google-cloud-kms-v1 0.6.0 → 0.8.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5037e70b86fc808722a8a1f2937ee740a9cbebd903a72c52ec52a38b4dd7ddd6
-  data.tar.gz: 35707f1908b1330a758109e5f5990b562e909c8bdf0fd0a3907717b504e039d0
+  metadata.gz: 366f739162ab5400a7d321c89b3283faa619b89e0ce78a22729aaec42cf319f2
+  data.tar.gz: 9b07da8889a3a6804331abc9f78882ee7cc89ae0f8d848cb8ce321a027d0ca98
 SHA512:
-  metadata.gz: 943f1f9adc9daa3756f786fae9d0956674687ab35890552d6a3dac40f0304a2dc761e7f5dd24738b8c01bb74b61ebd6d631e2aebaf22be2b6abac8c7f53a55db
-  data.tar.gz: e77f44c6fac533bebac6262b074a51738ec7ccde1d89edaa44bf04738cb92ff029fd25b189d5ff4ecc5ec9a4b45bc5294990e3733dec7a001092102be24469be
+  metadata.gz: f46892858f2569b83d67dd04ae66ad59eabb7acc9b6b3a55d1661f35d0fcf060af22ee2dafe271059fa461aac233afa458bccbc800850363bc055c925cbb178e
+  data.tar.gz: c8babfa3af90696ca1223d8dc2461615289de042c0a7beda99da0b9e75c951372e58e077f162f68c5b8cf61f65c3501d3229406da434a80a6f31cd0f0494eb49

data/AUTHENTICATION.md

@@ -66,11 +66,11 @@ The environment variables that google-cloud-kms-v1
 checks for credentials are configured on the service Credentials class (such as
 {::Google::Cloud::Kms::V1::KeyManagementService::Credentials}):
 
-1. `KMS_CREDENTIALS` - Path to JSON file, or JSON contents
-2. `KMS_KEYFILE` - Path to JSON file, or JSON contents
-3. `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents
-4. `GOOGLE_CLOUD_KEYFILE` - Path to JSON file, or JSON contents
-5. `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file
+* `KMS_CREDENTIALS` - Path to JSON file, or JSON contents
+* `KMS_KEYFILE` - Path to JSON file, or JSON contents
+* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents
+* `GOOGLE_CLOUD_KEYFILE` - Path to JSON file, or JSON contents
+* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file
 
 ```ruby
 require "google/cloud/kms/v1"
@@ -82,8 +82,8 @@ client = ::Google::Cloud::Kms::V1::KeyManagementService::Client.new
 
 ### Configuration
 
-The **Credentials JSON** can be configured instead of placing them in
-environment variables. Either on an individual client initialization:
+The path to the **Credentials JSON** file can be configured instead of storing
+it in an environment variable. Either on an individual client initialization:
 
 ```ruby
 require "google/cloud/kms/v1"
@@ -93,7 +93,7 @@ client = ::Google::Cloud::Kms::V1::KeyManagementService::Client.new do |config|
 end
 ```
 
-Or configured globally for all clients:
+Or globally for all clients:
 
 ```ruby
 require "google/cloud/kms/v1"

data/README.md

@@ -33,7 +33,7 @@ In order to use this library, you first need to go through the following steps:
 require "google/cloud/kms/v1"
 
 client = ::Google::Cloud::Kms::V1::KeyManagementService::Client.new
-request = my_create_request
+request = ::Google::Cloud::Kms::V1::ListKeyRingsRequest.new # (request fields as keyword arguments...)
 response = client.list_key_rings request
 ```
 

data/lib/google/cloud/kms/v1/iam_policy/client.rb

@@ -63,13 +63,12 @@ module Google
             # See {::Google::Cloud::Kms::V1::IAMPolicy::Client::Configuration}
             # for a description of the configuration fields.
             #
-            # ## Example
+            # @example
             #
-            # To modify the configuration for all IAMPolicy clients:
-            #
-            #     ::Google::Cloud::Kms::V1::IAMPolicy::Client.configure do |config|
-            #       config.timeout = 10.0
-            #     end
+            #   # Modify the configuration for all IAMPolicy clients
+            #   ::Google::Cloud::Kms::V1::IAMPolicy::Client.configure do |config|
+            #     config.timeout = 10.0
+            #   end
             #
             # @yield [config] Configure the Client client.
             # @yieldparam config [Client::Configuration]
@@ -116,19 +115,15 @@ module Google
             ##
             # Create a new IAMPolicy client object.
             #
-            # ## Examples
-            #
-            # To create a new IAMPolicy client with the default
-            # configuration:
-            #
-            #     client = ::Google::Cloud::Kms::V1::IAMPolicy::Client.new
+            # @example
             #
-            # To create a new IAMPolicy client with a custom
-            # configuration:
+            #   # Create a client using the default configuration
+            #   client = ::Google::Cloud::Kms::V1::IAMPolicy::Client.new
             #
-            #     client = ::Google::Cloud::Kms::V1::IAMPolicy::Client.new do |config|
-            #       config.timeout = 10.0
-            #     end
+            #   # Create a client using a custom configuration
+            #   client = ::Google::Cloud::Kms::V1::IAMPolicy::Client.new do |config|
+            #     config.timeout = 10.0
+            #   end
             #
             # @yield [config] Configure the IAMPolicy client.
             # @yieldparam config [Client::Configuration]
@@ -148,14 +143,13 @@ module Google
 
               # Create credentials
               credentials = @config.credentials
-              # Use self-signed JWT if the scope and endpoint are unchanged from default,
+              # Use self-signed JWT if the endpoint is unchanged from default,
               # but only if the default endpoint does not have a region prefix.
-              enable_self_signed_jwt = @config.scope == Client.configure.scope &&
-                                       @config.endpoint == Client.configure.endpoint &&
+              enable_self_signed_jwt = @config.endpoint == Client.configure.endpoint &&
                                        !@config.endpoint.split(".").first.include?("-")
               credentials ||= Credentials.default scope: @config.scope,
                                                   enable_self_signed_jwt: enable_self_signed_jwt
-              if credentials.is_a?(String) || credentials.is_a?(Hash)
+              if credentials.is_a?(::String) || credentials.is_a?(::Hash)
                 credentials = Credentials.new credentials, scope: @config.scope
               end
               @quota_project_id = @config.quota_project
@@ -234,7 +228,9 @@ module Google
               options.apply_defaults timeout:      @config.rpcs.set_iam_policy.timeout,
                                      metadata:     metadata,
                                      retry_policy: @config.rpcs.set_iam_policy.retry_policy
-              options.apply_defaults metadata:     @config.metadata,
+
+              options.apply_defaults timeout:      @config.timeout,
+                                     metadata:     @config.metadata,
                                      retry_policy: @config.retry_policy
 
               @iam_policy_stub.call_rpc :set_iam_policy, request, options: options do |response, operation|
@@ -306,7 +302,9 @@ module Google
               options.apply_defaults timeout:      @config.rpcs.get_iam_policy.timeout,
                                      metadata:     metadata,
                                      retry_policy: @config.rpcs.get_iam_policy.retry_policy
-              options.apply_defaults metadata:     @config.metadata,
+
+              options.apply_defaults timeout:      @config.timeout,
+                                     metadata:     @config.metadata,
                                      retry_policy: @config.retry_policy
 
               @iam_policy_stub.call_rpc :get_iam_policy, request, options: options do |response, operation|
@@ -384,7 +382,9 @@ module Google
               options.apply_defaults timeout:      @config.rpcs.test_iam_permissions.timeout,
                                      metadata:     metadata,
                                      retry_policy: @config.rpcs.test_iam_permissions.retry_policy
-              options.apply_defaults metadata:     @config.metadata,
+
+              options.apply_defaults timeout:      @config.timeout,
+                                     metadata:     @config.metadata,
                                      retry_policy: @config.retry_policy
 
               @iam_policy_stub.call_rpc :test_iam_permissions, request, options: options do |response, operation|
@@ -408,22 +408,21 @@ module Google
             # Configuration can be applied globally to all clients, or to a single client
             # on construction.
             #
-            # # Examples
-            #
-            # To modify the global config, setting the timeout for set_iam_policy
-            # to 20 seconds, and all remaining timeouts to 10 seconds:
-            #
-            #     ::Google::Cloud::Kms::V1::IAMPolicy::Client.configure do |config|
-            #       config.timeout = 10.0
-            #       config.rpcs.set_iam_policy.timeout = 20.0
-            #     end
-            #
-            # To apply the above configuration only to a new client:
-            #
-            #     client = ::Google::Cloud::Kms::V1::IAMPolicy::Client.new do |config|
-            #       config.timeout = 10.0
-            #       config.rpcs.set_iam_policy.timeout = 20.0
-            #     end
+            # @example
+            #
+            #   # Modify the global config, setting the timeout for
+            #   # set_iam_policy to 20 seconds,
+            #   # and all remaining timeouts to 10 seconds.
