google-cloud-kms-v1 0.2.3 → 0.4.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +64 -0
- data/lib/google/cloud/kms/v1.rb +3 -0
- data/lib/google/cloud/kms/v1/iam_policy/client.rb +9 -3
- data/lib/google/cloud/kms/v1/key_management_service/client.rb +132 -28
- data/lib/google/cloud/kms/v1/resources_pb.rb +3 -0
- data/lib/google/cloud/kms/v1/service_pb.rb +16 -0
- data/lib/google/cloud/kms/v1/service_services_pb.rb +23 -23
- data/lib/google/cloud/kms/v1/version.rb +1 -1
- data/lib/google/iam/v1/iam_policy_services_pb.rb +3 -3
- data/proto_docs/google/api/field_behavior.rb +6 -0
- data/proto_docs/google/api/resource.rb +50 -14
- data/proto_docs/google/cloud/kms/v1/resources.rb +23 -2
- data/proto_docs/google/cloud/kms/v1/service.rb +221 -0
- data/proto_docs/google/protobuf/timestamp.rb +10 -1
- data/proto_docs/google/protobuf/wrappers.rb +121 -0
- metadata +7 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 62764c18f6a000c3037183bf6669587f265cc7dcb2a9a5db3f98502586b6b980
|
4
|
+
data.tar.gz: 3852a325f1efba565c8c897d9b19c0d308fa80c65abc4ff61a18190ea1b5e4ff
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 3f6338884470032a8a747a4e86476f115ae571079195f62ac132389008b868dfab03e16459cdc9ed070994216b6f81d98f39f7d779ab96524dd5f1a8dfc0bfaa
|
7
|
+
data.tar.gz: 83b8289d11bf4dfa0d0fc29017794effed6aafc0b683b7637b367ac96d4c032906d4b2014b865e8719710ec8612d9a17e884e7b46c7bbfb250bab32c78cc4312
|
data/README.md
CHANGED
@@ -6,6 +6,12 @@ Manages keys and performs cryptographic operations in a central cloud service, f
|
|
6
6
|
|
7
7
|
https://github.com/googleapis/google-cloud-ruby
|
8
8
|
|
9
|
+
This gem is a _versioned_ client. It provides basic client classes for a
|
10
|
+
specific version of the Cloud Key Management Service (KMS) V1 API. Most users should consider using
|
11
|
+
the main client gem,
|
12
|
+
[google-cloud-kms](https://rubygems.org/gems/google-cloud-kms).
|
13
|
+
See the section below titled *Which client should I use?* for more information.
|
14
|
+
|
9
15
|
## Installation
|
10
16
|
|
11
17
|
```
|
@@ -73,3 +79,61 @@ in security maintenance, and not end of life. Currently, this means Ruby 2.4
|
|
73
79
|
and later. Older versions of Ruby _may_ still work, but are unsupported and not
|
74
80
|
recommended. See https://www.ruby-lang.org/en/downloads/branches/ for details
|
75
81
|
about the Ruby support schedule.
|
82
|
+
|
83
|
+
## Which client should I use?
|
84
|
+
|
85
|
+
Most modern Ruby client libraries for Google APIs come in two flavors: the main
|
86
|
+
client library with a name such as `google-cloud-kms`,
|
87
|
+
and lower-level _versioned_ client libraries with names such as
|
88
|
+
`google-cloud-kms-v1`.
|
89
|
+
_In most cases, you should install the main client._
|
90
|
+
|
91
|
+
### What's the difference between the main client and a versioned client?
|
92
|
+
|
93
|
+
A _versioned client_ provides a basic set of data types and client classes for
|
94
|
+
a _single version_ of a specific service. (That is, for a service with multiple
|
95
|
+
versions, there might be a separate versioned client for each service version.)
|
96
|
+
Most versioned clients are written and maintained by a code generator.
|
97
|
+
|
98
|
+
The _main client_ is designed to provide you with the _recommended_ client
|
99
|
+
interfaces for the service. There will be only one main client for any given
|
100
|
+
service, even a service with multiple versions. The main client includes
|
101
|
+
factory methods for constructing the client objects we recommend for most
|
102
|
+
users. In some cases, those will be classes provided by an underlying versioned
|
103
|
+
client; in other cases, they will be handwritten higher-level client objects
|
104
|
+
with additional capabilities, convenience methods, or best practices built in.
