# Restore a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in the
|
136
136
|
# [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED]
|
137
137
|
# state.
|
@@ -139,7 +139,7 @@ module Google
|
|
139
139
|
# Upon restoration of the CryptoKeyVersion, [state][google.cloud.kms.v1.CryptoKeyVersion.state]
|
140
140
|
# will be set to [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED],
|
141
141
|
# and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will be cleared.
|
142
|
-
rpc :RestoreCryptoKeyVersion, RestoreCryptoKeyVersionRequest, CryptoKeyVersion
|
142
|
+
rpc :RestoreCryptoKeyVersion, ::Google::Cloud::Kms::V1::RestoreCryptoKeyVersionRequest, ::Google::Cloud::Kms::V1::CryptoKeyVersion
|
143
143
|
end
|
144
144
|
|
145
145
|
Stub = Service.rpc_stub_class
|
@@ -59,11 +59,11 @@ module Google
|
|
59
59
|
|
60
60
|
# Sets the access control policy on the specified resource. Replaces any
|
61
61
|
# existing policy.
|
62
|
-
rpc :SetIamPolicy, SetIamPolicyRequest, Policy
|
62
|
+
rpc :SetIamPolicy, ::Google::Iam::V1::SetIamPolicyRequest, ::Google::Iam::V1::Policy
|
63
63
|
# Gets the access control policy for a resource.
|
64
64
|
# Returns an empty policy if the resource exists and does not have a policy
|
65
65
|
# set.
|
66
|
-
rpc :GetIamPolicy, GetIamPolicyRequest, Policy
|
66
|
+
rpc :GetIamPolicy, ::Google::Iam::V1::GetIamPolicyRequest, ::Google::Iam::V1::Policy
|
67
67
|
# Returns permissions that a caller has on the specified resource.
|
68
68
|
# If the resource does not exist, this will return an empty set of
|
69
69
|
# permissions, not a NOT_FOUND error.
|
@@ -71,7 +71,7 @@ module Google
|
|
71
71
|
# Note: This operation is designed to be used for building permission-aware
|
72
72
|
# UIs and command-line tools, not for authorization checking. This operation
|
73
73
|
# may "fail open" without warning.
|
74
|
-
rpc :TestIamPermissions, TestIamPermissionsRequest, TestIamPermissionsResponse
|
74
|
+
rpc :TestIamPermissions, ::Google::Iam::V1::TestIamPermissionsRequest, ::Google::Iam::V1::TestIamPermissionsResponse
