google-cloud-kms-v1 0.2.4 → 0.5.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (18) hide show
  1. checksums.yaml +4 -4
  2. data/LICENSE.md +188 -190
  3. data/README.md +66 -2
  4. data/lib/google/cloud/kms/v1.rb +3 -0
  5. data/lib/google/cloud/kms/v1/iam_policy/client.rb +14 -8
  6. data/lib/google/cloud/kms/v1/key_management_service/client.rb +199 -95
  7. data/lib/google/cloud/kms/v1/resources_pb.rb +3 -0
  8. data/lib/google/cloud/kms/v1/service_pb.rb +16 -0
  9. data/lib/google/cloud/kms/v1/service_services_pb.rb +23 -23
  10. data/lib/google/cloud/kms/v1/version.rb +1 -1
  11. data/lib/google/iam/v1/iam_policy_services_pb.rb +3 -3
  12. data/proto_docs/google/api/field_behavior.rb +6 -0
  13. data/proto_docs/google/api/resource.rb +50 -14
  14. data/proto_docs/google/cloud/kms/v1/resources.rb +23 -2
  15. data/proto_docs/google/cloud/kms/v1/service.rb +221 -0
  16. data/proto_docs/google/protobuf/timestamp.rb +10 -1
  17. data/proto_docs/google/protobuf/wrappers.rb +121 -0
  18. metadata +10 -7
data/lib/google/cloud/kms/v1.rb CHANGED
@@ -34,3 +34,6 @@ module Google
34
34
  end
35
35
  end
36
36
  end
37
+
38
+ helper_path = ::File.join __dir__, "v1", "_helpers.rb"
39
+ require "google/cloud/kms/v1/_helpers" if ::File.file? helper_path
data/lib/google/cloud/kms/v1/iam_policy/client.rb CHANGED
@@ -82,7 +82,7 @@ module Google
82
82
  parent_config = while namespace.any?
83
83
  parent_name = namespace.join "::"
84
84
  parent_const = const_get parent_name
85
- break parent_const.configure if parent_const&.respond_to? :configure
85
+ break parent_const.configure if parent_const.respond_to? :configure
86
86
  namespace.pop
87
87
  end
88
88
  default_config = Client::Configuration.new parent_config
@@ -148,7 +148,13 @@ module Google
148
148
 
149
149
  # Create credentials
150
150
  credentials = @config.credentials
151
- credentials ||= Credentials.default scope: @config.scope
151
+ # Use self-signed JWT if the scope and endpoint are unchanged from default,
152
+ # but only if the default endpoint does not have a region prefix.
153
+ enable_self_signed_jwt = @config.scope == Client.configure.scope &&
154
+ @config.endpoint == Client.configure.endpoint &&
155
+ !@config.endpoint.split(".").first.include?("-")
156
+ credentials ||= Credentials.default scope: @config.scope,
157
+ enable_self_signed_jwt: enable_self_signed_jwt
152
158
  if credentials.is_a?(String) || credentials.is_a?(Hash)
153
159
  credentials = Credentials.new credentials, scope: @config.scope
154
160
  end
@@ -481,7 +487,7 @@ module Google
481
487
  config_attr :scope, nil, ::String, ::Array, nil
482
488
  config_attr :lib_name, nil, ::String, nil
483
489
  config_attr :lib_version, nil, ::String, nil
484
- config_attr(:channel_args, { "grpc.service_config_disable_resolution"=>1 }, ::Hash, nil)
490
+ config_attr(:channel_args, { "grpc.service_config_disable_resolution" => 1 }, ::Hash, nil)
485
491
  config_attr :interceptors, nil, ::Array, nil
486
492
  config_attr :timeout, nil, ::Numeric, nil
487
493
  config_attr :metadata, nil, ::Hash, nil
@@ -502,7 +508,7 @@ module Google
502
508
  def rpcs
503
509
  @rpcs ||= begin
504
510
  parent_rpcs = nil
505
- parent_rpcs = @parent_config.rpcs if defined?(@parent_config) && @parent_config&.respond_to?(:rpcs)
511
+ parent_rpcs = @parent_config.rpcs if defined?(@parent_config) && @parent_config.respond_to?(:rpcs)
506
512
  Rpcs.new parent_rpcs
507
513
  end
508
514
  end
@@ -514,7 +520,7 @@ module Google
514
520
  # Each configuration object is of type `Gapic::Config::Method` and includes
515
521
  # the following configuration fields:
516
522
  #
517
- # * `timeout` (*type:* `Numeric`) - The call timeout in milliseconds
523
+ # * `timeout` (*type:* `Numeric`) - The call timeout in seconds
518
524
  # * `metadata` (*type:* `Hash{Symbol=>String}`) - Additional gRPC headers
519
525
  # * `retry_policy (*type:* `Hash`) - The retry policy. The policy fields
520
526
  # include the following keys:
@@ -543,11 +549,11 @@ module Google
543
549
 
