google-cloud-kms-v1 0.2.4 → 0.5.0

data/lib/google/cloud/kms/v1.rb

@@ -34,3 +34,6 @@ module Google
     end
   end
 end
+
+helper_path = ::File.join __dir__, "v1", "_helpers.rb"
+require "google/cloud/kms/v1/_helpers" if ::File.file? helper_path

data/lib/google/cloud/kms/v1/iam_policy/client.rb

@@ -82,7 +82,7 @@ module Google
                 parent_config = while namespace.any?
                                   parent_name = namespace.join "::"
                                   parent_const = const_get parent_name
-                                  break parent_const.configure if parent_const&.respond_to? :configure
+                                  break parent_const.configure if parent_const.respond_to? :configure
                                   namespace.pop
                                 end
                 default_config = Client::Configuration.new parent_config
@@ -148,7 +148,13 @@ module Google
 
               # Create credentials
               credentials = @config.credentials
-              credentials ||= Credentials.default scope: @config.scope
+              # Use self-signed JWT if the scope and endpoint are unchanged from default,
+              # but only if the default endpoint does not have a region prefix.
+              enable_self_signed_jwt = @config.scope == Client.configure.scope &&
+                                       @config.endpoint == Client.configure.endpoint &&
+                                       !@config.endpoint.split(".").first.include?("-")
+              credentials ||= Credentials.default scope: @config.scope,
+                                                  enable_self_signed_jwt: enable_self_signed_jwt
               if credentials.is_a?(String) || credentials.is_a?(Hash)
                 credentials = Credentials.new credentials, scope: @config.scope
               end
@@ -481,7 +487,7 @@ module Google
               config_attr :scope,         nil, ::String, ::Array, nil
               config_attr :lib_name,      nil, ::String, nil
               config_attr :lib_version,   nil, ::String, nil
-              config_attr(:channel_args,  { "grpc.service_config_disable_resolution"=>1 }, ::Hash, nil)
+              config_attr(:channel_args,  { "grpc.service_config_disable_resolution" => 1 }, ::Hash, nil)
               config_attr :interceptors,  nil, ::Array, nil
               config_attr :timeout,       nil, ::Numeric, nil
               config_attr :metadata,      nil, ::Hash, nil
@@ -502,7 +508,7 @@ module Google
               def rpcs
                 @rpcs ||= begin
                   parent_rpcs = nil
-                  parent_rpcs = @parent_config.rpcs if defined?(@parent_config) && @parent_config&.respond_to?(:rpcs)
+                  parent_rpcs = @parent_config.rpcs if defined?(@parent_config) && @parent_config.respond_to?(:rpcs)
                   Rpcs.new parent_rpcs
                 end
               end
@@ -514,7 +520,7 @@ module Google
               # Each configuration object is of type `Gapic::Config::Method` and includes
               # the following configuration fields:
               #
-              #  *  `timeout` (*type:* `Numeric`) - The call timeout in milliseconds
+              #  *  `timeout` (*type:* `Numeric`) - The call timeout in seconds
               #  *  `metadata` (*type:* `Hash{Symbol=>String}`) - Additional gRPC headers
               #  *  `retry_policy (*type:* `Hash`) - The retry policy. The policy fields
               #     include the following keys:
@@ -543,11 +549,11 @@ module Google
 
                 # @private
                 def initialize parent_rpcs = nil
-                  set_iam_policy_config = parent_rpcs&.set_iam_policy if parent_rpcs&.respond_to? :set_iam_policy
+                  set_iam_policy_config = parent_rpcs.set_iam_policy if parent_rpcs.respond_to? :set_iam_policy
                   @set_iam_policy = ::Gapic::Config::Method.new set_iam_policy_config
-                  get_iam_policy_config = parent_rpcs&.get_iam_policy if parent_rpcs&.respond_to? :get_iam_policy
+                  get_iam_policy_config = parent_rpcs.get_iam_policy if parent_rpcs.respond_to? :get_iam_policy
                   @get_iam_policy = ::Gapic::Config::Method.new get_iam_policy_config
-                  test_iam_permissions_config = parent_rpcs&.test_iam_permissions if parent_rpcs&.respond_to? :test_iam_permissions
+                  test_iam_permissions_config = parent_rpcs.test_iam_permissions if parent_rpcs.respond_to? :test_iam_permissions
                   @test_iam_permissions = ::Gapic::Config::Method.new test_iam_permissions_config
 
                   yield self if block_given?