|
105
|
+
Generally, the main client will default to a recommended service version,
|
106
|
+
although in some cases you can override this if you need to talk to a specific
|
107
|
+
service version.
|
108
|
+
|
109
|
+
### Why would I want to use the main client?
|
110
|
+
|
111
|
+
We recommend that most users install the main client gem for a service. You can
|
112
|
+
identify this gem as the one _without_ a version in its name, e.g.
|
113
|
+
`google-cloud-kms`.
|
114
|
+
The main client is recommended because it will embody the best practices for
|
115
|
+
accessing the service, and may also provide more convenient interfaces or
|
116
|
+
tighter integration into frameworks and third-party libraries. In addition, the
|
117
|
+
documentation and samples published by Google will generally demonstrate use of
|
118
|
+
the main client.
|
119
|
+
|
120
|
+
### Why would I want to use a versioned client?
|
121
|
+
|
122
|
+
You can use a versioned client if you are content with a possibly lower-level
|
123
|
+
class interface, you explicitly want to avoid features provided by the main
|
124
|
+
client, or you want to access a specific service version not be covered by the
|
125
|
+
main client. You can identify versioned client gems because the service version
|
126
|
+
is part of the name, e.g. `google-cloud-kms-v1`.
|
127
|
+
|
128
|
+
### What about the google-apis-<name> clients?
|
129
|
+
|
130
|
+
Client library gems with names that begin with `google-apis-` are based on an
|
131
|
+
older code generation technology. They talk to a REST/JSON backend (whereas
|
132
|
+
most modern clients talk to a [gRPC](https://grpc.io/) backend) and they may
|
133
|
+
not offer the same performance, features, and ease of use provided by more
|
134
|
+
modern clients.
|
135
|
+
|
136
|
+
The `google-apis-` clients have wide coverage across Google services, so you
|
137
|
+
might need to use one if there is no modern client available for the service.
|
138
|
+
However, if a modern client is available, we generally recommend it over the
|
139
|
+
older `google-apis-` clients.
|
data/lib/google/cloud/kms/v1.rb
CHANGED
@@ -148,7 +148,13 @@ module Google
|
|
148
148
|
|
149
149
|
# Create credentials
|
150
150
|
credentials = @config.credentials
|
151
|
-
|
151
|
+
# Use self-signed JWT if the scope and endpoint are unchanged from default,
|
152
|
+
# but only if the default endpoint does not have a region prefix.
|
153
|
+
enable_self_signed_jwt = @config.scope == Client.configure.scope &&
|
154
|
+
@config.endpoint == Client.configure.endpoint &&
|
155
|
+
!@config.endpoint.split(".").first.include?("-")
|
156
|
+
credentials ||= Credentials.default scope: @config.scope,
|
157
|
+
enable_self_signed_jwt: enable_self_signed_jwt
|
152
158
|
if credentials.is_a?(String) || credentials.is_a?(Hash)
|
153
159
|
credentials = Credentials.new credentials, scope: @config.scope
|
154
160
|
end
|
@@ -474,7 +480,7 @@ module Google
|
|
474
480
|
|
475
481
|
config_attr :endpoint, "cloudkms.googleapis.com", ::String
|
476
482
|
config_attr :credentials, nil do |value|
