google-cloud-kms-v1 0.2.2 → 0.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +64 -0
- data/lib/google/cloud/kms/v1.rb +3 -0
- data/lib/google/cloud/kms/v1/iam_policy/client.rb +9 -3
- data/lib/google/cloud/kms/v1/key_management_service/client.rb +132 -28
- data/lib/google/cloud/kms/v1/resources_pb.rb +3 -0
- data/lib/google/cloud/kms/v1/service_pb.rb +16 -0
- data/lib/google/cloud/kms/v1/service_services_pb.rb +23 -23
- data/lib/google/cloud/kms/v1/version.rb +1 -1
- data/lib/google/iam/v1/iam_policy_services_pb.rb +3 -3
- data/proto_docs/google/api/field_behavior.rb +6 -0
- data/proto_docs/google/api/resource.rb +50 -14
- data/proto_docs/google/cloud/kms/v1/resources.rb +23 -2
- data/proto_docs/google/cloud/kms/v1/service.rb +221 -0
- data/proto_docs/google/protobuf/timestamp.rb +10 -1
- data/proto_docs/google/protobuf/wrappers.rb +121 -0
- metadata +9 -6
@@ -7,6 +7,7 @@ require 'google/api/field_behavior_pb'
|
|
7
7
|
require 'google/api/resource_pb'
|
8
8
|
require 'google/protobuf/duration_pb'
|
9
9
|
require 'google/protobuf/timestamp_pb'
|
10
|
+
require 'google/protobuf/wrappers_pb'
|
10
11
|
require 'google/api/annotations_pb'
|
11
12
|
Google::Protobuf::DescriptorPool.generated_pool.build do
|
12
13
|
add_file("google/cloud/kms/v1/resources.proto", :syntax => :proto3) do
|
@@ -96,6 +97,8 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
96
97
|
add_message "google.cloud.kms.v1.PublicKey" do
|
97
98
|
optional :pem, :string, 1
|
98
99
|
optional :algorithm, :enum, 2, "google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm"
|
100
|
+
optional :pem_crc32c, :message, 3, "google.protobuf.Int64Value"
|
101
|
+
optional :name, :string, 4
|
99
102
|
end
|
100
103
|
add_message "google.cloud.kms.v1.ImportJob" do
|
101
104
|
optional :name, :string, 1
|
@@ -9,6 +9,7 @@ require 'google/api/field_behavior_pb'
|
|
9
9
|
require 'google/api/resource_pb'
|
10
10
|
require 'google/cloud/kms/v1/resources_pb'
|
11
11
|
require 'google/protobuf/field_mask_pb'
|
12
|
+
require 'google/protobuf/wrappers_pb'
|
12
13
|
Google::Protobuf::DescriptorPool.generated_pool.build do
|
13
14
|
add_file("google/cloud/kms/v1/service.proto", :syntax => :proto3) do
|
14
15
|
add_message "google.cloud.kms.v1.ListKeyRingsRequest" do
|
@@ -116,32 +117,47 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
116
117
|
optional :name, :string, 1
|
117
118
|
optional :plaintext, :bytes, 2
|
118
119
|
optional :additional_authenticated_data, :bytes, 3
|
120
|
+
optional :plaintext_crc32c, :message, 7, "google.protobuf.Int64Value"
|
121
|
+
optional :additional_authenticated_data_crc32c, :message, 8, "google.protobuf.Int64Value"
|
119
122
|
end
|
120
123
|
add_message "google.cloud.kms.v1.DecryptRequest" do
|
121
124
|
optional :name, :string, 1
|
122
125
|
optional :ciphertext, :bytes, 2
|
123
126
|
optional :additional_authenticated_data, :bytes, 3
|
127
|
+
optional :ciphertext_crc32c, :message, 5, "google.protobuf.Int64Value"
|
128
|
+
optional :additional_authenticated_data_crc32c, :message, 6, "google.protobuf.Int64Value"
|
124
129
|
end
|
125
130
|
add_message "google.cloud.kms.v1.AsymmetricSignRequest" do
|
126
131
|
optional :name, :string, 1
|
127
132
|
optional :digest, :message, 3, "google.cloud.kms.v1.Digest"
|
133
|
+
optional :digest_crc32c, :message, 4, "google.protobuf.Int64Value"
|
128
134
|
end
|
129
135
|
add_message "google.cloud.kms.v1.AsymmetricDecryptRequest" do
|
130
136
|
optional :name, :string, 1
|
131
137
|
optional :ciphertext, :bytes, 3
|
138
|
+
optional :ciphertext_crc32c, :message, 4, "google.protobuf.Int64Value"
|
132
139
|
end
|
133
140
|
add_message "google.cloud.kms.v1.DecryptResponse" do
|
134
141
|
optional :plaintext, :bytes, 1
|
142
|
+
optional :plaintext_crc32c, :message, 2, "google.protobuf.Int64Value"
|
135
143
|
end
|
136
144
|
add_message "google.cloud.kms.v1.EncryptResponse" do
|
137
145
|
optional :name, :string, 1
|
138
146
|
optional :ciphertext, :bytes, 2
|
147
|
+
optional :ciphertext_crc32c, :message, 4, "google.protobuf.Int64Value"
|
148
|
+
optional :verified_plaintext_crc32c, :bool, 5
|
149
|
+
optional :verified_additional_authenticated_data_crc32c, :bool, 6
|
139
150
|
end
|
140
151
|
add_message "google.cloud.kms.v1.AsymmetricSignResponse" do
|
141
152
|
optional :signature, :bytes, 1
|
153
|
+
optional :signature_crc32c, :message, 2, "google.protobuf.Int64Value"
|
154
|
+
optional :verified_digest_crc32c, :bool, 3
|
155
|
+
optional :name, :string, 4
|
142
156
|
end
|
143
157
|
add_message "google.cloud.kms.v1.AsymmetricDecryptResponse" do
|
144
158
|
optional :plaintext, :bytes, 1
|
159
|
+
optional :plaintext_crc32c, :message, 2, "google.protobuf.Int64Value"
|
160
|
+
optional :verified_ciphertext_crc32c, :bool, 3
|
145
161
|
end
|
146
162
|
add_message "google.cloud.kms.v1.UpdateCryptoKeyPrimaryVersionRequest" do
|
147
163
|
optional :name, :string, 1
|
@@ -45,53 +45,53 @@ module Google
|
|
45
45
|
self.service_name = 'google.cloud.kms.v1.KeyManagementService'