data/lib/google/cloud/kms/v1/key_management_service/client.rb

@@ -71,7 +71,7 @@ module Google
                 parent_config = while namespace.any?
                                   parent_name = namespace.join "::"
                                   parent_const = const_get parent_name
-                                  break parent_const.configure if parent_const&.respond_to? :configure
+                                  break parent_const.configure if parent_const.respond_to? :configure
                                   namespace.pop
                                 end
                 default_config = Client::Configuration.new parent_config
@@ -79,89 +79,89 @@ module Google
                 default_config.rpcs.list_key_rings.timeout = 60.0
                 default_config.rpcs.list_key_rings.retry_policy = {
                   initial_delay: 0.1,
-                  max_delay:     60.0,
-                  multiplier:    1.3,
-                  retry_codes:   [13, 14, 4]
+              max_delay: 60.0,
+              multiplier: 1.3,
+              retry_codes: [14, 4]
                 }
 
                 default_config.rpcs.list_crypto_keys.timeout = 60.0
                 default_config.rpcs.list_crypto_keys.retry_policy = {
                   initial_delay: 0.1,
-                  max_delay:     60.0,
-                  multiplier:    1.3,
-                  retry_codes:   [13, 14, 4]
+              max_delay: 60.0,
+              multiplier: 1.3,
+              retry_codes: [14, 4]
                 }
 
                 default_config.rpcs.list_crypto_key_versions.timeout = 60.0
                 default_config.rpcs.list_crypto_key_versions.retry_policy = {
                   initial_delay: 0.1,
-                  max_delay:     60.0,
-                  multiplier:    1.3,
-                  retry_codes:   [13, 14, 4]
+              max_delay: 60.0,
+              multiplier: 1.3,
+              retry_codes: [14, 4]
                 }
 
                 default_config.rpcs.list_import_jobs.timeout = 60.0
                 default_config.rpcs.list_import_jobs.retry_policy = {
                   initial_delay: 0.1,
-                  max_delay:     60.0,
-                  multiplier:    1.3,
-                  retry_codes:   [13, 14, 4]
+              max_delay: 60.0,
+              multiplier: 1.3,
+              retry_codes: [14, 4]
                 }
 
                 default_config.rpcs.get_key_ring.timeout = 60.0
                 default_config.rpcs.get_key_ring.retry_policy = {
                   initial_delay: 0.1,
-                  max_delay:     60.0,
-                  multiplier:    1.3,
-                  retry_codes:   [13, 14, 4]
+              max_delay: 60.0,
+              multiplier: 1.3,
+              retry_codes: [14, 4]
                 }
 
                 default_config.rpcs.get_crypto_key.timeout = 60.0
                 default_config.rpcs.get_crypto_key.retry_policy = {
                   initial_delay: 0.1,
-                  max_delay:     60.0,
-                  multiplier:    1.3,
-                  retry_codes:   [13, 14, 4]
+              max_delay: 60.0,
+              multiplier: 1.3,
+              retry_codes: [14, 4]
                 }
 
                 default_config.rpcs.get_crypto_key_version.timeout = 60.0
                 default_config.rpcs.get_crypto_key_version.retry_policy = {
                   initial_delay: 0.1,
-                  max_delay:     60.0,
-                  multiplier:    1.3,
-                  retry_codes:   [13, 14, 4]
+              max_delay: 60.0,
+              multiplier: 1.3,
+              retry_codes: [14, 4]
                 }
 
                 default_config.rpcs.get_public_key.timeout = 60.0
                 default_config.rpcs.get_public_key.retry_policy = {
                   initial_delay: 0.1,
-                  max_delay:     60.0,
-                  multiplier:    1.3,
-                  retry_codes:   [13, 14, 4]
+              max_delay: 60.0,
+              multiplier: 1.3,
+              retry_codes: [14, 4]
                 }
 
                 default_config.rpcs.get_import_job.timeout = 60.0
                 default_config.rpcs.get_import_job.retry_policy = {
                   initial_delay: 0.1,
-                  max_delay:     60.0,
-                  multiplier:    1.3,
-                  retry_codes:   [13, 14, 4]
+              max_delay: 60.0,
+              multiplier: 1.3,
+              retry_codes: [14, 4]
                 }
 
