RubyGems - google-cloud-kms-v1 - Versions diffs - 0.20.0 → 0.22.0 - Mend

google-cloud-kms-v1 0.20.0 → 0.22.0

Files changed (11) hide show

checksums.yaml +4 -4
data/lib/google/cloud/kms/v1/key_management_service/client.rb +340 -0
data/lib/google/cloud/kms/v1/key_management_service/rest/client.rb +294 -0
data/lib/google/cloud/kms/v1/key_management_service/rest/service_stub.rb +120 -0
data/lib/google/cloud/kms/v1/resources_pb.rb +1 -1
data/lib/google/cloud/kms/v1/service_pb.rb +5 -1
data/lib/google/cloud/kms/v1/service_services_pb.rb +12 -0
data/lib/google/cloud/kms/v1/version.rb +1 -1
data/proto_docs/google/cloud/kms/v1/resources.rb +25 -0
data/proto_docs/google/cloud/kms/v1/service.rb +360 -0
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: df0145acded1923556f3d2fb9da19c2f2eeadcb77e5c7c13fce83bc86681e3cc
-  data.tar.gz: '08f2f6b7a180fd101bb3d882cd50c520261645088dd31e5a80b94495526d81ac'
+  metadata.gz: 64473976f0753f689b4cefdd08c0c94c1f754aa204f01a3b64d4f3320fb38f37
+  data.tar.gz: 78b7ddfb19d188f94838b3e654ad250a3567003b34a5024b28e1bf6b068b852a
 SHA512:
-  metadata.gz: 660675bc64e9fa9e0f742411ed0621d781b0388cd6199966c9300cf30937bd3871435155886f1be84ed4d0f9f1665ab6a56fca6ca46f2d21827205836414f6d0
-  data.tar.gz: 2f35a06d6dbfbaf44deaa01d6162efbdef83270451365431e1c68f9b1c9174f743ecc5404b2692df5887450160c6f11a425c1696d6b3ad35a9ccc393408bda2c
+  metadata.gz: afc8c97105c0bf92812f41a71da15550f9602de8eaf8b82a79b41ec426682c8d5127a4b9ff20cca255e5f9a7b45bda77f1ac1b3dfc4934a3808ed1ab4f5db17a
+  data.tar.gz: 021f3ecca9cf17537cd6f93b62c606fbed0860a2498d30d03fe6cddb75a8ac70de3822fe70eb96416d4217ad98f06a236b76b50c6d92c3c31dcd81a0a7eb78f8

data/lib/google/cloud/kms/v1/key_management_service/client.rb CHANGED Viewed

@@ -2539,6 +2539,332 @@ module Google
               raise ::Google::Cloud::Error.from_error(e)
             end
+            ##
+            # Encrypts data using portable cryptographic primitives. Most users should
+            # choose {::Google::Cloud::Kms::V1::KeyManagementService::Client#encrypt Encrypt} and
+            # {::Google::Cloud::Kms::V1::KeyManagementService::Client#decrypt Decrypt} rather than
+            # their raw counterparts. The
+            # {::Google::Cloud::Kms::V1::CryptoKey#purpose CryptoKey.purpose} must be
+            # {::Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose::RAW_ENCRYPT_DECRYPT RAW_ENCRYPT_DECRYPT}.
+            #
+            # @overload raw_encrypt(request, options = nil)
+            #   Pass arguments to `raw_encrypt` via a request object, either of type
+            #   {::Google::Cloud::Kms::V1::RawEncryptRequest} or an equivalent Hash.
+            #
+            #   @param request [::Google::Cloud::Kms::V1::RawEncryptRequest, ::Hash]
+            #     A request object representing the call parameters. Required. To specify no
+            #     parameters, or to keep all the default parameter values, pass an empty Hash.
+            #   @param options [::Gapic::CallOptions, ::Hash]
+            #     Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
+            #
+            # @overload raw_encrypt(name: nil, plaintext: nil, additional_authenticated_data: nil, plaintext_crc32c: nil, additional_authenticated_data_crc32c: nil, initialization_vector: nil, initialization_vector_crc32c: nil)
+            #   Pass arguments to `raw_encrypt` via keyword arguments. Note that at
+            #   least one keyword argument is required. To specify no parameters, or to keep all
+            #   the default parameter values, pass an empty Hash as a request object (see above).
+            #
+            #   @param name [::String]
+            #     Required. The resource name of the
+            #     {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use for
+            #     encryption.
+            #   @param plaintext [::String]
+            #     Required. The data to encrypt. Must be no larger than 64KiB.
+            #
+            #     The maximum size depends on the key version's
+            #     {::Google::Cloud::Kms::V1::CryptoKeyVersionTemplate#protection_level protection_level}.
+            #     For {::Google::Cloud::Kms::V1::ProtectionLevel::SOFTWARE SOFTWARE} keys, the
+            #     plaintext must be no larger than 64KiB. For
+            #     {::Google::Cloud::Kms::V1::ProtectionLevel::HSM HSM} keys, the combined length of
+            #     the plaintext and additional_authenticated_data fields must be no larger
+            #     than 8KiB.
+            #   @param additional_authenticated_data [::String]
+            #     Optional. Optional data that, if specified, must also be provided during
+            #     decryption through
+            #     {::Google::Cloud::Kms::V1::RawDecryptRequest#additional_authenticated_data RawDecryptRequest.additional_authenticated_data}.
+            #
+            #     This field may only be used in conjunction with an
+            #     {::Google::Cloud::Kms::V1::CryptoKeyVersion#algorithm algorithm} that accepts
+            #     additional authenticated data (for example, AES-GCM).
+            #
+            #     The maximum size depends on the key version's
+            #     {::Google::Cloud::Kms::V1::CryptoKeyVersionTemplate#protection_level protection_level}.
+            #     For {::Google::Cloud::Kms::V1::ProtectionLevel::SOFTWARE SOFTWARE} keys, the
+            #     plaintext must be no larger than 64KiB. For
+            #     {::Google::Cloud::Kms::V1::ProtectionLevel::HSM HSM} keys, the combined length of
+            #     the plaintext and additional_authenticated_data fields must be no larger
+            #     than 8KiB.
+            #   @param plaintext_crc32c [::Google::Protobuf::Int64Value, ::Hash]
+            #     Optional. An optional CRC32C checksum of the
+            #     {::Google::Cloud::Kms::V1::RawEncryptRequest#plaintext RawEncryptRequest.plaintext}.
+            #     If specified,
+            #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will
+            #     verify the integrity of the received plaintext using this checksum.
+            #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will
+            #     report an error if the checksum verification fails. If you receive a
+            #     checksum error, your client should verify that CRC32C(plaintext) is equal
+            #     to plaintext_crc32c, and if so, perform a limited number of retries. A
+            #     persistent mismatch may indicate an issue in your computation of the CRC32C
+            #     checksum. Note: This field is defined as int64 for reasons of compatibility
+            #     across different languages. However, it is a non-negative integer, which
+            #     will never exceed 2^32-1, and can be safely downconverted to uint32 in
+            #     languages that support this type.
+            #   @param additional_authenticated_data_crc32c [::Google::Protobuf::Int64Value, ::Hash]
+            #     Optional. An optional CRC32C checksum of the
+            #     {::Google::Cloud::Kms::V1::RawEncryptRequest#additional_authenticated_data RawEncryptRequest.additional_authenticated_data}.
+            #     If specified,
+            #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will
+            #     verify the integrity of the received additional_authenticated_data using
+            #     this checksum.
+            #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will
+            #     report an error if the checksum verification fails. If you receive a
+            #     checksum error, your client should verify that
+            #     CRC32C(additional_authenticated_data) is equal to
+            #     additional_authenticated_data_crc32c, and if so, perform
+            #     a limited number of retries. A persistent mismatch may indicate an issue in
+            #     your computation of the CRC32C checksum.
+            #     Note: This field is defined as int64 for reasons of compatibility across
+            #     different languages. However, it is a non-negative integer, which will
+            #     never exceed 2^32-1, and can be safely downconverted to uint32 in languages
+            #     that support this type.
+            #   @param initialization_vector [::String]
+            #     Optional. A customer-supplied initialization vector that will be used for
+            #     encryption. If it is not provided for AES-CBC and AES-CTR, one will be
+            #     generated. It will be returned in
+            #     {::Google::Cloud::Kms::V1::RawEncryptResponse#initialization_vector RawEncryptResponse.initialization_vector}.
+            #   @param initialization_vector_crc32c [::Google::Protobuf::Int64Value, ::Hash]
+            #     Optional. An optional CRC32C checksum of the
+            #     {::Google::Cloud::Kms::V1::RawEncryptRequest#initialization_vector RawEncryptRequest.initialization_vector}.
+            #     If specified,
+            #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will
+            #     verify the integrity of the received initialization_vector using this
+            #     checksum. {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}
+            #     will report an error if the checksum verification fails. If you receive a
+            #     checksum error, your client should verify that
+            #     CRC32C(initialization_vector) is equal to
+            #     initialization_vector_crc32c, and if so, perform
+            #     a limited number of retries. A persistent mismatch may indicate an issue in
+            #     your computation of the CRC32C checksum.
+            #     Note: This field is defined as int64 for reasons of compatibility across
+            #     different languages. However, it is a non-negative integer, which will
+            #     never exceed 2^32-1, and can be safely downconverted to uint32 in languages
+            #     that support this type.
+            #
+            # @yield [response, operation] Access the result along with the RPC operation
+            # @yieldparam response [::Google::Cloud::Kms::V1::RawEncryptResponse]
+            # @yieldparam operation [::GRPC::ActiveCall::Operation]
+            #
+            # @return [::Google::Cloud::Kms::V1::RawEncryptResponse]
+            #
+            # @raise [::Google::Cloud::Error] if the RPC is aborted.
+            #
+            # @example Basic example
+            #   require "google/cloud/kms/v1"
+            #
+            #   # Create a client object. The client can be reused for multiple calls.
+            #   client = Google::Cloud::Kms::V1::KeyManagementService::Client.new
+            #
+            #   # Create a request. To set request fields, pass in keyword arguments.
+            #   request = Google::Cloud::Kms::V1::RawEncryptRequest.new
+            #
+            #   # Call the raw_encrypt method.
+            #   result = client.raw_encrypt request
+            #
+            #   # The returned object is of type Google::Cloud::Kms::V1::RawEncryptResponse.
+            #   p result
+            #
+            def raw_encrypt request, options = nil
+              raise ::ArgumentError, "request must be provided" if request.nil?
+              request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Kms::V1::RawEncryptRequest
+              # Converts hash and nil to an options object
+              options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
+              # Customize the options with defaults
+              metadata = @config.rpcs.raw_encrypt.metadata.to_h
+              # Set x-goog-api-client and x-goog-user-project headers
+              metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
+                lib_name: @config.lib_name, lib_version: @config.lib_version,
+                gapic_version: ::Google::Cloud::Kms::V1::VERSION
+              metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
+              header_params = {}
+              if request.name
+                header_params["name"] = request.name
+              end
+              request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
+              metadata[:"x-goog-request-params"] ||= request_params_header
+              options.apply_defaults timeout:      @config.rpcs.raw_encrypt.timeout,
+                                     metadata:     metadata,
+                                     retry_policy: @config.rpcs.raw_encrypt.retry_policy
+              options.apply_defaults timeout:      @config.timeout,
+                                     metadata:     @config.metadata,
+                                     retry_policy: @config.retry_policy
+              @key_management_service_stub.call_rpc :raw_encrypt, request, options: options do |response, operation|
+                yield response, operation if block_given?
+                return response
+              end
+            rescue ::GRPC::BadStatus => e
+              raise ::Google::Cloud::Error.from_error(e)
+            end
+            ##
+            # Decrypts data that was originally encrypted using a raw cryptographic
+            # mechanism. The {::Google::Cloud::Kms::V1::CryptoKey#purpose CryptoKey.purpose}
+            # must be
+            # {::Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose::RAW_ENCRYPT_DECRYPT RAW_ENCRYPT_DECRYPT}.
+            #
+            # @overload raw_decrypt(request, options = nil)
+            #   Pass arguments to `raw_decrypt` via a request object, either of type
+            #   {::Google::Cloud::Kms::V1::RawDecryptRequest} or an equivalent Hash.
+            #
+            #   @param request [::Google::Cloud::Kms::V1::RawDecryptRequest, ::Hash]
+            #     A request object representing the call parameters. Required. To specify no
+            #     parameters, or to keep all the default parameter values, pass an empty Hash.
+            #   @param options [::Gapic::CallOptions, ::Hash]
+            #     Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
+            #
+            # @overload raw_decrypt(name: nil, ciphertext: nil, additional_authenticated_data: nil, initialization_vector: nil, tag_length: nil, ciphertext_crc32c: nil, additional_authenticated_data_crc32c: nil, initialization_vector_crc32c: nil)
+            #   Pass arguments to `raw_decrypt` via keyword arguments. Note that at
+            #   least one keyword argument is required. To specify no parameters, or to keep all
+            #   the default parameter values, pass an empty Hash as a request object (see above).
+            #
+            #   @param name [::String]
+            #     Required. The resource name of the
+            #     {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use for
+            #     decryption.
+            #   @param ciphertext [::String]
+            #     Required. The encrypted data originally returned in
+            #     {::Google::Cloud::Kms::V1::RawEncryptResponse#ciphertext RawEncryptResponse.ciphertext}.
+            #   @param additional_authenticated_data [::String]
+            #     Optional. Optional data that must match the data originally supplied in
+            #     {::Google::Cloud::Kms::V1::RawEncryptRequest#additional_authenticated_data RawEncryptRequest.additional_authenticated_data}.
+            #   @param initialization_vector [::String]
+            #     Required. The initialization vector (IV) used during encryption, which must
+            #     match the data originally provided in
+            #     {::Google::Cloud::Kms::V1::RawEncryptResponse#initialization_vector RawEncryptResponse.initialization_vector}.
+            #   @param tag_length [::Integer]
+            #     The length of the authentication tag that is appended to the end of
+            #     the ciphertext. If unspecified (0), the default value for the key's
+            #     algorithm will be used (for AES-GCM, the default value is 16).
+            #   @param ciphertext_crc32c [::Google::Protobuf::Int64Value, ::Hash]
+            #     Optional. An optional CRC32C checksum of the
+            #     {::Google::Cloud::Kms::V1::RawDecryptRequest#ciphertext RawDecryptRequest.ciphertext}.
+            #     If specified,
+            #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will
+            #     verify the integrity of the received ciphertext using this checksum.
+            #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will
+            #     report an error if the checksum verification fails. If you receive a
+            #     checksum error, your client should verify that CRC32C(ciphertext) is equal
+            #     to ciphertext_crc32c, and if so, perform a limited number of retries. A
+            #     persistent mismatch may indicate an issue in your computation of the CRC32C
+            #     checksum. Note: This field is defined as int64 for reasons of compatibility
+            #     across different languages. However, it is a non-negative integer, which
+            #     will never exceed 2^32-1, and can be safely downconverted to uint32 in
+            #     languages that support this type.
+            #   @param additional_authenticated_data_crc32c [::Google::Protobuf::Int64Value, ::Hash]
+            #     Optional. An optional CRC32C checksum of the
+            #     {::Google::Cloud::Kms::V1::RawDecryptRequest#additional_authenticated_data RawDecryptRequest.additional_authenticated_data}.
+            #     If specified,
+            #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will
+            #     verify the integrity of the received additional_authenticated_data using
+            #     this checksum.
+            #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will
+            #     report an error if the checksum verification fails. If you receive a
+            #     checksum error, your client should verify that
+            #     CRC32C(additional_authenticated_data) is equal to
+            #     additional_authenticated_data_crc32c, and if so, perform
+            #     a limited number of retries. A persistent mismatch may indicate an issue in
+            #     your computation of the CRC32C checksum.
+            #     Note: This field is defined as int64 for reasons of compatibility across
+            #     different languages. However, it is a non-negative integer, which will
+            #     never exceed 2^32-1, and can be safely downconverted to uint32 in languages
+            #     that support this type.
+            #   @param initialization_vector_crc32c [::Google::Protobuf::Int64Value, ::Hash]
+            #     Optional. An optional CRC32C checksum of the
+            #     {::Google::Cloud::Kms::V1::RawDecryptRequest#initialization_vector RawDecryptRequest.initialization_vector}.
+            #     If specified,
+            #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will
+            #     verify the integrity of the received initialization_vector using this
+            #     checksum. {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}
+            #     will report an error if the checksum verification fails. If you receive a
+            #     checksum error, your client should verify that
+            #     CRC32C(initialization_vector) is equal to initialization_vector_crc32c, and
+            #     if so, perform a limited number of retries. A persistent mismatch may
+            #     indicate an issue in your computation of the CRC32C checksum.
+            #     Note: This field is defined as int64 for reasons of compatibility across
+            #     different languages. However, it is a non-negative integer, which will
+            #     never exceed 2^32-1, and can be safely downconverted to uint32 in languages
+            #     that support this type.