|
46
46
|
|
47
47
|
# Lists [KeyRings][google.cloud.kms.v1.KeyRing].
|
48
|
-
rpc :ListKeyRings, ListKeyRingsRequest, ListKeyRingsResponse
|
48
|
+
rpc :ListKeyRings, ::Google::Cloud::Kms::V1::ListKeyRingsRequest, ::Google::Cloud::Kms::V1::ListKeyRingsResponse
|
49
49
|
# Lists [CryptoKeys][google.cloud.kms.v1.CryptoKey].
|
50
|
-
rpc :ListCryptoKeys, ListCryptoKeysRequest, ListCryptoKeysResponse
|
50
|
+
rpc :ListCryptoKeys, ::Google::Cloud::Kms::V1::ListCryptoKeysRequest, ::Google::Cloud::Kms::V1::ListCryptoKeysResponse
|
51
51
|
# Lists [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion].
|
52
|
-
rpc :ListCryptoKeyVersions, ListCryptoKeyVersionsRequest, ListCryptoKeyVersionsResponse
|
52
|
+
rpc :ListCryptoKeyVersions, ::Google::Cloud::Kms::V1::ListCryptoKeyVersionsRequest, ::Google::Cloud::Kms::V1::ListCryptoKeyVersionsResponse
|
53
53
|
# Lists [ImportJobs][google.cloud.kms.v1.ImportJob].
|
54
|
-
rpc :ListImportJobs, ListImportJobsRequest, ListImportJobsResponse
|
54
|
+
rpc :ListImportJobs, ::Google::Cloud::Kms::V1::ListImportJobsRequest, ::Google::Cloud::Kms::V1::ListImportJobsResponse
|
55
55
|
# Returns metadata for a given [KeyRing][google.cloud.kms.v1.KeyRing].
|
56
|
-
rpc :GetKeyRing, GetKeyRingRequest, KeyRing
|
56
|
+
rpc :GetKeyRing, ::Google::Cloud::Kms::V1::GetKeyRingRequest, ::Google::Cloud::Kms::V1::KeyRing
|
57
57
|
# Returns metadata for a given [CryptoKey][google.cloud.kms.v1.CryptoKey], as well as its
|
58
58
|
# [primary][google.cloud.kms.v1.CryptoKey.primary] [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
|
59
|
-
rpc :GetCryptoKey, GetCryptoKeyRequest, CryptoKey
|
59
|
+
rpc :GetCryptoKey, ::Google::Cloud::Kms::V1::GetCryptoKeyRequest, ::Google::Cloud::Kms::V1::CryptoKey
|
60
60
|
# Returns metadata for a given [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
|
61
|
-
rpc :GetCryptoKeyVersion, GetCryptoKeyVersionRequest, CryptoKeyVersion
|
61
|
+
rpc :GetCryptoKeyVersion, ::Google::Cloud::Kms::V1::GetCryptoKeyVersionRequest, ::Google::Cloud::Kms::V1::CryptoKeyVersion
|
62
62
|
# Returns the public key for the given [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. The
|
63
63
|
# [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
|
64
64
|
# [ASYMMETRIC_SIGN][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN] or
|
65
65
|
# [ASYMMETRIC_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_DECRYPT].
|
66
|
-
rpc :GetPublicKey, GetPublicKeyRequest, PublicKey
|
66
|
+
rpc :GetPublicKey, ::Google::Cloud::Kms::V1::GetPublicKeyRequest, ::Google::Cloud::Kms::V1::PublicKey
|
67
67
|
# Returns metadata for a given [ImportJob][google.cloud.kms.v1.ImportJob].
|
68
|
-
rpc :GetImportJob, GetImportJobRequest, ImportJob
|
68
|
+
rpc :GetImportJob, ::Google::Cloud::Kms::V1::GetImportJobRequest, ::Google::Cloud::Kms::V1::ImportJob
|
69
69
|
# Create a new [KeyRing][google.cloud.kms.v1.KeyRing] in a given Project and Location.
|
70
|
-
rpc :CreateKeyRing, CreateKeyRingRequest, KeyRing
|
70
|
+
rpc :CreateKeyRing, ::Google::Cloud::Kms::V1::CreateKeyRingRequest, ::Google::Cloud::Kms::V1::KeyRing
|
71
71
|
# Create a new [CryptoKey][google.cloud.kms.v1.CryptoKey] within a [KeyRing][google.cloud.kms.v1.KeyRing].
|
72
72
|
#
|
73
73
|
# [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] and
|
74
74
|
# [CryptoKey.version_template.algorithm][google.cloud.kms.v1.CryptoKeyVersionTemplate.algorithm]
|
75
75
|
# are required.
|
76
|
-
rpc :CreateCryptoKey, CreateCryptoKeyRequest, CryptoKey
|
76
|
+
rpc :CreateCryptoKey, ::Google::Cloud::Kms::V1::CreateCryptoKeyRequest, ::Google::Cloud::Kms::V1::CryptoKey
|
77
77
|
# Create a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in a [CryptoKey][google.cloud.kms.v1.CryptoKey].
|
78
78
|
#
|
79
79
|
# The server will assign the next sequential id. If unset,
|
80
80
|
# [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to
|
81
81
|
# [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED].
|
82
|
-
rpc :CreateCryptoKeyVersion, CreateCryptoKeyVersionRequest, CryptoKeyVersion
|
82
|
+
rpc :CreateCryptoKeyVersion, ::Google::Cloud::Kms::V1::CreateCryptoKeyVersionRequest, ::Google::Cloud::Kms::V1::CryptoKeyVersion
|
83
83
|
# Imports a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] into an existing [CryptoKey][google.cloud.kms.v1.CryptoKey] using the