                 default_config.rpcs.create_key_ring.timeout = 60.0
                 default_config.rpcs.create_key_ring.retry_policy = {
                   initial_delay: 0.1,
-                  max_delay:     60.0,
-                  multiplier:    1.3,
-                  retry_codes:   [13, 14, 4]
+              max_delay: 60.0,
+              multiplier: 1.3,
+              retry_codes: [14, 4]
                 }
 
                 default_config.rpcs.create_crypto_key.timeout = 60.0
                 default_config.rpcs.create_crypto_key.retry_policy = {
                   initial_delay: 0.1,
-                  max_delay:     60.0,
-                  multiplier:    1.3,
-                  retry_codes:   [13, 14, 4]
+              max_delay: 60.0,
+              multiplier: 1.3,
+              retry_codes: [14, 4]
                 }
 
                 default_config.rpcs.create_crypto_key_version.timeout = 60.0
@@ -171,81 +171,81 @@ module Google
                 default_config.rpcs.create_import_job.timeout = 60.0
                 default_config.rpcs.create_import_job.retry_policy = {
                   initial_delay: 0.1,
-                  max_delay:     60.0,
-                  multiplier:    1.3,
-                  retry_codes:   [13, 14, 4]
+              max_delay: 60.0,
+              multiplier: 1.3,
+              retry_codes: [14, 4]
                 }
 
                 default_config.rpcs.update_crypto_key.timeout = 60.0
                 default_config.rpcs.update_crypto_key.retry_policy = {
                   initial_delay: 0.1,
-                  max_delay:     60.0,
-                  multiplier:    1.3,
-                  retry_codes:   [13, 14, 4]
+              max_delay: 60.0,
+              multiplier: 1.3,
+              retry_codes: [14, 4]
                 }
 
                 default_config.rpcs.update_crypto_key_version.timeout = 60.0
                 default_config.rpcs.update_crypto_key_version.retry_policy = {
                   initial_delay: 0.1,
-                  max_delay:     60.0,
-                  multiplier:    1.3,
-                  retry_codes:   [13, 14, 4]
+              max_delay: 60.0,
+              multiplier: 1.3,
+              retry_codes: [14, 4]
                 }
 
                 default_config.rpcs.encrypt.timeout = 60.0
                 default_config.rpcs.encrypt.retry_policy = {
                   initial_delay: 0.1,
-                  max_delay:     60.0,
-                  multiplier:    1.3,
-                  retry_codes:   [13, 14, 4]
+              max_delay: 60.0,
+              multiplier: 1.3,
+              retry_codes: [14, 4]
                 }
 
                 default_config.rpcs.decrypt.timeout = 60.0
                 default_config.rpcs.decrypt.retry_policy = {
                   initial_delay: 0.1,
-                  max_delay:     60.0,
-                  multiplier:    1.3,
-                  retry_codes:   [13, 14, 4]
+              max_delay: 60.0,
+              multiplier: 1.3,
+              retry_codes: [14, 4]
                 }
 
                 default_config.rpcs.asymmetric_sign.timeout = 60.0
                 default_config.rpcs.asymmetric_sign.retry_policy = {
                   initial_delay: 0.1,
-                  max_delay:     60.0,
-                  multiplier:    1.3,
-                  retry_codes:   [13, 14, 4]
+              max_delay: 60.0,
+              multiplier: 1.3,
+              retry_codes: [14, 4]
                 }
 
                 default_config.rpcs.asymmetric_decrypt.timeout = 60.0
                 default_config.rpcs.asymmetric_decrypt.retry_policy = {
                   initial_delay: 0.1,
-                  max_delay:     60.0,
-                  multiplier:    1.3,
-                  retry_codes:   [13, 14, 4]
+              max_delay: 60.0,
+              multiplier: 1.3,
+              retry_codes: [14, 4]
                 }
 
                 default_config.rpcs.update_crypto_key_primary_version.timeout = 60.0
                 default_config.rpcs.update_crypto_key_primary_version.retry_policy = {
                   initial_delay: 0.1,
-                  max_delay:     60.0,
-                  multiplier:    1.3,
-                  retry_codes:   [13, 14, 4]
+              max_delay: 60.0,
+              multiplier: 1.3,
+              retry_codes: [14, 4]
                 }
 
                 default_config.rpcs.destroy_crypto_key_version.timeout = 60.0
                 default_config.rpcs.destroy_crypto_key_version.retry_policy = {
                   initial_delay: 0.1,
-                  max_delay:     60.0,
-                  multiplier:    1.3,
-                  retry_codes:   [13, 14, 4]
+              max_delay: 60.0,
+              multiplier: 1.3,
+              retry_codes: [14, 4]
                 }
 