544
550
  # @private
545
551
  def initialize parent_rpcs = nil
546
- set_iam_policy_config = parent_rpcs&.set_iam_policy if parent_rpcs&.respond_to? :set_iam_policy
552
+ set_iam_policy_config = parent_rpcs.set_iam_policy if parent_rpcs.respond_to? :set_iam_policy
547
553
  @set_iam_policy = ::Gapic::Config::Method.new set_iam_policy_config
548
- get_iam_policy_config = parent_rpcs&.get_iam_policy if parent_rpcs&.respond_to? :get_iam_policy
554
+ get_iam_policy_config = parent_rpcs.get_iam_policy if parent_rpcs.respond_to? :get_iam_policy
549
555
  @get_iam_policy = ::Gapic::Config::Method.new get_iam_policy_config
550
- test_iam_permissions_config = parent_rpcs&.test_iam_permissions if parent_rpcs&.respond_to? :test_iam_permissions
556
+ test_iam_permissions_config = parent_rpcs.test_iam_permissions if parent_rpcs.respond_to? :test_iam_permissions
551
557
  @test_iam_permissions = ::Gapic::Config::Method.new test_iam_permissions_config
552
558
 
553
559
  yield self if block_given?
data/lib/google/cloud/kms/v1/key_management_service/client.rb CHANGED
@@ -71,7 +71,7 @@ module Google
71
71
  parent_config = while namespace.any?
72
72
  parent_name = namespace.join "::"
73
73
  parent_const = const_get parent_name
74
- break parent_const.configure if parent_const&.respond_to? :configure
74
+ break parent_const.configure if parent_const.respond_to? :configure
75
75
  namespace.pop
76
76
  end
77
77
  default_config = Client::Configuration.new parent_config
@@ -79,89 +79,89 @@ module Google
79
79
  default_config.rpcs.list_key_rings.timeout = 60.0
80
80
  default_config.rpcs.list_key_rings.retry_policy = {
81
81
  initial_delay: 0.1,
82
- max_delay: 60.0,
83
- multiplier: 1.3,
84
- retry_codes: [13, 14, 4]
82
+ max_delay: 60.0,
83
+ multiplier: 1.3,
84
+ retry_codes: [14, 4]
85
85
  }
86
86
 
87
87
  default_config.rpcs.list_crypto_keys.timeout = 60.0
88
88
  default_config.rpcs.list_crypto_keys.retry_policy = {
89
89
  initial_delay: 0.1,
90
- max_delay: 60.0,
91
- multiplier: 1.3,
92
- retry_codes: [13, 14, 4]
90
+ max_delay: 60.0,
91
+ multiplier: 1.3,
92
+ retry_codes: [14, 4]
93
93
  }
94
94
 
95
95
  default_config.rpcs.list_crypto_key_versions.timeout = 60.0
96
96
  default_config.rpcs.list_crypto_key_versions.retry_policy = {
97
97
  initial_delay: 0.1,
98
- max_delay: 60.0,
99
- multiplier: 1.3,
100
- retry_codes: [13, 14, 4]
98
+ max_delay: 60.0,
99
+ multiplier: 1.3,
100
+ retry_codes: [14, 4]
101
101
  }
102
102
 
103
103
  default_config.rpcs.list_import_jobs.timeout = 60.0
104
104
  default_config.rpcs.list_import_jobs.retry_policy = {
105
105
  initial_delay: 0.1,
106
- max_delay: 60.0,
107
- multiplier: 1.3,
108
- retry_codes: [13, 14, 4]
106
+ max_delay: 60.0,
107
+ multiplier: 1.3,
108
+ retry_codes: [14, 4]
109
109
  }
110
110
 
111
111
  default_config.rpcs.get_key_ring.timeout = 60.0
112
112
  default_config.rpcs.get_key_ring.retry_policy = {
113
113
  initial_delay: 0.1,
114
- max_delay: 60.0,
115
- multiplier: 1.3,
116
- retry_codes: [13, 14, 4]
114
+ max_delay: 60.0,
115
+ multiplier: 1.3,
116
+ retry_codes: [14, 4]
117
117
  }
118
118
 
119
119
  default_config.rpcs.get_crypto_key.timeout = 60.0
120
120
  default_config.rpcs.get_crypto_key.retry_policy = {
121
121
  initial_delay: 0.1,
122
- max_delay: 60.0,
123
- multiplier: 1.3,
124
- retry_codes: [13, 14, 4]
122
+ max_delay: 60.0,
123
+ multiplier: 1.3,
124
+ retry_codes: [14, 4]
125
125
  }
126
126
 
127
127
  default_config.rpcs.get_crypto_key_version.timeout = 60.0
128
128
  default_config.rpcs.get_crypto_key_version.retry_policy = {
129
129
  initial_delay: 0.1,
130
- max_delay: 60.0,
131
- multiplier: 1.3,
132
- retry_codes: [13, 14, 4]
130
+ max_delay: 60.0,
131
+ multiplier: 1.3,
132
+ retry_codes: [14, 4]
133
133
  }
134
134
 
