google-cloud-kms-v1 0.2.2 → 0.4.0

data/lib/google/cloud/kms/v1/resources_pb.rb

@@ -7,6 +7,7 @@ require 'google/api/field_behavior_pb'
 require 'google/api/resource_pb'
 require 'google/protobuf/duration_pb'
 require 'google/protobuf/timestamp_pb'
+require 'google/protobuf/wrappers_pb'
 require 'google/api/annotations_pb'
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_file("google/cloud/kms/v1/resources.proto", :syntax => :proto3) do
@@ -96,6 +97,8 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
     add_message "google.cloud.kms.v1.PublicKey" do
       optional :pem, :string, 1
       optional :algorithm, :enum, 2, "google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm"
+      optional :pem_crc32c, :message, 3, "google.protobuf.Int64Value"
+      optional :name, :string, 4
     end
     add_message "google.cloud.kms.v1.ImportJob" do
       optional :name, :string, 1

data/lib/google/cloud/kms/v1/service_pb.rb

@@ -9,6 +9,7 @@ require 'google/api/field_behavior_pb'
 require 'google/api/resource_pb'
 require 'google/cloud/kms/v1/resources_pb'
 require 'google/protobuf/field_mask_pb'
+require 'google/protobuf/wrappers_pb'
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_file("google/cloud/kms/v1/service.proto", :syntax => :proto3) do
     add_message "google.cloud.kms.v1.ListKeyRingsRequest" do
@@ -116,32 +117,47 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       optional :name, :string, 1
       optional :plaintext, :bytes, 2
       optional :additional_authenticated_data, :bytes, 3
+      optional :plaintext_crc32c, :message, 7, "google.protobuf.Int64Value"
+      optional :additional_authenticated_data_crc32c, :message, 8, "google.protobuf.Int64Value"
     end
     add_message "google.cloud.kms.v1.DecryptRequest" do
       optional :name, :string, 1
       optional :ciphertext, :bytes, 2
       optional :additional_authenticated_data, :bytes, 3
+      optional :ciphertext_crc32c, :message, 5, "google.protobuf.Int64Value"
+      optional :additional_authenticated_data_crc32c, :message, 6, "google.protobuf.Int64Value"
     end
     add_message "google.cloud.kms.v1.AsymmetricSignRequest" do
       optional :name, :string, 1
       optional :digest, :message, 3, "google.cloud.kms.v1.Digest"
+      optional :digest_crc32c, :message, 4, "google.protobuf.Int64Value"
     end
     add_message "google.cloud.kms.v1.AsymmetricDecryptRequest" do
       optional :name, :string, 1
       optional :ciphertext, :bytes, 3
+      optional :ciphertext_crc32c, :message, 4, "google.protobuf.Int64Value"
     end
     add_message "google.cloud.kms.v1.DecryptResponse" do
       optional :plaintext, :bytes, 1
+      optional :plaintext_crc32c, :message, 2, "google.protobuf.Int64Value"
     end
     add_message "google.cloud.kms.v1.EncryptResponse" do
       optional :name, :string, 1
       optional :ciphertext, :bytes, 2
+      optional :ciphertext_crc32c, :message, 4, "google.protobuf.Int64Value"
+      optional :verified_plaintext_crc32c, :bool, 5
+      optional :verified_additional_authenticated_data_crc32c, :bool, 6
     end
     add_message "google.cloud.kms.v1.AsymmetricSignResponse" do
       optional :signature, :bytes, 1
+      optional :signature_crc32c, :message, 2, "google.protobuf.Int64Value"
+      optional :verified_digest_crc32c, :bool, 3
+      optional :name, :string, 4
     end
     add_message "google.cloud.kms.v1.AsymmetricDecryptResponse" do
       optional :plaintext, :bytes, 1
+      optional :plaintext_crc32c, :message, 2, "google.protobuf.Int64Value"
+      optional :verified_ciphertext_crc32c, :bool, 3
     end
     add_message "google.cloud.kms.v1.UpdateCryptoKeyPrimaryVersionRequest" do
       optional :name, :string, 1

data/lib/google/cloud/kms/v1/service_services_pb.rb

@@ -45,53 +45,53 @@ module Google
             self.service_name = 'google.cloud.kms.v1.KeyManagementService'
 