+            #   ::Google::Cloud::Kms::V1::IAMPolicy::Client.configure do |config|
+            #     config.timeout = 10.0
+            #     config.rpcs.set_iam_policy.timeout = 20.0
+            #   end
+            #
+            #   # Apply the above configuration only to a new client.
+            #   client = ::Google::Cloud::Kms::V1::IAMPolicy::Client.new do |config|
+            #     config.timeout = 10.0
+            #     config.rpcs.set_iam_policy.timeout = 20.0
+            #   end
             #
             # @!attribute [rw] endpoint
             #   The hostname or hostname:port of the service endpoint.

data/lib/google/cloud/kms/v1/key_management_service/client.rb

@@ -52,13 +52,12 @@ module Google
             # See {::Google::Cloud::Kms::V1::KeyManagementService::Client::Configuration}
             # for a description of the configuration fields.
             #
-            # ## Example
+            # @example
             #
-            # To modify the configuration for all KeyManagementService clients:
-            #
-            #     ::Google::Cloud::Kms::V1::KeyManagementService::Client.configure do |config|
-            #       config.timeout = 10.0
-            #     end
+            #   # Modify the configuration for all KeyManagementService clients
+            #   ::Google::Cloud::Kms::V1::KeyManagementService::Client.configure do |config|
+            #     config.timeout = 10.0
+            #   end
             #
             # @yield [config] Configure the Client client.
             # @yieldparam config [Client::Configuration]
@@ -78,90 +77,57 @@ module Google
 
                 default_config.rpcs.list_key_rings.timeout = 60.0
                 default_config.rpcs.list_key_rings.retry_policy = {
-                  initial_delay: 0.1,
-              max_delay: 60.0,
-              multiplier: 1.3,
-              retry_codes: [14, 4]
+                  initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
                 }
 
                 default_config.rpcs.list_crypto_keys.timeout = 60.0
                 default_config.rpcs.list_crypto_keys.retry_policy = {
-                  initial_delay: 0.1,
-              max_delay: 60.0,
-              multiplier: 1.3,
-              retry_codes: [14, 4]
+                  initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
                 }
 
                 default_config.rpcs.list_crypto_key_versions.timeout = 60.0
                 default_config.rpcs.list_crypto_key_versions.retry_policy = {
-                  initial_delay: 0.1,
-              max_delay: 60.0,
-              multiplier: 1.3,
-              retry_codes: [14, 4]
+                  initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
                 }
 
                 default_config.rpcs.list_import_jobs.timeout = 60.0
                 default_config.rpcs.list_import_jobs.retry_policy = {
-                  initial_delay: 0.1,
-              max_delay: 60.0,
-              multiplier: 1.3,
-              retry_codes: [14, 4]
+                  initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
                 }
 
                 default_config.rpcs.get_key_ring.timeout = 60.0
                 default_config.rpcs.get_key_ring.retry_policy = {
-                  initial_delay: 0.1,
-              max_delay: 60.0,
-              multiplier: 1.3,
-              retry_codes: [14, 4]
+                  initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
                 }
 
                 default_config.rpcs.get_crypto_key.timeout = 60.0
                 default_config.rpcs.get_crypto_key.retry_policy = {
-                  initial_delay: 0.1,
-              max_delay: 60.0,
-              multiplier: 1.3,
-              retry_codes: [14, 4]
+                  initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
                 }
 
                 default_config.rpcs.get_crypto_key_version.timeout = 60.0
                 default_config.rpcs.get_crypto_key_version.retry_policy = {
-                  initial_delay: 0.1,
-              max_delay: 60.0,
-              multiplier: 1.3,
-              retry_codes: [14, 4]
+                  initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
                 }
 
                 default_config.rpcs.get_public_key.timeout = 60.0
                 default_config.rpcs.get_public_key.retry_policy = {
-                  initial_delay: 0.1,
-              max_delay: 60.0,
-              multiplier: 1.3,
-              retry_codes: [14, 4]
+                  initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
                 }
 
                 default_config.rpcs.get_import_job.timeout = 60.0
                 default_config.rpcs.get_import_job.retry_policy = {
-                  initial_delay: 0.1,
-              max_delay: 60.0,
-              multiplier: 1.3,
-              retry_codes: [14, 4]
+                  initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
                 }
 
                 default_config.rpcs.create_key_ring.timeout = 60.0
                 default_config.rpcs.create_key_ring.retry_policy = {
-                  initial_delay: 0.1,
-              max_delay: 60.0,
-              multiplier: 1.3,
-              retry_codes: [14, 4]
+                  initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
                 }
 
                 default_config.rpcs.create_crypto_key.timeout = 60.0
                 default_config.rpcs.create_crypto_key.retry_policy = {
-                  initial_delay: 0.1,
-              max_delay: 60.0,
-              multiplier: 1.3,
-              retry_codes: [14, 4]
+                  initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
                 }
 
                 default_config.rpcs.create_crypto_key_version.timeout = 60.0
@@ -170,82 +136,52 @@ module Google
 
                 default_config.rpcs.create_import_job.timeout = 60.0
                 default_config.rpcs.create_import_job.retry_policy = {
-                  initial_delay: 0.1,
-              max_delay: 60.0,
-              multiplier: 1.3,
-              retry_codes: [14, 4]
+                  initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
                 }
 
                 default_config.rpcs.update_crypto_key.timeout = 60.0
                 default_config.rpcs.update_crypto_key.retry_policy = {
-                  initial_delay: 0.1,
-              max_delay: 60.0,
-              multiplier: 1.3,
-              retry_codes: [14, 4]
+                  initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
                 }
 
                 default_config.rpcs.update_crypto_key_version.timeout = 60.0
                 default_config.rpcs.update_crypto_key_version.retry_policy = {
-                  initial_delay: 0.1,
-              max_delay: 60.0,
-              multiplier: 1.3,
-              retry_codes: [14, 4]
+                  initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
+                }
+
+                default_config.rpcs.update_crypto_key_primary_version.timeout = 60.0
+                default_config.rpcs.update_crypto_key_primary_version.retry_policy = {
+                  initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
+                }
+
+                default_config.rpcs.destroy_crypto_key_version.timeout = 60.0
+                default_config.rpcs.destroy_crypto_key_version.retry_policy = {
+                  initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
+                }
+
+                default_config.rpcs.restore_crypto_key_version.timeout = 60.0
+                default_config.rpcs.restore_crypto_key_version.retry_policy = {
+                  initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
                 }
 
                 default_config.rpcs.encrypt.timeout = 60.0
                 default_config.rpcs.encrypt.retry_policy = {
-                  initial_delay: 0.1,
-              max_delay: 60.0,
-              multiplier: 1.3,
-              retry_codes: [14, 4]
+                  initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
                 }
 
                 default_config.rpcs.decrypt.timeout = 60.0
                 default_config.rpcs.decrypt.retry_policy = {
-                  initial_delay: 0.1,
-              max_delay: 60.0,
-              multiplier: 1.3,
-              retry_codes: [14, 4]
+                  initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
                 }
 
                 default_config.rpcs.asymmetric_sign.timeout = 60.0
                 default_config.rpcs.asymmetric_sign.retry_policy = {
-                  initial_delay: 0.1,
-              max_delay: 60.0,
-              multiplier: 1.3,
-              retry_codes: [14, 4]
+                  initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
                 }
 
                 default_config.rpcs.asymmetric_decrypt.timeout = 60.0
                 default_config.rpcs.asymmetric_decrypt.retry_policy = {
-                  initial_delay: 0.1,
-              max_delay: 60.0,
-              multiplier: 1.3,
-              retry_codes: [14, 4]
-                }
-
-                default_config.rpcs.update_crypto_key_primary_version.timeout = 60.0
-                default_config.rpcs.update_crypto_key_primary_version.retry_policy = {
-                  initial_delay: 0.1,
-              max_delay: 60.0,
-              multiplier: 1.3,
-              retry_codes: [14, 4]
-                }
-
-                default_config.rpcs.destroy_crypto_key_version.timeout = 60.0
-                default_config.rpcs.destroy_crypto_key_version.retry_policy = {
-                  initial_delay: 0.1,
-              max_delay: 60.0,
-              multiplier: 1.3,
-              retry_codes: [14, 4]
-                }
-
-                default_config.rpcs.restore_crypto_key_version.timeout = 60.0
-                default_config.rpcs.restore_crypto_key_version.retry_policy = {
-                  initial_delay: 0.1,
-              max_delay: 60.0,
-              multiplier: 1.3,
-              retry_codes: [14, 4]
+                  initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
                 }
 