135
135
  default_config.rpcs.get_public_key.timeout = 60.0
136
136
  default_config.rpcs.get_public_key.retry_policy = {
137
137
  initial_delay: 0.1,
138
- max_delay: 60.0,
139
- multiplier: 1.3,
140
- retry_codes: [13, 14, 4]
138
+ max_delay: 60.0,
139
+ multiplier: 1.3,
140
+ retry_codes: [14, 4]
141
141
  }
142
142
 
143
143
  default_config.rpcs.get_import_job.timeout = 60.0
144
144
  default_config.rpcs.get_import_job.retry_policy = {
145
145
  initial_delay: 0.1,
146
- max_delay: 60.0,
147
- multiplier: 1.3,
148
- retry_codes: [13, 14, 4]
146
+ max_delay: 60.0,
147
+ multiplier: 1.3,
148
+ retry_codes: [14, 4]
149
149
  }
150
150
 
151
151
  default_config.rpcs.create_key_ring.timeout = 60.0
152
152
  default_config.rpcs.create_key_ring.retry_policy = {
153
153
  initial_delay: 0.1,
154
- max_delay: 60.0,
155
- multiplier: 1.3,
156
- retry_codes: [13, 14, 4]
154
+ max_delay: 60.0,
155
+ multiplier: 1.3,
156
+ retry_codes: [14, 4]
157
157
  }
158
158
 
159
159
  default_config.rpcs.create_crypto_key.timeout = 60.0
160
160
  default_config.rpcs.create_crypto_key.retry_policy = {
161
161
  initial_delay: 0.1,
162
- max_delay: 60.0,
163
- multiplier: 1.3,
164
- retry_codes: [13, 14, 4]
162
+ max_delay: 60.0,
163
+ multiplier: 1.3,
164
+ retry_codes: [14, 4]
165
165
  }
166
166
 
167
167
  default_config.rpcs.create_crypto_key_version.timeout = 60.0
@@ -171,81 +171,81 @@ module Google
171
171
  default_config.rpcs.create_import_job.timeout = 60.0
172
172
  default_config.rpcs.create_import_job.retry_policy = {
173
173
  initial_delay: 0.1,
174
- max_delay: 60.0,
175
- multiplier: 1.3,
176
- retry_codes: [13, 14, 4]
174
+ max_delay: 60.0,
175
+ multiplier: 1.3,
176
+ retry_codes: [14, 4]
177
177
  }
178
178
 
179
179
  default_config.rpcs.update_crypto_key.timeout = 60.0
180
180
  default_config.rpcs.update_crypto_key.retry_policy = {
181
181
  initial_delay: 0.1,
182
- max_delay: 60.0,
183
- multiplier: 1.3,
184
- retry_codes: [13, 14, 4]
182
+ max_delay: 60.0,
183
+ multiplier: 1.3,
184
+ retry_codes: [14, 4]
185
185
  }
186
186
 
187
187
  default_config.rpcs.update_crypto_key_version.timeout = 60.0
188
188
  default_config.rpcs.update_crypto_key_version.retry_policy = {
189
189
  initial_delay: 0.1,
190
- max_delay: 60.0,
191
- multiplier: 1.3,
192
- retry_codes: [13, 14, 4]
190
+ max_delay: 60.0,
191
+ multiplier: 1.3,
192
+ retry_codes: [14, 4]
193
193
  }
194
194
 
195
195
  default_config.rpcs.encrypt.timeout = 60.0
196
196
  default_config.rpcs.encrypt.retry_policy = {
197
197
  initial_delay: 0.1,
198
- max_delay: 60.0,
199
- multiplier: 1.3,
200
- retry_codes: [13, 14, 4]
198
+ max_delay: 60.0,
199
+ multiplier: 1.3,
200
+ retry_codes: [14, 4]
201
201
  }
202
202
 
203
203
  default_config.rpcs.decrypt.timeout = 60.0
204
204
  default_config.rpcs.decrypt.retry_policy = {
205
205
  initial_delay: 0.1,
206
- max_delay: 60.0,
207
- multiplier: 1.3,
208
- retry_codes: [13, 14, 4]
206
+ max_delay: 60.0,
207
+ multiplier: 1.3,
208
+ retry_codes: [14, 4]
209
209
  }
210
210
 
211
211
  default_config.rpcs.asymmetric_sign.timeout = 60.0
212
212
  default_config.rpcs.asymmetric_sign.retry_policy = {
213
213
  initial_delay: 0.1,
214
- max_delay: 60.0,
215
- multiplier: 1.3,
216
- retry_codes: [13, 14, 4]
214
+ max_delay: 60.0,
215
+ multiplier: 1.3,
216
+ retry_codes: [14, 4]
217
217
  }
218
218
 