|
477
|
-
allowed = [::String, ::Hash, ::Proc, ::Google::Auth::Credentials, ::Signet::OAuth2::Client, nil]
|
483
|
+
allowed = [::String, ::Hash, ::Proc, ::Symbol, ::Google::Auth::Credentials, ::Signet::OAuth2::Client, nil]
|
478
484
|
allowed += [::GRPC::Core::Channel, ::GRPC::Core::ChannelCredentials] if defined? ::GRPC
|
479
485
|
allowed.any? { |klass| klass === value }
|
480
486
|
end
|
@@ -514,7 +520,7 @@ module Google
|
|
514
520
|
# Each configuration object is of type `Gapic::Config::Method` and includes
|
515
521
|
# the following configuration fields:
|
516
522
|
#
|
517
|
-
# * `timeout` (*type:* `Numeric`) - The call timeout in
|
523
|
+
# * `timeout` (*type:* `Numeric`) - The call timeout in seconds
|
518
524
|
# * `metadata` (*type:* `Hash{Symbol=>String}`) - Additional gRPC headers
|
519
525
|
# * `retry_policy (*type:* `Hash`) - The retry policy. The policy fields
|
520
526
|
# include the following keys:
|
@@ -81,7 +81,7 @@ module Google
|
|
81
81
|
initial_delay: 0.1,
|
82
82
|
max_delay: 60.0,
|
83
83
|
multiplier: 1.3,
|
84
|
-
retry_codes: [
|
84
|
+
retry_codes: [14, 4]
|
85
85
|
}
|
86
86
|
|
87
87
|
default_config.rpcs.list_crypto_keys.timeout = 60.0
|
@@ -89,7 +89,7 @@ module Google
|
|
89
89
|
initial_delay: 0.1,
|
90
90
|
max_delay: 60.0,
|
91
91
|
multiplier: 1.3,
|
92
|
-
retry_codes: [
|
92
|
+
retry_codes: [14, 4]
|
93
93
|
}
|
94
94
|
|
95
95
|
default_config.rpcs.list_crypto_key_versions.timeout = 60.0
|
@@ -97,7 +97,7 @@ module Google
|
|
97
97
|
initial_delay: 0.1,
|
98
98
|
max_delay: 60.0,
|
99
99
|
multiplier: 1.3,
|
100
|
-
retry_codes: [
|
100
|
+
retry_codes: [14, 4]
|
101
101
|
}
|
102
102
|
|
103
103
|
default_config.rpcs.list_import_jobs.timeout = 60.0
|
@@ -105,7 +105,7 @@ module Google
|
|
105
105
|
initial_delay: 0.1,
|
106
106
|
max_delay: 60.0,
|
107
107
|
multiplier: 1.3,
|
108
|
-
retry_codes: [
|
108
|
+
retry_codes: [14, 4]
|
109
109
|
}
|
110
110
|
|
111
111
|
default_config.rpcs.get_key_ring.timeout = 60.0
|
@@ -113,7 +113,7 @@ module Google
|
|
113
113
|
initial_delay: 0.1,
|
114
114
|
max_delay: 60.0,
|
115
115
|
multiplier: 1.3,
|
116
|
-
retry_codes: [
|
116
|
+
retry_codes: [14, 4]
|
117
117
|
}
|
118
118
|
|
119
119
|
default_config.rpcs.get_crypto_key.timeout = 60.0
|
@@ -121,7 +121,7 @@ module Google
|
|
121
121
|
initial_delay: 0.1,
|
122
122
|
max_delay: 60.0,
|
123
123
|
multiplier: 1.3,
|
124
|
-
retry_codes: [
|
124
|
+
retry_codes: [14, 4]
|
125
125
|
}
|
126
126
|
|
127
127
|
default_config.rpcs.get_crypto_key_version.timeout = 60.0
|
@@ -129,7 +129,7 @@ module Google
|
|
129
129
|
initial_delay: 0.1,
|
130
130
|
max_delay: 60.0,
|
131
131
|
multiplier: 1.3,
|
132
|
-
retry_codes: [
|
132
|
+
retry_codes: [14, 4]
|
133
133
|
}
|
134
134
|
|
135
135
|
default_config.rpcs.get_public_key.timeout = 60.0
|
@@ -137,7 +137,7 @@ module Google
|
|
137
137
|
initial_delay: 0.1,
|
138
138
|
max_delay: 60.0,
|
139
139
|
multiplier: 1.3,
|
140
|
-
retry_codes: [
|
140
|
+
retry_codes: [14, 4]
|
141
141
|
}
|
142
142
|
|
143
143
|