|
84
84
|
# wrapped key material provided in the request.
|
85
85
|
#
|
86
86
|
# The version ID will be assigned the next sequential id within the
|
87
87
|
# [CryptoKey][google.cloud.kms.v1.CryptoKey].
|
88
|
-
rpc :ImportCryptoKeyVersion, ImportCryptoKeyVersionRequest, CryptoKeyVersion
|
88
|
+
rpc :ImportCryptoKeyVersion, ::Google::Cloud::Kms::V1::ImportCryptoKeyVersionRequest, ::Google::Cloud::Kms::V1::CryptoKeyVersion
|
89
89
|
# Create a new [ImportJob][google.cloud.kms.v1.ImportJob] within a [KeyRing][google.cloud.kms.v1.KeyRing].
|
90
90
|
#
|
91
91
|
# [ImportJob.import_method][google.cloud.kms.v1.ImportJob.import_method] is required.
|
92
|
-
rpc :CreateImportJob, CreateImportJobRequest, ImportJob
|
92
|
+
rpc :CreateImportJob, ::Google::Cloud::Kms::V1::CreateImportJobRequest, ::Google::Cloud::Kms::V1::ImportJob
|
93
93
|
# Update a [CryptoKey][google.cloud.kms.v1.CryptoKey].
|
94
|
-
rpc :UpdateCryptoKey, UpdateCryptoKeyRequest, CryptoKey
|
94
|
+
rpc :UpdateCryptoKey, ::Google::Cloud::Kms::V1::UpdateCryptoKeyRequest, ::Google::Cloud::Kms::V1::CryptoKey
|
95
95
|
# Update a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s metadata.
|
96
96
|
#
|
97
97
|
# [state][google.cloud.kms.v1.CryptoKeyVersion.state] may be changed between
|
@@ -99,26 +99,26 @@ module Google
|
|
99
99
|
# [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED] using this
|
100
100
|
# method. See [DestroyCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion] and [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion] to
|
101
101
|
# move between other states.
|
102
|
-
rpc :UpdateCryptoKeyVersion, UpdateCryptoKeyVersionRequest, CryptoKeyVersion
|
102
|
+
rpc :UpdateCryptoKeyVersion, ::Google::Cloud::Kms::V1::UpdateCryptoKeyVersionRequest, ::Google::Cloud::Kms::V1::CryptoKeyVersion
|
103
103
|
# Encrypts data, so that it can only be recovered by a call to [Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt].
|
104
104
|
# The [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
|
105
105
|
# [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
|
106
|
-
rpc :Encrypt, EncryptRequest, EncryptResponse
|
106
|
+
rpc :Encrypt, ::Google::Cloud::Kms::V1::EncryptRequest, ::Google::Cloud::Kms::V1::EncryptResponse
|
107
107
|
# Decrypts data that was protected by [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. The [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
|
108
108
|
# must be [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
|
109
|
-
rpc :Decrypt, DecryptRequest, DecryptResponse
|
109
|
+
rpc :Decrypt, ::Google::Cloud::Kms::V1::DecryptRequest, ::Google::Cloud::Kms::V1::DecryptResponse
|
110
110
|
# Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
|
111
111
|
# ASYMMETRIC_SIGN, producing a signature that can be verified with the public
|
112
112
|
# key retrieved from [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey].
|
113
|
-
rpc :AsymmetricSign, AsymmetricSignRequest, AsymmetricSignResponse
|
113
|
+
rpc :AsymmetricSign, ::Google::Cloud::Kms::V1::AsymmetricSignRequest, ::Google::Cloud::Kms::V1::AsymmetricSignResponse
|
114
114
|
# Decrypts data that was encrypted with a public key retrieved from
|
115
115
|
# [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey] corresponding to a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with
|
116
116
|
# [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] ASYMMETRIC_DECRYPT.
|
117
|
-
rpc :AsymmetricDecrypt, AsymmetricDecryptRequest, AsymmetricDecryptResponse
|
117
|
+
rpc :AsymmetricDecrypt, ::Google::Cloud::Kms::V1::AsymmetricDecryptRequest, ::Google::Cloud::Kms::V1::AsymmetricDecryptResponse
|
118
118
|
# Update the version of a [CryptoKey][google.cloud.kms.v1.CryptoKey] that will be used in [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt].
|
119
119
|
#
|
120
120
|
# Returns an error if called on an asymmetric key.
|
121
|
-
rpc :UpdateCryptoKeyPrimaryVersion, UpdateCryptoKeyPrimaryVersionRequest, CryptoKey
|
121
|
+
rpc :UpdateCryptoKeyPrimaryVersion, ::Google::Cloud::Kms::V1::UpdateCryptoKeyPrimaryVersionRequest, ::Google::Cloud::Kms::V1::CryptoKey
|
122
122
|
# Schedule a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] for destruction.
|
123
123
|
#
|
124
124
|
# Upon calling this method, [CryptoKeyVersion.state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to
|
@@ -131,7 +131,7 @@ module Google
|
|
131
131
|
#
|
132
132
|
# Before the [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] is reached,
|
133
133
|
# [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion] may be called to reverse the process.
|
134
|
-
rpc :DestroyCryptoKeyVersion, DestroyCryptoKeyVersionRequest, CryptoKeyVersion
|
134
|
+
rpc :DestroyCryptoKeyVersion, ::Google::Cloud::Kms::V1::DestroyCryptoKeyVersionRequest, ::Google::Cloud::Kms::V1::CryptoKeyVersion
|
135
135
|
# Restore a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in the
|
136
136
|
# [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED]
|
137
137
|
# state.
|
@@ -139,7 +139,7 @@ module Google
|
|
139
139
|
# Upon restoration of the CryptoKeyVersion, [state][google.cloud.kms.v1.CryptoKeyVersion.state]
|
140
140
|
# will be set to [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED],
|
141
141
|
# and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will be cleared.
|
142
|
-
rpc :RestoreCryptoKeyVersion, RestoreCryptoKeyVersionRequest, CryptoKeyVersion
|
142
|
+
rpc :RestoreCryptoKeyVersion, ::Google::Cloud::Kms::V1::RestoreCryptoKeyVersionRequest, ::Google::Cloud::Kms::V1::CryptoKeyVersion