219
219
  default_config.rpcs.asymmetric_decrypt.timeout = 60.0
220
220
  default_config.rpcs.asymmetric_decrypt.retry_policy = {
221
221
  initial_delay: 0.1,
222
- max_delay: 60.0,
223
- multiplier: 1.3,
224
- retry_codes: [13, 14, 4]
222
+ max_delay: 60.0,
223
+ multiplier: 1.3,
224
+ retry_codes: [14, 4]
225
225
  }
226
226
 
227
227
  default_config.rpcs.update_crypto_key_primary_version.timeout = 60.0
228
228
  default_config.rpcs.update_crypto_key_primary_version.retry_policy = {
229
229
  initial_delay: 0.1,
230
- max_delay: 60.0,
231
- multiplier: 1.3,
232
- retry_codes: [13, 14, 4]
230
+ max_delay: 60.0,
231
+ multiplier: 1.3,
232
+ retry_codes: [14, 4]
233
233
  }
234
234
 
235
235
  default_config.rpcs.destroy_crypto_key_version.timeout = 60.0
236
236
  default_config.rpcs.destroy_crypto_key_version.retry_policy = {
237
237
  initial_delay: 0.1,
238
- max_delay: 60.0,
239
- multiplier: 1.3,
240
- retry_codes: [13, 14, 4]
238
+ max_delay: 60.0,
239
+ multiplier: 1.3,
240
+ retry_codes: [14, 4]
241
241
  }
242
242
 
243
243
  default_config.rpcs.restore_crypto_key_version.timeout = 60.0
244
244
  default_config.rpcs.restore_crypto_key_version.retry_policy = {
245
245
  initial_delay: 0.1,
246
- max_delay: 60.0,
247
- multiplier: 1.3,
248
- retry_codes: [13, 14, 4]
246
+ max_delay: 60.0,
247
+ multiplier: 1.3,
248
+ retry_codes: [14, 4]
249
249
  }
250
250
 