             # Lists [KeyRings][google.cloud.kms.v1.KeyRing].
-            rpc :ListKeyRings, ListKeyRingsRequest, ListKeyRingsResponse
+            rpc :ListKeyRings, ::Google::Cloud::Kms::V1::ListKeyRingsRequest, ::Google::Cloud::Kms::V1::ListKeyRingsResponse
             # Lists [CryptoKeys][google.cloud.kms.v1.CryptoKey].
-            rpc :ListCryptoKeys, ListCryptoKeysRequest, ListCryptoKeysResponse
+            rpc :ListCryptoKeys, ::Google::Cloud::Kms::V1::ListCryptoKeysRequest, ::Google::Cloud::Kms::V1::ListCryptoKeysResponse
             # Lists [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion].
-            rpc :ListCryptoKeyVersions, ListCryptoKeyVersionsRequest, ListCryptoKeyVersionsResponse
+            rpc :ListCryptoKeyVersions, ::Google::Cloud::Kms::V1::ListCryptoKeyVersionsRequest, ::Google::Cloud::Kms::V1::ListCryptoKeyVersionsResponse
             # Lists [ImportJobs][google.cloud.kms.v1.ImportJob].
-            rpc :ListImportJobs, ListImportJobsRequest, ListImportJobsResponse
+            rpc :ListImportJobs, ::Google::Cloud::Kms::V1::ListImportJobsRequest, ::Google::Cloud::Kms::V1::ListImportJobsResponse
             # Returns metadata for a given [KeyRing][google.cloud.kms.v1.KeyRing].
-            rpc :GetKeyRing, GetKeyRingRequest, KeyRing
+            rpc :GetKeyRing, ::Google::Cloud::Kms::V1::GetKeyRingRequest, ::Google::Cloud::Kms::V1::KeyRing
             # Returns metadata for a given [CryptoKey][google.cloud.kms.v1.CryptoKey], as well as its
             # [primary][google.cloud.kms.v1.CryptoKey.primary] [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
-            rpc :GetCryptoKey, GetCryptoKeyRequest, CryptoKey
+            rpc :GetCryptoKey, ::Google::Cloud::Kms::V1::GetCryptoKeyRequest, ::Google::Cloud::Kms::V1::CryptoKey
             # Returns metadata for a given [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
-            rpc :GetCryptoKeyVersion, GetCryptoKeyVersionRequest, CryptoKeyVersion
+            rpc :GetCryptoKeyVersion, ::Google::Cloud::Kms::V1::GetCryptoKeyVersionRequest, ::Google::Cloud::Kms::V1::CryptoKeyVersion
             # Returns the public key for the given [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. The
             # [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
             # [ASYMMETRIC_SIGN][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN] or
             # [ASYMMETRIC_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_DECRYPT].
-            rpc :GetPublicKey, GetPublicKeyRequest, PublicKey
+            rpc :GetPublicKey, ::Google::Cloud::Kms::V1::GetPublicKeyRequest, ::Google::Cloud::Kms::V1::PublicKey
             # Returns metadata for a given [ImportJob][google.cloud.kms.v1.ImportJob].
-            rpc :GetImportJob, GetImportJobRequest, ImportJob
+            rpc :GetImportJob, ::Google::Cloud::Kms::V1::GetImportJobRequest, ::Google::Cloud::Kms::V1::ImportJob
             # Create a new [KeyRing][google.cloud.kms.v1.KeyRing] in a given Project and Location.
-            rpc :CreateKeyRing, CreateKeyRingRequest, KeyRing
+            rpc :CreateKeyRing, ::Google::Cloud::Kms::V1::CreateKeyRingRequest, ::Google::Cloud::Kms::V1::KeyRing
             # Create a new [CryptoKey][google.cloud.kms.v1.CryptoKey] within a [KeyRing][google.cloud.kms.v1.KeyRing].
             #
             # [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] and
             # [CryptoKey.version_template.algorithm][google.cloud.kms.v1.CryptoKeyVersionTemplate.algorithm]
             # are required.
-            rpc :CreateCryptoKey, CreateCryptoKeyRequest, CryptoKey
+            rpc :CreateCryptoKey, ::Google::Cloud::Kms::V1::CreateCryptoKeyRequest, ::Google::Cloud::Kms::V1::CryptoKey
             # Create a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in a [CryptoKey][google.cloud.kms.v1.CryptoKey].
             #
             # The server will assign the next sequential id. If unset,
             # [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to
             # [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED].
-            rpc :CreateCryptoKeyVersion, CreateCryptoKeyVersionRequest, CryptoKeyVersion
+            rpc :CreateCryptoKeyVersion, ::Google::Cloud::Kms::V1::CreateCryptoKeyVersionRequest, ::Google::Cloud::Kms::V1::CryptoKeyVersion
             # Imports a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] into an existing [CryptoKey][google.cloud.kms.v1.CryptoKey] using the
             # wrapped key material provided in the request.
             #
             # The version ID will be assigned the next sequential id within the
             # [CryptoKey][google.cloud.kms.v1.CryptoKey].
-            rpc :ImportCryptoKeyVersion, ImportCryptoKeyVersionRequest, CryptoKeyVersion
+            rpc :ImportCryptoKeyVersion, ::Google::Cloud::Kms::V1::ImportCryptoKeyVersionRequest, ::Google::Cloud::Kms::V1::CryptoKeyVersion
             # Create a new [ImportJob][google.cloud.kms.v1.ImportJob] within a [KeyRing][google.cloud.kms.v1.KeyRing].
             #
