google-cloud-kms-v1 0.2.2 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -7,6 +7,7 @@ require 'google/api/field_behavior_pb'
7
7
  require 'google/api/resource_pb'
8
8
  require 'google/protobuf/duration_pb'
9
9
  require 'google/protobuf/timestamp_pb'
10
+ require 'google/protobuf/wrappers_pb'
10
11
  require 'google/api/annotations_pb'
11
12
  Google::Protobuf::DescriptorPool.generated_pool.build do
12
13
  add_file("google/cloud/kms/v1/resources.proto", :syntax => :proto3) do
@@ -96,6 +97,8 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
96
97
  add_message "google.cloud.kms.v1.PublicKey" do
97
98
  optional :pem, :string, 1
98
99
  optional :algorithm, :enum, 2, "google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm"
100
+ optional :pem_crc32c, :message, 3, "google.protobuf.Int64Value"
101
+ optional :name, :string, 4
99
102
  end
100
103
  add_message "google.cloud.kms.v1.ImportJob" do
101
104
  optional :name, :string, 1
@@ -9,6 +9,7 @@ require 'google/api/field_behavior_pb'
9
9
  require 'google/api/resource_pb'
10
10
  require 'google/cloud/kms/v1/resources_pb'
11
11
  require 'google/protobuf/field_mask_pb'
12
+ require 'google/protobuf/wrappers_pb'
12
13
  Google::Protobuf::DescriptorPool.generated_pool.build do
13
14
  add_file("google/cloud/kms/v1/service.proto", :syntax => :proto3) do
14
15
  add_message "google.cloud.kms.v1.ListKeyRingsRequest" do
@@ -116,32 +117,47 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
116
117
  optional :name, :string, 1
117
118
  optional :plaintext, :bytes, 2
118
119
  optional :additional_authenticated_data, :bytes, 3
120
+ optional :plaintext_crc32c, :message, 7, "google.protobuf.Int64Value"
121
+ optional :additional_authenticated_data_crc32c, :message, 8, "google.protobuf.Int64Value"
119
122
  end
120
123
  add_message "google.cloud.kms.v1.DecryptRequest" do
121
124
  optional :name, :string, 1
122
125
  optional :ciphertext, :bytes, 2
123
126
  optional :additional_authenticated_data, :bytes, 3
127
+ optional :ciphertext_crc32c, :message, 5, "google.protobuf.Int64Value"
128
+ optional :additional_authenticated_data_crc32c, :message, 6, "google.protobuf.Int64Value"
124
129
  end
125
130
  add_message "google.cloud.kms.v1.AsymmetricSignRequest" do
126
131
  optional :name, :string, 1
127
132
  optional :digest, :message, 3, "google.cloud.kms.v1.Digest"
133
+ optional :digest_crc32c, :message, 4, "google.protobuf.Int64Value"
128
134
  end
129
135
  add_message "google.cloud.kms.v1.AsymmetricDecryptRequest" do
130
136
  optional :name, :string, 1
131
137
  optional :ciphertext, :bytes, 3
138
+ optional :ciphertext_crc32c, :message, 4, "google.protobuf.Int64Value"
132
139
  end
133
140
  add_message "google.cloud.kms.v1.DecryptResponse" do
134
141
  optional :plaintext, :bytes, 1
142
+ optional :plaintext_crc32c, :message, 2, "google.protobuf.Int64Value"
135
143
  end
136
144
  add_message "google.cloud.kms.v1.EncryptResponse" do
137
145
  optional :name, :string, 1
138
146
  optional :ciphertext, :bytes, 2
147
+ optional :ciphertext_crc32c, :message, 4, "google.protobuf.Int64Value"
148
+ optional :verified_plaintext_crc32c, :bool, 5
149
+ optional :verified_additional_authenticated_data_crc32c, :bool, 6
139
150
  end
140
151
  add_message "google.cloud.kms.v1.AsymmetricSignResponse" do
141
152
  optional :signature, :bytes, 1
153
+ optional :signature_crc32c, :message, 2, "google.protobuf.Int64Value"
154
+ optional :verified_digest_crc32c, :bool, 3
155
+ optional :name, :string, 4
142
156
  end
143
157
  add_message "google.cloud.kms.v1.AsymmetricDecryptResponse" do
144
158
  optional :plaintext, :bytes, 1
159
+ optional :plaintext_crc32c, :message, 2, "google.protobuf.Int64Value"
160
+ optional :verified_ciphertext_crc32c, :bool, 3
145
161
  end
146
162
  add_message "google.cloud.kms.v1.UpdateCryptoKeyPrimaryVersionRequest" do
147
163
  optional :name, :string, 1
@@ -45,53 +45,53 @@ module Google
45
45
  self.service_name = 'google.cloud.kms.v1.KeyManagementService'
46
46
 
47
47
  # Lists [KeyRings][google.cloud.kms.v1.KeyRing].
48
- rpc :ListKeyRings, ListKeyRingsRequest, ListKeyRingsResponse
48
+ rpc :ListKeyRings, ::Google::Cloud::Kms::V1::ListKeyRingsRequest, ::Google::Cloud::Kms::V1::ListKeyRingsResponse