251
251
  default_config
@@ -309,7 +309,13 @@ module Google
309
309
 
310
310
  # Create credentials
311
311
  credentials = @config.credentials
312
- credentials ||= Credentials.default scope: @config.scope
312
+ # Use self-signed JWT if the scope and endpoint are unchanged from default,
313
+ # but only if the default endpoint does not have a region prefix.
314
+ enable_self_signed_jwt = @config.scope == Client.configure.scope &&
315
+ @config.endpoint == Client.configure.endpoint &&
316
+ !@config.endpoint.split(".").first.include?("-")
317
+ credentials ||= Credentials.default scope: @config.scope,
318
+ enable_self_signed_jwt: enable_self_signed_jwt
313
319
  if credentials.is_a?(String) || credentials.is_a?(Hash)
314
320
  credentials = Credentials.new credentials, scope: @config.scope
315
321
  end
@@ -1572,7 +1578,7 @@ module Google
1572
1578
  # @param options [::Gapic::CallOptions, ::Hash]
1573
1579
  # Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
1574
1580
  #
1575
- # @overload encrypt(name: nil, plaintext: nil, additional_authenticated_data: nil)
1581
+ # @overload encrypt(name: nil, plaintext: nil, additional_authenticated_data: nil, plaintext_crc32c: nil, additional_authenticated_data_crc32c: nil)
1576
1582
  # Pass arguments to `encrypt` via keyword arguments. Note that at
1577
1583
  # least one keyword argument is required. To specify no parameters, or to keep all
1578
1584
  # the default parameter values, pass an empty Hash as a request object (see above).
@@ -1602,6 +1608,39 @@ module Google
1602
1608
  # 64KiB. For {::Google::Cloud::Kms::V1::ProtectionLevel::HSM HSM} keys, the combined length of the
1603
1609
  # plaintext and additional_authenticated_data fields must be no larger than
1604
1610
  # 8KiB.
1611
+ # @param plaintext_crc32c [::Google::Protobuf::Int64Value, ::Hash]
1612
+ # Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::EncryptRequest#plaintext EncryptRequest.plaintext}. If
1613
+ # specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the
1614
+ # received {::Google::Cloud::Kms::V1::EncryptRequest#plaintext EncryptRequest.plaintext} using this checksum.
1615
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
1616
+ # fails. If you receive a checksum error, your client should verify that
1617
+ # CRC32C({::Google::Cloud::Kms::V1::EncryptRequest#plaintext EncryptRequest.plaintext}) is equal to
1618
+ # {::Google::Cloud::Kms::V1::EncryptRequest#plaintext_crc32c EncryptRequest.plaintext_crc32c}, and if so, perform a limited number of
1619
+ # retries. A persistent mismatch may indicate an issue in your computation of
1620
+ # the CRC32C checksum.
1621
+ # Note: This field is defined as int64 for reasons of compatibility across
1622
+ # different languages. However, it is a non-negative integer, which will
1623
+ # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
1624
+ # that support this type.
1625
+ #
1626
+ # NOTE: This field is in Beta.
1627
+ # @param additional_authenticated_data_crc32c [::Google::Protobuf::Int64Value, ::Hash]
1628
+ # Optional. An optional CRC32C checksum of the
1629
+ # {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data EncryptRequest.additional_authenticated_data}. If specified,
1630
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the received
1631
+ # {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data EncryptRequest.additional_authenticated_data} using this checksum.
1632
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
1633
+ # fails. If you receive a checksum error, your client should verify that
1634
+ # CRC32C({::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data EncryptRequest.additional_authenticated_data}) is equal to
1635
+ # {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data_crc32c EncryptRequest.additional_authenticated_data_crc32c}, and if so, perform
1636
+ # a limited number of retries. A persistent mismatch may indicate an issue in
1637
+ # your computation of the CRC32C checksum.
1638
+ # Note: This field is defined as int64 for reasons of compatibility across
1639
+ # different languages. However, it is a non-negative integer, which will
1640
+ # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
1641
+ # that support this type.
1642
+ #
1643
+ # NOTE: This field is in Beta.
1605
1644
  #
1606
1645
  # @yield [response, operation] Access the result along with the RPC operation
1607
1646
  # @yieldparam response [::Google::Cloud::Kms::V1::EncryptResponse]
@@ -1662,7 +1701,7 @@ module Google
1662
1701
  # @param options [::Gapic::CallOptions, ::Hash]
1663
1702
  # Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
1664
1703
  #
1665
- # @overload decrypt(name: nil, ciphertext: nil, additional_authenticated_data: nil)
1704