             # [ImportJob.import_method][google.cloud.kms.v1.ImportJob.import_method] is required.
-            rpc :CreateImportJob, CreateImportJobRequest, ImportJob
+            rpc :CreateImportJob, ::Google::Cloud::Kms::V1::CreateImportJobRequest, ::Google::Cloud::Kms::V1::ImportJob
             # Update a [CryptoKey][google.cloud.kms.v1.CryptoKey].
-            rpc :UpdateCryptoKey, UpdateCryptoKeyRequest, CryptoKey
+            rpc :UpdateCryptoKey, ::Google::Cloud::Kms::V1::UpdateCryptoKeyRequest, ::Google::Cloud::Kms::V1::CryptoKey
             # Update a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s metadata.
             #
             # [state][google.cloud.kms.v1.CryptoKeyVersion.state] may be changed between
@@ -99,26 +99,26 @@ module Google
             # [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED] using this
             # method. See [DestroyCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion] and [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion] to
             # move between other states.
-            rpc :UpdateCryptoKeyVersion, UpdateCryptoKeyVersionRequest, CryptoKeyVersion
+            rpc :UpdateCryptoKeyVersion, ::Google::Cloud::Kms::V1::UpdateCryptoKeyVersionRequest, ::Google::Cloud::Kms::V1::CryptoKeyVersion
             # Encrypts data, so that it can only be recovered by a call to [Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt].
             # The [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
             # [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
-            rpc :Encrypt, EncryptRequest, EncryptResponse
+            rpc :Encrypt, ::Google::Cloud::Kms::V1::EncryptRequest, ::Google::Cloud::Kms::V1::EncryptResponse
             # Decrypts data that was protected by [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. The [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
             # must be [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
-            rpc :Decrypt, DecryptRequest, DecryptResponse
+            rpc :Decrypt, ::Google::Cloud::Kms::V1::DecryptRequest, ::Google::Cloud::Kms::V1::DecryptResponse
             # Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
             # ASYMMETRIC_SIGN, producing a signature that can be verified with the public
             # key retrieved from [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey].
-            rpc :AsymmetricSign, AsymmetricSignRequest, AsymmetricSignResponse
+            rpc :AsymmetricSign, ::Google::Cloud::Kms::V1::AsymmetricSignRequest, ::Google::Cloud::Kms::V1::AsymmetricSignResponse
             # Decrypts data that was encrypted with a public key retrieved from
             # [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey] corresponding to a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with
             # [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] ASYMMETRIC_DECRYPT.
-            rpc :AsymmetricDecrypt, AsymmetricDecryptRequest, AsymmetricDecryptResponse
+            rpc :AsymmetricDecrypt, ::Google::Cloud::Kms::V1::AsymmetricDecryptRequest, ::Google::Cloud::Kms::V1::AsymmetricDecryptResponse
             # Update the version of a [CryptoKey][google.cloud.kms.v1.CryptoKey] that will be used in [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt].
             #
             # Returns an error if called on an asymmetric key.
-            rpc :UpdateCryptoKeyPrimaryVersion, UpdateCryptoKeyPrimaryVersionRequest, CryptoKey
+            rpc :UpdateCryptoKeyPrimaryVersion, ::Google::Cloud::Kms::V1::UpdateCryptoKeyPrimaryVersionRequest, ::Google::Cloud::Kms::V1::CryptoKey
             # Schedule a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] for destruction.
             #
             # Upon calling this method, [CryptoKeyVersion.state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to
@@ -131,7 +131,7 @@ module Google
             #
             # Before the [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] is reached,
             # [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion] may be called to reverse the process.
-            rpc :DestroyCryptoKeyVersion, DestroyCryptoKeyVersionRequest, CryptoKeyVersion
+            rpc :DestroyCryptoKeyVersion, ::Google::Cloud::Kms::V1::DestroyCryptoKeyVersionRequest, ::Google::Cloud::Kms::V1::CryptoKeyVersion
             # Restore a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in the
             # [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED]
             # state.
@@ -139,7 +139,7 @@ module Google
             # Upon restoration of the CryptoKeyVersion, [state][google.cloud.kms.v1.CryptoKeyVersion.state]
             # will be set to [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED],
             # and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will be cleared.
-            rpc :RestoreCryptoKeyVersion, RestoreCryptoKeyVersionRequest, CryptoKeyVersion
+            rpc :RestoreCryptoKeyVersion, ::Google::Cloud::Kms::V1::RestoreCryptoKeyVersionRequest, ::Google::Cloud::Kms::V1::CryptoKeyVersion
           end
 