                 default_config
@@ -277,19 +213,15 @@ module Google
             ##
             # Create a new KeyManagementService client object.
             #
-            # ## Examples
-            #
-            # To create a new KeyManagementService client with the default
-            # configuration:
+            # @example
             #
-            #     client = ::Google::Cloud::Kms::V1::KeyManagementService::Client.new
+            #   # Create a client using the default configuration
+            #   client = ::Google::Cloud::Kms::V1::KeyManagementService::Client.new
             #
-            # To create a new KeyManagementService client with a custom
-            # configuration:
-            #
-            #     client = ::Google::Cloud::Kms::V1::KeyManagementService::Client.new do |config|
-            #       config.timeout = 10.0
-            #     end
+            #   # Create a client using a custom configuration
+            #   client = ::Google::Cloud::Kms::V1::KeyManagementService::Client.new do |config|
+            #     config.timeout = 10.0
+            #   end
             #
             # @yield [config] Configure the KeyManagementService client.
             # @yieldparam config [Client::Configuration]
@@ -309,14 +241,13 @@ module Google
 
               # Create credentials
               credentials = @config.credentials
-              # Use self-signed JWT if the scope and endpoint are unchanged from default,
+              # Use self-signed JWT if the endpoint is unchanged from default,
               # but only if the default endpoint does not have a region prefix.
-              enable_self_signed_jwt = @config.scope == Client.configure.scope &&
-                                       @config.endpoint == Client.configure.endpoint &&
+              enable_self_signed_jwt = @config.endpoint == Client.configure.endpoint &&
                                        !@config.endpoint.split(".").first.include?("-")
               credentials ||= Credentials.default scope: @config.scope,
                                                   enable_self_signed_jwt: enable_self_signed_jwt
-              if credentials.is_a?(String) || credentials.is_a?(Hash)
+              if credentials.is_a?(::String) || credentials.is_a?(::Hash)
                 credentials = Credentials.new credentials, scope: @config.scope
               end
               @quota_project_id = @config.quota_project
@@ -407,7 +338,9 @@ module Google
               options.apply_defaults timeout:      @config.rpcs.list_key_rings.timeout,
                                      metadata:     metadata,
                                      retry_policy: @config.rpcs.list_key_rings.retry_policy
-              options.apply_defaults metadata:     @config.metadata,
+
+              options.apply_defaults timeout:      @config.timeout,
+                                     metadata:     @config.metadata,
                                      retry_policy: @config.retry_policy
 
               @key_management_service_stub.call_rpc :list_key_rings, request, options: options do |response, operation|
@@ -495,7 +428,9 @@ module Google
               options.apply_defaults timeout:      @config.rpcs.list_crypto_keys.timeout,
                                      metadata:     metadata,
                                      retry_policy: @config.rpcs.list_crypto_keys.retry_policy
-              options.apply_defaults metadata:     @config.metadata,
+
+              options.apply_defaults timeout:      @config.timeout,
+                                     metadata:     @config.metadata,
                                      retry_policy: @config.retry_policy
 
               @key_management_service_stub.call_rpc :list_crypto_keys, request, options: options do |response, operation|
@@ -584,7 +519,9 @@ module Google
               options.apply_defaults timeout:      @config.rpcs.list_crypto_key_versions.timeout,
                                      metadata:     metadata,
                                      retry_policy: @config.rpcs.list_crypto_key_versions.retry_policy
-              options.apply_defaults metadata:     @config.metadata,
+
+              options.apply_defaults timeout:      @config.timeout,
+                                     metadata:     @config.metadata,
                                      retry_policy: @config.retry_policy
 
               @key_management_service_stub.call_rpc :list_crypto_key_versions, request, options: options do |response, operation|
@@ -670,7 +607,9 @@ module Google
               options.apply_defaults timeout:      @config.rpcs.list_import_jobs.timeout,
                                      metadata:     metadata,
                                      retry_policy: @config.rpcs.list_import_jobs.retry_policy
-              options.apply_defaults metadata:     @config.metadata,
+
+              options.apply_defaults timeout:      @config.timeout,
+                                     metadata:     @config.metadata,
                                      retry_policy: @config.retry_policy
 
               @key_management_service_stub.call_rpc :list_import_jobs, request, options: options do |response, operation|
@@ -737,7 +676,9 @@ module Google
               options.apply_defaults timeout:      @config.rpcs.get_key_ring.timeout,
                                      metadata:     metadata,
                                      retry_policy: @config.rpcs.get_key_ring.retry_policy
-              options.apply_defaults metadata:     @config.metadata,
+
+              options.apply_defaults timeout:      @config.timeout,
+                                     metadata:     @config.metadata,
                                      retry_policy: @config.retry_policy
 
               @key_management_service_stub.call_rpc :get_key_ring, request, options: options do |response, operation|
@@ -804,7 +745,9 @@ module Google
               options.apply_defaults timeout:      @config.rpcs.get_crypto_key.timeout,
                                      metadata:     metadata,
                                      retry_policy: @config.rpcs.get_crypto_key.retry_policy
-              options.apply_defaults metadata:     @config.metadata,
+
+              options.apply_defaults timeout:      @config.timeout,
+                                     metadata:     @config.metadata,
                                      retry_policy: @config.retry_policy
 
               @key_management_service_stub.call_rpc :get_crypto_key, request, options: options do |response, operation|
@@ -870,7 +813,9 @@ module Google
               options.apply_defaults timeout:      @config.rpcs.get_crypto_key_version.timeout,
                                      metadata:     metadata,
                                      retry_policy: @config.rpcs.get_crypto_key_version.retry_policy
-              options.apply_defaults metadata:     @config.metadata,
+
+              options.apply_defaults timeout:      @config.timeout,
+                                     metadata:     @config.metadata,
                                      retry_policy: @config.retry_policy
 
               @key_management_service_stub.call_rpc :get_crypto_key_version, request, options: options do |response, operation|
@@ -940,7 +885,9 @@ module Google
               options.apply_defaults timeout:      @config.rpcs.get_public_key.timeout,
                                      metadata:     metadata,
                                      retry_policy: @config.rpcs.get_public_key.retry_policy
-              options.apply_defaults metadata:     @config.metadata,
+
+              options.apply_defaults timeout:      @config.timeout,
+                                     metadata:     @config.metadata,
                                      retry_policy: @config.retry_policy
 
               @key_management_service_stub.call_rpc :get_public_key, request, options: options do |response, operation|
@@ -1006,7 +953,9 @@ module Google
               options.apply_defaults timeout:      @config.rpcs.get_import_job.timeout,
                                      metadata:     metadata,
                                      retry_policy: @config.rpcs.get_import_job.retry_policy
-              options.apply_defaults metadata:     @config.metadata,
+
+              options.apply_defaults timeout:      @config.timeout,
+                                     metadata:     @config.metadata,
                                      retry_policy: @config.retry_policy
 
               @key_management_service_stub.call_rpc :get_import_job, request, options: options do |response, operation|
@@ -1078,7 +1027,9 @@ module Google
               options.apply_defaults timeout:      @config.rpcs.create_key_ring.timeout,
                                      metadata:     metadata,
                                      retry_policy: @config.rpcs.create_key_ring.retry_policy
-              options.apply_defaults metadata:     @config.metadata,
+
+              options.apply_defaults timeout:      @config.timeout,
+                                     metadata:     @config.metadata,
                                      retry_policy: @config.retry_policy
 
               @key_management_service_stub.call_rpc :create_key_ring, request, options: options do |response, operation|
@@ -1160,7 +1111,9 @@ module Google
               options.apply_defaults timeout:      @config.rpcs.create_crypto_key.timeout,
                                      metadata:     metadata,
                                      retry_policy: @config.rpcs.create_crypto_key.retry_policy
-              options.apply_defaults metadata:     @config.metadata,
+
+              options.apply_defaults timeout:      @config.timeout,
+                                     metadata:     @config.metadata,
                                      retry_policy: @config.retry_policy
 
               @key_management_service_stub.call_rpc :create_crypto_key, request, options: options do |response, operation|
@@ -1233,7 +1186,9 @@ module Google
               options.apply_defaults timeout:      @config.rpcs.create_crypto_key_version.timeout,
                                      metadata:     metadata,
                                      retry_policy: @config.rpcs.create_crypto_key_version.retry_policy
-              options.apply_defaults metadata:     @config.metadata,
+
+              options.apply_defaults timeout:      @config.timeout,
+                                     metadata:     @config.metadata,
                                      retry_policy: @config.retry_policy
 
               @key_management_service_stub.call_rpc :create_crypto_key_version, request, options: options do |response, operation|
@@ -1245,11 +1200,12 @@ module Google
             end
 
             ##
-            # Imports a new {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} into an existing {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} using the
-            # wrapped key material provided in the request.
+            # Import wrapped key material into a {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}.
             #
-            # The version ID will be assigned the next sequential id within the
-            # {::Google::Cloud::Kms::V1::CryptoKey CryptoKey}.
+            # All requests must specify a {::Google::Cloud::Kms::V1::CryptoKey CryptoKey}. If a {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} is
+            # additionally specified in the request, key material will be reimported into
+            # that version. Otherwise, a new version will be created, and will be
+            # assigned the next sequential id within the {::Google::Cloud::Kms::V1::CryptoKey CryptoKey}.