                 default_config.rpcs.restore_crypto_key_version.timeout = 60.0
                 default_config.rpcs.restore_crypto_key_version.retry_policy = {
                   initial_delay: 0.1,
-                  max_delay:     60.0,
-                  multiplier:    1.3,
-                  retry_codes:   [13, 14, 4]
+              max_delay: 60.0,
+              multiplier: 1.3,
+              retry_codes: [14, 4]
                 }
 
                 default_config
@@ -309,7 +309,13 @@ module Google
 
               # Create credentials
               credentials = @config.credentials
-              credentials ||= Credentials.default scope: @config.scope
+              # Use self-signed JWT if the scope and endpoint are unchanged from default,
+              # but only if the default endpoint does not have a region prefix.
+              enable_self_signed_jwt = @config.scope == Client.configure.scope &&
+                                       @config.endpoint == Client.configure.endpoint &&
+                                       !@config.endpoint.split(".").first.include?("-")
+              credentials ||= Credentials.default scope: @config.scope,
+                                                  enable_self_signed_jwt: enable_self_signed_jwt
               if credentials.is_a?(String) || credentials.is_a?(Hash)
                 credentials = Credentials.new credentials, scope: @config.scope
               end
@@ -1572,7 +1578,7 @@ module Google
             #   @param options [::Gapic::CallOptions, ::Hash]
             #     Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
             #
-            # @overload encrypt(name: nil, plaintext: nil, additional_authenticated_data: nil)
+            # @overload encrypt(name: nil, plaintext: nil, additional_authenticated_data: nil, plaintext_crc32c: nil, additional_authenticated_data_crc32c: nil)
             #   Pass arguments to `encrypt` via keyword arguments. Note that at
             #   least one keyword argument is required. To specify no parameters, or to keep all
             #   the default parameter values, pass an empty Hash as a request object (see above).
@@ -1602,6 +1608,39 @@ module Google
             #     64KiB. For {::Google::Cloud::Kms::V1::ProtectionLevel::HSM HSM} keys, the combined length of the
             #     plaintext and additional_authenticated_data fields must be no larger than
             #     8KiB.
+            #   @param plaintext_crc32c [::Google::Protobuf::Int64Value, ::Hash]
+            #     Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::EncryptRequest#plaintext EncryptRequest.plaintext}. If
+            #     specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the
+            #     received {::Google::Cloud::Kms::V1::EncryptRequest#plaintext EncryptRequest.plaintext} using this checksum.
+            #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
+            #     fails. If you receive a checksum error, your client should verify that
+            #     CRC32C({::Google::Cloud::Kms::V1::EncryptRequest#plaintext EncryptRequest.plaintext}) is equal to
+            #     {::Google::Cloud::Kms::V1::EncryptRequest#plaintext_crc32c EncryptRequest.plaintext_crc32c}, and if so, perform a limited number of
+            #     retries. A persistent mismatch may indicate an issue in your computation of
+            #     the CRC32C checksum.
+            #     Note: This field is defined as int64 for reasons of compatibility across
+            #     different languages. However, it is a non-negative integer, which will
+            #     never exceed 2^32-1, and can be safely downconverted to uint32 in languages
+            #     that support this type.
+            #
+            #     NOTE: This field is in Beta.
+            #   @param additional_authenticated_data_crc32c [::Google::Protobuf::Int64Value, ::Hash]
+            #     Optional. An optional CRC32C checksum of the
+            #     {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data EncryptRequest.additional_authenticated_data}. If specified,
+            #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the received
+            #     {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data EncryptRequest.additional_authenticated_data} using this checksum.
+            #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
+            #     fails. If you receive a checksum error, your client should verify that
+            #     CRC32C({::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data EncryptRequest.additional_authenticated_data}) is equal to
+            #     {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data_crc32c EncryptRequest.additional_authenticated_data_crc32c}, and if so, perform
+            #     a limited number of retries. A persistent mismatch may indicate an issue in
+            #     your computation of the CRC32C checksum.
+            #     Note: This field is defined as int64 for reasons of compatibility across
+            #     different languages. However, it is a non-negative integer, which will
+            #     never exceed 2^32-1, and can be safely downconverted to uint32 in languages
+            #     that support this type.
+            #
+            #     NOTE: This field is in Beta.
             #
             # @yield [response, operation] Access the result along with the RPC operation