49
49
  # Lists [CryptoKeys][google.cloud.kms.v1.CryptoKey].
50
- rpc :ListCryptoKeys, ListCryptoKeysRequest, ListCryptoKeysResponse
50
+ rpc :ListCryptoKeys, ::Google::Cloud::Kms::V1::ListCryptoKeysRequest, ::Google::Cloud::Kms::V1::ListCryptoKeysResponse
51
51
  # Lists [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion].
52
- rpc :ListCryptoKeyVersions, ListCryptoKeyVersionsRequest, ListCryptoKeyVersionsResponse
52
+ rpc :ListCryptoKeyVersions, ::Google::Cloud::Kms::V1::ListCryptoKeyVersionsRequest, ::Google::Cloud::Kms::V1::ListCryptoKeyVersionsResponse
53
53
  # Lists [ImportJobs][google.cloud.kms.v1.ImportJob].
54
- rpc :ListImportJobs, ListImportJobsRequest, ListImportJobsResponse
54
+ rpc :ListImportJobs, ::Google::Cloud::Kms::V1::ListImportJobsRequest, ::Google::Cloud::Kms::V1::ListImportJobsResponse
55
55
  # Returns metadata for a given [KeyRing][google.cloud.kms.v1.KeyRing].
56
- rpc :GetKeyRing, GetKeyRingRequest, KeyRing
56
+ rpc :GetKeyRing, ::Google::Cloud::Kms::V1::GetKeyRingRequest, ::Google::Cloud::Kms::V1::KeyRing
57
57
  # Returns metadata for a given [CryptoKey][google.cloud.kms.v1.CryptoKey], as well as its
58
58
  # [primary][google.cloud.kms.v1.CryptoKey.primary] [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
59
- rpc :GetCryptoKey, GetCryptoKeyRequest, CryptoKey
59
+ rpc :GetCryptoKey, ::Google::Cloud::Kms::V1::GetCryptoKeyRequest, ::Google::Cloud::Kms::V1::CryptoKey
60
60
  # Returns metadata for a given [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
61
- rpc :GetCryptoKeyVersion, GetCryptoKeyVersionRequest, CryptoKeyVersion
61
+ rpc :GetCryptoKeyVersion, ::Google::Cloud::Kms::V1::GetCryptoKeyVersionRequest, ::Google::Cloud::Kms::V1::CryptoKeyVersion
62
62
  # Returns the public key for the given [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. The
63
63
  # [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
64
64
  # [ASYMMETRIC_SIGN][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN] or
65
65
  # [ASYMMETRIC_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_DECRYPT].
66
- rpc :GetPublicKey, GetPublicKeyRequest, PublicKey
66
+ rpc :GetPublicKey, ::Google::Cloud::Kms::V1::GetPublicKeyRequest, ::Google::Cloud::Kms::V1::PublicKey
67
67
  # Returns metadata for a given [ImportJob][google.cloud.kms.v1.ImportJob].
68
- rpc :GetImportJob, GetImportJobRequest, ImportJob
68
+ rpc :GetImportJob, ::Google::Cloud::Kms::V1::GetImportJobRequest, ::Google::Cloud::Kms::V1::ImportJob
69
69
  # Create a new [KeyRing][google.cloud.kms.v1.KeyRing] in a given Project and Location.
70
- rpc :CreateKeyRing, CreateKeyRingRequest, KeyRing
70
+ rpc :CreateKeyRing, ::Google::Cloud::Kms::V1::CreateKeyRingRequest, ::Google::Cloud::Kms::V1::KeyRing
71
71
  # Create a new [CryptoKey][google.cloud.kms.v1.CryptoKey] within a [KeyRing][google.cloud.kms.v1.KeyRing].
72
72
  #
73
73
  # [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] and
74
74
  # [CryptoKey.version_template.algorithm][google.cloud.kms.v1.CryptoKeyVersionTemplate.algorithm]
75
75
  # are required.
76
- rpc :CreateCryptoKey, CreateCryptoKeyRequest, CryptoKey
76
+ rpc :CreateCryptoKey, ::Google::Cloud::Kms::V1::CreateCryptoKeyRequest, ::Google::Cloud::Kms::V1::CryptoKey
77
77
  # Create a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in a [CryptoKey][google.cloud.kms.v1.CryptoKey].
78
78
  #
79
79
  # The server will assign the next sequential id. If unset,
80
80
  # [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to
81
81
  # [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED].
82
- rpc :CreateCryptoKeyVersion, CreateCryptoKeyVersionRequest, CryptoKeyVersion
82
+ rpc :CreateCryptoKeyVersion, ::Google::Cloud::Kms::V1::CreateCryptoKeyVersionRequest, ::Google::Cloud::Kms::V1::CryptoKeyVersion
83
83
  # Imports a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] into an existing [CryptoKey][google.cloud.kms.v1.CryptoKey] using the
84
84
  # wrapped key material provided in the request.
85
85
  #
86
86
  # The version ID will be assigned the next sequential id within the
87
87
  # [CryptoKey][google.cloud.kms.v1.CryptoKey].
88
- rpc :ImportCryptoKeyVersion, ImportCryptoKeyVersionRequest, CryptoKeyVersion
88
+ rpc :ImportCryptoKeyVersion, ::Google::Cloud::Kms::V1::ImportCryptoKeyVersionRequest, ::Google::Cloud::Kms::V1::CryptoKeyVersion