|
143
143
|
end
|
144
144
|
|
145
145
|
Stub = Service.rpc_stub_class
|
@@ -59,11 +59,11 @@ module Google
|
|
59
59
|
|
60
60
|
# Sets the access control policy on the specified resource. Replaces any
|
61
61
|
# existing policy.
|
62
|
-
rpc :SetIamPolicy, SetIamPolicyRequest, Policy
|
62
|
+
rpc :SetIamPolicy, ::Google::Iam::V1::SetIamPolicyRequest, ::Google::Iam::V1::Policy
|
63
63
|
# Gets the access control policy for a resource.
|
64
64
|
# Returns an empty policy if the resource exists and does not have a policy
|
65
65
|
# set.
|
66
|
-
rpc :GetIamPolicy, GetIamPolicyRequest, Policy
|
66
|
+
rpc :GetIamPolicy, ::Google::Iam::V1::GetIamPolicyRequest, ::Google::Iam::V1::Policy
|
67
67
|
# Returns permissions that a caller has on the specified resource.
|
68
68
|
# If the resource does not exist, this will return an empty set of
|
69
69
|
# permissions, not a NOT_FOUND error.
|
@@ -71,7 +71,7 @@ module Google
|
|
71
71
|
# Note: This operation is designed to be used for building permission-aware
|
72
72
|
# UIs and command-line tools, not for authorization checking. This operation
|
73
73
|
# may "fail open" without warning.
|
74
|
-
rpc :TestIamPermissions, TestIamPermissionsRequest, TestIamPermissionsResponse
|
74
|
+
rpc :TestIamPermissions, ::Google::Iam::V1::TestIamPermissionsRequest, ::Google::Iam::V1::TestIamPermissionsResponse
|
75
75
|
end
|
76
76
|
|
77
77
|
Stub = Service.rpc_stub_class
|
@@ -54,6 +54,12 @@ module Google
|
|
54
54
|
# This indicates that the field may be set once in a request to create a
|
55
55
|
# resource, but may not be changed thereafter.
|
56
56
|
IMMUTABLE = 5
|
57
|
+
|
58
|
+
# Denotes that a (repeated) field is an unordered list.
|
59
|
+
# This indicates that the service may provide the elements of the list
|
60
|
+
# in any arbitrary order, rather than the order the user originally
|
61
|
+
# provided. Additionally, the list's order may or may not be stable.
|
62
|
+
UNORDERED_LIST = 6
|
57
63
|
end
|
58
64
|
end
|
59
65
|
end
|
@@ -43,12 +43,12 @@ module Google
|
|
43
43
|
#
|
44
44
|
# The ResourceDescriptor Yaml config will look like:
|
45
45
|
#
|
46
|
-
#
|
47
|
-
#
|
48
|
-
#
|
49
|
-
#
|
50
|
-
#
|
51
|
-
#
|
46
|
+
# resources:
|
47
|
+
# - type: "pubsub.googleapis.com/Topic"
|
48
|
+
# name_descriptor:
|
49
|
+
# - pattern: "projects/{project}/topics/{topic}"
|
50
|
+
# parent_type: "cloudresourcemanager.googleapis.com/Project"
|
51
|
+
# parent_name_extractor: "projects/{project}"
|
52
52
|
#
|
53
53
|
# Sometimes, resources have multiple patterns, typically because they can
|
54
54
|
# live under multiple parents.
|
@@ -183,15 +183,24 @@ module Google
|
|
183
183
|
# }
|
184
184
|
# @!attribute [rw] plural
|
185
185
|
# @return [::String]
|
186
|
-
# The plural name used in the resource name, such as
|
187
|
-
# the name of 'projects/\\{project}'
|
188
|
-
#
|
186
|
+
# The plural name used in the resource name and permission names, such as
|
187
|
+
# 'projects' for the resource name of 'projects/\\{project}' and the permission
|
188
|
+
# name of 'cloudresourcemanager.googleapis.com/projects.get'. It is the same
|
189
|
+
# concept of the `plural` field in k8s CRD spec
|
189
190
|
# https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions/
|
191
|
+
#
|
192
|
+
# Note: The plural form is required even for singleton resources. See
|
193
|
+
# https://aip.dev/156
|
190
194
|
# @!attribute [rw] singular
|
191
195
|
# @return [::String]
|
192
196
|
# The same concept of the `singular` field in k8s CRD spec
|
193
197
|
# https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions/
|
194
198
|
# Such as "project" for the `resourcemanager.googleapis.com/Project` type.
|
199
|
+
# @!attribute [rw] style
|
200
|
+
# @return [::Array<::Google::Api::ResourceDescriptor::Style>]
|
201
|
+
# Style flag(s) for this resource.
|
202
|
+
# These indicate that a resource is expected to conform to a given
|
203
|
+
# style. See the specific style flags for additional information.
|
195
204
|
class ResourceDescriptor
|
196
205
|
include ::Google::Protobuf::MessageExts
|
197
206
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -211,6 +220,22 @@ module Google