           Stub = Service.rpc_stub_class

data/lib/google/cloud/kms/v1/version.rb

@@ -21,7 +21,7 @@ module Google
   module Cloud
     module Kms
       module V1
-        VERSION = "0.2.2"
+        VERSION = "0.4.0"
       end
     end
   end

data/lib/google/iam/v1/iam_policy_services_pb.rb

@@ -59,11 +59,11 @@ module Google
 
           # Sets the access control policy on the specified resource. Replaces any
           # existing policy.
-          rpc :SetIamPolicy, SetIamPolicyRequest, Policy
+          rpc :SetIamPolicy, ::Google::Iam::V1::SetIamPolicyRequest, ::Google::Iam::V1::Policy
           # Gets the access control policy for a resource.
           # Returns an empty policy if the resource exists and does not have a policy
           # set.
-          rpc :GetIamPolicy, GetIamPolicyRequest, Policy
+          rpc :GetIamPolicy, ::Google::Iam::V1::GetIamPolicyRequest, ::Google::Iam::V1::Policy
           # Returns permissions that a caller has on the specified resource.
           # If the resource does not exist, this will return an empty set of
           # permissions, not a NOT_FOUND error.
@@ -71,7 +71,7 @@ module Google
           # Note: This operation is designed to be used for building permission-aware
           # UIs and command-line tools, not for authorization checking. This operation
           # may "fail open" without warning.
-          rpc :TestIamPermissions, TestIamPermissionsRequest, TestIamPermissionsResponse
+          rpc :TestIamPermissions, ::Google::Iam::V1::TestIamPermissionsRequest, ::Google::Iam::V1::TestIamPermissionsResponse
         end
 
         Stub = Service.rpc_stub_class

data/proto_docs/google/api/field_behavior.rb

@@ -54,6 +54,12 @@ module Google
       # This indicates that the field may be set once in a request to create a
       # resource, but may not be changed thereafter.
       IMMUTABLE = 5
+
+      # Denotes that a (repeated) field is an unordered list.
+      # This indicates that the service may provide the elements of the list
+      # in any arbitrary order, rather than the order the user originally
+      # provided. Additionally, the list's order may or may not be stable.
+      UNORDERED_LIST = 6
     end
   end
 end

data/proto_docs/google/api/resource.rb

@@ -43,12 +43,12 @@ module Google
     #
     # The ResourceDescriptor Yaml config will look like:
     #
-    #    resources:
-    #    - type: "pubsub.googleapis.com/Topic"
-    #      name_descriptor:
-    #        - pattern: "projects/\\{project}/topics/\\{topic}"
-    #          parent_type: "cloudresourcemanager.googleapis.com/Project"
-    #          parent_name_extractor: "projects/\\{project}"
+    #     resources:
+    #     - type: "pubsub.googleapis.com/Topic"
+    #       name_descriptor:
+    #         - pattern: "projects/{project}/topics/{topic}"
+    #           parent_type: "cloudresourcemanager.googleapis.com/Project"
+    #           parent_name_extractor: "projects/{project}"
     #
     # Sometimes, resources have multiple patterns, typically because they can
     # live under multiple parents.
@@ -183,15 +183,24 @@ module Google
     #         }
     # @!attribute [rw] plural
     #   @return [::String]
-    #     The plural name used in the resource name, such as 'projects' for
-    #     the name of 'projects/\\{project}'. It is the same concept of the `plural`
-    #     field in k8s CRD spec
+    #     The plural name used in the resource name and permission names, such as
+    #     'projects' for the resource name of 'projects/\\{project}' and the permission
+    #     name of 'cloudresourcemanager.googleapis.com/projects.get'. It is the same
+    #     concept of the `plural` field in k8s CRD spec
     #     https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions/
+    #
+    #     Note: The plural form is required even for singleton resources. See
+    #     https://aip.dev/156
     # @!attribute [rw] singular
     #   @return [::String]
     #     The same concept of the `singular` field in k8s CRD spec
     #     https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions/
     #     Such as "project" for the `resourcemanager.googleapis.com/Project` type.
+    # @!attribute [rw] style
+    #   @return [::Array<::Google::Api::ResourceDescriptor::Style>]
+    #     Style flag(s) for this resource.
+    #     These indicate that a resource is expected to conform to a given
+    #     style. See the specific style flags for additional information.
     class ResourceDescriptor
       include ::Google::Protobuf::MessageExts
       extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -211,6 +220,22 @@ module Google
         # that from being necessary once there are multiple patterns.)
         FUTURE_MULTI_PATTERN = 2
       end
+
+      # A flag representing a specific style that a resource claims to conform to.
+      module Style
+        # The unspecified value. Do not use.
+        STYLE_UNSPECIFIED = 0
+
+        # This resource is intended to be "declarative-friendly".
+        #
+        # Declarative-friendly resources must be more strictly consistent, and
+        # setting this to true communicates to tools that this resource should
+        # adhere to declarative-friendly expectations.
+        #
+        # Note: This is used by the API linter (linter.aip.dev) to enable
+        # additional checks.
+        DECLARATIVE_FRIENDLY = 1
+      end
     end
 