default_config.rpcs.get_import_job.timeout = 60.0
|
@@ -145,7 +145,7 @@ module Google
|
|
145
145
|
initial_delay: 0.1,
|
146
146
|
max_delay: 60.0,
|
147
147
|
multiplier: 1.3,
|
148
|
-
retry_codes: [
|
148
|
+
retry_codes: [14, 4]
|
149
149
|
}
|
150
150
|
|
151
151
|
default_config.rpcs.create_key_ring.timeout = 60.0
|
@@ -153,7 +153,7 @@ module Google
|
|
153
153
|
initial_delay: 0.1,
|
154
154
|
max_delay: 60.0,
|
155
155
|
multiplier: 1.3,
|
156
|
-
retry_codes: [
|
156
|
+
retry_codes: [14, 4]
|
157
157
|
}
|
158
158
|
|
159
159
|
default_config.rpcs.create_crypto_key.timeout = 60.0
|
@@ -161,7 +161,7 @@ module Google
|
|
161
161
|
initial_delay: 0.1,
|
162
162
|
max_delay: 60.0,
|
163
163
|
multiplier: 1.3,
|
164
|
-
retry_codes: [
|
164
|
+
retry_codes: [14, 4]
|
165
165
|
}
|
166
166
|
|
167
167
|
default_config.rpcs.create_crypto_key_version.timeout = 60.0
|
@@ -173,7 +173,7 @@ module Google
|
|
173
173
|
initial_delay: 0.1,
|
174
174
|
max_delay: 60.0,
|
175
175
|
multiplier: 1.3,
|
176
|
-
retry_codes: [
|
176
|
+
retry_codes: [14, 4]
|
177
177
|
}
|
178
178
|
|
179
179
|
default_config.rpcs.update_crypto_key.timeout = 60.0
|
@@ -181,7 +181,7 @@ module Google
|
|
181
181
|
initial_delay: 0.1,
|
182
182
|
max_delay: 60.0,
|
183
183
|
multiplier: 1.3,
|
184
|
-
retry_codes: [
|
184
|
+
retry_codes: [14, 4]
|
185
185
|
}
|
186
186
|
|
187
187
|
default_config.rpcs.update_crypto_key_version.timeout = 60.0
|
@@ -189,7 +189,7 @@ module Google
|
|
189
189
|
initial_delay: 0.1,
|
190
190
|
max_delay: 60.0,
|
191
191
|
multiplier: 1.3,
|
192
|
-
retry_codes: [
|
192
|
+
retry_codes: [14, 4]
|
193
193
|
}
|
194
194
|
|
195
195
|
default_config.rpcs.encrypt.timeout = 60.0
|
@@ -197,7 +197,7 @@ module Google
|
|
197
197
|
initial_delay: 0.1,
|
198
198
|
max_delay: 60.0,
|
199
199
|
multiplier: 1.3,
|
200
|
-
retry_codes: [
|
200
|
+
retry_codes: [14, 4]
|
201
201
|
}
|
202
202
|
|
203
203
|
default_config.rpcs.decrypt.timeout = 60.0
|
@@ -205,7 +205,7 @@ module Google
|
|
205
205
|
initial_delay: 0.1,
|
206
206
|
max_delay: 60.0,
|
207
207
|
multiplier: 1.3,
|
208
|
-
retry_codes: [
|
208
|
+
retry_codes: [14, 4]
|
209
209
|
}
|
210
210
|
|
211
211
|
default_config.rpcs.asymmetric_sign.timeout = 60.0
|
@@ -213,7 +213,7 @@ module Google
|
|
213
213
|
initial_delay: 0.1,
|
214
214
|
max_delay: 60.0,
|
215
215
|
multiplier: 1.3,
|
216
|
-
retry_codes: [
|
216
|
+
retry_codes: [14, 4]
|
217
217
|
}
|
218
218
|
|
219
219
|
default_config.rpcs.asymmetric_decrypt.timeout = 60.0
|
@@ -221,7 +221,7 @@ module Google
|
|
221
221
|
initial_delay: 0.1,
|
222
222
|
max_delay: 60.0,
|
223
223
|
multiplier: 1.3,
|
224
|
-
retry_codes: [
|
224
|
+
retry_codes: [14, 4]
|
225
225
|
}
|
226
226
|
|
227
227
|
default_config.rpcs.update_crypto_key_primary_version.timeout = 60.0
|
@@ -229,7 +229,7 @@ module Google
|
|
229
229
|
initial_delay: 0.1,
|
230
230
|
max_delay: 60.0,
|
231
231
|
multiplier: 1.3,
|
232
|
-
retry_codes: [
|
232
|
+
retry_codes: [14, 4]
|
233
233
|
}
|
234
234
|
|
235
235
|
default_config.rpcs.destroy_crypto_key_version.timeout = 60.0
|