89
89
  # Create a new [ImportJob][google.cloud.kms.v1.ImportJob] within a [KeyRing][google.cloud.kms.v1.KeyRing].
90
90
  #
91
91
  # [ImportJob.import_method][google.cloud.kms.v1.ImportJob.import_method] is required.
92
- rpc :CreateImportJob, CreateImportJobRequest, ImportJob
92
+ rpc :CreateImportJob, ::Google::Cloud::Kms::V1::CreateImportJobRequest, ::Google::Cloud::Kms::V1::ImportJob
93
93
  # Update a [CryptoKey][google.cloud.kms.v1.CryptoKey].
94
- rpc :UpdateCryptoKey, UpdateCryptoKeyRequest, CryptoKey
94
+ rpc :UpdateCryptoKey, ::Google::Cloud::Kms::V1::UpdateCryptoKeyRequest, ::Google::Cloud::Kms::V1::CryptoKey
95
95
  # Update a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s metadata.
96
96
  #
97
97
  # [state][google.cloud.kms.v1.CryptoKeyVersion.state] may be changed between
@@ -99,26 +99,26 @@ module Google
99
99
  # [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED] using this
100
100
  # method. See [DestroyCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion] and [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion] to
101
101
  # move between other states.
102
- rpc :UpdateCryptoKeyVersion, UpdateCryptoKeyVersionRequest, CryptoKeyVersion
102
+ rpc :UpdateCryptoKeyVersion, ::Google::Cloud::Kms::V1::UpdateCryptoKeyVersionRequest, ::Google::Cloud::Kms::V1::CryptoKeyVersion
103
103
  # Encrypts data, so that it can only be recovered by a call to [Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt].
104
104
  # The [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
105
105
  # [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
106
- rpc :Encrypt, EncryptRequest, EncryptResponse
106
+ rpc :Encrypt, ::Google::Cloud::Kms::V1::EncryptRequest, ::Google::Cloud::Kms::V1::EncryptResponse
107
107
  # Decrypts data that was protected by [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. The [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
108
108
  # must be [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
109
- rpc :Decrypt, DecryptRequest, DecryptResponse
109
+ rpc :Decrypt, ::Google::Cloud::Kms::V1::DecryptRequest, ::Google::Cloud::Kms::V1::DecryptResponse
110
110
  # Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
111
111
  # ASYMMETRIC_SIGN, producing a signature that can be verified with the public
112
112
  # key retrieved from [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey].
113
- rpc :AsymmetricSign, AsymmetricSignRequest, AsymmetricSignResponse
113
+ rpc :AsymmetricSign, ::Google::Cloud::Kms::V1::AsymmetricSignRequest, ::Google::Cloud::Kms::V1::AsymmetricSignResponse
114
114
  # Decrypts data that was encrypted with a public key retrieved from
115
115
  # [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey] corresponding to a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with
116
116
  # [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] ASYMMETRIC_DECRYPT.
117
- rpc :AsymmetricDecrypt, AsymmetricDecryptRequest, AsymmetricDecryptResponse
117
+ rpc :AsymmetricDecrypt, ::Google::Cloud::Kms::V1::AsymmetricDecryptRequest, ::Google::Cloud::Kms::V1::AsymmetricDecryptResponse
118
118
  # Update the version of a [CryptoKey][google.cloud.kms.v1.CryptoKey] that will be used in [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt].
119
119
  #
120
120
  # Returns an error if called on an asymmetric key.
121
- rpc :UpdateCryptoKeyPrimaryVersion, UpdateCryptoKeyPrimaryVersionRequest, CryptoKey
121
+ rpc :UpdateCryptoKeyPrimaryVersion, ::Google::Cloud::Kms::V1::UpdateCryptoKeyPrimaryVersionRequest, ::Google::Cloud::Kms::V1::CryptoKey
122
122
  # Schedule a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] for destruction.
123
123
  #
124
124
  # Upon calling this method, [CryptoKeyVersion.state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to
@@ -131,7 +131,7 @@ module Google
131
131
  #
132
132
  # Before the [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] is reached,
133
133
  # [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion] may be called to reverse the process.
134
- rpc :DestroyCryptoKeyVersion, DestroyCryptoKeyVersionRequest, CryptoKeyVersion
134
+ rpc :DestroyCryptoKeyVersion, ::Google::Cloud::Kms::V1::DestroyCryptoKeyVersionRequest, ::Google::Cloud::Kms::V1::CryptoKeyVersion
135
135
  # Restore a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in the
136
136
  # [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED]
137
137
  # state.
@@ -139,7 +139,7 @@ module Google
139
139
  # Upon restoration of the CryptoKeyVersion, [state][google.cloud.kms.v1.CryptoKeyVersion.state]
140
140
  # will be set to [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED],
141
141
  # and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will be cleared.
142
- rpc :RestoreCryptoKeyVersion, RestoreCryptoKeyVersionRequest, CryptoKeyVersion
142
+ rpc :RestoreCryptoKeyVersion, ::Google::Cloud::Kms::V1::RestoreCryptoKeyVersionRequest, ::Google::Cloud::Kms::V1::CryptoKeyVersion
143
143
  end
144
144
 
145
145
  Stub = Service.rpc_stub_class
@@ -21,7 +21,7 @@ module Google
21
21
  module Cloud
22
22
  module Kms
23
23
  module V1
24
- VERSION = "0.2.2"
24
+ VERSION = "0.4.0"
25
25
  end
26
26
  end
27
27
  end
@@ -59,11 +59,11 @@ module Google
59
59
 