|
75
75
|
end
|
76
76
|
|
77
77
|
Stub = Service.rpc_stub_class
|
@@ -43,12 +43,12 @@ module Google
|
|
43
43
|
#
|
44
44
|
# The ResourceDescriptor Yaml config will look like:
|
45
45
|
#
|
46
|
-
#
|
47
|
-
#
|
48
|
-
#
|
49
|
-
#
|
50
|
-
#
|
51
|
-
#
|
46
|
+
# resources:
|
47
|
+
# - type: "pubsub.googleapis.com/Topic"
|
48
|
+
# name_descriptor:
|
49
|
+
# - pattern: "projects/{project}/topics/{topic}"
|
50
|
+
# parent_type: "cloudresourcemanager.googleapis.com/Project"
|
51
|
+
# parent_name_extractor: "projects/{project}"
|
52
52
|
#
|
53
53
|
# Sometimes, resources have multiple patterns, typically because they can
|
54
54
|
# live under multiple parents.
|
@@ -183,15 +183,24 @@ module Google
|
|
183
183
|
# }
|
184
184
|
# @!attribute [rw] plural
|
185
185
|
# @return [::String]
|
186
|
-
# The plural name used in the resource name, such as
|
187
|
-
# the name of 'projects/\\{project}'
|
188
|
-
#
|
186
|
+
# The plural name used in the resource name and permission names, such as
|
187
|
+
# 'projects' for the resource name of 'projects/\\{project}' and the permission
|
188
|
+
# name of 'cloudresourcemanager.googleapis.com/projects.get'. It is the same
|
189
|
+
# concept of the `plural` field in k8s CRD spec
|
189
190
|
# https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions/
|
191
|
+
#
|
192
|
+
# Note: The plural form is required even for singleton resources. See
|
193
|
+
# https://aip.dev/156
|
190
194
|
# @!attribute [rw] singular
|
191
195
|
# @return [::String]
|
192
196
|
# The same concept of the `singular` field in k8s CRD spec
|
193
197
|
# https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions/
|
194
198
|
# Such as "project" for the `resourcemanager.googleapis.com/Project` type.
|
199
|
+
# @!attribute [rw] style
|
200
|
+
# @return [::Array<::Google::Api::ResourceDescriptor::Style>]
|
201
|
+
# Style flag(s) for this resource.
|
202
|
+
# These indicate that a resource is expected to conform to a given
|
203
|
+
# style. See the specific style flags for additional information.
|
195
204
|
class ResourceDescriptor
|
196
205
|
include ::Google::Protobuf::MessageExts
|
197
206
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -211,6 +220,22 @@ module Google
|
|
211
220
|
# that from being necessary once there are multiple patterns.)
|
212
221
|
FUTURE_MULTI_PATTERN = 2
|
213
222
|
end
|
223
|
+
|
224
|
+
# A flag representing a specific style that a resource claims to conform to.
|
225
|
+
module Style
|
226
|
+
# The unspecified value. Do not use.
|
227
|
+
STYLE_UNSPECIFIED = 0
|
228
|
+
|
229
|
+
# This resource is intended to be "declarative-friendly".
|
230
|
+
#
|
231
|
+
# Declarative-friendly resources must be more strictly consistent, and
|
232
|
+
# setting this to true communicates to tools that this resource should
|
233
|
+
# adhere to declarative-friendly expectations.
|
234
|
+
#
|
235
|
+
# Note: This is used by the API linter (linter.aip.dev) to enable
|
236
|
+
# additional checks.
|
237
|
+
DECLARATIVE_FRIENDLY = 1
|
238
|
+
end
|
214
239
|
end
|
215
240
|
|
216
241
|
# Defines a proto annotation that describes a string field that refers to
|
@@ -226,6 +251,17 @@ module Google
|
|
226
251
|
# type: "pubsub.googleapis.com/Topic"
|
227
252
|
# }];
|
228
253
|
# }
|
254
|
+
#
|
255
|
+
# Occasionally, a field may reference an arbitrary resource. In this case,
|
256
|
+
# APIs use the special value * in their resource reference.
|
257
|
+
#
|
258
|
+
# Example:
|
259
|
+
#
|
260
|
+
# message GetIamPolicyRequest {
|
261
|
+
# string resource = 2 [(google.api.resource_reference) = {
|
262
|
+
# type: "*"
|
263
|
+
# }];
|
264
|
+
# }
|
229
265
|
# @!attribute [rw] child_type
|
230
266
|
# @return [::String]
|
231
267
|
# The resource type of a child collection that the annotated field
|
@@ -234,11 +270,11 @@ module Google
|
|
234
270
|
#
|
235
271
|
# Example:
|
236
272
|
#
|
237
|
-
#
|
238
|
-
#
|
239
|
-
#
|
240
|
-
#
|
241
|
-
#
|
273
|
+
# message ListLogEntriesRequest {
|
274
|
+
# string parent = 1 [(google.api.resource_reference) = {
|
275
|
+
# child_type: "logging.googleapis.com/LogEntry"
|
276
|
+
# };
|
277
|
+
# }
|
242
278
|
class ResourceReference
|
243
279
|
include ::Google::Protobuf::MessageExts
|
244
280
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -37,8 +37,8 @@ module Google
|
|
37
37
|
# A {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} represents a logical key that can be used for cryptographic
|
38
38
|
# operations.
|
39
39
|
#
|
40
|
-
# A {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} is made up of
|
41
|
-
# represent the actual key material used in cryptographic operations.
|
40
|
+
# A {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} is made up of zero or more {::Google::Cloud::Kms::V1::CryptoKeyVersion versions},
|
41
|
+
# which represent the actual key material used in cryptographic operations.
|
42
42
|
# @!attribute [r] name
|
43
43
|
# @return [::String]
|
44
44
|
# Output only. The resource name for this {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} in the format
|
@@ -410,6 +410,27 @@ module Google
|
|
410
410
|
# @return [::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionAlgorithm]
|
411
411
|
# The {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionAlgorithm Algorithm} associated
|
412
412
|
# with this key.
|
413
|
+
# @!attribute [rw] pem_crc32c
|
414
|
+
# @return [::Google::Protobuf::Int64Value]
|
415
|
+
# Integrity verification field. A CRC32C checksum of the returned
|
416
|
+
# {::Google::Cloud::Kms::V1::PublicKey#pem PublicKey.pem}. An integrity check of {::Google::Cloud::Kms::V1::PublicKey#pem PublicKey.pem} can be performed