     # Defines a proto annotation that describes a string field that refers to
@@ -226,6 +251,17 @@ module Google
     #             type: "pubsub.googleapis.com/Topic"
     #           }];
     #         }
+    #
+    #     Occasionally, a field may reference an arbitrary resource. In this case,
+    #     APIs use the special value * in their resource reference.
+    #
+    #     Example:
+    #
+    #         message GetIamPolicyRequest {
+    #           string resource = 2 [(google.api.resource_reference) = {
+    #             type: "*"
+    #           }];
+    #         }
     # @!attribute [rw] child_type
     #   @return [::String]
     #     The resource type of a child collection that the annotated field
@@ -234,11 +270,11 @@ module Google
     #
     #     Example:
     #
-    #       message ListLogEntriesRequest {
-    #         string parent = 1 [(google.api.resource_reference) = {
-    #           child_type: "logging.googleapis.com/LogEntry"
-    #         };
-    #       }
+    #         message ListLogEntriesRequest {
+    #           string parent = 1 [(google.api.resource_reference) = {
+    #             child_type: "logging.googleapis.com/LogEntry"
+    #           };
+    #         }
     class ResourceReference
       include ::Google::Protobuf::MessageExts
       extend ::Google::Protobuf::MessageExts::ClassMethods

data/proto_docs/google/cloud/kms/v1/resources.rb

@@ -37,8 +37,8 @@ module Google
         # A {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} represents a logical key that can be used for cryptographic
         # operations.
         #
-        # A {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} is made up of one or more {::Google::Cloud::Kms::V1::CryptoKeyVersion versions}, which
-        # represent the actual key material used in cryptographic operations.
+        # A {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} is made up of zero or more {::Google::Cloud::Kms::V1::CryptoKeyVersion versions},
+        # which represent the actual key material used in cryptographic operations.
         # @!attribute [r] name
         #   @return [::String]
         #     Output only. The resource name for this {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} in the format
@@ -410,6 +410,27 @@ module Google
         #   @return [::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionAlgorithm]
         #     The {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionAlgorithm Algorithm} associated
         #     with this key.
+        # @!attribute [rw] pem_crc32c
+        #   @return [::Google::Protobuf::Int64Value]
+        #     Integrity verification field. A CRC32C checksum of the returned
+        #     {::Google::Cloud::Kms::V1::PublicKey#pem PublicKey.pem}. An integrity check of {::Google::Cloud::Kms::V1::PublicKey#pem PublicKey.pem} can be performed
+        #     by computing the CRC32C checksum of {::Google::Cloud::Kms::V1::PublicKey#pem PublicKey.pem} and
+        #     comparing your results to this field. Discard the response in case of
+        #     non-matching checksum values, and perform a limited number of retries. A
+        #     persistent mismatch may indicate an issue in your computation of the CRC32C
+        #     checksum.
+        #     Note: This field is defined as int64 for reasons of compatibility across
+        #     different languages. However, it is a non-negative integer, which will
+        #     never exceed 2^32-1, and can be safely downconverted to uint32 in languages
+        #     that support this type.
+        #
+        #     NOTE: This field is in Beta.
+        # @!attribute [rw] name
+        #   @return [::String]
+        #     The {::Google::Cloud::Kms::V1::CryptoKeyVersion#name name} of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} public key.
+        #     Provided here for verification.
+        #
+        #     NOTE: This field is in Beta.
         class PublicKey
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods

data/proto_docs/google/cloud/kms/v1/service.rb

@@ -437,6 +437,41 @@ module Google
         #     64KiB. For {::Google::Cloud::Kms::V1::ProtectionLevel::HSM HSM} keys, the combined length of the
         #     plaintext and additional_authenticated_data fields must be no larger than
         #     8KiB.
+        # @!attribute [rw] plaintext_crc32c
+        #   @return [::Google::Protobuf::Int64Value]
+        #     Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::EncryptRequest#plaintext EncryptRequest.plaintext}. If
+        #     specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the
+        #     received {::Google::Cloud::Kms::V1::EncryptRequest#plaintext EncryptRequest.plaintext} using this checksum.
+        #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
+        #     fails. If you receive a checksum error, your client should verify that
+        #     CRC32C({::Google::Cloud::Kms::V1::EncryptRequest#plaintext EncryptRequest.plaintext}) is equal to
+        #     {::Google::Cloud::Kms::V1::EncryptRequest#plaintext_crc32c EncryptRequest.plaintext_crc32c}, and if so, perform a limited number of
+        #     retries. A persistent mismatch may indicate an issue in your computation of
+        #     the CRC32C checksum.
+        #     Note: This field is defined as int64 for reasons of compatibility across
+        #     different languages. However, it is a non-negative integer, which will
+        #     never exceed 2^32-1, and can be safely downconverted to uint32 in languages
+        #     that support this type.
+        #
+        #     NOTE: This field is in Beta.
+        # @!attribute [rw] additional_authenticated_data_crc32c
+        #   @return [::Google::Protobuf::Int64Value]
+        #     Optional. An optional CRC32C checksum of the
+        #     {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data EncryptRequest.additional_authenticated_data}. If specified,
+        #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the received
+        #     {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data EncryptRequest.additional_authenticated_data} using this checksum.
+        #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
+        #     fails. If you receive a checksum error, your client should verify that
+        #     CRC32C({::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data EncryptRequest.additional_authenticated_data}) is equal to
+        #     {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data_crc32c EncryptRequest.additional_authenticated_data_crc32c}, and if so, perform
+        #     a limited number of retries. A persistent mismatch may indicate an issue in
+        #     your computation of the CRC32C checksum.
+        #     Note: This field is defined as int64 for reasons of compatibility across
+        #     different languages. However, it is a non-negative integer, which will
+        #     never exceed 2^32-1, and can be safely downconverted to uint32 in languages
+        #     that support this type.
+        #
+        #     NOTE: This field is in Beta.
         class EncryptRequest
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -455,6 +490,41 @@ module Google
         #   @return [::String]
         #     Optional. Optional data that must match the data originally supplied in
         #     {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data EncryptRequest.additional_authenticated_data}.
+        # @!attribute [rw] ciphertext_crc32c
+        #   @return [::Google::Protobuf::Int64Value]
+        #     Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::DecryptRequest#ciphertext DecryptRequest.ciphertext}. If
+        #     specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the
+        #     received {::Google::Cloud::Kms::V1::DecryptRequest#ciphertext DecryptRequest.ciphertext} using this checksum.
+        #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
+        #     fails. If you receive a checksum error, your client should verify that
+        #     CRC32C({::Google::Cloud::Kms::V1::DecryptRequest#ciphertext DecryptRequest.ciphertext}) is equal to
+        #     {::Google::Cloud::Kms::V1::DecryptRequest#ciphertext_crc32c DecryptRequest.ciphertext_crc32c}, and if so, perform a limited number
+        #     of retries. A persistent mismatch may indicate an issue in your computation
+        #     of the CRC32C checksum.
+        #     Note: This field is defined as int64 for reasons of compatibility across
+        #     different languages. However, it is a non-negative integer, which will
+        #     never exceed 2^32-1, and can be safely downconverted to uint32 in languages
+        #     that support this type.
+        #
+        #     NOTE: This field is in Beta.
+        # @!attribute [rw] additional_authenticated_data_crc32c
+        #   @return [::Google::Protobuf::Int64Value]
+        #     Optional. An optional CRC32C checksum of the
+        #     {::Google::Cloud::Kms::V1::DecryptRequest#additional_authenticated_data DecryptRequest.additional_authenticated_data}. If specified,
+        #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the received
+        #     {::Google::Cloud::Kms::V1::DecryptRequest#additional_authenticated_data DecryptRequest.additional_authenticated_data} using this checksum.
+        #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
+        #     fails. If you receive a checksum error, your client should verify that
+        #     CRC32C({::Google::Cloud::Kms::V1::DecryptRequest#additional_authenticated_data DecryptRequest.additional_authenticated_data}) is equal to
+        #     {::Google::Cloud::Kms::V1::DecryptRequest#additional_authenticated_data_crc32c DecryptRequest.additional_authenticated_data_crc32c}, and if so, perform
+        #     a limited number of retries. A persistent mismatch may indicate an issue in
+        #     your computation of the CRC32C checksum.
+        #     Note: This field is defined as int64 for reasons of compatibility across
+        #     different languages. However, it is a non-negative integer, which will
+        #     never exceed 2^32-1, and can be safely downconverted to uint32 in languages
+        #     that support this type.
+        #
+        #     NOTE: This field is in Beta.
         class DecryptRequest
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -469,6 +539,23 @@ module Google
         #     Required. The digest of the data to sign. The digest must be produced with
         #     the same digest algorithm as specified by the key version's
         #     {::Google::Cloud::Kms::V1::CryptoKeyVersion#algorithm algorithm}.
+        # @!attribute [rw] digest_crc32c
+        #   @return [::Google::Protobuf::Int64Value]
+        #     Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest AsymmetricSignRequest.digest}. If