+ # @overload decrypt(name: nil, ciphertext: nil, additional_authenticated_data: nil, ciphertext_crc32c: nil, additional_authenticated_data_crc32c: nil)
1666
1705
  # Pass arguments to `decrypt` via keyword arguments. Note that at
1667
1706
  # least one keyword argument is required. To specify no parameters, or to keep all
1668
1707
  # the default parameter values, pass an empty Hash as a request object (see above).
@@ -1676,6 +1715,39 @@ module Google
1676
1715
  # @param additional_authenticated_data [::String]
1677
1716
  # Optional. Optional data that must match the data originally supplied in
1678
1717
  # {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data EncryptRequest.additional_authenticated_data}.
1718
+ # @param ciphertext_crc32c [::Google::Protobuf::Int64Value, ::Hash]
1719
+ # Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::DecryptRequest#ciphertext DecryptRequest.ciphertext}. If
1720
+ # specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the
1721
+ # received {::Google::Cloud::Kms::V1::DecryptRequest#ciphertext DecryptRequest.ciphertext} using this checksum.
1722
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
1723
+ # fails. If you receive a checksum error, your client should verify that
1724
+ # CRC32C({::Google::Cloud::Kms::V1::DecryptRequest#ciphertext DecryptRequest.ciphertext}) is equal to
1725
+ # {::Google::Cloud::Kms::V1::DecryptRequest#ciphertext_crc32c DecryptRequest.ciphertext_crc32c}, and if so, perform a limited number
1726
+ # of retries. A persistent mismatch may indicate an issue in your computation
1727
+ # of the CRC32C checksum.
1728
+ # Note: This field is defined as int64 for reasons of compatibility across
1729
+ # different languages. However, it is a non-negative integer, which will
1730
+ # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
1731
+ # that support this type.
1732
+ #
1733
+ # NOTE: This field is in Beta.
1734
+ # @param additional_authenticated_data_crc32c [::Google::Protobuf::Int64Value, ::Hash]
1735
+ # Optional. An optional CRC32C checksum of the
1736
+ # {::Google::Cloud::Kms::V1::DecryptRequest#additional_authenticated_data DecryptRequest.additional_authenticated_data}. If specified,
1737
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the received
1738
+ # {::Google::Cloud::Kms::V1::DecryptRequest#additional_authenticated_data DecryptRequest.additional_authenticated_data} using this checksum.
1739
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
1740
+ # fails. If you receive a checksum error, your client should verify that
1741
+ # CRC32C({::Google::Cloud::Kms::V1::DecryptRequest#additional_authenticated_data DecryptRequest.additional_authenticated_data}) is equal to
1742
+ # {::Google::Cloud::Kms::V1::DecryptRequest#additional_authenticated_data_crc32c DecryptRequest.additional_authenticated_data_crc32c}, and if so, perform
1743
+ # a limited number of retries. A persistent mismatch may indicate an issue in
1744
+ # your computation of the CRC32C checksum.
1745
+ # Note: This field is defined as int64 for reasons of compatibility across
1746
+ # different languages. However, it is a non-negative integer, which will
1747
+ # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
1748
+ # that support this type.
1749
+ #
1750
+ # NOTE: This field is in Beta.
1679
1751
  #
1680
1752
  # @yield [response, operation] Access the result along with the RPC operation
1681
1753
  # @yieldparam response [::Google::Cloud::Kms::V1::DecryptResponse]
@@ -1737,7 +1809,7 @@ module Google
1737
1809
  # @param options [::Gapic::CallOptions, ::Hash]
1738
1810
  # Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
1739
1811
  #
1740
- # @overload asymmetric_sign(name: nil, digest: nil)
1812
+ # @overload asymmetric_sign(name: nil, digest: nil, digest_crc32c: nil)
1741
1813
  # Pass arguments to `asymmetric_sign` via keyword arguments. Note that at
1742
1814
  # least one keyword argument is required. To specify no parameters, or to keep all
1743
1815
  # the default parameter values, pass an empty Hash as a request object (see above).
@@ -1748,6 +1820,22 @@ module Google
1748
1820
  # Required. The digest of the data to sign. The digest must be produced with
1749
1821
  # the same digest algorithm as specified by the key version's
1750
1822
  # {::Google::Cloud::Kms::V1::CryptoKeyVersion#algorithm algorithm}.
1823
+ # @param digest_crc32c [::Google::Protobuf::Int64Value, ::Hash]
1824
+ # Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest AsymmetricSignRequest.digest}. If
1825
+ # specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the
1826
+ # received {::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest AsymmetricSignRequest.digest} using this checksum.
1827
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
1828