|
417
|
+
# by computing the CRC32C checksum of {::Google::Cloud::Kms::V1::PublicKey#pem PublicKey.pem} and
|
418
|
+
# comparing your results to this field. Discard the response in case of
|
419
|
+
# non-matching checksum values, and perform a limited number of retries. A
|
420
|
+
# persistent mismatch may indicate an issue in your computation of the CRC32C
|
421
|
+
# checksum.
|
422
|
+
# Note: This field is defined as int64 for reasons of compatibility across
|
423
|
+
# different languages. However, it is a non-negative integer, which will
|
424
|
+
# never exceed 2^32-1, and can be safely downconverted to uint32 in languages
|
425
|
+
# that support this type.
|
426
|
+
#
|
427
|
+
# NOTE: This field is in Beta.
|
428
|
+
# @!attribute [rw] name
|
429
|
+
# @return [::String]
|
430
|
+
# The {::Google::Cloud::Kms::V1::CryptoKeyVersion#name name} of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} public key.
|
431
|
+
# Provided here for verification.
|
432
|
+
#
|
433
|
+
# NOTE: This field is in Beta.
|
413
434
|
class PublicKey
|
414
435
|
include ::Google::Protobuf::MessageExts
|
415
436
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -437,6 +437,41 @@ module Google
|
|
437
437
|
# 64KiB. For {::Google::Cloud::Kms::V1::ProtectionLevel::HSM HSM} keys, the combined length of the
|
438
438
|
# plaintext and additional_authenticated_data fields must be no larger than
|
439
439
|
# 8KiB.
|
440
|
+
# @!attribute [rw] plaintext_crc32c
|
441
|
+
# @return [::Google::Protobuf::Int64Value]
|
442
|
+
# Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::EncryptRequest#plaintext EncryptRequest.plaintext}. If
|
443
|
+
# specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the
|
444
|
+
# received {::Google::Cloud::Kms::V1::EncryptRequest#plaintext EncryptRequest.plaintext} using this checksum.
|
445
|
+
# {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
|
446
|
+
# fails. If you receive a checksum error, your client should verify that
|
447
|
+
# CRC32C({::Google::Cloud::Kms::V1::EncryptRequest#plaintext EncryptRequest.plaintext}) is equal to
|
448
|
+
# {::Google::Cloud::Kms::V1::EncryptRequest#plaintext_crc32c EncryptRequest.plaintext_crc32c}, and if so, perform a limited number of
|
449
|
+
# retries. A persistent mismatch may indicate an issue in your computation of
|
450
|
+
# the CRC32C checksum.
|
451
|
+
# Note: This field is defined as int64 for reasons of compatibility across
|
452
|
+
# different languages. However, it is a non-negative integer, which will
|
453
|
+
# never exceed 2^32-1, and can be safely downconverted to uint32 in languages
|
454
|
+
# that support this type.
|
455
|
+
#
|
456
|
+
# NOTE: This field is in Beta.
|
457
|
+
# @!attribute [rw] additional_authenticated_data_crc32c
|
458
|
+
# @return [::Google::Protobuf::Int64Value]
|
459
|
+
# Optional. An optional CRC32C checksum of the
|
460
|
+
# {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data EncryptRequest.additional_authenticated_data}. If specified,
|
461
|
+
# {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the received
|
462
|
+
# {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data EncryptRequest.additional_authenticated_data} using this checksum.
|
463
|
+
# {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
|
464
|
+
# fails. If you receive a checksum error, your client should verify that
|
465
|
+
# CRC32C({::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data EncryptRequest.additional_authenticated_data}) is equal to
|
466
|
+
# {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data_crc32c EncryptRequest.additional_authenticated_data_crc32c}, and if so, perform
|
467
|
+
# a limited number of retries. A persistent mismatch may indicate an issue in
|
468
|
+
# your computation of the CRC32C checksum.
|
469
|
+
# Note: This field is defined as int64 for reasons of compatibility across
|
470
|
+
# different languages. However, it is a non-negative integer, which will
|
471
|
+
# never exceed 2^32-1, and can be safely downconverted to uint32 in languages
|
472
|
+
# that support this type.
|
473
|
+
#
|
474
|
+
# NOTE: This field is in Beta.
|
440
475
|
class EncryptRequest
|
441
476
|
include ::Google::Protobuf::MessageExts
|
442
477
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -455,6 +490,41 @@ module Google
|
|
455
490
|
# @return [::String]
|
456
491
|
# Optional. Optional data that must match the data originally supplied in
|
457
492
|
# {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data EncryptRequest.additional_authenticated_data}.
|
493
|
+
# @!attribute [rw] ciphertext_crc32c
|
494
|
+
# @return [::Google::Protobuf::Int64Value]
|
495
|
+
# Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::DecryptRequest#ciphertext DecryptRequest.ciphertext}. If