+        #     specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the
+        #     received {::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest AsymmetricSignRequest.digest} using this checksum.
+        #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
+        #     fails. If you receive a checksum error, your client should verify that
+        #     CRC32C({::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest AsymmetricSignRequest.digest}) is equal to
+        #     {::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest_crc32c AsymmetricSignRequest.digest_crc32c}, and if so, perform a limited
+        #     number of retries. A persistent mismatch may indicate an issue in your
+        #     computation of the CRC32C checksum.
+        #     Note: This field is defined as int64 for reasons of compatibility across
+        #     different languages. However, it is a non-negative integer, which will
+        #     never exceed 2^32-1, and can be safely downconverted to uint32 in languages
+        #     that support this type.
+        #
+        #     NOTE: This field is in Beta.
         class AsymmetricSignRequest
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -483,6 +570,23 @@ module Google
         #   @return [::String]
         #     Required. The data encrypted with the named {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}'s public
         #     key using OAEP.
+        # @!attribute [rw] ciphertext_crc32c
+        #   @return [::Google::Protobuf::Int64Value]
+        #     Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext AsymmetricDecryptRequest.ciphertext}.
+        #     If specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the
+        #     received {::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext AsymmetricDecryptRequest.ciphertext} using this checksum.
+        #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
+        #     fails. If you receive a checksum error, your client should verify that
+        #     CRC32C({::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext AsymmetricDecryptRequest.ciphertext}) is equal to
+        #     {::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext_crc32c AsymmetricDecryptRequest.ciphertext_crc32c}, and if so, perform a
+        #     limited number of retries. A persistent mismatch may indicate an issue in
+        #     your computation of the CRC32C checksum.
+        #     Note: This field is defined as int64 for reasons of compatibility across
+        #     different languages. However, it is a non-negative integer, which will
+        #     never exceed 2^32-1, and can be safely downconverted to uint32 in languages
+        #     that support this type.
+        #
+        #     NOTE: This field is in Beta.
         class AsymmetricDecryptRequest
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -492,6 +596,23 @@ module Google
         # @!attribute [rw] plaintext
         #   @return [::String]
         #     The decrypted data originally supplied in {::Google::Cloud::Kms::V1::EncryptRequest#plaintext EncryptRequest.plaintext}.
+        # @!attribute [rw] plaintext_crc32c
+        #   @return [::Google::Protobuf::Int64Value]
+        #     Integrity verification field. A CRC32C checksum of the returned
+        #     {::Google::Cloud::Kms::V1::DecryptResponse#plaintext DecryptResponse.plaintext}. An integrity check of
+        #     {::Google::Cloud::Kms::V1::DecryptResponse#plaintext DecryptResponse.plaintext} can be performed by computing the CRC32C
+        #     checksum of {::Google::Cloud::Kms::V1::DecryptResponse#plaintext DecryptResponse.plaintext} and comparing your results to
+        #     this field. Discard the response in case of non-matching checksum values,
+        #     and perform a limited number of retries. A persistent mismatch may indicate
+        #     an issue in your computation of the CRC32C checksum. Note: receiving this
+        #     response message indicates that {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} is able to
+        #     successfully decrypt the {::Google::Cloud::Kms::V1::DecryptRequest#ciphertext ciphertext}.
+        #     Note: This field is defined as int64 for reasons of compatibility across
+        #     different languages. However, it is a non-negative integer, which will
+        #     never exceed 2^32-1, and can be safely downconverted to uint32 in languages
+        #     that support this type.
+        #
+        #     NOTE: This field is in Beta.
         class DecryptResponse
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -505,6 +626,46 @@ module Google
         # @!attribute [rw] ciphertext
         #   @return [::String]
         #     The encrypted data.
+        # @!attribute [rw] ciphertext_crc32c
+        #   @return [::Google::Protobuf::Int64Value]
+        #     Integrity verification field. A CRC32C checksum of the returned
+        #     {::Google::Cloud::Kms::V1::EncryptResponse#ciphertext EncryptResponse.ciphertext}. An integrity check of
+        #     {::Google::Cloud::Kms::V1::EncryptResponse#ciphertext EncryptResponse.ciphertext} can be performed by computing the CRC32C
+        #     checksum of {::Google::Cloud::Kms::V1::EncryptResponse#ciphertext EncryptResponse.ciphertext} and comparing your results to
+        #     this field. Discard the response in case of non-matching checksum values,
+        #     and perform a limited number of retries. A persistent mismatch may indicate
+        #     an issue in your computation of the CRC32C checksum.
+        #     Note: This field is defined as int64 for reasons of compatibility across
+        #     different languages. However, it is a non-negative integer, which will
+        #     never exceed 2^32-1, and can be safely downconverted to uint32 in languages
+        #     that support this type.
+        #
+        #     NOTE: This field is in Beta.
+        # @!attribute [rw] verified_plaintext_crc32c
+        #   @return [::Boolean]
+        #     Integrity verification field. A flag indicating whether
+        #     {::Google::Cloud::Kms::V1::EncryptRequest#plaintext_crc32c EncryptRequest.plaintext_crc32c} was received by
+        #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} and used for the integrity verification of the
+        #     {::Google::Cloud::Kms::V1::EncryptRequest#plaintext plaintext}. A false value of this field
+        #     indicates either that {::Google::Cloud::Kms::V1::EncryptRequest#plaintext_crc32c EncryptRequest.plaintext_crc32c} was left unset or
+        #     that it was not delivered to {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}. If you've set
+        #     {::Google::Cloud::Kms::V1::EncryptRequest#plaintext_crc32c EncryptRequest.plaintext_crc32c} but this field is still false, discard