60
60
  # Sets the access control policy on the specified resource. Replaces any
61
61
  # existing policy.
62
- rpc :SetIamPolicy, SetIamPolicyRequest, Policy
62
+ rpc :SetIamPolicy, ::Google::Iam::V1::SetIamPolicyRequest, ::Google::Iam::V1::Policy
63
63
  # Gets the access control policy for a resource.
64
64
  # Returns an empty policy if the resource exists and does not have a policy
65
65
  # set.
66
- rpc :GetIamPolicy, GetIamPolicyRequest, Policy
66
+ rpc :GetIamPolicy, ::Google::Iam::V1::GetIamPolicyRequest, ::Google::Iam::V1::Policy
67
67
  # Returns permissions that a caller has on the specified resource.
68
68
  # If the resource does not exist, this will return an empty set of
69
69
  # permissions, not a NOT_FOUND error.
@@ -71,7 +71,7 @@ module Google
71
71
  # Note: This operation is designed to be used for building permission-aware
72
72
  # UIs and command-line tools, not for authorization checking. This operation
73
73
  # may "fail open" without warning.
74
- rpc :TestIamPermissions, TestIamPermissionsRequest, TestIamPermissionsResponse
74
+ rpc :TestIamPermissions, ::Google::Iam::V1::TestIamPermissionsRequest, ::Google::Iam::V1::TestIamPermissionsResponse
75
75
  end
76
76
 
77
77
  Stub = Service.rpc_stub_class
@@ -54,6 +54,12 @@ module Google
54
54
  # This indicates that the field may be set once in a request to create a
55
55
  # resource, but may not be changed thereafter.
56
56
  IMMUTABLE = 5
57
+
58
+ # Denotes that a (repeated) field is an unordered list.
59
+ # This indicates that the service may provide the elements of the list
60
+ # in any arbitrary order, rather than the order the user originally
61
+ # provided. Additionally, the list's order may or may not be stable.
62
+ UNORDERED_LIST = 6
57
63
  end
58
64
  end
59
65
  end
@@ -43,12 +43,12 @@ module Google
43
43
  #
44
44
  # The ResourceDescriptor Yaml config will look like:
45
45
  #
46
- # resources:
47
- # - type: "pubsub.googleapis.com/Topic"
48
- # name_descriptor:
49
- # - pattern: "projects/\\{project}/topics/\\{topic}"
50
- # parent_type: "cloudresourcemanager.googleapis.com/Project"
51
- # parent_name_extractor: "projects/\\{project}"
46
+ # resources:
47
+ # - type: "pubsub.googleapis.com/Topic"
48
+ # name_descriptor:
49
+ # - pattern: "projects/{project}/topics/{topic}"
50
+ # parent_type: "cloudresourcemanager.googleapis.com/Project"
51
+ # parent_name_extractor: "projects/{project}"
52
52
  #
53
53
  # Sometimes, resources have multiple patterns, typically because they can
54
54
  # live under multiple parents.
@@ -183,15 +183,24 @@ module Google
183
183
  # }
184
184
  # @!attribute [rw] plural
185
185
  # @return [::String]
186
- # The plural name used in the resource name, such as 'projects' for
187
- # the name of 'projects/\\{project}'. It is the same concept of the `plural`
188
- # field in k8s CRD spec
186
+ # The plural name used in the resource name and permission names, such as
187
+ # 'projects' for the resource name of 'projects/\\{project}' and the permission
188
+ # name of 'cloudresourcemanager.googleapis.com/projects.get'. It is the same
189
+ # concept of the `plural` field in k8s CRD spec
189
190
  # https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions/
191
+ #
192
+ # Note: The plural form is required even for singleton resources. See
193
+ # https://aip.dev/156
190
194
  # @!attribute [rw] singular
191
195
  # @return [::String]
192
196
  # The same concept of the `singular` field in k8s CRD spec
193
197
  # https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions/
194
198
  # Such as "project" for the `resourcemanager.googleapis.com/Project` type.
199
+ # @!attribute [rw] style
200
+ # @return [::Array<::Google::Api::ResourceDescriptor::Style>]
201
+ # Style flag(s) for this resource.
202
+ # These indicate that a resource is expected to conform to a given
203
+ # style. See the specific style flags for additional information.
195
204
  class ResourceDescriptor
196
205
  include ::Google::Protobuf::MessageExts
197
206
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -211,6 +220,22 @@ module Google
211
220
  # that from being necessary once there are multiple patterns.)
212
221
  FUTURE_MULTI_PATTERN = 2
213
222
  end
223
+
224
+ # A flag representing a specific style that a resource claims to conform to.
225
+ module Style
226
+ # The unspecified value. Do not use.
227
+ STYLE_UNSPECIFIED = 0
228
+
229
+ # This resource is intended to be "declarative-friendly".
230
+ #
231
+ # Declarative-friendly resources must be more strictly consistent, and
232
+ # setting this to true communicates to tools that this resource should
233
+ # adhere to declarative-friendly expectations.