             #
             # @overload import_crypto_key_version(request, options = nil)
             #   Pass arguments to `import_crypto_key_version` via a request object, either of type
@@ -1261,14 +1217,32 @@ module Google
             #   @param options [::Gapic::CallOptions, ::Hash]
             #     Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
             #
-            # @overload import_crypto_key_version(parent: nil, algorithm: nil, import_job: nil, rsa_aes_wrapped_key: nil)
+            # @overload import_crypto_key_version(parent: nil, crypto_key_version: nil, algorithm: nil, import_job: nil, rsa_aes_wrapped_key: nil)
             #   Pass arguments to `import_crypto_key_version` via keyword arguments. Note that at
             #   least one keyword argument is required. To specify no parameters, or to keep all
             #   the default parameter values, pass an empty Hash as a request object (see above).
             #
             #   @param parent [::String]
-            #     Required. The {::Google::Cloud::Kms::V1::CryptoKey#name name} of the {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} to
-            #     be imported into.
+            #     Required. The {::Google::Cloud::Kms::V1::CryptoKey#name name} of the {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} to be imported into.
+            #
+            #     The create permission is only required on this key when creating a new
+            #     {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}.
+            #   @param crypto_key_version [::String]
+            #     Optional. The optional {::Google::Cloud::Kms::V1::CryptoKeyVersion#name name} of an existing
+            #     {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to target for an import operation.
+            #     If this field is not present, a new {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} containing the
+            #     supplied key material is created.
+            #
+            #     If this field is present, the supplied key material is imported into
+            #     the existing {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}. To import into an existing
+            #     {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}, the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} must be a child of
+            #     {::Google::Cloud::Kms::V1::ImportCryptoKeyVersionRequest#parent ImportCryptoKeyVersionRequest.parent}, have been previously created via
+            #     [ImportCryptoKeyVersion][], and be in
+            #     {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DESTROYED DESTROYED} or
+            #     {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::IMPORT_FAILED IMPORT_FAILED}
+            #     state. The key material and algorithm must match the previous
+            #     {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} exactly if the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} has ever contained
+            #     key material.
             #   @param algorithm [::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionAlgorithm]
             #     Required. The {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionAlgorithm algorithm} of
             #     the key being imported. This does not need to match the
@@ -1336,7 +1310,9 @@ module Google
               options.apply_defaults timeout:      @config.rpcs.import_crypto_key_version.timeout,
                                      metadata:     metadata,
                                      retry_policy: @config.rpcs.import_crypto_key_version.retry_policy
-              options.apply_defaults metadata:     @config.metadata,
+
+              options.apply_defaults timeout:      @config.timeout,
+                                     metadata:     @config.metadata,
                                      retry_policy: @config.retry_policy
 
               @key_management_service_stub.call_rpc :import_crypto_key_version, request, options: options do |response, operation|
@@ -1410,7 +1386,9 @@ module Google
               options.apply_defaults timeout:      @config.rpcs.create_import_job.timeout,
                                      metadata:     metadata,
                                      retry_policy: @config.rpcs.create_import_job.retry_policy
-              options.apply_defaults metadata:     @config.metadata,
+
+              options.apply_defaults timeout:      @config.timeout,
+                                     metadata:     @config.metadata,
                                      retry_policy: @config.retry_policy
 
               @key_management_service_stub.call_rpc :create_import_job, request, options: options do |response, operation|
@@ -1478,7 +1456,9 @@ module Google
               options.apply_defaults timeout:      @config.rpcs.update_crypto_key.timeout,
                                      metadata:     metadata,
                                      retry_policy: @config.rpcs.update_crypto_key.retry_policy
-              options.apply_defaults metadata:     @config.metadata,
+
+              options.apply_defaults timeout:      @config.timeout,
+                                     metadata:     @config.metadata,
                                      retry_policy: @config.retry_policy
 
               @key_management_service_stub.call_rpc :update_crypto_key, request, options: options do |response, operation|
@@ -1552,7 +1532,9 @@ module Google
               options.apply_defaults timeout:      @config.rpcs.update_crypto_key_version.timeout,
                                      metadata:     metadata,
                                      retry_policy: @config.rpcs.update_crypto_key_version.retry_policy
-              options.apply_defaults metadata:     @config.metadata,
+
+              options.apply_defaults timeout:      @config.timeout,
+                                     metadata:     @config.metadata,
                                      retry_policy: @config.retry_policy
 
               @key_management_service_stub.call_rpc :update_crypto_key_version, request, options: options do |response, operation|
@@ -1563,6 +1545,233 @@ module Google
               raise ::Google::Cloud::Error.from_error(e)
             end
 
+            ##
+            # Update the version of a {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} that will be used in {::Google::Cloud::Kms::V1::KeyManagementService::Client#encrypt Encrypt}.
+            #
+            # Returns an error if called on a key whose purpose is not
+            # {::Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose::ENCRYPT_DECRYPT ENCRYPT_DECRYPT}.
+            #
+            # @overload update_crypto_key_primary_version(request, options = nil)
+            #   Pass arguments to `update_crypto_key_primary_version` via a request object, either of type
+            #   {::Google::Cloud::Kms::V1::UpdateCryptoKeyPrimaryVersionRequest} or an equivalent Hash.
+            #
+            #   @param request [::Google::Cloud::Kms::V1::UpdateCryptoKeyPrimaryVersionRequest, ::Hash]
+            #     A request object representing the call parameters. Required. To specify no
+            #     parameters, or to keep all the default parameter values, pass an empty Hash.
+            #   @param options [::Gapic::CallOptions, ::Hash]
+            #     Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
+            #
+            # @overload update_crypto_key_primary_version(name: nil, crypto_key_version_id: nil)
+            #   Pass arguments to `update_crypto_key_primary_version` via keyword arguments. Note that at
+            #   least one keyword argument is required. To specify no parameters, or to keep all
+            #   the default parameter values, pass an empty Hash as a request object (see above).
+            #
+            #   @param name [::String]
+            #     Required. The resource name of the {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} to update.
+            #   @param crypto_key_version_id [::String]
+            #     Required. The id of the child {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use as primary.
+            #
+            # @yield [response, operation] Access the result along with the RPC operation
+            # @yieldparam response [::Google::Cloud::Kms::V1::CryptoKey]
+            # @yieldparam operation [::GRPC::ActiveCall::Operation]
+            #
+            # @return [::Google::Cloud::Kms::V1::CryptoKey]
+            #
+            # @raise [::Google::Cloud::Error] if the RPC is aborted.
+            #
+            def update_crypto_key_primary_version request, options = nil
+              raise ::ArgumentError, "request must be provided" if request.nil?
+
+              request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Kms::V1::UpdateCryptoKeyPrimaryVersionRequest
+
+              # Converts hash and nil to an options object
+              options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
+
+              # Customize the options with defaults
+              metadata = @config.rpcs.update_crypto_key_primary_version.metadata.to_h
+
+              # Set x-goog-api-client and x-goog-user-project headers
+              metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
+                lib_name: @config.lib_name, lib_version: @config.lib_version,
+                gapic_version: ::Google::Cloud::Kms::V1::VERSION
+              metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
+
+              header_params = {
+                "name" => request.name
+              }
+              request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
+              metadata[:"x-goog-request-params"] ||= request_params_header
+
+              options.apply_defaults timeout:      @config.rpcs.update_crypto_key_primary_version.timeout,
+                                     metadata:     metadata,
+                                     retry_policy: @config.rpcs.update_crypto_key_primary_version.retry_policy
+
+              options.apply_defaults timeout:      @config.timeout,
+                                     metadata:     @config.metadata,
+                                     retry_policy: @config.retry_policy
+
+              @key_management_service_stub.call_rpc :update_crypto_key_primary_version, request, options: options do |response, operation|
+                yield response, operation if block_given?
+                return response
+              end
+            rescue ::GRPC::BadStatus => e
+              raise ::Google::Cloud::Error.from_error(e)
+            end
+
+            ##
+            # Schedule a {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} for destruction.
+            #
+            # Upon calling this method, {::Google::Cloud::Kms::V1::CryptoKeyVersion#state CryptoKeyVersion.state} will be set to
+            # {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DESTROY_SCHEDULED DESTROY_SCHEDULED},
+            # and {::Google::Cloud::Kms::V1::CryptoKeyVersion#destroy_time destroy_time} will be set to the time
+            # {::Google::Cloud::Kms::V1::CryptoKey#destroy_scheduled_duration destroy_scheduled_duration} in the
+            # future. At that time, the {::Google::Cloud::Kms::V1::CryptoKeyVersion#state state} will
+            # automatically change to
+            # {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DESTROYED DESTROYED}, and the key
+            # material will be irrevocably destroyed.
+            #
+            # Before the {::Google::Cloud::Kms::V1::CryptoKeyVersion#destroy_time destroy_time} is reached,
+            # {::Google::Cloud::Kms::V1::KeyManagementService::Client#restore_crypto_key_version RestoreCryptoKeyVersion} may be called to reverse the process.