@@ -237,7 +237,7 @@ module Google
|
|
237
237
|
initial_delay: 0.1,
|
238
238
|
max_delay: 60.0,
|
239
239
|
multiplier: 1.3,
|
240
|
-
retry_codes: [
|
240
|
+
retry_codes: [14, 4]
|
241
241
|
}
|
242
242
|
|
243
243
|
default_config.rpcs.restore_crypto_key_version.timeout = 60.0
|
@@ -245,7 +245,7 @@ module Google
|
|
245
245
|
initial_delay: 0.1,
|
246
246
|
max_delay: 60.0,
|
247
247
|
multiplier: 1.3,
|
248
|
-
retry_codes: [
|
248
|
+
retry_codes: [14, 4]
|
249
249
|
}
|
250
250
|
|
251
251
|
default_config
|
@@ -309,7 +309,13 @@ module Google
|
|
309
309
|
|
310
310
|
# Create credentials
|
311
311
|
credentials = @config.credentials
|
312
|
-
|
312
|
+
# Use self-signed JWT if the scope and endpoint are unchanged from default,
|
313
|
+
# but only if the default endpoint does not have a region prefix.
|
314
|
+
enable_self_signed_jwt = @config.scope == Client.configure.scope &&
|
315
|
+
@config.endpoint == Client.configure.endpoint &&
|
316
|
+
!@config.endpoint.split(".").first.include?("-")
|
317
|
+
credentials ||= Credentials.default scope: @config.scope,
|
318
|
+
enable_self_signed_jwt: enable_self_signed_jwt
|
313
319
|
if credentials.is_a?(String) || credentials.is_a?(Hash)
|
314
320
|
credentials = Credentials.new credentials, scope: @config.scope
|
315
321
|
end
|
@@ -1572,7 +1578,7 @@ module Google
|
|
1572
1578
|
# @param options [::Gapic::CallOptions, ::Hash]
|
1573
1579
|
# Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
|
1574
1580
|
#
|
1575
|
-
# @overload encrypt(name: nil, plaintext: nil, additional_authenticated_data: nil)
|
1581
|
+
# @overload encrypt(name: nil, plaintext: nil, additional_authenticated_data: nil, plaintext_crc32c: nil, additional_authenticated_data_crc32c: nil)
|
1576
1582
|
# Pass arguments to `encrypt` via keyword arguments. Note that at
|
1577
1583
|
# least one keyword argument is required. To specify no parameters, or to keep all
|
1578
1584
|
# the default parameter values, pass an empty Hash as a request object (see above).
|
@@ -1602,6 +1608,39 @@ module Google
|
|
1602
1608
|
# 64KiB. For {::Google::Cloud::Kms::V1::ProtectionLevel::HSM HSM} keys, the combined length of the
|
1603
1609
|
# plaintext and additional_authenticated_data fields must be no larger than
|
1604
1610
|
# 8KiB.
|
1611
|
+
# @param plaintext_crc32c [::Google::Protobuf::Int64Value, ::Hash]
|
1612
|
+
# Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::EncryptRequest#plaintext EncryptRequest.plaintext}. If
|
1613
|
+
# specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the
|
1614
|
+
# received {::Google::Cloud::Kms::V1::EncryptRequest#plaintext EncryptRequest.plaintext} using this checksum.
|
1615
|
+
# {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
|
1616
|
+
# fails. If you receive a checksum error, your client should verify that
|
1617
|
+
# CRC32C({::Google::Cloud::Kms::V1::EncryptRequest#plaintext EncryptRequest.plaintext}) is equal to
|
1618
|
+
# {::Google::Cloud::Kms::V1::EncryptRequest#plaintext_crc32c EncryptRequest.plaintext_crc32c}, and if so, perform a limited number of
