google-cloud-kms-v1 0.20.0 → 0.21.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: df0145acded1923556f3d2fb9da19c2f2eeadcb77e5c7c13fce83bc86681e3cc
4
- data.tar.gz: '08f2f6b7a180fd101bb3d882cd50c520261645088dd31e5a80b94495526d81ac'
3
+ metadata.gz: 359686bf360890c730516a1ad6df0583f2624726d0d13e0f6e7ab07ecbf48ebc
4
+ data.tar.gz: 9eeeb7594661333b65d6842cb3e65b8868c1c7b6a97222ed92a079bae3b4d20a
5
5
  SHA512:
6
- metadata.gz: 660675bc64e9fa9e0f742411ed0621d781b0388cd6199966c9300cf30937bd3871435155886f1be84ed4d0f9f1665ab6a56fca6ca46f2d21827205836414f6d0
7
- data.tar.gz: 2f35a06d6dbfbaf44deaa01d6162efbdef83270451365431e1c68f9b1c9174f743ecc5404b2692df5887450160c6f11a425c1696d6b3ad35a9ccc393408bda2c
6
+ metadata.gz: cd0305ad53291b43543b5b2b552c16b23099373684224367a6677573700b001a5d641f63b0c60a4f4bf96de4fba6dd91b3ad884eca5fcf723d3cfce8b0b0886e
7
+ data.tar.gz: b7cdc2bed32747a46d54bd95ee62953f5e2b1b7bd88d1f46da148c78629cb202117e8f2242a927a5c9e2790d44244a9f0cda9d79eb97c0aad0a98f77823aaa45
@@ -2539,6 +2539,332 @@ module Google
2539
2539
  raise ::Google::Cloud::Error.from_error(e)
2540
2540
  end
2541
2541
 
2542
+ ##
2543
+ # Encrypts data using portable cryptographic primitives. Most users should
2544
+ # choose {::Google::Cloud::Kms::V1::KeyManagementService::Client#encrypt Encrypt} and
2545
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client#decrypt Decrypt} rather than
2546
+ # their raw counterparts. The
2547
+ # {::Google::Cloud::Kms::V1::CryptoKey#purpose CryptoKey.purpose} must be
2548
+ # {::Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose::RAW_ENCRYPT_DECRYPT RAW_ENCRYPT_DECRYPT}.
2549
+ #
2550
+ # @overload raw_encrypt(request, options = nil)
2551
+ # Pass arguments to `raw_encrypt` via a request object, either of type
2552
+ # {::Google::Cloud::Kms::V1::RawEncryptRequest} or an equivalent Hash.
2553
+ #
2554
+ # @param request [::Google::Cloud::Kms::V1::RawEncryptRequest, ::Hash]
2555
+ # A request object representing the call parameters. Required. To specify no
2556
+ # parameters, or to keep all the default parameter values, pass an empty Hash.
2557
+ # @param options [::Gapic::CallOptions, ::Hash]
2558
+ # Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
2559
+ #
2560
+ # @overload raw_encrypt(name: nil, plaintext: nil, additional_authenticated_data: nil, plaintext_crc32c: nil, additional_authenticated_data_crc32c: nil, initialization_vector: nil, initialization_vector_crc32c: nil)
2561
+ # Pass arguments to `raw_encrypt` via keyword arguments. Note that at
2562
+ # least one keyword argument is required. To specify no parameters, or to keep all
2563
+ # the default parameter values, pass an empty Hash as a request object (see above).
2564
+ #
2565
+ # @param name [::String]
2566
+ # Required. The resource name of the
2567
+ # {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use for
2568
+ # encryption.
2569
+ # @param plaintext [::String]
2570
+ # Required. The data to encrypt. Must be no larger than 64KiB.
2571
+ #
2572
+ # The maximum size depends on the key version's
2573
+ # {::Google::Cloud::Kms::V1::CryptoKeyVersionTemplate#protection_level protection_level}.
2574
+ # For {::Google::Cloud::Kms::V1::ProtectionLevel::SOFTWARE SOFTWARE} keys, the
2575
+ # plaintext must be no larger than 64KiB. For
2576
+ # {::Google::Cloud::Kms::V1::ProtectionLevel::HSM HSM} keys, the combined length of
2577
+ # the plaintext and additional_authenticated_data fields must be no larger
2578
+ # than 8KiB.
2579
+ # @param additional_authenticated_data [::String]
2580
+ # Optional. Optional data that, if specified, must also be provided during
2581
+ # decryption through
2582
+ # {::Google::Cloud::Kms::V1::RawDecryptRequest#additional_authenticated_data RawDecryptRequest.additional_authenticated_data}.