234
+ #
235
+ # Note: This is used by the API linter (linter.aip.dev) to enable
236
+ # additional checks.
237
+ DECLARATIVE_FRIENDLY = 1
238
+ end
214
239
  end
215
240
 
216
241
  # Defines a proto annotation that describes a string field that refers to
@@ -226,6 +251,17 @@ module Google
226
251
  # type: "pubsub.googleapis.com/Topic"
227
252
  # }];
228
253
  # }
254
+ #
255
+ # Occasionally, a field may reference an arbitrary resource. In this case,
256
+ # APIs use the special value * in their resource reference.
257
+ #
258
+ # Example:
259
+ #
260
+ # message GetIamPolicyRequest {
261
+ # string resource = 2 [(google.api.resource_reference) = {
262
+ # type: "*"
263
+ # }];
264
+ # }
229
265
  # @!attribute [rw] child_type
230
266
  # @return [::String]
231
267
  # The resource type of a child collection that the annotated field
@@ -234,11 +270,11 @@ module Google
234
270
  #
235
271
  # Example:
236
272
  #
237
- # message ListLogEntriesRequest {
238
- # string parent = 1 [(google.api.resource_reference) = {
239
- # child_type: "logging.googleapis.com/LogEntry"
240
- # };
241
- # }
273
+ # message ListLogEntriesRequest {
274
+ # string parent = 1 [(google.api.resource_reference) = {
275
+ # child_type: "logging.googleapis.com/LogEntry"
276
+ # };
277
+ # }
242
278
  class ResourceReference
243
279
  include ::Google::Protobuf::MessageExts
244
280
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -37,8 +37,8 @@ module Google
37
37
  # A {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} represents a logical key that can be used for cryptographic
38
38
  # operations.
39
39
  #
40
- # A {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} is made up of one or more {::Google::Cloud::Kms::V1::CryptoKeyVersion versions}, which
41
- # represent the actual key material used in cryptographic operations.
40
+ # A {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} is made up of zero or more {::Google::Cloud::Kms::V1::CryptoKeyVersion versions},
41
+ # which represent the actual key material used in cryptographic operations.
42
42
  # @!attribute [r] name
43
43
  # @return [::String]
44
44
  # Output only. The resource name for this {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} in the format
@@ -410,6 +410,27 @@ module Google
410
410
  # @return [::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionAlgorithm]
411
411
  # The {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionAlgorithm Algorithm} associated
412
412
  # with this key.
413
+ # @!attribute [rw] pem_crc32c
414
+ # @return [::Google::Protobuf::Int64Value]
415
+ # Integrity verification field. A CRC32C checksum of the returned
416
+ # {::Google::Cloud::Kms::V1::PublicKey#pem PublicKey.pem}. An integrity check of {::Google::Cloud::Kms::V1::PublicKey#pem PublicKey.pem} can be performed
417
+ # by computing the CRC32C checksum of {::Google::Cloud::Kms::V1::PublicKey#pem PublicKey.pem} and
418
+ # comparing your results to this field. Discard the response in case of
419
+ # non-matching checksum values, and perform a limited number of retries. A
420
+ # persistent mismatch may indicate an issue in your computation of the CRC32C
421
+ # checksum.
422
+ # Note: This field is defined as int64 for reasons of compatibility across
423
+ # different languages. However, it is a non-negative integer, which will
424
+ # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
425
+ # that support this type.
426
+ #
427
+ # NOTE: This field is in Beta.
428
+ # @!attribute [rw] name
429
+ # @return [::String]
430
+ # The {::Google::Cloud::Kms::V1::CryptoKeyVersion#name name} of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} public key.
431
+ # Provided here for verification.
432
+ #
433
+ # NOTE: This field is in Beta.
413
434
  class PublicKey
414
435
  include ::Google::Protobuf::MessageExts
415
436
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -437,6 +437,41 @@ module Google
437
437
  # 64KiB. For {::Google::Cloud::Kms::V1::ProtectionLevel::HSM HSM} keys, the combined length of the
438
438
  # plaintext and additional_authenticated_data fields must be no larger than
439
439
  # 8KiB.
440
+ # @!attribute [rw] plaintext_crc32c
441
+ # @return [::Google::Protobuf::Int64Value]
442
+ # Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::EncryptRequest#plaintext EncryptRequest.plaintext}. If
443
+ # specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the
444
+ # received {::Google::Cloud::Kms::V1::EncryptRequest#plaintext EncryptRequest.plaintext} using this checksum.
445
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
446
+ # fails. If you receive a checksum error, your client should verify that
447
+ # CRC32C({::Google::Cloud::Kms::V1::EncryptRequest#plaintext EncryptRequest.plaintext}) is equal to
448
+ # {::Google::Cloud::Kms::V1::EncryptRequest#plaintext_crc32c EncryptRequest.plaintext_crc32c}, and if so, perform a limited number of
449
+ # retries. A persistent mismatch may indicate an issue in your computation of
450
+ # the CRC32C checksum.
451
+ # Note: This field is defined as int64 for reasons of compatibility across
452
+ # different languages. However, it is a non-negative integer, which will
453
+ # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
454
+ # that support this type.
455
+ #
456
+ # NOTE: This field is in Beta.
457
+ # @!attribute [rw] additional_authenticated_data_crc32c
458
+ # @return [::Google::Protobuf::Int64Value]
459
+ # Optional. An optional CRC32C checksum of the
460
+ # {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data EncryptRequest.additional_authenticated_data}. If specified,
461
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the received
462
+ # {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data EncryptRequest.additional_authenticated_data} using this checksum.
463
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
464
+ # fails. If you receive a checksum error, your client should verify that
465
+ # CRC32C({::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data EncryptRequest.additional_authenticated_data}) is equal to
466
+ # {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data_crc32c EncryptRequest.additional_authenticated_data_crc32c}, and if so, perform
467
+ # a limited number of retries. A persistent mismatch may indicate an issue in
468
+ # your computation of the CRC32C checksum.
469
+ # Note: This field is defined as int64 for reasons of compatibility across
470
+ # different languages. However, it is a non-negative integer, which will
471
+ # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
472
+ # that support this type.
473
+ #
474
+ # NOTE: This field is in Beta.
440
475
  class EncryptRequest
441
476
  include ::Google::Protobuf::MessageExts
442
477
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -455,6 +490,41 @@ module Google
455
490
  # @return [::String]
456
491
  # Optional. Optional data that must match the data originally supplied in
457
492
  # {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data EncryptRequest.additional_authenticated_data}.
493
+ # @!attribute [rw] ciphertext_crc32c
494
+ # @return [::Google::Protobuf::Int64Value]
495
+ # Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::DecryptRequest#ciphertext DecryptRequest.ciphertext}. If
496
+ # specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the
497
+ # received {::Google::Cloud::Kms::V1::DecryptRequest#ciphertext DecryptRequest.ciphertext} using this checksum.
498
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
499
+ # fails. If you receive a checksum error, your client should verify that
500
+ # CRC32C({::Google::Cloud::Kms::V1::DecryptRequest#ciphertext DecryptRequest.ciphertext}) is equal to
501
+ # {::Google::Cloud::Kms::V1::DecryptRequest#ciphertext_crc32c DecryptRequest.ciphertext_crc32c}, and if so, perform a limited number
502
+ # of retries. A persistent mismatch may indicate an issue in your computation
503
+ # of the CRC32C checksum.
504
+ # Note: This field is defined as int64 for reasons of compatibility across
505
+ # different languages. However, it is a non-negative integer, which will
506
+ # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
507
+ # that support this type.
508
+ #
509
+ # NOTE: This field is in Beta.
510
+ # @!attribute [rw] additional_authenticated_data_crc32c
511
+ # @return [::Google::Protobuf::Int64Value]
512
+ # Optional. An optional CRC32C checksum of the
513
+ # {::Google::Cloud::Kms::V1::DecryptRequest#additional_authenticated_data DecryptRequest.additional_authenticated_data}. If specified,
514
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the received
515
+ # {::Google::Cloud::Kms::V1::DecryptRequest#additional_authenticated_data DecryptRequest.additional_authenticated_data} using this checksum.
516
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
517
+ # fails. If you receive a checksum error, your client should verify that
518
+ # CRC32C({::Google::Cloud::Kms::V1::DecryptRequest#additional_authenticated_data DecryptRequest.additional_authenticated_data}) is equal to
519
+ # {::Google::Cloud::Kms::V1::DecryptRequest#additional_authenticated_data_crc32c DecryptRequest.additional_authenticated_data_crc32c}, and if so, perform
520
+ # a limited number of retries. A persistent mismatch may indicate an issue in
521
+ # your computation of the CRC32C checksum.
522
+ # Note: This field is defined as int64 for reasons of compatibility across
523
+ # different languages. However, it is a non-negative integer, which will
524
+ # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
525
+ # that support this type.
526
+ #
527
+ # NOTE: This field is in Beta.
458
528
  class DecryptRequest
459
529
  include ::Google::Protobuf::MessageExts
460
530
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -469,6 +539,23 @@ module Google
469
539
  # Required. The digest of the data to sign. The digest must be produced with
470
540
  # the same digest algorithm as specified by the key version's
471
541
  # {::Google::Cloud::Kms::V1::CryptoKeyVersion#algorithm algorithm}.
542
+ # @!attribute [rw] digest_crc32c
543
+ # @return [::Google::Protobuf::Int64Value]
544
+ # Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest AsymmetricSignRequest.digest}. If
545
+ # specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the
546
+ # received {::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest AsymmetricSignRequest.digest} using this checksum.
547
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
548
+ # fails. If you receive a checksum error, your client should verify that
549
+ # CRC32C({::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest AsymmetricSignRequest.digest}) is equal to
550
+ # {::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest_crc32c AsymmetricSignRequest.digest_crc32c}, and if so, perform a limited
551
+ # number of retries. A persistent mismatch may indicate an issue in your
552
+ # computation of the CRC32C checksum.
553
+ # Note: This field is defined as int64 for reasons of compatibility across
554
+ # different languages. However, it is a non-negative integer, which will
555
+ # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
556
+ # that support this type.
557
+ #
558
+ # NOTE: This field is in Beta.