|
|
211
220
|
# that from being necessary once there are multiple patterns.)
|
212
221
|
FUTURE_MULTI_PATTERN = 2
|
213
222
|
end
|
223
|
+
|
224
|
+
# A flag representing a specific style that a resource claims to conform to.
|
225
|
+
module Style
|
226
|
+
# The unspecified value. Do not use.
|
227
|
+
STYLE_UNSPECIFIED = 0
|
228
|
+
|
229
|
+
# This resource is intended to be "declarative-friendly".
|
230
|
+
#
|
231
|
+
# Declarative-friendly resources must be more strictly consistent, and
|
232
|
+
# setting this to true communicates to tools that this resource should
|
233
|
+
# adhere to declarative-friendly expectations.
|
234
|
+
#
|
235
|
+
# Note: This is used by the API linter (linter.aip.dev) to enable
|
236
|
+
# additional checks.
|
237
|
+
DECLARATIVE_FRIENDLY = 1
|
238
|
+
end
|
214
239
|
end
|
215
240
|
|
216
241
|
# Defines a proto annotation that describes a string field that refers to
|
@@ -226,6 +251,17 @@ module Google
|
|
226
251
|
# type: "pubsub.googleapis.com/Topic"
|
227
252
|
# }];
|
228
253
|
# }
|
254
|
+
#
|
255
|
+
# Occasionally, a field may reference an arbitrary resource. In this case,
|
256
|
+
# APIs use the special value * in their resource reference.
|
257
|
+
#
|
258
|
+
# Example:
|
259
|
+
#
|
260
|
+
# message GetIamPolicyRequest {
|
261
|
+
# string resource = 2 [(google.api.resource_reference) = {
|
262
|
+
# type: "*"
|
263
|
+
# }];
|
264
|
+
# }
|
229
265
|
# @!attribute [rw] child_type
|
230
266
|
# @return [::String]
|
231
267
|
# The resource type of a child collection that the annotated field
|
@@ -234,11 +270,11 @@ module Google
|
|
234
270
|
#
|
235
271
|
# Example:
|
236
272
|
#
|
237
|
-
#
|
238
|
-
#
|
239
|
-
#
|
240
|
-
#
|
241
|
-
#
|
273
|
+
# message ListLogEntriesRequest {
|
274
|
+
# string parent = 1 [(google.api.resource_reference) = {
|
275
|
+
# child_type: "logging.googleapis.com/LogEntry"
|
276
|
+
# };
|
277
|
+
# }
|
242
278
|
class ResourceReference
|
243
279
|
include ::Google::Protobuf::MessageExts
|
244
280
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -37,8 +37,8 @@ module Google
|
|
37
37
|
# A {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} represents a logical key that can be used for cryptographic
|
38
38
|
# operations.
|
39
39
|
#
|
40
|
-
# A {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} is made up of
|
41
|
-
# represent the actual key material used in cryptographic operations.
|
40
|
+
# A {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} is made up of zero or more {::Google::Cloud::Kms::V1::CryptoKeyVersion versions},
|
41
|
+
# which represent the actual key material used in cryptographic operations.
|
42
42
|
# @!attribute [r] name
|
43
43
|
# @return [::String]
|
44
44
|
# Output only. The resource name for this {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} in the format
|
@@ -410,6 +410,27 @@ module Google
|
|
410
410
|
# @return [::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionAlgorithm]
|
411
411
|
# The {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionAlgorithm Algorithm} associated
|
412
412
|
# with this key.
|
413
|
+
# @!attribute [rw] pem_crc32c
|
414
|
+
# @return [::Google::Protobuf::Int64Value]
|
415
|
+
# Integrity verification field. A CRC32C checksum of the returned
|
416
|
+
# {::Google::Cloud::Kms::V1::PublicKey#pem PublicKey.pem}. An integrity check of {::Google::Cloud::Kms::V1::PublicKey#pem PublicKey.pem} can be performed
|
417
|
+
# by computing the CRC32C checksum of {::Google::Cloud::Kms::V1::PublicKey#pem PublicKey.pem} and
|
418
|
+
# comparing your results to this field. Discard the response in case of
|
419
|
+
# non-matching checksum values, and perform a limited number of retries. A
|
420
|
+
# persistent mismatch may indicate an issue in your computation of the CRC32C
|
421
|
+
# checksum.
|
422
|
+
# Note: This field is defined as int64 for reasons of compatibility across
|
423
|
+
# different languages. However, it is a non-negative integer, which will
|
424
|
+
# never exceed 2^32-1, and can be safely downconverted to uint32 in languages
|
425
|
+
# that support this type.
|
426
|
+
#
|
427
|
+
# NOTE: This field is in Beta.
|
428
|
+
# @!attribute [rw] name
|
429
|
+
# @return [::String]
|
430
|
+
# The {::Google::Cloud::Kms::V1::CryptoKeyVersion#name name} of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} public key.
|
431
|
+
# Provided here for verification.
|
432
|
+
#
|
433
|
+
# NOTE: This field is in Beta.
|
413
434
|
class PublicKey
|
414
435
|
include ::Google::Protobuf::MessageExts
|
415
436
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -437,6 +437,41 @@ module Google
|
|
437
437
|
# 64KiB. For {::Google::Cloud::Kms::V1::ProtectionLevel::HSM HSM} keys, the combined length of the
|
438
438
|
# plaintext and additional_authenticated_data fields must be no larger than
|
439
439
|
# 8KiB.
|
440
|
+
# @!attribute [rw] plaintext_crc32c
|
441
|
+
# @return [::Google::Protobuf::Int64Value]
|
442
|
+
# Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::EncryptRequest#plaintext EncryptRequest.plaintext}. If
|
443
|
+
# specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the
|
444
|
+
# received {::Google::Cloud::Kms::V1::EncryptRequest#plaintext EncryptRequest.plaintext} using this checksum.
|
445
|
+
# {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
|
446
|
+
# fails. If you receive a checksum error, your client should verify that
|
447
|
+
# CRC32C({::Google::Cloud::Kms::V1::EncryptRequest#plaintext EncryptRequest.plaintext}) is equal to
|
448
|
+
# {::Google::Cloud::Kms::V1::EncryptRequest#plaintext_crc32c EncryptRequest.plaintext_crc32c}, and if so, perform a limited number of
|
449
|
+
# retries. A persistent mismatch may indicate an issue in your computation of
|
450
|
+
# the CRC32C checksum.
|
451
|
+
# Note: This field is defined as int64 for reasons of compatibility across
|
452
|
+
# different languages. However, it is a non-negative integer, which will
|
453
|
+
# never exceed 2^32-1, and can be safely downconverted to uint32 in languages
|
454
|
+
# that support this type.
|
455
|
+
#
|
456
|
+
# NOTE: This field is in Beta.
|
457
|
+
# @!attribute [rw] additional_authenticated_data_crc32c
|
458
|
+
# @return [::Google::Protobuf::Int64Value]
|
459
|
+
# Optional. An optional CRC32C checksum of the
|
460
|
+
# {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data EncryptRequest.additional_authenticated_data}. If specified,
|
461
|
+
# {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the received
|
462
|
+
# {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data EncryptRequest.additional_authenticated_data} using this checksum.
|
463
|
+
# {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
|
464
|
+
# fails. If you receive a checksum error, your client should verify that
|
465
|
+
# CRC32C({::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data EncryptRequest.additional_authenticated_data}) is equal to
|
466
|
+
# {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data_crc32c EncryptRequest.additional_authenticated_data_crc32c}, and if so, perform
|
467
|
+
# a limited number of retries. A persistent mismatch may indicate an issue in
|
468
|
+
# your computation of the CRC32C checksum.
|
469
|
+
# Note: This field is defined as int64 for reasons of compatibility across
|
470
|
+
# different languages. However, it is a non-negative integer, which will
|
471
|
+
# never exceed 2^32-1, and can be safely downconverted to uint32 in languages
|
472
|
+
# that support this type.
|
473
|
+
#
|
474
|
+
# NOTE: This field is in Beta.
|
440
475
|
class EncryptRequest
|
441
476
|
include ::Google::Protobuf::MessageExts
|
442
477
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -455,6 +490,41 @@ module Google
|
|
455
490
|
# @return [::String]
|
456
491
|
# Optional. Optional data that must match the data originally supplied in
|
457
492
|
# {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data EncryptRequest.additional_authenticated_data}.
|
493
|
+
# @!attribute [rw] ciphertext_crc32c
|
494
|
+
# @return [::Google::Protobuf::Int64Value]
|
495
|
+
# Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::DecryptRequest#ciphertext DecryptRequest.ciphertext}. If
|
496
|
+
# specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the
|
497
|
+
# received {::Google::Cloud::Kms::V1::DecryptRequest#ciphertext DecryptRequest.ciphertext} using this checksum.
|
498
|
+
# {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
|
499
|
+
# fails. If you receive a checksum error, your client should verify that
|
500
|
+
# CRC32C({::Google::Cloud::Kms::V1::DecryptRequest#ciphertext DecryptRequest.ciphertext}) is equal to
|
501
|
+
# {::Google::Cloud::Kms::V1::DecryptRequest#ciphertext_crc32c DecryptRequest.ciphertext_crc32c}, and if so, perform a limited number
|
502
|
+
# of retries. A persistent mismatch may indicate an issue in your computation
|
503
|
+
# of the CRC32C checksum.
|
504
|
+
# Note: This field is defined as int64 for reasons of compatibility across
|
505
|
+
# different languages. However, it is a non-negative integer, which will
|
506
|
+
# never exceed 2^32-1, and can be safely downconverted to uint32 in languages
|
507
|
+
# that support this type.
|
508
|
+
#
|
509
|
+
# NOTE: This field is in Beta.
|
510
|
+
# @!attribute [rw] additional_authenticated_data_crc32c
|
511
|
+
# @return [::Google::Protobuf::Int64Value]
|
512
|
+
# Optional. An optional CRC32C checksum of the
|
513
|
+
# {::Google::Cloud::Kms::V1::DecryptRequest#additional_authenticated_data DecryptRequest.additional_authenticated_data}. If specified,
|
514
|
+
# {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the received
|
515
|
+
# {::Google::Cloud::Kms::V1::DecryptRequest#additional_authenticated_data DecryptRequest.additional_authenticated_data} using this checksum.
|
516
|
+
# {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
|
517
|
+
# fails. If you receive a checksum error, your client should verify that
|
518
|
+
# CRC32C({::Google::Cloud::Kms::V1::DecryptRequest#additional_authenticated_data DecryptRequest.additional_authenticated_data}) is equal to
|
519
|
+
# {::Google::Cloud::Kms::V1::DecryptRequest#additional_authenticated_data_crc32c DecryptRequest.additional_authenticated_data_crc32c}, and if so, perform
|
520
|
+
# a limited number of retries. A persistent mismatch may indicate an issue in
|
521
|
+
# your computation of the CRC32C checksum.
|
522
|
+
# Note: This field is defined as int64 for reasons of compatibility across
|
523
|
+
# different languages. However, it is a non-negative integer, which will
|
524
|
+
# never exceed 2^32-1, and can be safely downconverted to uint32 in languages
|
525
|
+
# that support this type.
|
526
|
+
#
|
527
|
+
# NOTE: This field is in Beta.
|
458
528
|
class DecryptRequest
|
459
529
|
include ::Google::Protobuf::MessageExts
|
460
530
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -469,6 +539,23 @@ module Google
|
|
469
539
|
# Required. The digest of the data to sign. The digest must be produced with
|
470
540
|
# the same digest algorithm as specified by the key version's
|
471
541
|
# {::Google::Cloud::Kms::V1::CryptoKeyVersion#algorithm algorithm}.
|
542
|
+
# @!attribute [rw] digest_crc32c
|
543
|
+
# @return [::Google::Protobuf::Int64Value]
|
544
|
+
# Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest AsymmetricSignRequest.digest}. If
|
545
|
+
# specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the
|
546
|
+
# received {::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest AsymmetricSignRequest.digest} using this checksum.
|
547
|
+
# {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
|
548
|
+
# fails. If you receive a checksum error, your client should verify that
|
549
|
+
# CRC32C({::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest AsymmetricSignRequest.digest}) is equal to
|
550
|
+
# {::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest_crc32c AsymmetricSignRequest.digest_crc32c}, and if so, perform a limited
|
551
|
+
# number of retries. A persistent mismatch may indicate an issue in your
|
552
|
+
# computation of the CRC32C checksum.
|
553
|
+
# Note: This field is defined as int64 for reasons of compatibility across
|
554
|
+
# different languages. However, it is a non-negative integer, which will
|
555
|
+
# never exceed 2^32-1, and can be safely downconverted to uint32 in languages
|
556
|
+
# that support this type.
|
557
|
+
#
|
558
|
+
# NOTE: This field is in Beta.
|
472
559
|
class AsymmetricSignRequest
|
473
560
|
include ::Google::Protobuf::MessageExts
|
474
561
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -483,6 +570,23 @@ module Google
|
|
483
570
|
# @return [::String]
|
484
571
|
# Required. The data encrypted with the named {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}'s public
|
485
572
|
# key using OAEP.
|
573
|
+
# @!attribute [rw] ciphertext_crc32c
|
574
|
+
# @return [::Google::Protobuf::Int64Value]
|
575
|
+
# Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext AsymmetricDecryptRequest.ciphertext}.
|
576
|
+
# If specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the
|
577
|
+
# received {::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext AsymmetricDecryptRequest.ciphertext} using this checksum.
|
578
|
+
# {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
|
579
|
+
# fails. If you receive a checksum error, your client should verify that
|
580
|
+
# CRC32C({::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext AsymmetricDecryptRequest.ciphertext}) is equal to
|
581
|
+
# {::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext_crc32c AsymmetricDecryptRequest.ciphertext_crc32c}, and if so, perform a
|
582
|
+
# limited number of retries. A persistent mismatch may indicate an issue in
|
583
|
+
# your computation of the CRC32C checksum.
|
584
|
+
# Note: This field is defined as int64 for reasons of compatibility across
|
585
|
+
# different languages. However, it is a non-negative integer, which will
|
586
|
+
# never exceed 2^32-1, and can be safely downconverted to uint32 in languages
|
587
|
+
# that support this type.
|
588
|
+
#
|
589
|
+
# NOTE: This field is in Beta.
|
486
590
|
class AsymmetricDecryptRequest
|
487
591
|
include ::Google::Protobuf::MessageExts
|
488
592
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -492,6 +596,23 @@ module Google
|
|
492
596
|
# @!attribute [rw] plaintext
|
493
597
|
# @return [::String]
|
494
598
|
# The decrypted data originally supplied in {::Google::Cloud::Kms::V1::EncryptRequest#plaintext EncryptRequest.plaintext}.
|
599
|
+
# @!attribute [rw] plaintext_crc32c
|
600
|
+
# @return [::Google::Protobuf::Int64Value]
|
601
|
+
# Integrity verification field. A CRC32C checksum of the returned
|
602
|
+
# {::Google::Cloud::Kms::V1::DecryptResponse#plaintext DecryptResponse.plaintext}. An integrity check of
|
603
|
+
# {::Google::Cloud::Kms::V1::DecryptResponse#plaintext DecryptResponse.plaintext} can be performed by computing the CRC32C
|
604
|
+
# checksum of {::Google::Cloud::Kms::V1::DecryptResponse#plaintext DecryptResponse.plaintext} and comparing your results to
|
605
|
+
# this field. Discard the response in case of non-matching checksum values,
|
606
|
+
# and perform a limited number of retries. A persistent mismatch may indicate
|
607
|
+
# an issue in your computation of the CRC32C checksum. Note: receiving this
|
608
|
+
# response message indicates that {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} is able to
|
609
|
+
# successfully decrypt the {::Google::Cloud::Kms::V1::DecryptRequest#ciphertext ciphertext}.
|
610
|
+
# Note: This field is defined as int64 for reasons of compatibility across
|
611
|
+
# different languages. However, it is a non-negative integer, which will
|
612
|
+
# never exceed 2^32-1, and can be safely downconverted to uint32 in languages
|
613
|
+
# that support this type.
|
614
|
+
#
|
615
|
+
# NOTE: This field is in Beta.
|
495
616
|
class DecryptResponse
|
496
617
|
include ::Google::Protobuf::MessageExts
|
497
618
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -505,6 +626,46 @@ module Google
|
|
505
626
|
# @!attribute [rw] ciphertext
|
506
627
|
# @return [::String]
|
507
628
|
# The encrypted data.
|
629
|
+
# @!attribute [rw] ciphertext_crc32c
|
630
|
+
# @return [::Google::Protobuf::Int64Value]
|
631
|
+
# Integrity verification field. A CRC32C checksum of the returned
|
632
|
+
# {::Google::Cloud::Kms::V1::EncryptResponse#ciphertext EncryptResponse.ciphertext}. An integrity check of
|
633
|
+
# {::Google::Cloud::Kms::V1::EncryptResponse#ciphertext EncryptResponse.ciphertext} can be performed by computing the CRC32C
|
634
|
+
# checksum of {::Google::Cloud::Kms::V1::EncryptResponse#ciphertext EncryptResponse.ciphertext} and comparing your results to
|
635
|
+
# this field. Discard the response in case of non-matching checksum values,
|
636
|
+
# and perform a limited number of retries. A persistent mismatch may indicate
|
637
|
+
# an issue in your computation of the CRC32C checksum.
|
638
|
+
# Note: This field is defined as int64 for reasons of compatibility across
|
639
|
+
# different languages. However, it is a non-negative integer, which will
|
640
|
+
# never exceed 2^32-1, and can be safely downconverted to uint32 in languages
|
641
|
+
# that support this type.
|
642
|
+
#
|
643
|
+
# NOTE: This field is in Beta.
|
644
|
+
# @!attribute [rw] verified_plaintext_crc32c
|
645
|
+
# @return [::Boolean]
|
646
|
+
# Integrity verification field. A flag indicating whether
|
647
|
+
# {::Google::Cloud::Kms::V1::EncryptRequest#plaintext_crc32c EncryptRequest.plaintext_crc32c} was received by
|
648
|
+
# {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} and used for the integrity verification of the
|
649
|
+
# {::Google::Cloud::Kms::V1::EncryptRequest#plaintext plaintext}. A false value of this field
|
650
|
+
# indicates either that {::Google::Cloud::Kms::V1::EncryptRequest#plaintext_crc32c EncryptRequest.plaintext_crc32c} was left unset or
|
651
|
+
# that it was not delivered to {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}. If you've set
|
652
|
+
# {::Google::Cloud::Kms::V1::EncryptRequest#plaintext_crc32c EncryptRequest.plaintext_crc32c} but this field is still false, discard