2583
+ #
2584
+ # This field may only be used in conjunction with an
2585
+ # {::Google::Cloud::Kms::V1::CryptoKeyVersion#algorithm algorithm} that accepts
2586
+ # additional authenticated data (for example, AES-GCM).
2587
+ #
2588
+ # The maximum size depends on the key version's
2589
+ # {::Google::Cloud::Kms::V1::CryptoKeyVersionTemplate#protection_level protection_level}.
2590
+ # For {::Google::Cloud::Kms::V1::ProtectionLevel::SOFTWARE SOFTWARE} keys, the
2591
+ # plaintext must be no larger than 64KiB. For
2592
+ # {::Google::Cloud::Kms::V1::ProtectionLevel::HSM HSM} keys, the combined length of
2593
+ # the plaintext and additional_authenticated_data fields must be no larger
2594
+ # than 8KiB.
2595
+ # @param plaintext_crc32c [::Google::Protobuf::Int64Value, ::Hash]
2596
+ # Optional. An optional CRC32C checksum of the
2597
+ # {::Google::Cloud::Kms::V1::RawEncryptRequest#plaintext RawEncryptRequest.plaintext}.
2598
+ # If specified,
2599
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will
2600
+ # verify the integrity of the received plaintext using this checksum.
2601
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will
2602
+ # report an error if the checksum verification fails. If you receive a
2603
+ # checksum error, your client should verify that CRC32C(plaintext) is equal
2604
+ # to plaintext_crc32c, and if so, perform a limited number of retries. A
2605
+ # persistent mismatch may indicate an issue in your computation of the CRC32C
2606
+ # checksum. Note: This field is defined as int64 for reasons of compatibility
2607
+ # across different languages. However, it is a non-negative integer, which
2608
+ # will never exceed 2^32-1, and can be safely downconverted to uint32 in
2609
+ # languages that support this type.
2610
+ # @param additional_authenticated_data_crc32c [::Google::Protobuf::Int64Value, ::Hash]
2611
+ # Optional. An optional CRC32C checksum of the
2612
+ # {::Google::Cloud::Kms::V1::RawEncryptRequest#additional_authenticated_data RawEncryptRequest.additional_authenticated_data}.
2613
+ # If specified,
2614
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will
2615
+ # verify the integrity of the received additional_authenticated_data using
2616
+ # this checksum.
2617
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will
2618
+ # report an error if the checksum verification fails. If you receive a
2619
+ # checksum error, your client should verify that
2620
+ # CRC32C(additional_authenticated_data) is equal to
2621
+ # additional_authenticated_data_crc32c, and if so, perform
2622
+ # a limited number of retries. A persistent mismatch may indicate an issue in
2623
+ # your computation of the CRC32C checksum.
2624
+ # Note: This field is defined as int64 for reasons of compatibility across
2625
+ # different languages. However, it is a non-negative integer, which will
2626
+ # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
2627
+ # that support this type.
2628
+ # @param initialization_vector [::String]
2629
+ # Optional. A customer-supplied initialization vector that will be used for
2630
+ # encryption. If it is not provided for AES-CBC and AES-CTR, one will be
2631
+ # generated. It will be returned in
2632
+ # {::Google::Cloud::Kms::V1::RawEncryptResponse#initialization_vector RawEncryptResponse.initialization_vector}.
2633
+ # @param initialization_vector_crc32c [::Google::Protobuf::Int64Value, ::Hash]
2634
+ # Optional. An optional CRC32C checksum of the
2635
+ # {::Google::Cloud::Kms::V1::RawEncryptRequest#initialization_vector RawEncryptRequest.initialization_vector}.
2636
+ # If specified,
2637
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will
2638
+ # verify the integrity of the received initialization_vector using this
2639
+ # checksum. {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}
2640
+ # will report an error if the checksum verification fails. If you receive a
2641
+ # checksum error, your client should verify that
2642
+ # CRC32C(initialization_vector) is equal to
2643
+ # initialization_vector_crc32c, and if so, perform
2644
+ # a limited number of retries. A persistent mismatch may indicate an issue in
2645
+ # your computation of the CRC32C checksum.
2646
+ # Note: This field is defined as int64 for reasons of compatibility across
2647
+ # different languages. However, it is a non-negative integer, which will
2648
+ # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
2649
+ # that support this type.