|
1619
|
+
# retries. A persistent mismatch may indicate an issue in your computation of
|
1620
|
+
# the CRC32C checksum.
|
1621
|
+
# Note: This field is defined as int64 for reasons of compatibility across
|
1622
|
+
# different languages. However, it is a non-negative integer, which will
|
1623
|
+
# never exceed 2^32-1, and can be safely downconverted to uint32 in languages
|
1624
|
+
# that support this type.
|
1625
|
+
#
|
1626
|
+
# NOTE: This field is in Beta.
|
1627
|
+
# @param additional_authenticated_data_crc32c [::Google::Protobuf::Int64Value, ::Hash]
|
1628
|
+
# Optional. An optional CRC32C checksum of the
|
1629
|
+
# {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data EncryptRequest.additional_authenticated_data}. If specified,
|
1630
|
+
# {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the received
|
1631
|
+
# {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data EncryptRequest.additional_authenticated_data} using this checksum.
|
1632
|
+
# {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
|
1633
|
+
# fails. If you receive a checksum error, your client should verify that
|
1634
|
+
# CRC32C({::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data EncryptRequest.additional_authenticated_data}) is equal to
|
1635
|
+
# {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data_crc32c EncryptRequest.additional_authenticated_data_crc32c}, and if so, perform
|
1636
|
+
# a limited number of retries. A persistent mismatch may indicate an issue in
|
1637
|
+
# your computation of the CRC32C checksum.
|
1638
|
+
# Note: This field is defined as int64 for reasons of compatibility across
|
1639
|
+
# different languages. However, it is a non-negative integer, which will
|
1640
|
+
# never exceed 2^32-1, and can be safely downconverted to uint32 in languages
|
1641
|
+
# that support this type.
|
1642
|
+
#
|
1643
|
+
# NOTE: This field is in Beta.
|
1605
1644
|
#
|
1606
1645
|
# @yield [response, operation] Access the result along with the RPC operation
|
1607
1646
|
# @yieldparam response [::Google::Cloud::Kms::V1::EncryptResponse]
|
@@ -1662,7 +1701,7 @@ module Google
|
|
1662
1701
|
# @param options [::Gapic::CallOptions, ::Hash]
|
1663
1702
|
# Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
|
1664
1703
|
#
|
1665
|
-
# @overload decrypt(name: nil, ciphertext: nil, additional_authenticated_data: nil)
|
1704
|
+
# @overload decrypt(name: nil, ciphertext: nil, additional_authenticated_data: nil, ciphertext_crc32c: nil, additional_authenticated_data_crc32c: nil)
|
1666
1705
|
# Pass arguments to `decrypt` via keyword arguments. Note that at
|
1667
1706
|
# least one keyword argument is required. To specify no parameters, or to keep all
|
1668
1707
|
# the default parameter values, pass an empty Hash as a request object (see above).
|
@@ -1676,6 +1715,39 @@ module Google
|
|
1676
1715
|
# @param additional_authenticated_data [::String]
|
1677
1716
|
# Optional. Optional data that must match the data originally supplied in
|
1678
1717
|
# {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data EncryptRequest.additional_authenticated_data}.
|
1718
|
+
# @param ciphertext_crc32c [::Google::Protobuf::Int64Value, ::Hash]
|
1719
|
+
# Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::DecryptRequest#ciphertext DecryptRequest.ciphertext}. If
|
1720
|
+
# specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the
|
1721
|
+
# received {::Google::Cloud::Kms::V1::DecryptRequest#ciphertext DecryptRequest.ciphertext} using this checksum.
|
1722
|
+
# {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
|
1723
|
+
# fails. If you receive a checksum error, your client should verify that
|
1724
|
+
# CRC32C({::Google::Cloud::Kms::V1::DecryptRequest#ciphertext DecryptRequest.ciphertext}) is equal to
|
1725
|
+
# {::Google::Cloud::Kms::V1::DecryptRequest#ciphertext_crc32c DecryptRequest.ciphertext_crc32c}, and if so, perform a limited number
|
1726
|
+
# of retries. A persistent mismatch may indicate an issue in your computation
|
1727
|
+
# of the CRC32C checksum.
|
1728
|
+
# Note: This field is defined as int64 for reasons of compatibility across
|
1729
|
+
# different languages. However, it is a non-negative integer, which will
|
1730
|
+
# never exceed 2^32-1, and can be safely downconverted to uint32 in languages
|
1731
|
+
# that support this type.
|
1732
|
+
#
|
1733
|
+
# NOTE: This field is in Beta.
|
1734
|
+
# @param additional_authenticated_data_crc32c [::Google::Protobuf::Int64Value, ::Hash]
|
1735
|
+
# Optional. An optional CRC32C checksum of the
|
1736
|
+
# {::Google::Cloud::Kms::V1::DecryptRequest#additional_authenticated_data DecryptRequest.additional_authenticated_data}. If specified,
|
1737
|
+
# {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the received
|
1738
|
+
# {::Google::Cloud::Kms::V1::DecryptRequest#additional_authenticated_data DecryptRequest.additional_authenticated_data} using this checksum.
|
1739
|
+
# {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
|
1740
|
+
# fails. If you receive a checksum error, your client should verify that
|
1741
|
+
# CRC32C({::Google::Cloud::Kms::V1::DecryptRequest#additional_authenticated_data DecryptRequest.additional_authenticated_data}) is equal to
|
1742
|
+
# {::Google::Cloud::Kms::V1::DecryptRequest#additional_authenticated_data_crc32c DecryptRequest.additional_authenticated_data_crc32c}, and if so, perform
|
1743
|
+
# a limited number of retries. A persistent mismatch may indicate an issue in
|
1744
|
+
# your computation of the CRC32C checksum.
|
1745
|
+
# Note: This field is defined as int64 for reasons of compatibility across
|
1746
|
+
# different languages. However, it is a non-negative integer, which will
|
1747
|
+
# never exceed 2^32-1, and can be safely downconverted to uint32 in languages
|
1748
|
+
# that support this type.
|
1749
|
+
#
|
1750
|
+
# NOTE: This field is in Beta.
|
1679
1751
|
#
|
1680
1752
|
# @yield [response, operation] Access the result along with the RPC operation
|
1681
1753
|
# @yieldparam response [::Google::Cloud::Kms::V1::DecryptResponse]
|
@@ -1737,7 +1809,7 @@ module Google
|
|
1737
1809
|
# @param options [::Gapic::CallOptions, ::Hash]
|
1738
1810
|
# Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
|
1739
1811
|
#
|
1740
|
-
# @overload asymmetric_sign(name: nil, digest: nil)
|
1812
|
+
# @overload asymmetric_sign(name: nil, digest: nil, digest_crc32c: nil)
|
1741
1813
|
# Pass arguments to `asymmetric_sign` via keyword arguments. Note that at
|
1742
1814
|
# least one keyword argument is required. To specify no parameters, or to keep all
|
1743
1815
|
# the default parameter values, pass an empty Hash as a request object (see above).
|
@@ -1748,6 +1820,22 @@ module Google
|
|
1748
1820
|
# Required. The digest of the data to sign. The digest must be produced with
|
1749
1821
|
# the same digest algorithm as specified by the key version's
|
1750
1822
|
# {::Google::Cloud::Kms::V1::CryptoKeyVersion#algorithm algorithm}.
|
1823
|
+
# @param digest_crc32c [::Google::Protobuf::Int64Value, ::Hash]
|
1824
|
+
# Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest AsymmetricSignRequest.digest}. If
|
1825
|
+
# specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the
|
1826
|
+
# received {::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest AsymmetricSignRequest.digest} using this checksum.
|
1827
|
+
# {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
|
1828
|
+
# fails. If you receive a checksum error, your client should verify that
|
1829
|
+
# CRC32C({::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest AsymmetricSignRequest.digest}) is equal to
|
1830
|
+
# {::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest_crc32c AsymmetricSignRequest.digest_crc32c}, and if so, perform a limited