+ # fails. If you receive a checksum error, your client should verify that
1829
+ # CRC32C({::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest AsymmetricSignRequest.digest}) is equal to
1830
+ # {::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest_crc32c AsymmetricSignRequest.digest_crc32c}, and if so, perform a limited
1831
+ # number of retries. A persistent mismatch may indicate an issue in your
1832
+ # computation of the CRC32C checksum.
1833
+ # Note: This field is defined as int64 for reasons of compatibility across
1834
+ # different languages. However, it is a non-negative integer, which will
1835
+ # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
1836
+ # that support this type.
1837
+ #
1838
+ # NOTE: This field is in Beta.
1751
1839
  #
1752
1840
  # @yield [response, operation] Access the result along with the RPC operation
1753
1841
  # @yieldparam response [::Google::Cloud::Kms::V1::AsymmetricSignResponse]
@@ -1809,7 +1897,7 @@ module Google
1809
1897
  # @param options [::Gapic::CallOptions, ::Hash]
1810
1898
  # Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
1811
1899
  #
1812
- # @overload asymmetric_decrypt(name: nil, ciphertext: nil)
1900
+ # @overload asymmetric_decrypt(name: nil, ciphertext: nil, ciphertext_crc32c: nil)
1813
1901
  # Pass arguments to `asymmetric_decrypt` via keyword arguments. Note that at
1814
1902
  # least one keyword argument is required. To specify no parameters, or to keep all
1815
1903
  # the default parameter values, pass an empty Hash as a request object (see above).
@@ -1820,6 +1908,22 @@ module Google
1820
1908
  # @param ciphertext [::String]
1821
1909
  # Required. The data encrypted with the named {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}'s public
1822
1910
  # key using OAEP.
1911
+ # @param ciphertext_crc32c [::Google::Protobuf::Int64Value, ::Hash]
1912
+ # Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext AsymmetricDecryptRequest.ciphertext}.
1913
+ # If specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the
1914
+ # received {::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext AsymmetricDecryptRequest.ciphertext} using this checksum.
1915
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
1916
+ # fails. If you receive a checksum error, your client should verify that
1917
+ # CRC32C({::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext AsymmetricDecryptRequest.ciphertext}) is equal to
1918
+ # {::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext_crc32c AsymmetricDecryptRequest.ciphertext_crc32c}, and if so, perform a
1919
+ # limited number of retries. A persistent mismatch may indicate an issue in
1920
+ # your computation of the CRC32C checksum.
1921
+ # Note: This field is defined as int64 for reasons of compatibility across
1922
+ # different languages. However, it is a non-negative integer, which will
1923
+ # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
1924
+ # that support this type.
1925
+ #
1926
+ # NOTE: This field is in Beta.
1823
1927
  #
1824
1928
  # @yield [response, operation] Access the result along with the RPC operation
1825
1929
  # @yieldparam response [::Google::Cloud::Kms::V1::AsymmetricDecryptResponse]
@@ -2177,7 +2281,7 @@ module Google
2177
2281
  config_attr :scope, nil, ::String, ::Array, nil
2178
2282
  config_attr :lib_name, nil, ::String, nil
2179
2283
  config_attr :lib_version, nil, ::String, nil
2180
- config_attr(:channel_args, { "grpc.service_config_disable_resolution"=>1 }, ::Hash, nil)
2284
+ config_attr(:channel_args, { "grpc.service_config_disable_resolution" => 1 }, ::Hash, nil)
2181
2285
  config_attr :interceptors, nil, ::Array, nil
2182
2286
  config_attr :timeout, nil, ::Numeric, nil
2183
2287
  config_attr :metadata, nil, ::Hash, nil
@@ -2198,7 +2302,7 @@ module Google
2198
2302
  def rpcs
2199
2303
  @rpcs ||= begin
2200
2304
  parent_rpcs = nil
2201
- parent_rpcs = @parent_config.rpcs if defined?(@parent_config) && @parent_config&.respond_to?(:rpcs)
2305
+ parent_rpcs = @parent_config.rpcs if defined?(@parent_config) && @parent_config.respond_to?(:rpcs)
2202
2306
  Rpcs.new parent_rpcs
2203
2307
  end
2204
2308
  end
@@ -2210,7 +2314,7 @@ module Google
2210
2314
  # Each configuration object is of type `Gapic::Config::Method` and includes
2211
2315
  # the following configuration fields:
2212
2316
  #
2213
- # * `timeout` (*type:* `Numeric`) - The call timeout in milliseconds
2317
+ # * `timeout` (*type:* `Numeric`) - The call timeout in seconds
2214
2318
  # * `metadata` (*type:* `Hash{Symbol=>String}`) - Additional gRPC headers
2215
2319
  # * `retry_policy (*type:* `Hash`) - The retry policy. The policy fields
2216
2320
  # include the following keys:
@@ -2339,51 +2443,51 @@ module Google
2339
2443
 