2650
+ #
2651
+ # @yield [response, operation] Access the result along with the RPC operation
2652
+ # @yieldparam response [::Google::Cloud::Kms::V1::RawEncryptResponse]
2653
+ # @yieldparam operation [::GRPC::ActiveCall::Operation]
2654
+ #
2655
+ # @return [::Google::Cloud::Kms::V1::RawEncryptResponse]
2656
+ #
2657
+ # @raise [::Google::Cloud::Error] if the RPC is aborted.
2658
+ #
2659
+ # @example Basic example
2660
+ # require "google/cloud/kms/v1"
2661
+ #
2662
+ # # Create a client object. The client can be reused for multiple calls.
2663
+ # client = Google::Cloud::Kms::V1::KeyManagementService::Client.new
2664
+ #
2665
+ # # Create a request. To set request fields, pass in keyword arguments.
2666
+ # request = Google::Cloud::Kms::V1::RawEncryptRequest.new
2667
+ #
2668
+ # # Call the raw_encrypt method.
2669
+ # result = client.raw_encrypt request
2670
+ #
2671
+ # # The returned object is of type Google::Cloud::Kms::V1::RawEncryptResponse.
2672
+ # p result
2673
+ #
2674
+ def raw_encrypt request, options = nil
2675
+ raise ::ArgumentError, "request must be provided" if request.nil?
2676
+
2677
+ request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Kms::V1::RawEncryptRequest
2678
+
2679
+ # Converts hash and nil to an options object
2680
+ options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
2681
+
2682
+ # Customize the options with defaults
2683
+ metadata = @config.rpcs.raw_encrypt.metadata.to_h
2684
+
2685
+ # Set x-goog-api-client and x-goog-user-project headers
2686
+ metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
2687
+ lib_name: @config.lib_name, lib_version: @config.lib_version,
2688
+ gapic_version: ::Google::Cloud::Kms::V1::VERSION
2689
+ metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
2690
+
2691
+ header_params = {}
2692
+ if request.name
2693
+ header_params["name"] = request.name
2694
+ end
2695
+
2696
+ request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
2697
+ metadata[:"x-goog-request-params"] ||= request_params_header
2698
+
2699
+ options.apply_defaults timeout: @config.rpcs.raw_encrypt.timeout,
2700
+ metadata: metadata,
2701
+ retry_policy: @config.rpcs.raw_encrypt.retry_policy
2702
+
2703
+ options.apply_defaults timeout: @config.timeout,
2704
+ metadata: @config.metadata,
2705
+ retry_policy: @config.retry_policy
2706
+
2707
+ @key_management_service_stub.call_rpc :raw_encrypt, request, options: options do |response, operation|
2708
+ yield response, operation if block_given?
2709
+ return response
2710
+ end
2711
+ rescue ::GRPC::BadStatus => e
2712
+ raise ::Google::Cloud::Error.from_error(e)
2713
+ end
2714
+
2715
+ ##
2716
+ # Decrypts data that was originally encrypted using a raw cryptographic
2717
+ # mechanism. The {::Google::Cloud::Kms::V1::CryptoKey#purpose CryptoKey.purpose}
2718
+ # must be
2719
+ # {::Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose::RAW_ENCRYPT_DECRYPT RAW_ENCRYPT_DECRYPT}.
2720
+ #
2721
+ # @overload raw_decrypt(request, options = nil)
2722
+ # Pass arguments to `raw_decrypt` via a request object, either of type
2723
+ # {::Google::Cloud::Kms::V1::RawDecryptRequest} or an equivalent Hash.
2724
+ #
2725
+ # @param request [::Google::Cloud::Kms::V1::RawDecryptRequest, ::Hash]
2726
+ # A request object representing the call parameters. Required. To specify no
2727
+ # parameters, or to keep all the default parameter values, pass an empty Hash.
2728
+ # @param options [::Gapic::CallOptions, ::Hash]
2729
+ # Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
2730
+ #
2731
+ # @overload raw_decrypt(name: nil, ciphertext: nil, additional_authenticated_data: nil, initialization_vector: nil, tag_length: nil, ciphertext_crc32c: nil, additional_authenticated_data_crc32c: nil, initialization_vector_crc32c: nil)
2732
+ # Pass arguments to `raw_decrypt` via keyword arguments. Note that at
2733
+ # least one keyword argument is required. To specify no parameters, or to keep all
2734
+ # the default parameter values, pass an empty Hash as a request object (see above).
2735
+ #
2736
+ # @param name [::String]
2737
+ # Required. The resource name of the
2738
+ # {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use for
2739
+ # decryption.