|
496
|
+
# specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the
|
497
|
+
# received {::Google::Cloud::Kms::V1::DecryptRequest#ciphertext DecryptRequest.ciphertext} using this checksum.
|
498
|
+
# {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
|
499
|
+
# fails. If you receive a checksum error, your client should verify that
|
500
|
+
# CRC32C({::Google::Cloud::Kms::V1::DecryptRequest#ciphertext DecryptRequest.ciphertext}) is equal to
|
501
|
+
# {::Google::Cloud::Kms::V1::DecryptRequest#ciphertext_crc32c DecryptRequest.ciphertext_crc32c}, and if so, perform a limited number
|
502
|
+
# of retries. A persistent mismatch may indicate an issue in your computation
|
503
|
+
# of the CRC32C checksum.
|
504
|
+
# Note: This field is defined as int64 for reasons of compatibility across
|
505
|
+
# different languages. However, it is a non-negative integer, which will
|
506
|
+
# never exceed 2^32-1, and can be safely downconverted to uint32 in languages
|
507
|
+
# that support this type.
|
508
|
+
#
|
509
|
+
# NOTE: This field is in Beta.
|
510
|
+
# @!attribute [rw] additional_authenticated_data_crc32c
|
511
|
+
# @return [::Google::Protobuf::Int64Value]
|
512
|
+
# Optional. An optional CRC32C checksum of the
|
513
|
+
# {::Google::Cloud::Kms::V1::DecryptRequest#additional_authenticated_data DecryptRequest.additional_authenticated_data}. If specified,
|
514
|
+
# {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the received
|
515
|
+
# {::Google::Cloud::Kms::V1::DecryptRequest#additional_authenticated_data DecryptRequest.additional_authenticated_data} using this checksum.
|
516
|
+
# {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
|
517
|
+
# fails. If you receive a checksum error, your client should verify that
|
518
|
+
# CRC32C({::Google::Cloud::Kms::V1::DecryptRequest#additional_authenticated_data DecryptRequest.additional_authenticated_data}) is equal to
|
519
|
+
# {::Google::Cloud::Kms::V1::DecryptRequest#additional_authenticated_data_crc32c DecryptRequest.additional_authenticated_data_crc32c}, and if so, perform
|
520
|
+
# a limited number of retries. A persistent mismatch may indicate an issue in
|
521
|
+
# your computation of the CRC32C checksum.
|
522
|
+
# Note: This field is defined as int64 for reasons of compatibility across
|
523
|
+
# different languages. However, it is a non-negative integer, which will
|
524
|
+
# never exceed 2^32-1, and can be safely downconverted to uint32 in languages
|
525
|
+
# that support this type.
|
526
|
+
#
|
527
|
+
# NOTE: This field is in Beta.
|
458
528
|
class DecryptRequest
|
459
529
|
include ::Google::Protobuf::MessageExts
|
460
530
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -469,6 +539,23 @@ module Google
|
|
469
539
|
# Required. The digest of the data to sign. The digest must be produced with
|
470
540
|
# the same digest algorithm as specified by the key version's
|
471
541
|
# {::Google::Cloud::Kms::V1::CryptoKeyVersion#algorithm algorithm}.
|
542
|
+
# @!attribute [rw] digest_crc32c
|
543
|
+
# @return [::Google::Protobuf::Int64Value]
|
544
|
+
# Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest AsymmetricSignRequest.digest}. If
|
545
|
+
# specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the
|
546
|
+
# received {::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest AsymmetricSignRequest.digest} using this checksum.
|
547
|
+
# {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
|
548
|
+
# fails. If you receive a checksum error, your client should verify that
|
549
|
+
# CRC32C({::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest AsymmetricSignRequest.digest}) is equal to
|
550
|
+
# {::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest_crc32c AsymmetricSignRequest.digest_crc32c}, and if so, perform a limited
|
551
|
+
# number of retries. A persistent mismatch may indicate an issue in your
|
552
|
+
# computation of the CRC32C checksum.
|
553
|
+
# Note: This field is defined as int64 for reasons of compatibility across
|
554
|
+
# different languages. However, it is a non-negative integer, which will
|
555
|
+
# never exceed 2^32-1, and can be safely downconverted to uint32 in languages
|
556
|
+
# that support this type.
|
557
|
+
#
|
558
|
+
# NOTE: This field is in Beta.
|
472
559
|
class AsymmetricSignRequest
|
473
560
|
include ::Google::Protobuf::MessageExts
|
474
561
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -483,6 +570,23 @@ module Google
|
|
483
570
|
# @return [::String]
|
484
571
|
# Required. The data encrypted with the named {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}'s public
|
485
572
|
# key using OAEP.
|
573
|
+
# @!attribute [rw] ciphertext_crc32c
|
574
|
+
# @return [::Google::Protobuf::Int64Value]
|
575
|
+
# Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext AsymmetricDecryptRequest.ciphertext}.
|
576
|
+
# If specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the
|
577
|
+
# received {::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext AsymmetricDecryptRequest.ciphertext} using this checksum.
|
578
|
+
# {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
|
579
|
+
# fails. If you receive a checksum error, your client should verify that
|
580
|
+
# CRC32C({::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext AsymmetricDecryptRequest.ciphertext}) is equal to
|
581
|
+
# {::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext_crc32c AsymmetricDecryptRequest.ciphertext_crc32c}, and if so, perform a
|
582
|
+
# limited number of retries. A persistent mismatch may indicate an issue in
|
583
|
+
# your computation of the CRC32C checksum.
|
584
|
+
# Note: This field is defined as int64 for reasons of compatibility across
|
585
|
+
# different languages. However, it is a non-negative integer, which will
|
586
|
+
# never exceed 2^32-1, and can be safely downconverted to uint32 in languages
|
587
|
+
# that support this type.
|
588
|
+
#
|
589
|
+
# NOTE: This field is in Beta.
|
486
590
|
class AsymmetricDecryptRequest
|
487
591
|
include ::Google::Protobuf::MessageExts
|
488
592
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -492,6 +596,23 @@ module Google
|
|
492
596
|
# @!attribute [rw] plaintext
|
493
597
|
# @return [::String]
|
494
598
|
# The decrypted data originally supplied in {::Google::Cloud::Kms::V1::EncryptRequest#plaintext EncryptRequest.plaintext}.
|
599
|
+
# @!attribute [rw] plaintext_crc32c
|
600
|
+
# @return [::Google::Protobuf::Int64Value]
|
601
|
+
# Integrity verification field. A CRC32C checksum of the returned
|
602
|
+
# {::Google::Cloud::Kms::V1::DecryptResponse#plaintext DecryptResponse.plaintext}. An integrity check of
|
603
|
+
# {::Google::Cloud::Kms::V1::DecryptResponse#plaintext DecryptResponse.plaintext} can be performed by computing the CRC32C
|
604
|
+
# checksum of {::Google::Cloud::Kms::V1::DecryptResponse#plaintext DecryptResponse.plaintext} and comparing your results to
|
605
|
+
# this field. Discard the response in case of non-matching checksum values,
|
606
|
+
# and perform a limited number of retries. A persistent mismatch may indicate
|
607
|
+
# an issue in your computation of the CRC32C checksum. Note: receiving this
|
608
|
+
# response message indicates that {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} is able to
|
609
|
+
# successfully decrypt the {::Google::Cloud::Kms::V1::DecryptRequest#ciphertext ciphertext}.
|
610
|
+
# Note: This field is defined as int64 for reasons of compatibility across
|
611
|
+
# different languages. However, it is a non-negative integer, which will
|
612
|
+
# never exceed 2^32-1, and can be safely downconverted to uint32 in languages
|
613
|
+
# that support this type.
|
614
|
+
#
|
615
|
+
# NOTE: This field is in Beta.
|
495
616
|
class DecryptResponse
|
496
617
|
include ::Google::Protobuf::MessageExts
|
497
618
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -505,6 +626,46 @@ module Google
|
|
505
626
|
# @!attribute [rw] ciphertext
|
506
627
|
# @return [::String]
|
507
628
|
# The encrypted data.
|
629
|
+
# @!attribute [rw] ciphertext_crc32c
|
630
|
+
# @return [::Google::Protobuf::Int64Value]
|
631
|
+
# Integrity verification field. A CRC32C checksum of the returned
|
632
|
+
# {::Google::Cloud::Kms::V1::EncryptResponse#ciphertext EncryptResponse.ciphertext}. An integrity check of
|
633
|
+
# {::Google::Cloud::Kms::V1::EncryptResponse#ciphertext EncryptResponse.ciphertext} can be performed by computing the CRC32C
|
634
|
+
# checksum of {::Google::Cloud::Kms::V1::EncryptResponse#ciphertext EncryptResponse.ciphertext} and comparing your results to
|
635
|
+
# this field. Discard the response in case of non-matching checksum values,
|
636
|
+
# and perform a limited number of retries. A persistent mismatch may indicate
|
637
|
+
# an issue in your computation of the CRC32C checksum.
|
638
|
+
# Note: This field is defined as int64 for reasons of compatibility across
|
639
|
+
# different languages. However, it is a non-negative integer, which will
|
640
|
+
# never exceed 2^32-1, and can be safely downconverted to uint32 in languages
|
641
|
+
# that support this type.
|
642
|
+
#
|
643
|
+
# NOTE: This field is in Beta.
|
644
|
+
# @!attribute [rw] verified_plaintext_crc32c
|
645
|
+
# @return [::Boolean]
|
646
|
+
# Integrity verification field. A flag indicating whether
|
647
|
+
# {::Google::Cloud::Kms::V1::EncryptRequest#plaintext_crc32c EncryptRequest.plaintext_crc32c} was received by
|
648
|
+
# {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} and used for the integrity verification of the
|
649
|
+
# {::Google::Cloud::Kms::V1::EncryptRequest#plaintext plaintext}. A false value of this field
|
650
|
+
# indicates either that {::Google::Cloud::Kms::V1::EncryptRequest#plaintext_crc32c EncryptRequest.plaintext_crc32c} was left unset or
|
651
|
+
# that it was not delivered to {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}. If you've set
|
652
|
+
# {::Google::Cloud::Kms::V1::EncryptRequest#plaintext_crc32c EncryptRequest.plaintext_crc32c} but this field is still false, discard
|
653
|
+
# the response and perform a limited number of retries.
|
654
|
+
#
|
655
|
+
# NOTE: This field is in Beta.
|
656
|
+
# @!attribute [rw] verified_additional_authenticated_data_crc32c
|
657
|
+
# @return [::Boolean]
|
658
|
+
# Integrity verification field. A flag indicating whether
|
659
|
+
# {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data_crc32c EncryptRequest.additional_authenticated_data_crc32c} was received by
|
660
|
+
# {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} and used for the integrity verification of the
|
661
|
+
# {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data AAD}. A false value of this
|
662
|
+
# field indicates either that
|
663
|
+
# {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data_crc32c EncryptRequest.additional_authenticated_data_crc32c} was left unset or
|
664
|
+
# that it was not delivered to {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}. If you've set
|
665
|
+
# {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data_crc32c EncryptRequest.additional_authenticated_data_crc32c} but this field is
|
666
|
+
# still false, discard the response and perform a limited number of retries.
|
667
|
+
#
|
668
|
+
# NOTE: This field is in Beta.
|
508
669
|
class EncryptResponse
|
509
670
|
include ::Google::Protobuf::MessageExts
|
510
671
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -514,6 +675,39 @@ module Google
|
|
514
675
|
# @!attribute [rw] signature
|
515
676
|
# @return [::String]
|
516
677
|
# The created signature.
|
678
|
+
# @!attribute [rw] signature_crc32c
|
679
|
+
# @return [::Google::Protobuf::Int64Value]
|
680
|
+
# Integrity verification field. A CRC32C checksum of the returned
|
681
|
+
# {::Google::Cloud::Kms::V1::AsymmetricSignResponse#signature AsymmetricSignResponse.signature}. An integrity check of
|
682
|
+
# {::Google::Cloud::Kms::V1::AsymmetricSignResponse#signature AsymmetricSignResponse.signature} can be performed by computing the
|
683
|
+
# CRC32C checksum of {::Google::Cloud::Kms::V1::AsymmetricSignResponse#signature AsymmetricSignResponse.signature} and comparing your
|
684
|
+
# results to this field. Discard the response in case of non-matching
|
685
|
+
# checksum values, and perform a limited number of retries. A persistent
|
686
|
+
# mismatch may indicate an issue in your computation of the CRC32C checksum.
|
687
|
+
# Note: This field is defined as int64 for reasons of compatibility across
|
688
|
+
# different languages. However, it is a non-negative integer, which will
|
689
|
+
# never exceed 2^32-1, and can be safely downconverted to uint32 in languages
|
690
|
+
# that support this type.
|
691
|
+
#
|
692
|
+
# NOTE: This field is in Beta.
|
693
|
+
# @!attribute [rw] verified_digest_crc32c
|
694
|
+
# @return [::Boolean]
|
695
|
+
# Integrity verification field. A flag indicating whether
|
696
|
+
# {::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest_crc32c AsymmetricSignRequest.digest_crc32c} was received by
|
697
|
+
# {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} and used for the integrity verification of the
|
698
|
+
# {::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest digest}. A false value of this field
|
699
|
+
# indicates either that {::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest_crc32c AsymmetricSignRequest.digest_crc32c} was left
|
700
|
+
# unset or that it was not delivered to {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}. If you've
|
701
|
+
# set {::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest_crc32c AsymmetricSignRequest.digest_crc32c} but this field is still false,
|
702
|
+
# discard the response and perform a limited number of retries.
|
703
|
+
#
|
704
|
+
# NOTE: This field is in Beta.
|
705
|
+
# @!attribute [rw] name
|
706
|
+
# @return [::String]
|
707
|
+
# The resource name of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} used for signing. Check
|
708
|
+
# this field to verify that the intended resource was used for signing.
|
709
|
+
#
|
710
|
+
# NOTE: This field is in Beta.
|
517
711
|
class AsymmetricSignResponse
|
518
712
|
include ::Google::Protobuf::MessageExts
|
519
713
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -523,6 +717,33 @@ module Google
|
|
523
717
|
# @!attribute [rw] plaintext
|
524
718
|
# @return [::String]
|
525
719
|
# The decrypted data originally encrypted with the matching public key.
|
720
|
+
# @!attribute [rw] plaintext_crc32c
|
721
|
+
# @return [::Google::Protobuf::Int64Value]
|
722
|
+
# Integrity verification field. A CRC32C checksum of the returned
|
723
|
+
# {::Google::Cloud::Kms::V1::AsymmetricDecryptResponse#plaintext AsymmetricDecryptResponse.plaintext}. An integrity check of
|
724
|
+
# {::Google::Cloud::Kms::V1::AsymmetricDecryptResponse#plaintext AsymmetricDecryptResponse.plaintext} can be performed by computing the
|
725
|
+
# CRC32C checksum of {::Google::Cloud::Kms::V1::AsymmetricDecryptResponse#plaintext AsymmetricDecryptResponse.plaintext} and comparing
|
726
|
+
# your results to this field. Discard the response in case of non-matching
|
727
|
+
# checksum values, and perform a limited number of retries. A persistent
|
728
|
+
# mismatch may indicate an issue in your computation of the CRC32C checksum.
|
729
|
+
# Note: This field is defined as int64 for reasons of compatibility across
|
730
|
+
# different languages. However, it is a non-negative integer, which will
|
731
|
+
# never exceed 2^32-1, and can be safely downconverted to uint32 in languages
|
732
|
+
# that support this type.
|
733
|
+
#
|
734
|
+
# NOTE: This field is in Beta.
|
735
|
+
# @!attribute [rw] verified_ciphertext_crc32c
|
736
|
+
# @return [::Boolean]
|
737
|
+
# Integrity verification field. A flag indicating whether
|
738
|
+
# {::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext_crc32c AsymmetricDecryptRequest.ciphertext_crc32c} was received by
|
739
|
+
# {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} and used for the integrity verification of the
|
740
|
+
# {::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext ciphertext}. A false value of this
|
741
|
+
# field indicates either that {::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext_crc32c AsymmetricDecryptRequest.ciphertext_crc32c}
|
742
|
+
# was left unset or that it was not delivered to {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}. If
|
743
|
+
# you've set {::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext_crc32c AsymmetricDecryptRequest.ciphertext_crc32c} but this field is
|
744
|
+
# still false, discard the response and perform a limited number of retries.
|
745
|
+
#
|
746
|
+
# NOTE: This field is in Beta.
|
526
747
|
class AsymmetricDecryptResponse
|
527
748
|
include ::Google::Protobuf::MessageExts
|
528
749
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -0,0 +1,121 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
# Copyright 2020 Google LLC
|
4
|
+
#
|
5
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
6
|
+
# you may not use this file except in compliance with the License.
|
7
|
+
# You may obtain a copy of the License at
|
8
|
+
#
|
9
|
+
# https://www.apache.org/licenses/LICENSE-2.0
|
10
|
+
#
|
11
|
+
# Unless required by applicable law or agreed to in writing, software
|
12
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
13
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14
|
+
# See the License for the specific language governing permissions and
|
15
|
+
# limitations under the License.
|
16
|
+
|
17
|
+
# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
|
18
|
+
|
19
|
+
|
20
|
+
module Google
|
21
|
+
module Protobuf
|
22
|
+
# Wrapper message for `double`.
|
23
|
+
#
|
24
|
+
# The JSON representation for `DoubleValue` is JSON number.
|
25
|
+
# @!attribute [rw] value
|
26
|
+
# @return [::Float]
|
27
|
+
# The double value.
|
28
|
+
class DoubleValue
|
29
|
+
include ::Google::Protobuf::MessageExts
|
30
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
31
|
+
end
|
32
|
+
|
33
|
+
# Wrapper message for `float`.
|
34
|
+
#
|
35
|
+
# The JSON representation for `FloatValue` is JSON number.
|
36
|
+
# @!attribute [rw] value
|
37
|
+
# @return [::Float]
|
38
|
+
# The float value.
|
39
|
+
class FloatValue
|
40
|
+
include ::Google::Protobuf::MessageExts
|
41
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
42
|
+
end
|
43
|
+
|
44
|
+
# Wrapper message for `int64`.
|
45
|
+
#
|
46
|
+
# The JSON representation for `Int64Value` is JSON string.
|
47
|
+
# @!attribute [rw] value
|
48
|
+
# @return [::Integer]
|
49
|
+
# The int64 value.
|
50
|
+
class Int64Value
|
51
|
+
include ::Google::Protobuf::MessageExts
|
52
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
53
|
+
end
|
54
|
+
|
55
|
+
# Wrapper message for `uint64`.
|
56
|
+
#
|
57
|
+
# The JSON representation for `UInt64Value` is JSON string.
|
58
|
+
# @!attribute [rw] value
|
59
|
+
# @return [::Integer]
|
60
|
+
# The uint64 value.
|
61
|
+
class UInt64Value
|
62
|
+
include ::Google::Protobuf::MessageExts
|
63
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
64
|
+
end
|
65
|
+
|
66
|
+
# Wrapper message for `int32`.
|
67
|
+
#
|
68
|
+
# The JSON representation for `Int32Value` is JSON number.
|
69
|
+
# @!attribute [rw] value
|
70
|
+
# @return [::Integer]
|
71
|
+
# The int32 value.
|
72
|
+
class Int32Value
|
73
|
+
include ::Google::Protobuf::MessageExts
|
74
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
75
|
+
end
|
76
|
+
|
77
|
+
# Wrapper message for `uint32`.
|
78
|
+
#
|
79
|
+
# The JSON representation for `UInt32Value` is JSON number.
|
80
|
+
# @!attribute [rw] value
|
81
|
+
# @return [::Integer]
|
82
|
+
# The uint32 value.
|
83
|
+
class UInt32Value
|
84
|
+
include ::Google::Protobuf::MessageExts
|
85
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
86
|
+
end
|
87
|
+
|
88
|
+
# Wrapper message for `bool`.
|
89
|
+
#
|
90
|
+
# The JSON representation for `BoolValue` is JSON `true` and `false`.
|
91
|
+
# @!attribute [rw] value
|
92
|
+
# @return [::Boolean]
|
93
|
+
# The bool value.
|
94
|
+
class BoolValue
|
95
|
+
include ::Google::Protobuf::MessageExts
|
96
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
97
|
+
end
|
98
|
+
|
99
|
+
# Wrapper message for `string`.
|
100
|
+
#
|
101
|
+
# The JSON representation for `StringValue` is JSON string.
|
102
|
+
# @!attribute [rw] value
|
103
|
+
# @return [::String]
|
104
|
+
# The string value.
|
105
|
+
class StringValue
|
106
|
+
include ::Google::Protobuf::MessageExts
|
107
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
108
|
+
end
|
109
|
+
|
110
|
+
# Wrapper message for `bytes`.
|
111
|
+
#
|
112
|
+
# The JSON representation for `BytesValue` is JSON string.
|
113
|
+
# @!attribute [rw] value
|
114
|
+
# @return [::String]
|
115
|
+
# The bytes value.
|
116
|
+
class BytesValue
|
117
|
+
include ::Google::Protobuf::MessageExts
|
118
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
119
|
+
end
|
120
|
+
end
|
121
|
+
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: google-cloud-kms-v1
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.3.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Google LLC
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2021-01-20 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: gapic-common
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - "~>"
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: '0.
|
19
|
+
version: '0.3'
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - "~>"
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: '0.
|
26
|
+
version: '0.3'
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: google-cloud-errors
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -206,6 +206,7 @@ files:
|
|
206
206
|
- proto_docs/google/protobuf/duration.rb
|
207
207
|
- proto_docs/google/protobuf/field_mask.rb
|
208
208
|
- proto_docs/google/protobuf/timestamp.rb
|
209
|
+
- proto_docs/google/protobuf/wrappers.rb
|
209
210
|
- proto_docs/google/type/expr.rb
|
210
211
|
homepage: https://github.com/googleapis/google-cloud-ruby
|
211
212
|
licenses:
|
@@ -226,7 +227,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
226
227
|
- !ruby/object:Gem::Version
|
227
228
|
version: '0'
|
228
229
|
requirements: []
|
229
|
-
rubygems_version: 3.
|
230
|
+
rubygems_version: 3.2.6
|
230
231
|
signing_key:
|
231
232
|
specification_version: 4
|
232
233
|
summary: API Client library for the Cloud Key Management Service (KMS) V1 API
|