+            #
+            # @overload destroy_crypto_key_version(request, options = nil)
+            #   Pass arguments to `destroy_crypto_key_version` via a request object, either of type
+            #   {::Google::Cloud::Kms::V1::DestroyCryptoKeyVersionRequest} or an equivalent Hash.
+            #
+            #   @param request [::Google::Cloud::Kms::V1::DestroyCryptoKeyVersionRequest, ::Hash]
+            #     A request object representing the call parameters. Required. To specify no
+            #     parameters, or to keep all the default parameter values, pass an empty Hash.
+            #   @param options [::Gapic::CallOptions, ::Hash]
+            #     Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
+            #
+            # @overload destroy_crypto_key_version(name: nil)
+            #   Pass arguments to `destroy_crypto_key_version` via keyword arguments. Note that at
+            #   least one keyword argument is required. To specify no parameters, or to keep all
+            #   the default parameter values, pass an empty Hash as a request object (see above).
+            #
+            #   @param name [::String]
+            #     Required. The resource name of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to destroy.
+            #
+            # @yield [response, operation] Access the result along with the RPC operation
+            # @yieldparam response [::Google::Cloud::Kms::V1::CryptoKeyVersion]
+            # @yieldparam operation [::GRPC::ActiveCall::Operation]
+            #
+            # @return [::Google::Cloud::Kms::V1::CryptoKeyVersion]
+            #
+            # @raise [::Google::Cloud::Error] if the RPC is aborted.
+            #
+            def destroy_crypto_key_version request, options = nil
+              raise ::ArgumentError, "request must be provided" if request.nil?
+
+              request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Kms::V1::DestroyCryptoKeyVersionRequest
+
+              # Converts hash and nil to an options object
+              options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
+
+              # Customize the options with defaults
+              metadata = @config.rpcs.destroy_crypto_key_version.metadata.to_h
+
+              # Set x-goog-api-client and x-goog-user-project headers
+              metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
+                lib_name: @config.lib_name, lib_version: @config.lib_version,
+                gapic_version: ::Google::Cloud::Kms::V1::VERSION
+              metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
+
+              header_params = {
+                "name" => request.name
+              }
+              request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
+              metadata[:"x-goog-request-params"] ||= request_params_header
+
+              options.apply_defaults timeout:      @config.rpcs.destroy_crypto_key_version.timeout,
+                                     metadata:     metadata,
+                                     retry_policy: @config.rpcs.destroy_crypto_key_version.retry_policy
+
+              options.apply_defaults timeout:      @config.timeout,
+                                     metadata:     @config.metadata,
+                                     retry_policy: @config.retry_policy
+
+              @key_management_service_stub.call_rpc :destroy_crypto_key_version, request, options: options do |response, operation|
+                yield response, operation if block_given?
+                return response
+              end
+            rescue ::GRPC::BadStatus => e
+              raise ::Google::Cloud::Error.from_error(e)
+            end
+
+            ##
+            # Restore a {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} in the
+            # {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DESTROY_SCHEDULED DESTROY_SCHEDULED}
+            # state.
+            #
+            # Upon restoration of the CryptoKeyVersion, {::Google::Cloud::Kms::V1::CryptoKeyVersion#state state}
+            # will be set to {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DISABLED DISABLED},
+            # and {::Google::Cloud::Kms::V1::CryptoKeyVersion#destroy_time destroy_time} will be cleared.
+            #
+            # @overload restore_crypto_key_version(request, options = nil)
+            #   Pass arguments to `restore_crypto_key_version` via a request object, either of type
+            #   {::Google::Cloud::Kms::V1::RestoreCryptoKeyVersionRequest} or an equivalent Hash.
+            #
+            #   @param request [::Google::Cloud::Kms::V1::RestoreCryptoKeyVersionRequest, ::Hash]
+            #     A request object representing the call parameters. Required. To specify no
+            #     parameters, or to keep all the default parameter values, pass an empty Hash.
+            #   @param options [::Gapic::CallOptions, ::Hash]
+            #     Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
+            #
+            # @overload restore_crypto_key_version(name: nil)
+            #   Pass arguments to `restore_crypto_key_version` via keyword arguments. Note that at
+            #   least one keyword argument is required. To specify no parameters, or to keep all
+            #   the default parameter values, pass an empty Hash as a request object (see above).
+            #
+            #   @param name [::String]
+            #     Required. The resource name of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to restore.
+            #
+            # @yield [response, operation] Access the result along with the RPC operation
+            # @yieldparam response [::Google::Cloud::Kms::V1::CryptoKeyVersion]
+            # @yieldparam operation [::GRPC::ActiveCall::Operation]
+            #
+            # @return [::Google::Cloud::Kms::V1::CryptoKeyVersion]
+            #
+            # @raise [::Google::Cloud::Error] if the RPC is aborted.
+            #
+            def restore_crypto_key_version request, options = nil
+              raise ::ArgumentError, "request must be provided" if request.nil?
+
+              request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Kms::V1::RestoreCryptoKeyVersionRequest
+
+              # Converts hash and nil to an options object
+              options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
+
+              # Customize the options with defaults
+              metadata = @config.rpcs.restore_crypto_key_version.metadata.to_h
+
+              # Set x-goog-api-client and x-goog-user-project headers
+              metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
+                lib_name: @config.lib_name, lib_version: @config.lib_version,
+                gapic_version: ::Google::Cloud::Kms::V1::VERSION
+              metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
+
+              header_params = {
+                "name" => request.name
+              }
+              request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
+              metadata[:"x-goog-request-params"] ||= request_params_header
+
+              options.apply_defaults timeout:      @config.rpcs.restore_crypto_key_version.timeout,
+                                     metadata:     metadata,
+                                     retry_policy: @config.rpcs.restore_crypto_key_version.retry_policy
+
+              options.apply_defaults timeout:      @config.timeout,
+                                     metadata:     @config.metadata,
+                                     retry_policy: @config.retry_policy
+
+              @key_management_service_stub.call_rpc :restore_crypto_key_version, request, options: options do |response, operation|
+                yield response, operation if block_given?
+                return response
+              end
+            rescue ::GRPC::BadStatus => e
+              raise ::Google::Cloud::Error.from_error(e)
+            end
+
             ##
             # Encrypts data, so that it can only be recovered by a call to {::Google::Cloud::Kms::V1::KeyManagementService::Client#decrypt Decrypt}.
             # The {::Google::Cloud::Kms::V1::CryptoKey#purpose CryptoKey.purpose} must be
@@ -1622,8 +1831,6 @@ module Google
             #     different languages. However, it is a non-negative integer, which will
             #     never exceed 2^32-1, and can be safely downconverted to uint32 in languages
             #     that support this type.
-            #
-            #     NOTE: This field is in Beta.
             #   @param additional_authenticated_data_crc32c [::Google::Protobuf::Int64Value, ::Hash]
             #     Optional. An optional CRC32C checksum of the
             #     {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data EncryptRequest.additional_authenticated_data}. If specified,
@@ -1640,8 +1847,6 @@ module Google
             #     never exceed 2^32-1, and can be safely downconverted to uint32 in languages
             #     that support this type.
             #
-            #     NOTE: This field is in Beta.
-            #
             # @yield [response, operation] Access the result along with the RPC operation
             # @yieldparam response [::Google::Cloud::Kms::V1::EncryptResponse]
             # @yieldparam operation [::GRPC::ActiveCall::Operation]
@@ -1676,7 +1881,9 @@ module Google
               options.apply_defaults timeout:      @config.rpcs.encrypt.timeout,
                                      metadata:     metadata,
                                      retry_policy: @config.rpcs.encrypt.retry_policy
-              options.apply_defaults metadata:     @config.metadata,
+
+              options.apply_defaults timeout:      @config.timeout,
+                                     metadata:     @config.metadata,
                                      retry_policy: @config.retry_policy
 
               @key_management_service_stub.call_rpc :encrypt, request, options: options do |response, operation|
@@ -1729,8 +1936,6 @@ module Google
             #     different languages. However, it is a non-negative integer, which will
             #     never exceed 2^32-1, and can be safely downconverted to uint32 in languages
             #     that support this type.
-            #
-            #     NOTE: This field is in Beta.
             #   @param additional_authenticated_data_crc32c [::Google::Protobuf::Int64Value, ::Hash]
             #     Optional. An optional CRC32C checksum of the
             #     {::Google::Cloud::Kms::V1::DecryptRequest#additional_authenticated_data DecryptRequest.additional_authenticated_data}. If specified,
@@ -1747,8 +1952,6 @@ module Google
             #     never exceed 2^32-1, and can be safely downconverted to uint32 in languages
             #     that support this type.
             #
-            #     NOTE: This field is in Beta.