2740
+ # @param ciphertext [::String]
2741
+ # Required. The encrypted data originally returned in
2742
+ # {::Google::Cloud::Kms::V1::RawEncryptResponse#ciphertext RawEncryptResponse.ciphertext}.
2743
+ # @param additional_authenticated_data [::String]
2744
+ # Optional. Optional data that must match the data originally supplied in
2745
+ # {::Google::Cloud::Kms::V1::RawEncryptRequest#additional_authenticated_data RawEncryptRequest.additional_authenticated_data}.
2746
+ # @param initialization_vector [::String]
2747
+ # Required. The initialization vector (IV) used during encryption, which must
2748
+ # match the data originally provided in
2749
+ # {::Google::Cloud::Kms::V1::RawEncryptResponse#initialization_vector RawEncryptResponse.initialization_vector}.
2750
+ # @param tag_length [::Integer]
2751
+ # The length of the authentication tag that is appended to the end of
2752
+ # the ciphertext. If unspecified (0), the default value for the key's
2753
+ # algorithm will be used (for AES-GCM, the default value is 16).
2754
+ # @param ciphertext_crc32c [::Google::Protobuf::Int64Value, ::Hash]
2755
+ # Optional. An optional CRC32C checksum of the
2756
+ # {::Google::Cloud::Kms::V1::RawDecryptRequest#ciphertext RawDecryptRequest.ciphertext}.
2757
+ # If specified,
2758
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will
2759
+ # verify the integrity of the received ciphertext using this checksum.
2760
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will
2761
+ # report an error if the checksum verification fails. If you receive a
2762
+ # checksum error, your client should verify that CRC32C(ciphertext) is equal
2763
+ # to ciphertext_crc32c, and if so, perform a limited number of retries. A
2764
+ # persistent mismatch may indicate an issue in your computation of the CRC32C
2765
+ # checksum. Note: This field is defined as int64 for reasons of compatibility
2766
+ # across different languages. However, it is a non-negative integer, which
2767
+ # will never exceed 2^32-1, and can be safely downconverted to uint32 in
2768
+ # languages that support this type.
2769
+ # @param additional_authenticated_data_crc32c [::Google::Protobuf::Int64Value, ::Hash]
2770
+ # Optional. An optional CRC32C checksum of the
2771
+ # {::Google::Cloud::Kms::V1::RawDecryptRequest#additional_authenticated_data RawDecryptRequest.additional_authenticated_data}.
2772
+ # If specified,
2773
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will
2774
+ # verify the integrity of the received additional_authenticated_data using
2775
+ # this checksum.
2776
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will
2777
+ # report an error if the checksum verification fails. If you receive a
2778
+ # checksum error, your client should verify that
2779
+ # CRC32C(additional_authenticated_data) is equal to
2780
+ # additional_authenticated_data_crc32c, and if so, perform
2781
+ # a limited number of retries. A persistent mismatch may indicate an issue in
2782
+ # your computation of the CRC32C checksum.
2783
+ # Note: This field is defined as int64 for reasons of compatibility across
2784
+ # different languages. However, it is a non-negative integer, which will
2785
+ # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
2786
+ # that support this type.
2787
+ # @param initialization_vector_crc32c [::Google::Protobuf::Int64Value, ::Hash]
2788
+ # Optional. An optional CRC32C checksum of the
2789
+ # {::Google::Cloud::Kms::V1::RawDecryptRequest#initialization_vector RawDecryptRequest.initialization_vector}.
2790
+ # If specified,
2791
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will
2792
+ # verify the integrity of the received initialization_vector using this
2793
+ # checksum. {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}
2794
+ # will report an error if the checksum verification fails. If you receive a
2795
+ # checksum error, your client should verify that
2796
+ # CRC32C(initialization_vector) is equal to initialization_vector_crc32c, and
2797
+ # if so, perform a limited number of retries. A persistent mismatch may
2798
+ # indicate an issue in your computation of the CRC32C checksum.
2799
+ # Note: This field is defined as int64 for reasons of compatibility across
2800
+ # different languages. However, it is a non-negative integer, which will
2801
+ # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
2802
+ # that support this type.
2803
+ #
2804
+ # @yield [response, operation] Access the result along with the RPC operation
2805
+ # @yieldparam response [::Google::Cloud::Kms::V1::RawDecryptResponse]
2806
+ # @yieldparam operation [::GRPC::ActiveCall::Operation]
2807
+ #
2808
+ # @return [::Google::Cloud::Kms::V1::RawDecryptResponse]
2809
+ #
2810
+ # @raise [::Google::Cloud::Error] if the RPC is aborted.