2340
2444
  # @private
2341
2445
  def initialize parent_rpcs = nil
2342
- list_key_rings_config = parent_rpcs&.list_key_rings if parent_rpcs&.respond_to? :list_key_rings
2446
+ list_key_rings_config = parent_rpcs.list_key_rings if parent_rpcs.respond_to? :list_key_rings
2343
2447
  @list_key_rings = ::Gapic::Config::Method.new list_key_rings_config
2344
- list_crypto_keys_config = parent_rpcs&.list_crypto_keys if parent_rpcs&.respond_to? :list_crypto_keys
2448
+ list_crypto_keys_config = parent_rpcs.list_crypto_keys if parent_rpcs.respond_to? :list_crypto_keys
2345
2449
  @list_crypto_keys = ::Gapic::Config::Method.new list_crypto_keys_config
2346
- list_crypto_key_versions_config = parent_rpcs&.list_crypto_key_versions if parent_rpcs&.respond_to? :list_crypto_key_versions
2450
+ list_crypto_key_versions_config = parent_rpcs.list_crypto_key_versions if parent_rpcs.respond_to? :list_crypto_key_versions
2347
2451
  @list_crypto_key_versions = ::Gapic::Config::Method.new list_crypto_key_versions_config
2348
- list_import_jobs_config = parent_rpcs&.list_import_jobs if parent_rpcs&.respond_to? :list_import_jobs
2452
+ list_import_jobs_config = parent_rpcs.list_import_jobs if parent_rpcs.respond_to? :list_import_jobs
2349
2453
  @list_import_jobs = ::Gapic::Config::Method.new list_import_jobs_config
2350
- get_key_ring_config = parent_rpcs&.get_key_ring if parent_rpcs&.respond_to? :get_key_ring
2454
+ get_key_ring_config = parent_rpcs.get_key_ring if parent_rpcs.respond_to? :get_key_ring
2351
2455
  @get_key_ring = ::Gapic::Config::Method.new get_key_ring_config
2352
- get_crypto_key_config = parent_rpcs&.get_crypto_key if parent_rpcs&.respond_to? :get_crypto_key
2456
+ get_crypto_key_config = parent_rpcs.get_crypto_key if parent_rpcs.respond_to? :get_crypto_key
2353
2457
  @get_crypto_key = ::Gapic::Config::Method.new get_crypto_key_config
2354
- get_crypto_key_version_config = parent_rpcs&.get_crypto_key_version if parent_rpcs&.respond_to? :get_crypto_key_version
2458
+ get_crypto_key_version_config = parent_rpcs.get_crypto_key_version if parent_rpcs.respond_to? :get_crypto_key_version
2355
2459
  @get_crypto_key_version = ::Gapic::Config::Method.new get_crypto_key_version_config
2356
- get_public_key_config = parent_rpcs&.get_public_key if parent_rpcs&.respond_to? :get_public_key
2460
+ get_public_key_config = parent_rpcs.get_public_key if parent_rpcs.respond_to? :get_public_key
2357
2461
  @get_public_key = ::Gapic::Config::Method.new get_public_key_config
2358
- get_import_job_config = parent_rpcs&.get_import_job if parent_rpcs&.respond_to? :get_import_job
2462
+ get_import_job_config = parent_rpcs.get_import_job if parent_rpcs.respond_to? :get_import_job
2359
2463
  @get_import_job = ::Gapic::Config::Method.new get_import_job_config
2360
- create_key_ring_config = parent_rpcs&.create_key_ring if parent_rpcs&.respond_to? :create_key_ring
2464
+ create_key_ring_config = parent_rpcs.create_key_ring if parent_rpcs.respond_to? :create_key_ring
2361
2465
  @create_key_ring = ::Gapic::Config::Method.new create_key_ring_config
2362
- create_crypto_key_config = parent_rpcs&.create_crypto_key if parent_rpcs&.respond_to? :create_crypto_key
2466
+ create_crypto_key_config = parent_rpcs.create_crypto_key if parent_rpcs.respond_to? :create_crypto_key
2363
2467
  @create_crypto_key = ::Gapic::Config::Method.new create_crypto_key_config
2364
- create_crypto_key_version_config = parent_rpcs&.create_crypto_key_version if parent_rpcs&.respond_to? :create_crypto_key_version
2468
+ create_crypto_key_version_config = parent_rpcs.create_crypto_key_version if parent_rpcs.respond_to? :create_crypto_key_version
2365
2469
  @create_crypto_key_version = ::Gapic::Config::Method.new create_crypto_key_version_config
2366
- import_crypto_key_version_config = parent_rpcs&.import_crypto_key_version if parent_rpcs&.respond_to? :import_crypto_key_version
2470
+ import_crypto_key_version_config = parent_rpcs.import_crypto_key_version if parent_rpcs.respond_to? :import_crypto_key_version
2367
2471
  @import_crypto_key_version = ::Gapic::Config::Method.new import_crypto_key_version_config
2368
- create_import_job_config = parent_rpcs&.create_import_job if parent_rpcs&.respond_to? :create_import_job
2472
+ create_import_job_config = parent_rpcs.create_import_job if parent_rpcs.respond_to? :create_import_job
2369
2473
  @create_import_job = ::Gapic::Config::Method.new create_import_job_config
2370
- update_crypto_key_config = parent_rpcs&.update_crypto_key if parent_rpcs&.respond_to? :update_crypto_key
2474
+ update_crypto_key_config = parent_rpcs.update_crypto_key if parent_rpcs.respond_to? :update_crypto_key
2371
2475
  @update_crypto_key = ::Gapic::Config::Method.new update_crypto_key_config
2372
- update_crypto_key_version_config = parent_rpcs&.update_crypto_key_version if parent_rpcs&.respond_to? :update_crypto_key_version
2476
+ update_crypto_key_version_config = parent_rpcs.update_crypto_key_version if parent_rpcs.respond_to? :update_crypto_key_version
2373
2477
  @update_crypto_key_version = ::Gapic::Config::Method.new update_crypto_key_version_config
2374
- encrypt_config = parent_rpcs&.encrypt if parent_rpcs&.respond_to? :encrypt
2478
+ encrypt_config = parent_rpcs.encrypt if parent_rpcs.respond_to? :encrypt
2375
2479
  @encrypt = ::Gapic::Config::Method.new encrypt_config
2376
- decrypt_config = parent_rpcs&.decrypt if parent_rpcs&.respond_to? :decrypt
2480
+ decrypt_config = parent_rpcs.decrypt if parent_rpcs.respond_to? :decrypt
2377
2481
  @decrypt = ::Gapic::Config::Method.new decrypt_config
2378
- asymmetric_sign_config = parent_rpcs&.asymmetric_sign if parent_rpcs&.respond_to? :asymmetric_sign
2482
+ asymmetric_sign_config = parent_rpcs.asymmetric_sign if parent_rpcs.respond_to? :asymmetric_sign
2379
2483
  @asymmetric_sign = ::Gapic::Config::Method.new asymmetric_sign_config
2380
- asymmetric_decrypt_config = parent_rpcs&.asymmetric_decrypt if parent_rpcs&.respond_to? :asymmetric_decrypt
2484
+ asymmetric_decrypt_config = parent_rpcs.asymmetric_decrypt if parent_rpcs.respond_to? :asymmetric_decrypt
2381
2485
  @asymmetric_decrypt = ::Gapic::Config::Method.new asymmetric_decrypt_config
2382
- update_crypto_key_primary_version_config = parent_rpcs&.update_crypto_key_primary_version if parent_rpcs&.respond_to? :update_crypto_key_primary_version
2486
+ update_crypto_key_primary_version_config = parent_rpcs.update_crypto_key_primary_version if parent_rpcs.respond_to? :update_crypto_key_primary_version
2383
2487
  @update_crypto_key_primary_version = ::Gapic::Config::Method.new update_crypto_key_primary_version_config
2384
- destroy_crypto_key_version_config = parent_rpcs&.destroy_crypto_key_version if parent_rpcs&.respond_to? :destroy_crypto_key_version
2488
+ destroy_crypto_key_version_config = parent_rpcs.destroy_crypto_key_version if parent_rpcs.respond_to? :destroy_crypto_key_version
2385
2489
  @destroy_crypto_key_version = ::Gapic::Config::Method.new destroy_crypto_key_version_config
2386
- restore_crypto_key_version_config = parent_rpcs&.restore_crypto_key_version if parent_rpcs&.respond_to? :restore_crypto_key_version
2490
+ restore_crypto_key_version_config = parent_rpcs.restore_crypto_key_version if parent_rpcs.respond_to? :restore_crypto_key_version
2387
2491
  @restore_crypto_key_version = ::Gapic::Config::Method.new restore_crypto_key_version_config
2388
2492
 
2389
2493
  yield self if block_given?