|
1831
|
+
# number of retries. A persistent mismatch may indicate an issue in your
|
1832
|
+
# computation of the CRC32C checksum.
|
1833
|
+
# Note: This field is defined as int64 for reasons of compatibility across
|
1834
|
+
# different languages. However, it is a non-negative integer, which will
|
1835
|
+
# never exceed 2^32-1, and can be safely downconverted to uint32 in languages
|
1836
|
+
# that support this type.
|
1837
|
+
#
|
1838
|
+
# NOTE: This field is in Beta.
|
1751
1839
|
#
|
1752
1840
|
# @yield [response, operation] Access the result along with the RPC operation
|
1753
1841
|
# @yieldparam response [::Google::Cloud::Kms::V1::AsymmetricSignResponse]
|
@@ -1809,7 +1897,7 @@ module Google
|
|
1809
1897
|
# @param options [::Gapic::CallOptions, ::Hash]
|
1810
1898
|
# Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
|
1811
1899
|
#
|
1812
|
-
# @overload asymmetric_decrypt(name: nil, ciphertext: nil)
|
1900
|
+
# @overload asymmetric_decrypt(name: nil, ciphertext: nil, ciphertext_crc32c: nil)
|
1813
1901
|
# Pass arguments to `asymmetric_decrypt` via keyword arguments. Note that at
|
1814
1902
|
# least one keyword argument is required. To specify no parameters, or to keep all
|
1815
1903
|
# the default parameter values, pass an empty Hash as a request object (see above).
|
@@ -1820,6 +1908,22 @@ module Google
|
|
1820
1908
|
# @param ciphertext [::String]
|
1821
1909
|
# Required. The data encrypted with the named {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}'s public
|
1822
1910
|
# key using OAEP.
|
1911
|
+
# @param ciphertext_crc32c [::Google::Protobuf::Int64Value, ::Hash]
|
1912
|
+
# Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext AsymmetricDecryptRequest.ciphertext}.
|
1913
|
+
# If specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the
|
1914
|
+
# received {::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext AsymmetricDecryptRequest.ciphertext} using this checksum.
|
1915
|
+
# {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
|
1916
|
+
# fails. If you receive a checksum error, your client should verify that
|
1917
|
+
# CRC32C({::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext AsymmetricDecryptRequest.ciphertext}) is equal to
|
1918
|
+
# {::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext_crc32c AsymmetricDecryptRequest.ciphertext_crc32c}, and if so, perform a
|
1919
|
+
# limited number of retries. A persistent mismatch may indicate an issue in
|
1920
|
+
# your computation of the CRC32C checksum.
|
1921
|
+
# Note: This field is defined as int64 for reasons of compatibility across
|
1922
|
+
# different languages. However, it is a non-negative integer, which will
|
1923
|
+
# never exceed 2^32-1, and can be safely downconverted to uint32 in languages
|
1924
|
+
# that support this type.
|
1925
|
+
#
|
1926
|
+
# NOTE: This field is in Beta.
|
1823
1927
|
#
|
1824
1928
|
# @yield [response, operation] Access the result along with the RPC operation
|
1825
1929
|
# @yieldparam response [::Google::Cloud::Kms::V1::AsymmetricDecryptResponse]
|
@@ -2170,7 +2274,7 @@ module Google
|
|
2170
2274
|
|
2171
2275
|
config_attr :endpoint, "cloudkms.googleapis.com", ::String
|
2172
2276
|
config_attr :credentials, nil do |value|
|
2173
|
-
allowed = [::String, ::Hash, ::Proc, ::Google::Auth::Credentials, ::Signet::OAuth2::Client, nil]
|
2277
|
+
allowed = [::String, ::Hash, ::Proc, ::Symbol, ::Google::Auth::Credentials, ::Signet::OAuth2::Client, nil]
|
2174
2278
|
allowed += [::GRPC::Core::Channel, ::GRPC::Core::ChannelCredentials] if defined? ::GRPC
|
2175
2279
|
allowed.any? { |klass| klass === value }
|
2176
2280
|
end
|
@@ -2210,7 +2314,7 @@ module Google
|
|
2210
2314
|
# Each configuration object is of type `Gapic::Config::Method` and includes
|
2211
2315
|
# the following configuration fields:
|
2212
2316
|
#
|
2213
|
-
# * `timeout` (*type:* `Numeric`) - The call timeout in
|
2317
|
+
# * `timeout` (*type:* `Numeric`) - The call timeout in seconds
|
2214
2318
|
# * `metadata` (*type:* `Hash{Symbol=>String}`) - Additional gRPC headers
|
2215
2319
|
# * `retry_policy (*type:* `Hash`) - The retry policy. The policy fields
|
2216
2320
|
# include the following keys:
|