             # @yieldparam response [::Google::Cloud::Kms::V1::EncryptResponse]
@@ -1662,7 +1701,7 @@ module Google
             #   @param options [::Gapic::CallOptions, ::Hash]
             #     Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
             #
-            # @overload decrypt(name: nil, ciphertext: nil, additional_authenticated_data: nil)
+            # @overload decrypt(name: nil, ciphertext: nil, additional_authenticated_data: nil, ciphertext_crc32c: nil, additional_authenticated_data_crc32c: nil)
             #   Pass arguments to `decrypt` via keyword arguments. Note that at
             #   least one keyword argument is required. To specify no parameters, or to keep all
             #   the default parameter values, pass an empty Hash as a request object (see above).
@@ -1676,6 +1715,39 @@ module Google
             #   @param additional_authenticated_data [::String]
             #     Optional. Optional data that must match the data originally supplied in
             #     {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data EncryptRequest.additional_authenticated_data}.
+            #   @param ciphertext_crc32c [::Google::Protobuf::Int64Value, ::Hash]
+            #     Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::DecryptRequest#ciphertext DecryptRequest.ciphertext}. If
+            #     specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the
+            #     received {::Google::Cloud::Kms::V1::DecryptRequest#ciphertext DecryptRequest.ciphertext} using this checksum.
+            #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
+            #     fails. If you receive a checksum error, your client should verify that
+            #     CRC32C({::Google::Cloud::Kms::V1::DecryptRequest#ciphertext DecryptRequest.ciphertext}) is equal to
+            #     {::Google::Cloud::Kms::V1::DecryptRequest#ciphertext_crc32c DecryptRequest.ciphertext_crc32c}, and if so, perform a limited number
+            #     of retries. A persistent mismatch may indicate an issue in your computation
+            #     of the CRC32C checksum.
+            #     Note: This field is defined as int64 for reasons of compatibility across
+            #     different languages. However, it is a non-negative integer, which will
+            #     never exceed 2^32-1, and can be safely downconverted to uint32 in languages
+            #     that support this type.
+            #
+            #     NOTE: This field is in Beta.
+            #   @param additional_authenticated_data_crc32c [::Google::Protobuf::Int64Value, ::Hash]
+            #     Optional. An optional CRC32C checksum of the
+            #     {::Google::Cloud::Kms::V1::DecryptRequest#additional_authenticated_data DecryptRequest.additional_authenticated_data}. If specified,
+            #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the received
+            #     {::Google::Cloud::Kms::V1::DecryptRequest#additional_authenticated_data DecryptRequest.additional_authenticated_data} using this checksum.
+            #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
+            #     fails. If you receive a checksum error, your client should verify that
+            #     CRC32C({::Google::Cloud::Kms::V1::DecryptRequest#additional_authenticated_data DecryptRequest.additional_authenticated_data}) is equal to
+            #     {::Google::Cloud::Kms::V1::DecryptRequest#additional_authenticated_data_crc32c DecryptRequest.additional_authenticated_data_crc32c}, and if so, perform
+            #     a limited number of retries. A persistent mismatch may indicate an issue in
+            #     your computation of the CRC32C checksum.
+            #     Note: This field is defined as int64 for reasons of compatibility across
+            #     different languages. However, it is a non-negative integer, which will
+            #     never exceed 2^32-1, and can be safely downconverted to uint32 in languages
+            #     that support this type.
+            #
+            #     NOTE: This field is in Beta.
             #
             # @yield [response, operation] Access the result along with the RPC operation
             # @yieldparam response [::Google::Cloud::Kms::V1::DecryptResponse]
@@ -1737,7 +1809,7 @@ module Google
             #   @param options [::Gapic::CallOptions, ::Hash]
             #     Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
             #
-            # @overload asymmetric_sign(name: nil, digest: nil)
+            # @overload asymmetric_sign(name: nil, digest: nil, digest_crc32c: nil)
             #   Pass arguments to `asymmetric_sign` via keyword arguments. Note that at
             #   least one keyword argument is required. To specify no parameters, or to keep all
             #   the default parameter values, pass an empty Hash as a request object (see above).
@@ -1748,6 +1820,22 @@ module Google
             #     Required. The digest of the data to sign. The digest must be produced with
             #     the same digest algorithm as specified by the key version's
             #     {::Google::Cloud::Kms::V1::CryptoKeyVersion#algorithm algorithm}.
+            #   @param digest_crc32c [::Google::Protobuf::Int64Value, ::Hash]
+            #     Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest AsymmetricSignRequest.digest}. If
+            #     specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the