-            #
             # @yield [response, operation] Access the result along with the RPC operation
             # @yieldparam response [::Google::Cloud::Kms::V1::DecryptResponse]
             # @yieldparam operation [::GRPC::ActiveCall::Operation]
@@ -1783,7 +1986,9 @@ module Google
               options.apply_defaults timeout:      @config.rpcs.decrypt.timeout,
                                      metadata:     metadata,
                                      retry_policy: @config.rpcs.decrypt.retry_policy
-              options.apply_defaults metadata:     @config.metadata,
+
+              options.apply_defaults timeout:      @config.timeout,
+                                     metadata:     @config.metadata,
                                      retry_policy: @config.retry_policy
 
               @key_management_service_stub.call_rpc :decrypt, request, options: options do |response, operation|
@@ -1835,8 +2040,6 @@ module Google
             #     never exceed 2^32-1, and can be safely downconverted to uint32 in languages
             #     that support this type.
             #
-            #     NOTE: This field is in Beta.
-            #
             # @yield [response, operation] Access the result along with the RPC operation
             # @yieldparam response [::Google::Cloud::Kms::V1::AsymmetricSignResponse]
             # @yieldparam operation [::GRPC::ActiveCall::Operation]
@@ -1871,7 +2074,9 @@ module Google
               options.apply_defaults timeout:      @config.rpcs.asymmetric_sign.timeout,
                                      metadata:     metadata,
                                      retry_policy: @config.rpcs.asymmetric_sign.retry_policy
-              options.apply_defaults metadata:     @config.metadata,
+
+              options.apply_defaults timeout:      @config.timeout,
+                                     metadata:     @config.metadata,
                                      retry_policy: @config.retry_policy
 
               @key_management_service_stub.call_rpc :asymmetric_sign, request, options: options do |response, operation|
@@ -1923,8 +2128,6 @@ module Google
             #     never exceed 2^32-1, and can be safely downconverted to uint32 in languages
             #     that support this type.
             #
-            #     NOTE: This field is in Beta.
-            #
             # @yield [response, operation] Access the result along with the RPC operation
             # @yieldparam response [::Google::Cloud::Kms::V1::AsymmetricDecryptResponse]
             # @yieldparam operation [::GRPC::ActiveCall::Operation]
@@ -1959,7 +2162,9 @@ module Google
               options.apply_defaults timeout:      @config.rpcs.asymmetric_decrypt.timeout,
                                      metadata:     metadata,
                                      retry_policy: @config.rpcs.asymmetric_decrypt.retry_policy
-              options.apply_defaults metadata:     @config.metadata,
+
+              options.apply_defaults timeout:      @config.timeout,
+                                     metadata:     @config.metadata,
                                      retry_policy: @config.retry_policy
 
               @key_management_service_stub.call_rpc :asymmetric_decrypt, request, options: options do |response, operation|
@@ -1971,49 +2176,63 @@ module Google
             end
 
             ##
-            # Update the version of a {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} that will be used in {::Google::Cloud::Kms::V1::KeyManagementService::Client#encrypt Encrypt}.
-            #
-            # Returns an error if called on a key whose purpose is not
-            # {::Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose::ENCRYPT_DECRYPT ENCRYPT_DECRYPT}.
+            # Signs data using a {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} with {::Google::Cloud::Kms::V1::CryptoKey#purpose CryptoKey.purpose}
+            # MAC, producing a tag that can be verified by another source with the
+            # same key.
             #
-            # @overload update_crypto_key_primary_version(request, options = nil)
-            #   Pass arguments to `update_crypto_key_primary_version` via a request object, either of type
-            #   {::Google::Cloud::Kms::V1::UpdateCryptoKeyPrimaryVersionRequest} or an equivalent Hash.
+            # @overload mac_sign(request, options = nil)
+            #   Pass arguments to `mac_sign` via a request object, either of type
+            #   {::Google::Cloud::Kms::V1::MacSignRequest} or an equivalent Hash.
             #
-            #   @param request [::Google::Cloud::Kms::V1::UpdateCryptoKeyPrimaryVersionRequest, ::Hash]
+            #   @param request [::Google::Cloud::Kms::V1::MacSignRequest, ::Hash]
             #     A request object representing the call parameters. Required. To specify no
             #     parameters, or to keep all the default parameter values, pass an empty Hash.
             #   @param options [::Gapic::CallOptions, ::Hash]
             #     Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
             #
-            # @overload update_crypto_key_primary_version(name: nil, crypto_key_version_id: nil)
-            #   Pass arguments to `update_crypto_key_primary_version` via keyword arguments. Note that at
+            # @overload mac_sign(name: nil, data: nil, data_crc32c: nil)
+            #   Pass arguments to `mac_sign` via keyword arguments. Note that at
             #   least one keyword argument is required. To specify no parameters, or to keep all
             #   the default parameter values, pass an empty Hash as a request object (see above).
             #
             #   @param name [::String]
-            #     Required. The resource name of the {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} to update.
-            #   @param crypto_key_version_id [::String]
-            #     Required. The id of the child {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use as primary.
+            #     Required. The resource name of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use for signing.
+            #   @param data [::String]
+            #     Required. The data to sign. The MAC tag is computed over this data field based on
+            #     the specific algorithm.
+            #   @param data_crc32c [::Google::Protobuf::Int64Value, ::Hash]
+            #     Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::MacSignRequest#data MacSignRequest.data}. If
+            #     specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the
+            #     received {::Google::Cloud::Kms::V1::MacSignRequest#data MacSignRequest.data} using this checksum.
+            #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
+            #     fails. If you receive a checksum error, your client should verify that
+            #     CRC32C({::Google::Cloud::Kms::V1::MacSignRequest#data MacSignRequest.data}) is equal to
+            #     {::Google::Cloud::Kms::V1::MacSignRequest#data_crc32c MacSignRequest.data_crc32c}, and if so, perform a limited
+            #     number of retries. A persistent mismatch may indicate an issue in your
+            #     computation of the CRC32C checksum.
+            #     Note: This field is defined as int64 for reasons of compatibility across
+            #     different languages. However, it is a non-negative integer, which will
+            #     never exceed 2^32-1, and can be safely downconverted to uint32 in languages
+            #     that support this type.
             #
             # @yield [response, operation] Access the result along with the RPC operation
-            # @yieldparam response [::Google::Cloud::Kms::V1::CryptoKey]
+            # @yieldparam response [::Google::Cloud::Kms::V1::MacSignResponse]
             # @yieldparam operation [::GRPC::ActiveCall::Operation]
             #
-            # @return [::Google::Cloud::Kms::V1::CryptoKey]
+            # @return [::Google::Cloud::Kms::V1::MacSignResponse]
             #
             # @raise [::Google::Cloud::Error] if the RPC is aborted.
             #
-            def update_crypto_key_primary_version request, options = nil
+            def mac_sign request, options = nil
               raise ::ArgumentError, "request must be provided" if request.nil?
 
-              request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Kms::V1::UpdateCryptoKeyPrimaryVersionRequest
+              request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Kms::V1::MacSignRequest
 
               # Converts hash and nil to an options object
               options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
 
               # Customize the options with defaults
-              metadata = @config.rpcs.update_crypto_key_primary_version.metadata.to_h
+              metadata = @config.rpcs.mac_sign.metadata.to_h
 
               # Set x-goog-api-client and x-goog-user-project headers
               metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
@@ -2027,13 +2246,15 @@ module Google
               request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
               metadata[:"x-goog-request-params"] ||= request_params_header
 
-              options.apply_defaults timeout:      @config.rpcs.update_crypto_key_primary_version.timeout,
+              options.apply_defaults timeout:      @config.rpcs.mac_sign.timeout,
                                      metadata:     metadata,
-                                     retry_policy: @config.rpcs.update_crypto_key_primary_version.retry_policy
-              options.apply_defaults metadata:     @config.metadata,
+                                     retry_policy: @config.rpcs.mac_sign.retry_policy
+
+              options.apply_defaults timeout:      @config.timeout,
+                                     metadata:     @config.metadata,
                                      retry_policy: @config.retry_policy
 
-              @key_management_service_stub.call_rpc :update_crypto_key_primary_version, request, options: options do |response, operation|
+              @key_management_service_stub.call_rpc :mac_sign, request, options: options do |response, operation|
                 yield response, operation if block_given?
                 return response
               end
@@ -2042,55 +2263,79 @@ module Google
             end
 
             ##
-            # Schedule a {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} for destruction.
-            #
-            # Upon calling this method, {::Google::Cloud::Kms::V1::CryptoKeyVersion#state CryptoKeyVersion.state} will be set to
-            # {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DESTROY_SCHEDULED DESTROY_SCHEDULED}
-            # and {::Google::Cloud::Kms::V1::CryptoKeyVersion#destroy_time destroy_time} will be set to a time 24
-            # hours in the future, at which point the {::Google::Cloud::Kms::V1::CryptoKeyVersion#state state}
-            # will be changed to
-            # {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DESTROYED DESTROYED}, and the key
-            # material will be irrevocably destroyed.
+            # Verifies MAC tag using a {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} with {::Google::Cloud::Kms::V1::CryptoKey#purpose CryptoKey.purpose}
+            # MAC, and returns a response that indicates whether or not the verification
+            # was successful.