+            #
+            # @yield [response, operation] Access the result along with the RPC operation
+            # @yieldparam response [::Google::Cloud::Kms::V1::RawDecryptResponse]
+            # @yieldparam operation [::GRPC::ActiveCall::Operation]
+            #
+            # @return [::Google::Cloud::Kms::V1::RawDecryptResponse]
+            #
+            # @raise [::Google::Cloud::Error] if the RPC is aborted.
+            #
+            # @example Basic example
+            #   require "google/cloud/kms/v1"
+            #
+            #   # Create a client object. The client can be reused for multiple calls.
+            #   client = Google::Cloud::Kms::V1::KeyManagementService::Client.new
+            #
+            #   # Create a request. To set request fields, pass in keyword arguments.
+            #   request = Google::Cloud::Kms::V1::RawDecryptRequest.new
+            #
+            #   # Call the raw_decrypt method.
+            #   result = client.raw_decrypt request
+            #
+            #   # The returned object is of type Google::Cloud::Kms::V1::RawDecryptResponse.
+            #   p result
+            #
+            def raw_decrypt request, options = nil
+              raise ::ArgumentError, "request must be provided" if request.nil?
+              request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Kms::V1::RawDecryptRequest
+              # Converts hash and nil to an options object
+              options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
+              # Customize the options with defaults
+              metadata = @config.rpcs.raw_decrypt.metadata.to_h
+              # Set x-goog-api-client and x-goog-user-project headers
+              metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
+                lib_name: @config.lib_name, lib_version: @config.lib_version,
+                gapic_version: ::Google::Cloud::Kms::V1::VERSION
+              metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
+              header_params = {}
+              if request.name
+                header_params["name"] = request.name
+              end
+              request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
+              metadata[:"x-goog-request-params"] ||= request_params_header
+              options.apply_defaults timeout:      @config.rpcs.raw_decrypt.timeout,
+                                     metadata:     metadata,
+                                     retry_policy: @config.rpcs.raw_decrypt.retry_policy
+              options.apply_defaults timeout:      @config.timeout,
+                                     metadata:     @config.metadata,
+                                     retry_policy: @config.retry_policy
+              @key_management_service_stub.call_rpc :raw_decrypt, request, options: options do |response, operation|
+                yield response, operation if block_given?
+                return response
+              end
+            rescue ::GRPC::BadStatus => e
+              raise ::Google::Cloud::Error.from_error(e)
+            end
             ##
             # Signs data using a {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}
             # with {::Google::Cloud::Kms::V1::CryptoKey#purpose CryptoKey.purpose}
@@ -3378,6 +3704,16 @@ module Google
                 #
                 attr_reader :decrypt
                 ##
+                # RPC-specific configuration for `raw_encrypt`
+                # @return [::Gapic::Config::Method]
+                #
+                attr_reader :raw_encrypt
+                ##
+                # RPC-specific configuration for `raw_decrypt`
+                # @return [::Gapic::Config::Method]
+                #
+                attr_reader :raw_decrypt
+                ##
                 # RPC-specific configuration for `asymmetric_sign`
                 # @return [::Gapic::Config::Method]
                 #
@@ -3447,6 +3783,10 @@ module Google
                   @encrypt = ::Gapic::Config::Method.new encrypt_config
                   decrypt_config = parent_rpcs.decrypt if parent_rpcs.respond_to? :decrypt
                   @decrypt = ::Gapic::Config::Method.new decrypt_config
+                  raw_encrypt_config = parent_rpcs.raw_encrypt if parent_rpcs.respond_to? :raw_encrypt
+                  @raw_encrypt = ::Gapic::Config::Method.new raw_encrypt_config
+                  raw_decrypt_config = parent_rpcs.raw_decrypt if parent_rpcs.respond_to? :raw_decrypt
+                  @raw_decrypt = ::Gapic::Config::Method.new raw_decrypt_config
                   asymmetric_sign_config = parent_rpcs.asymmetric_sign if parent_rpcs.respond_to? :asymmetric_sign
                   @asymmetric_sign = ::Gapic::Config::Method.new asymmetric_sign_config
                   asymmetric_decrypt_config = parent_rpcs.asymmetric_decrypt if parent_rpcs.respond_to? :asymmetric_decrypt