+            #     received {::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest AsymmetricSignRequest.digest} using this checksum.
+            #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
+            #     fails. If you receive a checksum error, your client should verify that
+            #     CRC32C({::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest AsymmetricSignRequest.digest}) is equal to
+            #     {::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest_crc32c AsymmetricSignRequest.digest_crc32c}, and if so, perform a limited
+            #     number of retries. A persistent mismatch may indicate an issue in your
+            #     computation of the CRC32C checksum.
+            #     Note: This field is defined as int64 for reasons of compatibility across
+            #     different languages. However, it is a non-negative integer, which will
+            #     never exceed 2^32-1, and can be safely downconverted to uint32 in languages
+            #     that support this type.
+            #
+            #     NOTE: This field is in Beta.
             #
             # @yield [response, operation] Access the result along with the RPC operation
             # @yieldparam response [::Google::Cloud::Kms::V1::AsymmetricSignResponse]
@@ -1809,7 +1897,7 @@ module Google
             #   @param options [::Gapic::CallOptions, ::Hash]
             #     Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
             #
-            # @overload asymmetric_decrypt(name: nil, ciphertext: nil)
+            # @overload asymmetric_decrypt(name: nil, ciphertext: nil, ciphertext_crc32c: nil)
             #   Pass arguments to `asymmetric_decrypt` via keyword arguments. Note that at
             #   least one keyword argument is required. To specify no parameters, or to keep all
             #   the default parameter values, pass an empty Hash as a request object (see above).
@@ -1820,6 +1908,22 @@ module Google
             #   @param ciphertext [::String]
             #     Required. The data encrypted with the named {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}'s public
             #     key using OAEP.
+            #   @param ciphertext_crc32c [::Google::Protobuf::Int64Value, ::Hash]
+            #     Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext AsymmetricDecryptRequest.ciphertext}.
+            #     If specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the
+            #     received {::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext AsymmetricDecryptRequest.ciphertext} using this checksum.
+            #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
+            #     fails. If you receive a checksum error, your client should verify that
+            #     CRC32C({::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext AsymmetricDecryptRequest.ciphertext}) is equal to
+            #     {::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext_crc32c AsymmetricDecryptRequest.ciphertext_crc32c}, and if so, perform a
+            #     limited number of retries. A persistent mismatch may indicate an issue in
+            #     your computation of the CRC32C checksum.
+            #     Note: This field is defined as int64 for reasons of compatibility across
+            #     different languages. However, it is a non-negative integer, which will
+            #     never exceed 2^32-1, and can be safely downconverted to uint32 in languages
+            #     that support this type.
+            #
+            #     NOTE: This field is in Beta.
             #
             # @yield [response, operation] Access the result along with the RPC operation
             # @yieldparam response [::Google::Cloud::Kms::V1::AsymmetricDecryptResponse]
@@ -2177,7 +2281,7 @@ module Google
               config_attr :scope,         nil, ::String, ::Array, nil
               config_attr :lib_name,      nil, ::String, nil
               config_attr :lib_version,   nil, ::String, nil
-              config_attr(:channel_args,  { "grpc.service_config_disable_resolution"=>1 }, ::Hash, nil)
+              config_attr(:channel_args,  { "grpc.service_config_disable_resolution" => 1 }, ::Hash, nil)
               config_attr :interceptors,  nil, ::Array, nil
               config_attr :timeout,       nil, ::Numeric, nil
               config_attr :metadata,      nil, ::Hash, nil
@@ -2198,7 +2302,7 @@ module Google
               def rpcs
                 @rpcs ||= begin
                   parent_rpcs = nil
-                  parent_rpcs = @parent_config.rpcs if defined?(@parent_config) && @parent_config&.respond_to?(:rpcs)
+                  parent_rpcs = @parent_config.rpcs if defined?(@parent_config) && @parent_config.respond_to?(:rpcs)
                   Rpcs.new parent_rpcs
                 end
               end
@@ -2210,7 +2314,7 @@ module Google
               # Each configuration object is of type `Gapic::Config::Method` and includes
               # the following configuration fields:
               #
-              #  *  `timeout` (*type:* `Numeric`) - The call timeout in milliseconds
+              #  *  `timeout` (*type:* `Numeric`) - The call timeout in seconds
               #  *  `metadata` (*type:* `Hash{Symbol=>String}`) - Additional gRPC headers
               #  *  `retry_policy (*type:* `Hash`) - The retry policy. The policy fields
               #     include the following keys:
@@ -2339,51 +2443,51 @@ module Google
 
                 # @private
                 def initialize parent_rpcs = nil
-                  list_key_rings_config = parent_rpcs&.list_key_rings if parent_rpcs&.respond_to? :list_key_rings
+                  list_key_rings_config = parent_rpcs.list_key_rings if parent_rpcs.respond_to? :list_key_rings
                   @list_key_rings = ::Gapic::Config::Method.new list_key_rings_config
-                  list_crypto_keys_config = parent_rpcs&.list_crypto_keys if parent_rpcs&.respond_to? :list_crypto_keys
+                  list_crypto_keys_config = parent_rpcs.list_crypto_keys if parent_rpcs.respond_to? :list_crypto_keys
                   @list_crypto_keys = ::Gapic::Config::Method.new list_crypto_keys_config
-                  list_crypto_key_versions_config = parent_rpcs&.list_crypto_key_versions if parent_rpcs&.respond_to? :list_crypto_key_versions
+                  list_crypto_key_versions_config = parent_rpcs.list_crypto_key_versions if parent_rpcs.respond_to? :list_crypto_key_versions
                   @list_crypto_key_versions = ::Gapic::Config::Method.new list_crypto_key_versions_config
-                  list_import_jobs_config = parent_rpcs&.list_import_jobs if parent_rpcs&.respond_to? :list_import_jobs
+                  list_import_jobs_config = parent_rpcs.list_import_jobs if parent_rpcs.respond_to? :list_import_jobs
                   @list_import_jobs = ::Gapic::Config::Method.new list_import_jobs_config
-                  get_key_ring_config = parent_rpcs&.get_key_ring if parent_rpcs&.respond_to? :get_key_ring
+                  get_key_ring_config = parent_rpcs.get_key_ring if parent_rpcs.respond_to? :get_key_ring
                   @get_key_ring = ::Gapic::Config::Method.new get_key_ring_config
-                  get_crypto_key_config = parent_rpcs&.get_crypto_key if parent_rpcs&.respond_to? :get_crypto_key
+                  get_crypto_key_config = parent_rpcs.get_crypto_key if parent_rpcs.respond_to? :get_crypto_key
                   @get_crypto_key = ::Gapic::Config::Method.new get_crypto_key_config
-                  get_crypto_key_version_config = parent_rpcs&.get_crypto_key_version if parent_rpcs&.respond_to? :get_crypto_key_version
+                  get_crypto_key_version_config = parent_rpcs.get_crypto_key_version if parent_rpcs.respond_to? :get_crypto_key_version
                   @get_crypto_key_version = ::Gapic::Config::Method.new get_crypto_key_version_config
-                  get_public_key_config = parent_rpcs&.get_public_key if parent_rpcs&.respond_to? :get_public_key
+                  get_public_key_config = parent_rpcs.get_public_key if parent_rpcs.respond_to? :get_public_key
                   @get_public_key = ::Gapic::Config::Method.new get_public_key_config
-                  get_import_job_config = parent_rpcs&.get_import_job if parent_rpcs&.respond_to? :get_import_job
+                  get_import_job_config = parent_rpcs.get_import_job if parent_rpcs.respond_to? :get_import_job
                   @get_import_job = ::Gapic::Config::Method.new get_import_job_config
-                  create_key_ring_config = parent_rpcs&.create_key_ring if parent_rpcs&.respond_to? :create_key_ring
+                  create_key_ring_config = parent_rpcs.create_key_ring if parent_rpcs.respond_to? :create_key_ring
                   @create_key_ring = ::Gapic::Config::Method.new create_key_ring_config
-                  create_crypto_key_config = parent_rpcs&.create_crypto_key if parent_rpcs&.respond_to? :create_crypto_key
+                  create_crypto_key_config = parent_rpcs.create_crypto_key if parent_rpcs.respond_to? :create_crypto_key
                   @create_crypto_key = ::Gapic::Config::Method.new create_crypto_key_config
-                  create_crypto_key_version_config = parent_rpcs&.create_crypto_key_version if parent_rpcs&.respond_to? :create_crypto_key_version
+                  create_crypto_key_version_config = parent_rpcs.create_crypto_key_version if parent_rpcs.respond_to? :create_crypto_key_version
                   @create_crypto_key_version = ::Gapic::Config::Method.new create_crypto_key_version_config
-                  import_crypto_key_version_config = parent_rpcs&.import_crypto_key_version if parent_rpcs&.respond_to? :import_crypto_key_version
+                  import_crypto_key_version_config = parent_rpcs.import_crypto_key_version if parent_rpcs.respond_to? :import_crypto_key_version
                   @import_crypto_key_version = ::Gapic::Config::Method.new import_crypto_key_version_config
-                  create_import_job_config = parent_rpcs&.create_import_job if parent_rpcs&.respond_to? :create_import_job
+                  create_import_job_config = parent_rpcs.create_import_job if parent_rpcs.respond_to? :create_import_job
                   @create_import_job = ::Gapic::Config::Method.new create_import_job_config
-                  update_crypto_key_config = parent_rpcs&.update_crypto_key if parent_rpcs&.respond_to? :update_crypto_key
+                  update_crypto_key_config = parent_rpcs.update_crypto_key if parent_rpcs.respond_to? :update_crypto_key
                   @update_crypto_key = ::Gapic::Config::Method.new update_crypto_key_config
-                  update_crypto_key_version_config = parent_rpcs&.update_crypto_key_version if parent_rpcs&.respond_to? :update_crypto_key_version
+                  update_crypto_key_version_config = parent_rpcs.update_crypto_key_version if parent_rpcs.respond_to? :update_crypto_key_version
                   @update_crypto_key_version = ::Gapic::Config::Method.new update_crypto_key_version_config
-                  encrypt_config = parent_rpcs&.encrypt if parent_rpcs&.respond_to? :encrypt
+                  encrypt_config = parent_rpcs.encrypt if parent_rpcs.respond_to? :encrypt
                   @encrypt = ::Gapic::Config::Method.new encrypt_config
-                  decrypt_config = parent_rpcs&.decrypt if parent_rpcs&.respond_to? :decrypt
+                  decrypt_config = parent_rpcs.decrypt if parent_rpcs.respond_to? :decrypt
                   @decrypt = ::Gapic::Config::Method.new decrypt_config
-                  asymmetric_sign_config = parent_rpcs&.asymmetric_sign if parent_rpcs&.respond_to? :asymmetric_sign
+                  asymmetric_sign_config = parent_rpcs.asymmetric_sign if parent_rpcs.respond_to? :asymmetric_sign
                   @asymmetric_sign = ::Gapic::Config::Method.new asymmetric_sign_config
-                  asymmetric_decrypt_config = parent_rpcs&.asymmetric_decrypt if parent_rpcs&.respond_to? :asymmetric_decrypt
+                  asymmetric_decrypt_config = parent_rpcs.asymmetric_decrypt if parent_rpcs.respond_to? :asymmetric_decrypt
                   @asymmetric_decrypt = ::Gapic::Config::Method.new asymmetric_decrypt_config
-                  update_crypto_key_primary_version_config = parent_rpcs&.update_crypto_key_primary_version if parent_rpcs&.respond_to? :update_crypto_key_primary_version
+                  update_crypto_key_primary_version_config = parent_rpcs.update_crypto_key_primary_version if parent_rpcs.respond_to? :update_crypto_key_primary_version
                   @update_crypto_key_primary_version = ::Gapic::Config::Method.new update_crypto_key_primary_version_config
-                  destroy_crypto_key_version_config = parent_rpcs&.destroy_crypto_key_version if parent_rpcs&.respond_to? :destroy_crypto_key_version
+                  destroy_crypto_key_version_config = parent_rpcs.destroy_crypto_key_version if parent_rpcs.respond_to? :destroy_crypto_key_version
                   @destroy_crypto_key_version = ::Gapic::Config::Method.new destroy_crypto_key_version_config
-                  restore_crypto_key_version_config = parent_rpcs&.restore_crypto_key_version if parent_rpcs&.respond_to? :restore_crypto_key_version
+                  restore_crypto_key_version_config = parent_rpcs.restore_crypto_key_version if parent_rpcs.respond_to? :restore_crypto_key_version
                   @restore_crypto_key_version = ::Gapic::Config::Method.new restore_crypto_key_version_config
 
                   yield self if block_given?