|
653
|
+
# the response and perform a limited number of retries.
|
654
|
+
#
|
655
|
+
# NOTE: This field is in Beta.
|
656
|
+
# @!attribute [rw] verified_additional_authenticated_data_crc32c
|
657
|
+
# @return [::Boolean]
|
658
|
+
# Integrity verification field. A flag indicating whether
|
659
|
+
# {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data_crc32c EncryptRequest.additional_authenticated_data_crc32c} was received by
|
660
|
+
# {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} and used for the integrity verification of the
|
661
|
+
# {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data AAD}. A false value of this
|
662
|
+
# field indicates either that
|
663
|
+
# {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data_crc32c EncryptRequest.additional_authenticated_data_crc32c} was left unset or
|
664
|
+
# that it was not delivered to {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}. If you've set
|
665
|
+
# {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data_crc32c EncryptRequest.additional_authenticated_data_crc32c} but this field is
|
666
|
+
# still false, discard the response and perform a limited number of retries.
|
667
|
+
#
|
668
|
+
# NOTE: This field is in Beta.
|
508
669
|
class EncryptResponse
|
509
670
|
include ::Google::Protobuf::MessageExts
|
510
671
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -514,6 +675,39 @@ module Google
|
|
514
675
|
# @!attribute [rw] signature
|
515
676
|
# @return [::String]
|
516
677
|
# The created signature.
|
678
|
+
# @!attribute [rw] signature_crc32c
|
679
|
+
# @return [::Google::Protobuf::Int64Value]
|
680
|
+
# Integrity verification field. A CRC32C checksum of the returned
|
681
|
+
# {::Google::Cloud::Kms::V1::AsymmetricSignResponse#signature AsymmetricSignResponse.signature}. An integrity check of
|
682
|
+
# {::Google::Cloud::Kms::V1::AsymmetricSignResponse#signature AsymmetricSignResponse.signature} can be performed by computing the
|
683
|
+
# CRC32C checksum of {::Google::Cloud::Kms::V1::AsymmetricSignResponse#signature AsymmetricSignResponse.signature} and comparing your
|
684
|
+
# results to this field. Discard the response in case of non-matching
|
685
|
+
# checksum values, and perform a limited number of retries. A persistent
|
686
|
+
# mismatch may indicate an issue in your computation of the CRC32C checksum.
|
687
|
+
# Note: This field is defined as int64 for reasons of compatibility across
|
688
|
+
# different languages. However, it is a non-negative integer, which will
|
689
|
+
# never exceed 2^32-1, and can be safely downconverted to uint32 in languages
|
690
|
+
# that support this type.
|
691
|
+
#
|
692
|
+
# NOTE: This field is in Beta.
|
693
|
+
# @!attribute [rw] verified_digest_crc32c
|
694
|
+
# @return [::Boolean]
|
695
|
+
# Integrity verification field. A flag indicating whether
|
696
|
+
# {::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest_crc32c AsymmetricSignRequest.digest_crc32c} was received by
|
697
|
+
# {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} and used for the integrity verification of the
|
698
|
+
# {::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest digest}. A false value of this field
|
699
|
+
# indicates either that {::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest_crc32c AsymmetricSignRequest.digest_crc32c} was left
|
700
|
+
# unset or that it was not delivered to {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}. If you've
|
701
|
+
# set {::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest_crc32c AsymmetricSignRequest.digest_crc32c} but this field is still false,
|
702
|
+
# discard the response and perform a limited number of retries.
|
703
|
+
#
|
704
|
+
# NOTE: This field is in Beta.
|
705
|
+
# @!attribute [rw] name
|
706
|
+
# @return [::String]
|
707
|
+
# The resource name of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} used for signing. Check
|
708
|
+
# this field to verify that the intended resource was used for signing.
|
709
|
+
#
|
710
|
+
# NOTE: This field is in Beta.
|
517
711
|
class AsymmetricSignResponse
|
518
712
|
include ::Google::Protobuf::MessageExts
|
519
713
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -523,6 +717,33 @@ module Google
|
|
523
717
|
# @!attribute [rw] plaintext
|
524
718
|
# @return [::String]
|
525
719
|
# The decrypted data originally encrypted with the matching public key.
|
720
|
+
# @!attribute [rw] plaintext_crc32c
|
721
|
+
# @return [::Google::Protobuf::Int64Value]
|
722
|
+
# Integrity verification field. A CRC32C checksum of the returned
|
723
|
+
# {::Google::Cloud::Kms::V1::AsymmetricDecryptResponse#plaintext AsymmetricDecryptResponse.plaintext}. An integrity check of
|
724
|
+
# {::Google::Cloud::Kms::V1::AsymmetricDecryptResponse#plaintext AsymmetricDecryptResponse.plaintext} can be performed by computing the
|
725
|
+
# CRC32C checksum of {::Google::Cloud::Kms::V1::AsymmetricDecryptResponse#plaintext AsymmetricDecryptResponse.plaintext} and comparing
|
726
|
+
# your results to this field. Discard the response in case of non-matching
|
727
|
+
# checksum values, and perform a limited number of retries. A persistent
|
728
|
+
# mismatch may indicate an issue in your computation of the CRC32C checksum.
|
729
|
+
# Note: This field is defined as int64 for reasons of compatibility across
|
730
|
+
# different languages. However, it is a non-negative integer, which will
|
731
|
+
# never exceed 2^32-1, and can be safely downconverted to uint32 in languages
|
732
|
+
# that support this type.
|
733
|
+
#
|
734
|
+
# NOTE: This field is in Beta.
|
735
|
+
# @!attribute [rw] verified_ciphertext_crc32c
|
736
|
+
# @return [::Boolean]
|
737
|
+
# Integrity verification field. A flag indicating whether
|
738
|
+
# {::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext_crc32c AsymmetricDecryptRequest.ciphertext_crc32c} was received by
|
739
|
+
# {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} and used for the integrity verification of the
|
740
|
+
# {::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext ciphertext}. A false value of this
|
741
|
+
# field indicates either that {::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext_crc32c AsymmetricDecryptRequest.ciphertext_crc32c}
|
742
|
+
# was left unset or that it was not delivered to {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}. If
|
743
|
+
# you've set {::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext_crc32c AsymmetricDecryptRequest.ciphertext_crc32c} but this field is
|
744
|
+
# still false, discard the response and perform a limited number of retries.
|
745
|
+
#
|
746
|
+
# NOTE: This field is in Beta.
|
526
747
|
class AsymmetricDecryptResponse
|
527
748
|
include ::Google::Protobuf::MessageExts
|
528
749
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|