2811
+ #
2812
+ # @example Basic example
2813
+ # require "google/cloud/kms/v1"
2814
+ #
2815
+ # # Create a client object. The client can be reused for multiple calls.
2816
+ # client = Google::Cloud::Kms::V1::KeyManagementService::Client.new
2817
+ #
2818
+ # # Create a request. To set request fields, pass in keyword arguments.
2819
+ # request = Google::Cloud::Kms::V1::RawDecryptRequest.new
2820
+ #
2821
+ # # Call the raw_decrypt method.
2822
+ # result = client.raw_decrypt request
2823
+ #
2824
+ # # The returned object is of type Google::Cloud::Kms::V1::RawDecryptResponse.
2825
+ # p result
2826
+ #
2827
+ def raw_decrypt request, options = nil
2828
+ raise ::ArgumentError, "request must be provided" if request.nil?
2829
+
2830
+ request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Kms::V1::RawDecryptRequest
2831
+
2832
+ # Converts hash and nil to an options object
2833
+ options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
2834
+
2835
+ # Customize the options with defaults
2836
+ metadata = @config.rpcs.raw_decrypt.metadata.to_h
2837
+
2838
+ # Set x-goog-api-client and x-goog-user-project headers
2839
+ metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
2840
+ lib_name: @config.lib_name, lib_version: @config.lib_version,
2841
+ gapic_version: ::Google::Cloud::Kms::V1::VERSION
2842
+ metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
2843
+
2844
+ header_params = {}
2845
+ if request.name
2846
+ header_params["name"] = request.name
2847
+ end
2848
+
2849
+ request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
2850
+ metadata[:"x-goog-request-params"] ||= request_params_header
2851
+
2852
+ options.apply_defaults timeout: @config.rpcs.raw_decrypt.timeout,
2853
+ metadata: metadata,
2854
+ retry_policy: @config.rpcs.raw_decrypt.retry_policy
2855
+
2856
+ options.apply_defaults timeout: @config.timeout,
2857
+ metadata: @config.metadata,
2858
+ retry_policy: @config.retry_policy
2859
+
2860
+ @key_management_service_stub.call_rpc :raw_decrypt, request, options: options do |response, operation|
2861
+ yield response, operation if block_given?
2862
+ return response
2863
+ end
2864
+ rescue ::GRPC::BadStatus => e
2865
+ raise ::Google::Cloud::Error.from_error(e)
2866
+ end
2867
+
2542
2868
  ##
2543
2869
  # Signs data using a {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}
2544
2870
  # with {::Google::Cloud::Kms::V1::CryptoKey#purpose CryptoKey.purpose}
@@ -3378,6 +3704,16 @@ module Google
3378
3704
  #
3379
3705
  attr_reader :decrypt
3380
3706
  ##
3707
+ # RPC-specific configuration for `raw_encrypt`
3708
+ # @return [::Gapic::Config::Method]
3709
+ #
3710
+ attr_reader :raw_encrypt
3711
+ ##
3712
+ # RPC-specific configuration for `raw_decrypt`
3713
+ # @return [::Gapic::Config::Method]
3714
+ #
3715
+ attr_reader :raw_decrypt
3716
+ ##
3381
3717
  # RPC-specific configuration for `asymmetric_sign`
3382
3718
  # @return [::Gapic::Config::Method]
3383
3719
  #
@@ -3447,6 +3783,10 @@ module Google
3447
3783
  @encrypt = ::Gapic::Config::Method.new encrypt_config
3448
3784
  decrypt_config = parent_rpcs.decrypt if parent_rpcs.respond_to? :decrypt
3449
3785
  @decrypt = ::Gapic::Config::Method.new decrypt_config
3786
+ raw_encrypt_config = parent_rpcs.raw_encrypt if parent_rpcs.respond_to? :raw_encrypt
3787
+ @raw_encrypt = ::Gapic::Config::Method.new raw_encrypt_config
3788
+ raw_decrypt_config = parent_rpcs.raw_decrypt if parent_rpcs.respond_to? :raw_decrypt
3789
+ @raw_decrypt = ::Gapic::Config::Method.new raw_decrypt_config
3450
3790
  asymmetric_sign_config = parent_rpcs.asymmetric_sign if parent_rpcs.respond_to? :asymmetric_sign
3451
3791
  @asymmetric_sign = ::Gapic::Config::Method.new asymmetric_sign_config
3452
3792
  asymmetric_decrypt_config = parent_rpcs.asymmetric_decrypt if parent_rpcs.respond_to? :asymmetric_decrypt