472
559
  class AsymmetricSignRequest
473
560
  include ::Google::Protobuf::MessageExts
474
561
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -483,6 +570,23 @@ module Google
483
570
  # @return [::String]
484
571
  # Required. The data encrypted with the named {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}'s public
485
572
  # key using OAEP.
573
+ # @!attribute [rw] ciphertext_crc32c
574
+ # @return [::Google::Protobuf::Int64Value]
575
+ # Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext AsymmetricDecryptRequest.ciphertext}.
576
+ # If specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the
577
+ # received {::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext AsymmetricDecryptRequest.ciphertext} using this checksum.
578
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
579
+ # fails. If you receive a checksum error, your client should verify that
580
+ # CRC32C({::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext AsymmetricDecryptRequest.ciphertext}) is equal to
581
+ # {::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext_crc32c AsymmetricDecryptRequest.ciphertext_crc32c}, and if so, perform a
582
+ # limited number of retries. A persistent mismatch may indicate an issue in
583
+ # your computation of the CRC32C checksum.
584
+ # Note: This field is defined as int64 for reasons of compatibility across
585
+ # different languages. However, it is a non-negative integer, which will
586
+ # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
587
+ # that support this type.
588
+ #
589
+ # NOTE: This field is in Beta.
486
590
  class AsymmetricDecryptRequest
487
591
  include ::Google::Protobuf::MessageExts
488
592
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -492,6 +596,23 @@ module Google
492
596
  # @!attribute [rw] plaintext
493
597
  # @return [::String]
494
598
  # The decrypted data originally supplied in {::Google::Cloud::Kms::V1::EncryptRequest#plaintext EncryptRequest.plaintext}.
599
+ # @!attribute [rw] plaintext_crc32c
600
+ # @return [::Google::Protobuf::Int64Value]
601
+ # Integrity verification field. A CRC32C checksum of the returned
602
+ # {::Google::Cloud::Kms::V1::DecryptResponse#plaintext DecryptResponse.plaintext}. An integrity check of
603
+ # {::Google::Cloud::Kms::V1::DecryptResponse#plaintext DecryptResponse.plaintext} can be performed by computing the CRC32C
604
+ # checksum of {::Google::Cloud::Kms::V1::DecryptResponse#plaintext DecryptResponse.plaintext} and comparing your results to
605
+ # this field. Discard the response in case of non-matching checksum values,
606
+ # and perform a limited number of retries. A persistent mismatch may indicate
607
+ # an issue in your computation of the CRC32C checksum. Note: receiving this
608
+ # response message indicates that {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} is able to
609
+ # successfully decrypt the {::Google::Cloud::Kms::V1::DecryptRequest#ciphertext ciphertext}.
610
+ # Note: This field is defined as int64 for reasons of compatibility across
611
+ # different languages. However, it is a non-negative integer, which will
612
+ # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
613
+ # that support this type.
614
+ #
615
+ # NOTE: This field is in Beta.
495
616
  class DecryptResponse
496
617
  include ::Google::Protobuf::MessageExts
497
618
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -505,6 +626,46 @@ module Google
505
626
  # @!attribute [rw] ciphertext
506
627
  # @return [::String]
507
628
  # The encrypted data.
629
+ # @!attribute [rw] ciphertext_crc32c
630
+ # @return [::Google::Protobuf::Int64Value]
631
+ # Integrity verification field. A CRC32C checksum of the returned
632
+ # {::Google::Cloud::Kms::V1::EncryptResponse#ciphertext EncryptResponse.ciphertext}. An integrity check of
633
+ # {::Google::Cloud::Kms::V1::EncryptResponse#ciphertext EncryptResponse.ciphertext} can be performed by computing the CRC32C
634
+ # checksum of {::Google::Cloud::Kms::V1::EncryptResponse#ciphertext EncryptResponse.ciphertext} and comparing your results to
635
+ # this field. Discard the response in case of non-matching checksum values,
636
+ # and perform a limited number of retries. A persistent mismatch may indicate
637
+ # an issue in your computation of the CRC32C checksum.
638
+ # Note: This field is defined as int64 for reasons of compatibility across
639
+ # different languages. However, it is a non-negative integer, which will
640
+ # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
641
+ # that support this type.
642
+ #
643
+ # NOTE: This field is in Beta.
644
+ # @!attribute [rw] verified_plaintext_crc32c
645
+ # @return [::Boolean]
646
+ # Integrity verification field. A flag indicating whether
647
+ # {::Google::Cloud::Kms::V1::EncryptRequest#plaintext_crc32c EncryptRequest.plaintext_crc32c} was received by
648
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} and used for the integrity verification of the
649
+ # {::Google::Cloud::Kms::V1::EncryptRequest#plaintext plaintext}. A false value of this field
650
+ # indicates either that {::Google::Cloud::Kms::V1::EncryptRequest#plaintext_crc32c EncryptRequest.plaintext_crc32c} was left unset or
651
+ # that it was not delivered to {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}. If you've set
652
+ # {::Google::Cloud::Kms::V1::EncryptRequest#plaintext_crc32c EncryptRequest.plaintext_crc32c} but this field is still false, discard
653
+ # the response and perform a limited number of retries.
654
+ #
655
+ # NOTE: This field is in Beta.
656
+ # @!attribute [rw] verified_additional_authenticated_data_crc32c
657
+ # @return [::Boolean]
658
+ # Integrity verification field. A flag indicating whether
659
+ # {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data_crc32c EncryptRequest.additional_authenticated_data_crc32c} was received by
660
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} and used for the integrity verification of the
661
+ # {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data AAD}. A false value of this
662
+ # field indicates either that
663
+ # {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data_crc32c EncryptRequest.additional_authenticated_data_crc32c} was left unset or
664
+ # that it was not delivered to {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}. If you've set
665
+ # {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data_crc32c EncryptRequest.additional_authenticated_data_crc32c} but this field is
666
+ # still false, discard the response and perform a limited number of retries.
667
+ #
668
+ # NOTE: This field is in Beta.
508
669
  class EncryptResponse
509
670
  include ::Google::Protobuf::MessageExts
510
671
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -514,6 +675,39 @@ module Google
514
675
  # @!attribute [rw] signature
515
676
  # @return [::String]
516
677
  # The created signature.
678
+ # @!attribute [rw] signature_crc32c
679
+ # @return [::Google::Protobuf::Int64Value]
680
+ # Integrity verification field. A CRC32C checksum of the returned
681
+ # {::Google::Cloud::Kms::V1::AsymmetricSignResponse#signature AsymmetricSignResponse.signature}. An integrity check of
682
+ # {::Google::Cloud::Kms::V1::AsymmetricSignResponse#signature AsymmetricSignResponse.signature} can be performed by computing the
683
+ # CRC32C checksum of {::Google::Cloud::Kms::V1::AsymmetricSignResponse#signature AsymmetricSignResponse.signature} and comparing your
684
+ # results to this field. Discard the response in case of non-matching
685
+ # checksum values, and perform a limited number of retries. A persistent
686
+ # mismatch may indicate an issue in your computation of the CRC32C checksum.
687
+ # Note: This field is defined as int64 for reasons of compatibility across
688
+ # different languages. However, it is a non-negative integer, which will
689
+ # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
690
+ # that support this type.
691
+ #
692
+ # NOTE: This field is in Beta.
693
+ # @!attribute [rw] verified_digest_crc32c
694
+ # @return [::Boolean]
695
+ # Integrity verification field. A flag indicating whether
696
+ # {::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest_crc32c AsymmetricSignRequest.digest_crc32c} was received by
697
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} and used for the integrity verification of the
698
+ # {::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest digest}. A false value of this field
699
+ # indicates either that {::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest_crc32c AsymmetricSignRequest.digest_crc32c} was left
700
+ # unset or that it was not delivered to {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}. If you've
701
+ # set {::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest_crc32c AsymmetricSignRequest.digest_crc32c} but this field is still false,
702
+ # discard the response and perform a limited number of retries.
703
+ #
704
+ # NOTE: This field is in Beta.
705
+ # @!attribute [rw] name
706
+ # @return [::String]
707
+ # The resource name of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} used for signing. Check
708
+ # this field to verify that the intended resource was used for signing.
709
+ #
710
+ # NOTE: This field is in Beta.
517
711
  class AsymmetricSignResponse
518
712
  include ::Google::Protobuf::MessageExts
519
713
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -523,6 +717,33 @@ module Google
523
717
  # @!attribute [rw] plaintext
524
718
  # @return [::String]
525
719
  # The decrypted data originally encrypted with the matching public key.
720
+ # @!attribute [rw] plaintext_crc32c
721
+ # @return [::Google::Protobuf::Int64Value]
722
+ # Integrity verification field. A CRC32C checksum of the returned
723
+ # {::Google::Cloud::Kms::V1::AsymmetricDecryptResponse#plaintext AsymmetricDecryptResponse.plaintext}. An integrity check of
724
+ # {::Google::Cloud::Kms::V1::AsymmetricDecryptResponse#plaintext AsymmetricDecryptResponse.plaintext} can be performed by computing the
725
+ # CRC32C checksum of {::Google::Cloud::Kms::V1::AsymmetricDecryptResponse#plaintext AsymmetricDecryptResponse.plaintext} and comparing
726
+ # your results to this field. Discard the response in case of non-matching
727
+ # checksum values, and perform a limited number of retries. A persistent
728
+ # mismatch may indicate an issue in your computation of the CRC32C checksum.
729
+ # Note: This field is defined as int64 for reasons of compatibility across
730
+ # different languages. However, it is a non-negative integer, which will
731
+ # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
732
+ # that support this type.
733
+ #
734
+ # NOTE: This field is in Beta.
735
+ # @!attribute [rw] verified_ciphertext_crc32c
736
+ # @return [::Boolean]
737
+ # Integrity verification field. A flag indicating whether
738
+ # {::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext_crc32c AsymmetricDecryptRequest.ciphertext_crc32c} was received by
739
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} and used for the integrity verification of the
740
+ # {::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext ciphertext}. A false value of this
741
+ # field indicates either that {::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext_crc32c AsymmetricDecryptRequest.ciphertext_crc32c}
742
+ # was left unset or that it was not delivered to {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}. If
743
+ # you've set {::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext_crc32c AsymmetricDecryptRequest.ciphertext_crc32c} but this field is
744
+ # still false, discard the response and perform a limited number of retries.
745
+ #
746
+ # NOTE: This field is in Beta.
526
747
  class AsymmetricDecryptResponse
527
748
  include ::Google::Protobuf::MessageExts
528
749
  extend ::Google::Protobuf::MessageExts::ClassMethods