             #
-            # Before the {::Google::Cloud::Kms::V1::CryptoKeyVersion#destroy_time destroy_time} is reached,
-            # {::Google::Cloud::Kms::V1::KeyManagementService::Client#restore_crypto_key_version RestoreCryptoKeyVersion} may be called to reverse the process.
+            # @overload mac_verify(request, options = nil)
+            #   Pass arguments to `mac_verify` via a request object, either of type
+            #   {::Google::Cloud::Kms::V1::MacVerifyRequest} or an equivalent Hash.
             #
-            # @overload destroy_crypto_key_version(request, options = nil)
-            #   Pass arguments to `destroy_crypto_key_version` via a request object, either of type
-            #   {::Google::Cloud::Kms::V1::DestroyCryptoKeyVersionRequest} or an equivalent Hash.
-            #
-            #   @param request [::Google::Cloud::Kms::V1::DestroyCryptoKeyVersionRequest, ::Hash]
+            #   @param request [::Google::Cloud::Kms::V1::MacVerifyRequest, ::Hash]
             #     A request object representing the call parameters. Required. To specify no
             #     parameters, or to keep all the default parameter values, pass an empty Hash.
             #   @param options [::Gapic::CallOptions, ::Hash]
             #     Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
             #
-            # @overload destroy_crypto_key_version(name: nil)
-            #   Pass arguments to `destroy_crypto_key_version` via keyword arguments. Note that at
+            # @overload mac_verify(name: nil, data: nil, data_crc32c: nil, mac: nil, mac_crc32c: nil)
+            #   Pass arguments to `mac_verify` via keyword arguments. Note that at
             #   least one keyword argument is required. To specify no parameters, or to keep all
             #   the default parameter values, pass an empty Hash as a request object (see above).
             #
             #   @param name [::String]
-            #     Required. The resource name of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to destroy.
+            #     Required. The resource name of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use for verification.
+            #   @param data [::String]
+            #     Required. The data used previously as a {::Google::Cloud::Kms::V1::MacSignRequest#data MacSignRequest.data} to generate the MAC
+            #     tag.
+            #   @param data_crc32c [::Google::Protobuf::Int64Value, ::Hash]
+            #     Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::MacVerifyRequest#data MacVerifyRequest.data}. If
+            #     specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the
+            #     received {::Google::Cloud::Kms::V1::MacVerifyRequest#data MacVerifyRequest.data} using this checksum.
+            #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
+            #     fails. If you receive a checksum error, your client should verify that
+            #     CRC32C({::Google::Cloud::Kms::V1::MacVerifyRequest#data MacVerifyRequest.data}) is equal to
+            #     {::Google::Cloud::Kms::V1::MacVerifyRequest#data_crc32c MacVerifyRequest.data_crc32c}, and if so, perform a limited
+            #     number of retries. A persistent mismatch may indicate an issue in your
+            #     computation of the CRC32C checksum.
+            #     Note: This field is defined as int64 for reasons of compatibility across
+            #     different languages. However, it is a non-negative integer, which will
+            #     never exceed 2^32-1, and can be safely downconverted to uint32 in languages
+            #     that support this type.
+            #   @param mac [::String]
+            #     Required. The signature to verify.
+            #   @param mac_crc32c [::Google::Protobuf::Int64Value, ::Hash]
+            #     Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::MacVerifyRequest#mac MacVerifyRequest.mac}. If
+            #     specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the
+            #     received {::Google::Cloud::Kms::V1::MacVerifyRequest#mac MacVerifyRequest.mac} using this checksum.
+            #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
+            #     fails. If you receive a checksum error, your client should verify that
+            #     CRC32C([MacVerifyRequest.tag][]) is equal to
+            #     {::Google::Cloud::Kms::V1::MacVerifyRequest#mac_crc32c MacVerifyRequest.mac_crc32c}, and if so, perform a limited
+            #     number of retries. A persistent mismatch may indicate an issue in your
+            #     computation of the CRC32C checksum.
+            #     Note: This field is defined as int64 for reasons of compatibility across
+            #     different languages. However, it is a non-negative integer, which will
+            #     never exceed 2^32-1, and can be safely downconverted to uint32 in languages
+            #     that support this type.
             #
             # @yield [response, operation] Access the result along with the RPC operation
-            # @yieldparam response [::Google::Cloud::Kms::V1::CryptoKeyVersion]
+            # @yieldparam response [::Google::Cloud::Kms::V1::MacVerifyResponse]
             # @yieldparam operation [::GRPC::ActiveCall::Operation]
             #
-            # @return [::Google::Cloud::Kms::V1::CryptoKeyVersion]
+            # @return [::Google::Cloud::Kms::V1::MacVerifyResponse]
             #
             # @raise [::Google::Cloud::Error] if the RPC is aborted.
             #
-            def destroy_crypto_key_version request, options = nil
+            def mac_verify request, options = nil
               raise ::ArgumentError, "request must be provided" if request.nil?
 
-              request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Kms::V1::DestroyCryptoKeyVersionRequest
+              request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Kms::V1::MacVerifyRequest
 
               # Converts hash and nil to an options object
               options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
 
               # Customize the options with defaults
-              metadata = @config.rpcs.destroy_crypto_key_version.metadata.to_h
+              metadata = @config.rpcs.mac_verify.metadata.to_h
 
               # Set x-goog-api-client and x-goog-user-project headers
               metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
@@ -2104,13 +2349,15 @@ module Google
               request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
               metadata[:"x-goog-request-params"] ||= request_params_header
 
-              options.apply_defaults timeout:      @config.rpcs.destroy_crypto_key_version.timeout,
+              options.apply_defaults timeout:      @config.rpcs.mac_verify.timeout,
                                      metadata:     metadata,
-                                     retry_policy: @config.rpcs.destroy_crypto_key_version.retry_policy
-              options.apply_defaults metadata:     @config.metadata,
+                                     retry_policy: @config.rpcs.mac_verify.retry_policy
+
+              options.apply_defaults timeout:      @config.timeout,
+                                     metadata:     @config.metadata,
                                      retry_policy: @config.retry_policy
 
-              @key_management_service_stub.call_rpc :destroy_crypto_key_version, request, options: options do |response, operation|
+              @key_management_service_stub.call_rpc :mac_verify, request, options: options do |response, operation|
                 yield response, operation if block_given?
                 return response
               end
@@ -2119,50 +2366,52 @@ module Google
             end
 
             ##
-            # Restore a {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} in the
-            # {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DESTROY_SCHEDULED DESTROY_SCHEDULED}
-            # state.
-            #
-            # Upon restoration of the CryptoKeyVersion, {::Google::Cloud::Kms::V1::CryptoKeyVersion#state state}
-            # will be set to {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DISABLED DISABLED},
-            # and {::Google::Cloud::Kms::V1::CryptoKeyVersion#destroy_time destroy_time} will be cleared.
+            # Generate random bytes using the Cloud KMS randomness source in the provided
+            # location.
             #
-            # @overload restore_crypto_key_version(request, options = nil)
-            #   Pass arguments to `restore_crypto_key_version` via a request object, either of type
-            #   {::Google::Cloud::Kms::V1::RestoreCryptoKeyVersionRequest} or an equivalent Hash.
+            # @overload generate_random_bytes(request, options = nil)
+            #   Pass arguments to `generate_random_bytes` via a request object, either of type
+            #   {::Google::Cloud::Kms::V1::GenerateRandomBytesRequest} or an equivalent Hash.
             #
-            #   @param request [::Google::Cloud::Kms::V1::RestoreCryptoKeyVersionRequest, ::Hash]
+            #   @param request [::Google::Cloud::Kms::V1::GenerateRandomBytesRequest, ::Hash]
             #     A request object representing the call parameters. Required. To specify no
             #     parameters, or to keep all the default parameter values, pass an empty Hash.
             #   @param options [::Gapic::CallOptions, ::Hash]
             #     Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
             #
-            # @overload restore_crypto_key_version(name: nil)
-            #   Pass arguments to `restore_crypto_key_version` via keyword arguments. Note that at
+            # @overload generate_random_bytes(location: nil, length_bytes: nil, protection_level: nil)
+            #   Pass arguments to `generate_random_bytes` via keyword arguments. Note that at
             #   least one keyword argument is required. To specify no parameters, or to keep all
             #   the default parameter values, pass an empty Hash as a request object (see above).
             #
-            #   @param name [::String]
-            #     Required. The resource name of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to restore.
+            #   @param location [::String]
+            #     The project-specific location in which to generate random bytes.
+            #     For example, "projects/my-project/locations/us-central1".
+            #   @param length_bytes [::Integer]
+            #     The length in bytes of the amount of randomness to retrieve.  Minimum 8
+            #     bytes, maximum 1024 bytes.
+            #   @param protection_level [::Google::Cloud::Kms::V1::ProtectionLevel]
+            #     The {::Google::Cloud::Kms::V1::ProtectionLevel ProtectionLevel} to use when generating the random data. Defaults to
+            #     {::Google::Cloud::Kms::V1::ProtectionLevel::SOFTWARE SOFTWARE}.
             #
             # @yield [response, operation] Access the result along with the RPC operation
-            # @yieldparam response [::Google::Cloud::Kms::V1::CryptoKeyVersion]
+            # @yieldparam response [::Google::Cloud::Kms::V1::GenerateRandomBytesResponse]
             # @yieldparam operation [::GRPC::ActiveCall::Operation]
             #
-            # @return [::Google::Cloud::Kms::V1::CryptoKeyVersion]
+            # @return [::Google::Cloud::Kms::V1::GenerateRandomBytesResponse]
             #
             # @raise [::Google::Cloud::Error] if the RPC is aborted.
             #
-            def restore_crypto_key_version request, options = nil
+            def generate_random_bytes request, options = nil
               raise ::ArgumentError, "request must be provided" if request.nil?
 
-              request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Kms::V1::RestoreCryptoKeyVersionRequest
+              request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Kms::V1::GenerateRandomBytesRequest
 
               # Converts hash and nil to an options object
               options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
 
               # Customize the options with defaults
-              metadata = @config.rpcs.restore_crypto_key_version.metadata.to_h
+              metadata = @config.rpcs.generate_random_bytes.metadata.to_h
 
               # Set x-goog-api-client and x-goog-user-project headers
               metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
@@ -2171,18 +2420,20 @@ module Google
               metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
 
               header_params = {
-                "name" => request.name
+                "location" => request.location
               }
               request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
               metadata[:"x-goog-request-params"] ||= request_params_header
 
-              options.apply_defaults timeout:      @config.rpcs.restore_crypto_key_version.timeout,
+              options.apply_defaults timeout:      @config.rpcs.generate_random_bytes.timeout,
                                      metadata:     metadata,
-                                     retry_policy: @config.rpcs.restore_crypto_key_version.retry_policy
-              options.apply_defaults metadata:     @config.metadata,
+                                     retry_policy: @config.rpcs.generate_random_bytes.retry_policy
+
+              options.apply_defaults timeout:      @config.timeout,
+                                     metadata:     @config.metadata,
                                      retry_policy: @config.retry_policy
 
-              @key_management_service_stub.call_rpc :restore_crypto_key_version, request, options: options do |response, operation|
+              @key_management_service_stub.call_rpc :generate_random_bytes, request, options: options do |response, operation|
                 yield response, operation if block_given?
                 return response
               end
@@ -2203,22 +2454,21 @@ module Google
             # Configuration can be applied globally to all clients, or to a single client
             # on construction.
             #
-            # # Examples
-            #
-            # To modify the global config, setting the timeout for list_key_rings
-            # to 20 seconds, and all remaining timeouts to 10 seconds:
+            # @example
             #
-            #     ::Google::Cloud::Kms::V1::KeyManagementService::Client.configure do |config|
-            #       config.timeout = 10.0
-            #       config.rpcs.list_key_rings.timeout = 20.0
-            #     end
+            #   # Modify the global config, setting the timeout for
+            #   # list_key_rings to 20 seconds,
+            #   # and all remaining timeouts to 10 seconds.
+            #   ::Google::Cloud::Kms::V1::KeyManagementService::Client.configure do |config|
+            #     config.timeout = 10.0
+            #     config.rpcs.list_key_rings.timeout = 20.0
+            #   end
             #
-            # To apply the above configuration only to a new client:
-            #
-            #     client = ::Google::Cloud::Kms::V1::KeyManagementService::Client.new do |config|
-            #       config.timeout = 10.0
-            #       config.rpcs.list_key_rings.timeout = 20.0
-            #     end
+            #   # Apply the above configuration only to a new client.
+            #   client = ::Google::Cloud::Kms::V1::KeyManagementService::Client.new do |config|
+            #     config.timeout = 10.0
+            #     config.rpcs.list_key_rings.timeout = 20.0
+            #   end
             #
             # @!attribute [rw] endpoint
             #   The hostname or hostname:port of the service endpoint.
@@ -2407,6 +2657,21 @@ module Google
                 #
                 attr_reader :update_crypto_key_version
                 ##
+                # RPC-specific configuration for `update_crypto_key_primary_version`
+                # @return [::Gapic::Config::Method]
+                #
+                attr_reader :update_crypto_key_primary_version
+                ##
+                # RPC-specific configuration for `destroy_crypto_key_version`
+                # @return [::Gapic::Config::Method]
+                #
+                attr_reader :destroy_crypto_key_version
+                ##
+                # RPC-specific configuration for `restore_crypto_key_version`
+                # @return [::Gapic::Config::Method]
+                #
+                attr_reader :restore_crypto_key_version
+                ##
                 # RPC-specific configuration for `encrypt`
                 # @return [::Gapic::Config::Method]
                 #
@@ -2427,20 +2692,20 @@ module Google
                 #
                 attr_reader :asymmetric_decrypt
                 ##
-                # RPC-specific configuration for `update_crypto_key_primary_version`
+                # RPC-specific configuration for `mac_sign`
                 # @return [::Gapic::Config::Method]
                 #
-                attr_reader :update_crypto_key_primary_version
+                attr_reader :mac_sign
                 ##
-                # RPC-specific configuration for `destroy_crypto_key_version`
+                # RPC-specific configuration for `mac_verify`
                 # @return [::Gapic::Config::Method]
                 #
-                attr_reader :destroy_crypto_key_version
+                attr_reader :mac_verify
                 ##
-                # RPC-specific configuration for `restore_crypto_key_version`
+                # RPC-specific configuration for `generate_random_bytes`
                 # @return [::Gapic::Config::Method]
                 #
-                attr_reader :restore_crypto_key_version
+                attr_reader :generate_random_bytes
 
                 # @private
                 def initialize parent_rpcs = nil
@@ -2476,6 +2741,12 @@ module Google
                   @update_crypto_key = ::Gapic::Config::Method.new update_crypto_key_config
                   update_crypto_key_version_config = parent_rpcs.update_crypto_key_version if parent_rpcs.respond_to? :update_crypto_key_version
                   @update_crypto_key_version = ::Gapic::Config::Method.new update_crypto_key_version_config
+                  update_crypto_key_primary_version_config = parent_rpcs.update_crypto_key_primary_version if parent_rpcs.respond_to? :update_crypto_key_primary_version
+                  @update_crypto_key_primary_version = ::Gapic::Config::Method.new update_crypto_key_primary_version_config
+                  destroy_crypto_key_version_config = parent_rpcs.destroy_crypto_key_version if parent_rpcs.respond_to? :destroy_crypto_key_version
+                  @destroy_crypto_key_version = ::Gapic::Config::Method.new destroy_crypto_key_version_config
+                  restore_crypto_key_version_config = parent_rpcs.restore_crypto_key_version if parent_rpcs.respond_to? :restore_crypto_key_version
+                  @restore_crypto_key_version = ::Gapic::Config::Method.new restore_crypto_key_version_config
                   encrypt_config = parent_rpcs.encrypt if parent_rpcs.respond_to? :encrypt
                   @encrypt = ::Gapic::Config::Method.new encrypt_config
                   decrypt_config = parent_rpcs.decrypt if parent_rpcs.respond_to? :decrypt
@@ -2484,12 +2755,12 @@ module Google
                   @asymmetric_sign = ::Gapic::Config::Method.new asymmetric_sign_config
                   asymmetric_decrypt_config = parent_rpcs.asymmetric_decrypt if parent_rpcs.respond_to? :asymmetric_decrypt
                   @asymmetric_decrypt = ::Gapic::Config::Method.new asymmetric_decrypt_config
-                  update_crypto_key_primary_version_config = parent_rpcs.update_crypto_key_primary_version if parent_rpcs.respond_to? :update_crypto_key_primary_version
-                  @update_crypto_key_primary_version = ::Gapic::Config::Method.new update_crypto_key_primary_version_config
-                  destroy_crypto_key_version_config = parent_rpcs.destroy_crypto_key_version if parent_rpcs.respond_to? :destroy_crypto_key_version
-                  @destroy_crypto_key_version = ::Gapic::Config::Method.new destroy_crypto_key_version_config
-                  restore_crypto_key_version_config = parent_rpcs.restore_crypto_key_version if parent_rpcs.respond_to? :restore_crypto_key_version
-                  @restore_crypto_key_version = ::Gapic::Config::Method.new restore_crypto_key_version_config
+                  mac_sign_config = parent_rpcs.mac_sign if parent_rpcs.respond_to? :mac_sign
+                  @mac_sign = ::Gapic::Config::Method.new mac_sign_config
+                  mac_verify_config = parent_rpcs.mac_verify if parent_rpcs.respond_to? :mac_verify
+                  @mac_verify = ::Gapic::Config::Method.new mac_verify_config
+                  generate_random_bytes_config = parent_rpcs.generate_random_bytes if parent_rpcs.respond_to? :generate_random_bytes
+                  @generate_random_bytes = ::Gapic::Config::Method.new generate_random_bytes_config
 
                   yield self if block_given?
                 end