+        #     the response and perform a limited number of retries.
+        #
+        #     NOTE: This field is in Beta.
+        # @!attribute [rw] verified_additional_authenticated_data_crc32c
+        #   @return [::Boolean]
+        #     Integrity verification field. A flag indicating whether
+        #     {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data_crc32c EncryptRequest.additional_authenticated_data_crc32c} was received by
+        #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} and used for the integrity verification of the
+        #     {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data AAD}. A false value of this
+        #     field indicates either that
+        #     {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data_crc32c EncryptRequest.additional_authenticated_data_crc32c} was left unset or
+        #     that it was not delivered to {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}. If you've set
+        #     {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data_crc32c EncryptRequest.additional_authenticated_data_crc32c} but this field is
+        #     still false, discard the response and perform a limited number of retries.
+        #
+        #     NOTE: This field is in Beta.
         class EncryptResponse
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -514,6 +675,39 @@ module Google
         # @!attribute [rw] signature
         #   @return [::String]
         #     The created signature.
+        # @!attribute [rw] signature_crc32c
+        #   @return [::Google::Protobuf::Int64Value]
+        #     Integrity verification field. A CRC32C checksum of the returned
+        #     {::Google::Cloud::Kms::V1::AsymmetricSignResponse#signature AsymmetricSignResponse.signature}. An integrity check of
+        #     {::Google::Cloud::Kms::V1::AsymmetricSignResponse#signature AsymmetricSignResponse.signature} can be performed by computing the
+        #     CRC32C checksum of {::Google::Cloud::Kms::V1::AsymmetricSignResponse#signature AsymmetricSignResponse.signature} and comparing your
+        #     results to this field. Discard the response in case of non-matching
+        #     checksum values, and perform a limited number of retries. A persistent
+        #     mismatch may indicate an issue in your computation of the CRC32C checksum.
+        #     Note: This field is defined as int64 for reasons of compatibility across
+        #     different languages. However, it is a non-negative integer, which will
+        #     never exceed 2^32-1, and can be safely downconverted to uint32 in languages
+        #     that support this type.
+        #
+        #     NOTE: This field is in Beta.
+        # @!attribute [rw] verified_digest_crc32c
+        #   @return [::Boolean]
+        #     Integrity verification field. A flag indicating whether
+        #     {::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest_crc32c AsymmetricSignRequest.digest_crc32c} was received by
+        #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} and used for the integrity verification of the
+        #     {::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest digest}. A false value of this field
+        #     indicates either that {::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest_crc32c AsymmetricSignRequest.digest_crc32c} was left
+        #     unset or that it was not delivered to {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}. If you've
+        #     set {::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest_crc32c AsymmetricSignRequest.digest_crc32c} but this field is still false,
+        #     discard the response and perform a limited number of retries.
+        #
+        #     NOTE: This field is in Beta.
+        # @!attribute [rw] name
+        #   @return [::String]
+        #     The resource name of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} used for signing. Check
+        #     this field to verify that the intended resource was used for signing.
+        #
+        #     NOTE: This field is in Beta.
         class AsymmetricSignResponse
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -523,6 +717,33 @@ module Google
         # @!attribute [rw] plaintext
         #   @return [::String]
         #     The decrypted data originally encrypted with the matching public key.
+        # @!attribute [rw] plaintext_crc32c
+        #   @return [::Google::Protobuf::Int64Value]
+        #     Integrity verification field. A CRC32C checksum of the returned
+        #     {::Google::Cloud::Kms::V1::AsymmetricDecryptResponse#plaintext AsymmetricDecryptResponse.plaintext}. An integrity check of
+        #     {::Google::Cloud::Kms::V1::AsymmetricDecryptResponse#plaintext AsymmetricDecryptResponse.plaintext} can be performed by computing the
+        #     CRC32C checksum of {::Google::Cloud::Kms::V1::AsymmetricDecryptResponse#plaintext AsymmetricDecryptResponse.plaintext} and comparing
+        #     your results to this field. Discard the response in case of non-matching
+        #     checksum values, and perform a limited number of retries. A persistent
+        #     mismatch may indicate an issue in your computation of the CRC32C checksum.
+        #     Note: This field is defined as int64 for reasons of compatibility across
+        #     different languages. However, it is a non-negative integer, which will
+        #     never exceed 2^32-1, and can be safely downconverted to uint32 in languages
+        #     that support this type.
+        #
+        #     NOTE: This field is in Beta.
+        # @!attribute [rw] verified_ciphertext_crc32c
+        #   @return [::Boolean]
+        #     Integrity verification field. A flag indicating whether
+        #     {::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext_crc32c AsymmetricDecryptRequest.ciphertext_crc32c} was received by
+        #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} and used for the integrity verification of the
+        #     {::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext ciphertext}. A false value of this
+        #     field indicates either that {::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext_crc32c AsymmetricDecryptRequest.ciphertext_crc32c}
+        #     was left unset or that it was not delivered to {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}. If
+        #     you've set {::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext_crc32c AsymmetricDecryptRequest.ciphertext_crc32c} but this field is
+        #     still false, discard the response and perform a limited number of retries.
+        #
+        #     NOTE: This field is in Beta.
         class AsymmetricDecryptResponse
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods