google-cloud-kms-v1 0.6.0 → 0.8.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/AUTHENTICATION.md +8 -8
- data/README.md +1 -1
- data/lib/google/cloud/kms/v1/iam_policy/client.rb +39 -40
- data/lib/google/cloud/kms/v1/key_management_service/client.rb +528 -257
- data/lib/google/cloud/kms/v1/resources_pb.rb +6 -0
- data/lib/google/cloud/kms/v1/service_pb.rb +60 -12
- data/lib/google/cloud/kms/v1/service_services_pb.rb +37 -24
- data/lib/google/cloud/kms/v1/version.rb +1 -1
- data/proto_docs/google/api/field_behavior.rb +7 -1
- data/proto_docs/google/cloud/kms/v1/resources.rb +38 -4
- data/proto_docs/google/cloud/kms/v1/service.rb +259 -58
- data/proto_docs/google/type/expr.rb +35 -12
- metadata +4 -5
- data/lib/google/iam/v1/iam_policy_services_pb.rb +0 -81
|
@@ -23,6 +23,8 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
|
23
23
|
optional :next_rotation_time, :message, 7, "google.protobuf.Timestamp"
|
|
24
24
|
optional :version_template, :message, 11, "google.cloud.kms.v1.CryptoKeyVersionTemplate"
|
|
25
25
|
map :labels, :string, :string, 10
|
|
26
|
+
optional :import_only, :bool, 13
|
|
27
|
+
optional :destroy_scheduled_duration, :message, 14, "google.protobuf.Duration"
|
|
26
28
|
oneof :rotation_schedule do
|
|
27
29
|
optional :rotation_period, :message, 8, "google.protobuf.Duration"
|
|
28
30
|
end
|
|
@@ -32,6 +34,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
|
32
34
|
value :ENCRYPT_DECRYPT, 1
|
|
33
35
|
value :ASYMMETRIC_SIGN, 5
|
|
34
36
|
value :ASYMMETRIC_DECRYPT, 6
|
|
37
|
+
value :MAC, 9
|
|
35
38
|
end
|
|
36
39
|
add_message "google.cloud.kms.v1.CryptoKeyVersionTemplate" do
|
|
37
40
|
optional :protection_level, :enum, 1, "google.cloud.kms.v1.ProtectionLevel"
|
|
@@ -60,6 +63,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
|
60
63
|
optional :import_time, :message, 15, "google.protobuf.Timestamp"
|
|
61
64
|
optional :import_failure_reason, :string, 16
|
|
62
65
|
optional :external_protection_level_options, :message, 17, "google.cloud.kms.v1.ExternalProtectionLevelOptions"
|
|
66
|
+
optional :reimport_eligible, :bool, 18
|
|
63
67
|
end
|
|
64
68
|
add_enum "google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm" do
|
|
65
69
|
value :CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED, 0
|
|
@@ -79,6 +83,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
|
79
83
|
value :EC_SIGN_P256_SHA256, 12
|
|
80
84
|
value :EC_SIGN_P384_SHA384, 13
|
|
81
85
|
value :EC_SIGN_SECP256K1_SHA256, 31
|
|
86
|
+
value :HMAC_SHA256, 32
|
|
82
87
|
value :EXTERNAL_SYMMETRIC_ENCRYPTION, 18
|
|
83
88
|
end
|
|
84
89
|
add_enum "google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState" do
|
|
@@ -100,6 +105,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
|
100
105
|
optional :algorithm, :enum, 2, "google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm"
|
|
101
106
|
optional :pem_crc32c, :message, 3, "google.protobuf.Int64Value"
|
|
102
107
|
optional :name, :string, 4
|
|
108
|
+
optional :protection_level, :enum, 5, "google.cloud.kms.v1.ProtectionLevel"
|
|
103
109
|
end
|
|
104
110
|
add_message "google.cloud.kms.v1.ImportJob" do
|
|
105
111
|
optional :name, :string, 1
|
|
@@ -94,6 +94,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
|
94
94
|
end
|
|
95
95
|
add_message "google.cloud.kms.v1.ImportCryptoKeyVersionRequest" do
|
|
96
96
|
optional :parent, :string, 1
|
|
97
|
+
optional :crypto_key_version, :string, 6
|
|
97
98
|
optional :algorithm, :enum, 2, "google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm"
|
|
98
99
|
optional :import_job, :string, 4
|
|
99
100
|
oneof :wrapped_key_material do
|
|
@@ -113,6 +114,16 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
|
113
114
|
optional :crypto_key_version, :message, 1, "google.cloud.kms.v1.CryptoKeyVersion"
|
|
114
115
|
optional :update_mask, :message, 2, "google.protobuf.FieldMask"
|
|
115
116
|
end
|
|
117
|
+
add_message "google.cloud.kms.v1.UpdateCryptoKeyPrimaryVersionRequest" do
|
|
118
|
+
optional :name, :string, 1
|
|
119
|
+
optional :crypto_key_version_id, :string, 2
|
|
120
|
+
end
|
|
121
|
+
add_message "google.cloud.kms.v1.DestroyCryptoKeyVersionRequest" do
|
|
122
|
+
optional :name, :string, 1
|
|
123
|
+
end
|
|
124
|
+
add_message "google.cloud.kms.v1.RestoreCryptoKeyVersionRequest" do
|
|
125
|
+
optional :name, :string, 1
|
|
126
|
+
end
|
|
116
127
|
add_message "google.cloud.kms.v1.EncryptRequest" do
|
|
117
128
|
optional :name, :string, 1
|
|
118
129
|
optional :plaintext, :bytes, 2
|
|
@@ -137,9 +148,22 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
|
137
148
|
optional :ciphertext, :bytes, 3
|
|
138
149
|
optional :ciphertext_crc32c, :message, 4, "google.protobuf.Int64Value"
|
|
139
150
|
end
|
|
140
|
-
add_message "google.cloud.kms.v1.
|
|
141
|
-
optional :
|
|
142
|
-
optional :
|
|
151
|
+
add_message "google.cloud.kms.v1.MacSignRequest" do
|
|
152
|
+
optional :name, :string, 1
|
|
153
|
+
optional :data, :bytes, 2
|
|
154
|
+
optional :data_crc32c, :message, 3, "google.protobuf.Int64Value"
|
|
155
|
+
end
|
|
156
|
+
add_message "google.cloud.kms.v1.MacVerifyRequest" do
|
|
157
|
+
optional :name, :string, 1
|
|
158
|
+
optional :data, :bytes, 2
|
|
159
|
+
optional :data_crc32c, :message, 3, "google.protobuf.Int64Value"
|
|
160
|
+
optional :mac, :bytes, 4
|
|
161
|
+
optional :mac_crc32c, :message, 5, "google.protobuf.Int64Value"
|
|
162
|
+
end
|
|
163
|
+
add_message "google.cloud.kms.v1.GenerateRandomBytesRequest" do
|
|
164
|
+
optional :location, :string, 1
|
|
165
|
+
optional :length_bytes, :int32, 2
|
|
166
|
+
optional :protection_level, :enum, 3, "google.cloud.kms.v1.ProtectionLevel"
|
|
143
167
|
end
|
|
144
168
|
add_message "google.cloud.kms.v1.EncryptResponse" do
|
|
145
169
|
optional :name, :string, 1
|
|
@@ -147,27 +171,45 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
|
147
171
|
optional :ciphertext_crc32c, :message, 4, "google.protobuf.Int64Value"
|
|
148
172
|
optional :verified_plaintext_crc32c, :bool, 5
|
|
149
173
|
optional :verified_additional_authenticated_data_crc32c, :bool, 6
|
|
174
|
+
optional :protection_level, :enum, 7, "google.cloud.kms.v1.ProtectionLevel"
|
|
175
|
+
end
|
|
176
|
+
add_message "google.cloud.kms.v1.DecryptResponse" do
|
|
177
|
+
optional :plaintext, :bytes, 1
|
|
178
|
+
optional :plaintext_crc32c, :message, 2, "google.protobuf.Int64Value"
|
|
179
|
+
optional :used_primary, :bool, 3
|
|
180
|
+
optional :protection_level, :enum, 4, "google.cloud.kms.v1.ProtectionLevel"
|
|
150
181
|
end
|
|
151
182
|
add_message "google.cloud.kms.v1.AsymmetricSignResponse" do
|
|
152
183
|
optional :signature, :bytes, 1
|
|
153
184
|
optional :signature_crc32c, :message, 2, "google.protobuf.Int64Value"
|
|
154
185
|
optional :verified_digest_crc32c, :bool, 3
|
|
155
186
|
optional :name, :string, 4
|
|
187
|
+
optional :protection_level, :enum, 6, "google.cloud.kms.v1.ProtectionLevel"
|
|
156
188
|
end
|
|
157
189
|
add_message "google.cloud.kms.v1.AsymmetricDecryptResponse" do
|
|
158
190
|
optional :plaintext, :bytes, 1
|
|
159
191
|
optional :plaintext_crc32c, :message, 2, "google.protobuf.Int64Value"
|
|
160
192
|
optional :verified_ciphertext_crc32c, :bool, 3
|
|
193
|
+
optional :protection_level, :enum, 4, "google.cloud.kms.v1.ProtectionLevel"
|
|
161
194
|
end
|
|
162
|
-
add_message "google.cloud.kms.v1.
|
|
195
|
+
add_message "google.cloud.kms.v1.MacSignResponse" do
|
|
163
196
|
optional :name, :string, 1
|
|
164
|
-
optional :
|
|
197
|
+
optional :mac, :bytes, 2
|
|
198
|
+
optional :mac_crc32c, :message, 3, "google.protobuf.Int64Value"
|
|
199
|
+
optional :verified_data_crc32c, :bool, 4
|
|
200
|
+
optional :protection_level, :enum, 5, "google.cloud.kms.v1.ProtectionLevel"
|
|
165
201
|
end
|
|
166
|
-
add_message "google.cloud.kms.v1.
|
|
202
|
+
add_message "google.cloud.kms.v1.MacVerifyResponse" do
|
|
167
203
|
optional :name, :string, 1
|
|
204
|
+
optional :success, :bool, 2
|
|
205
|
+
optional :verified_data_crc32c, :bool, 3
|
|
206
|
+
optional :verified_mac_crc32c, :bool, 4
|
|
207
|
+
optional :verified_success_integrity, :bool, 5
|
|
208
|
+
optional :protection_level, :enum, 6, "google.cloud.kms.v1.ProtectionLevel"
|
|
168
209
|
end
|
|
169
|
-
add_message "google.cloud.kms.v1.
|
|
170
|
-
optional :
|
|
210
|
+
add_message "google.cloud.kms.v1.GenerateRandomBytesResponse" do
|
|
211
|
+
optional :data, :bytes, 1
|
|
212
|
+
optional :data_crc32c, :message, 3, "google.protobuf.Int64Value"
|
|
171
213
|
end
|
|
172
214
|
add_message "google.cloud.kms.v1.Digest" do
|
|
173
215
|
oneof :digest do
|
|
@@ -207,17 +249,23 @@ module Google
|
|
|
207
249
|
CreateImportJobRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.CreateImportJobRequest").msgclass
|
|
208
250
|
UpdateCryptoKeyRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.UpdateCryptoKeyRequest").msgclass
|
|
209
251
|
UpdateCryptoKeyVersionRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.UpdateCryptoKeyVersionRequest").msgclass
|
|
252
|
+
UpdateCryptoKeyPrimaryVersionRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.UpdateCryptoKeyPrimaryVersionRequest").msgclass
|
|
253
|
+
DestroyCryptoKeyVersionRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.DestroyCryptoKeyVersionRequest").msgclass
|
|
254
|
+
RestoreCryptoKeyVersionRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.RestoreCryptoKeyVersionRequest").msgclass
|
|
210
255
|
EncryptRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.EncryptRequest").msgclass
|
|
211
256
|
DecryptRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.DecryptRequest").msgclass
|
|
212
257
|
AsymmetricSignRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.AsymmetricSignRequest").msgclass
|
|
213
258
|
AsymmetricDecryptRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.AsymmetricDecryptRequest").msgclass
|
|
214
|
-
|
|
259
|
+
MacSignRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.MacSignRequest").msgclass
|
|
260
|
+
MacVerifyRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.MacVerifyRequest").msgclass
|
|
261
|
+
GenerateRandomBytesRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.GenerateRandomBytesRequest").msgclass
|
|
215
262
|
EncryptResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.EncryptResponse").msgclass
|
|
263
|
+
DecryptResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.DecryptResponse").msgclass
|
|
216
264
|
AsymmetricSignResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.AsymmetricSignResponse").msgclass
|
|
217
265
|
AsymmetricDecryptResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.AsymmetricDecryptResponse").msgclass
|
|
218
|
-
|
|
219
|
-
|
|
220
|
-
|
|
266
|
+
MacSignResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.MacSignResponse").msgclass
|
|
267
|
+
MacVerifyResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.MacVerifyResponse").msgclass
|
|
268
|
+
GenerateRandomBytesResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.GenerateRandomBytesResponse").msgclass
|
|
221
269
|
Digest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.Digest").msgclass
|
|
222
270
|
LocationMetadata = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.LocationMetadata").msgclass
|
|
223
271
|
end
|
|
@@ -38,7 +38,7 @@ module Google
|
|
|
38
38
|
# [Using gRPC with Cloud KMS](https://cloud.google.com/kms/docs/grpc).
|
|
39
39
|
class Service
|
|
40
40
|
|
|
41
|
-
include
|
|
41
|
+
include GRPC::GenericService
|
|
42
42
|
|
|
43
43
|
self.marshal_class_method = :encode
|
|
44
44
|
self.unmarshal_class_method = :decode
|
|
@@ -80,11 +80,12 @@ module Google
|
|
|
80
80
|
# [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to
|
|
81
81
|
# [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED].
|
|
82
82
|
rpc :CreateCryptoKeyVersion, ::Google::Cloud::Kms::V1::CreateCryptoKeyVersionRequest, ::Google::Cloud::Kms::V1::CryptoKeyVersion
|
|
83
|
-
#
|
|
84
|
-
# wrapped key material provided in the request.
|
|
83
|
+
# Import wrapped key material into a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
|
|
85
84
|
#
|
|
86
|
-
#
|
|
87
|
-
#
|
|
85
|
+
# All requests must specify a [CryptoKey][google.cloud.kms.v1.CryptoKey]. If a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] is
|
|
86
|
+
# additionally specified in the request, key material will be reimported into
|
|
87
|
+
# that version. Otherwise, a new version will be created, and will be
|
|
88
|
+
# assigned the next sequential id within the [CryptoKey][google.cloud.kms.v1.CryptoKey].
|
|
88
89
|
rpc :ImportCryptoKeyVersion, ::Google::Cloud::Kms::V1::ImportCryptoKeyVersionRequest, ::Google::Cloud::Kms::V1::CryptoKeyVersion
|
|
89
90
|
# Create a new [ImportJob][google.cloud.kms.v1.ImportJob] within a [KeyRing][google.cloud.kms.v1.KeyRing].
|
|
90
91
|
#
|
|
@@ -100,21 +101,6 @@ module Google
|
|
|
100
101
|
# method. See [DestroyCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion] and [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion] to
|
|
101
102
|
# move between other states.
|
|
102
103
|
rpc :UpdateCryptoKeyVersion, ::Google::Cloud::Kms::V1::UpdateCryptoKeyVersionRequest, ::Google::Cloud::Kms::V1::CryptoKeyVersion
|
|
103
|
-
# Encrypts data, so that it can only be recovered by a call to [Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt].
|
|
104
|
-
# The [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
|
|
105
|
-
# [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
|
|
106
|
-
rpc :Encrypt, ::Google::Cloud::Kms::V1::EncryptRequest, ::Google::Cloud::Kms::V1::EncryptResponse
|
|
107
|
-
# Decrypts data that was protected by [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. The [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
|
|
108
|
-
# must be [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
|
|
109
|
-
rpc :Decrypt, ::Google::Cloud::Kms::V1::DecryptRequest, ::Google::Cloud::Kms::V1::DecryptResponse
|
|
110
|
-
# Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
|
|
111
|
-
# ASYMMETRIC_SIGN, producing a signature that can be verified with the public
|
|
112
|
-
# key retrieved from [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey].
|
|
113
|
-
rpc :AsymmetricSign, ::Google::Cloud::Kms::V1::AsymmetricSignRequest, ::Google::Cloud::Kms::V1::AsymmetricSignResponse
|
|
114
|
-
# Decrypts data that was encrypted with a public key retrieved from
|
|
115
|
-
# [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey] corresponding to a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with
|
|
116
|
-
# [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] ASYMMETRIC_DECRYPT.
|
|
117
|
-
rpc :AsymmetricDecrypt, ::Google::Cloud::Kms::V1::AsymmetricDecryptRequest, ::Google::Cloud::Kms::V1::AsymmetricDecryptResponse
|
|
118
104
|
# Update the version of a [CryptoKey][google.cloud.kms.v1.CryptoKey] that will be used in [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt].
|
|
119
105
|
#
|
|
120
106
|
# Returns an error if called on a key whose purpose is not
|
|
@@ -123,10 +109,11 @@ module Google
|
|
|
123
109
|
# Schedule a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] for destruction.
|
|
124
110
|
#
|
|
125
111
|
# Upon calling this method, [CryptoKeyVersion.state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to
|
|
126
|
-
# [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED]
|
|
127
|
-
# and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will be set to
|
|
128
|
-
#
|
|
129
|
-
#
|
|
112
|
+
# [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED],
|
|
113
|
+
# and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will be set to the time
|
|
114
|
+
# [destroy_scheduled_duration][google.cloud.kms.v1.CryptoKey.destroy_scheduled_duration] in the
|
|
115
|
+
# future. At that time, the [state][google.cloud.kms.v1.CryptoKeyVersion.state] will
|
|
116
|
+
# automatically change to
|
|
130
117
|
# [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED], and the key
|
|
131
118
|
# material will be irrevocably destroyed.
|
|
132
119
|
#
|
|
@@ -141,6 +128,32 @@ module Google
|
|
|
141
128
|
# will be set to [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED],
|
|
142
129
|
# and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will be cleared.
|
|
143
130
|
rpc :RestoreCryptoKeyVersion, ::Google::Cloud::Kms::V1::RestoreCryptoKeyVersionRequest, ::Google::Cloud::Kms::V1::CryptoKeyVersion
|
|
131
|
+
# Encrypts data, so that it can only be recovered by a call to [Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt].
|
|
132
|
+
# The [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
|
|
133
|
+
# [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
|
|
134
|
+
rpc :Encrypt, ::Google::Cloud::Kms::V1::EncryptRequest, ::Google::Cloud::Kms::V1::EncryptResponse
|
|
135
|
+
# Decrypts data that was protected by [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. The [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
|
|
136
|
+
# must be [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
|
|
137
|
+
rpc :Decrypt, ::Google::Cloud::Kms::V1::DecryptRequest, ::Google::Cloud::Kms::V1::DecryptResponse
|
|
138
|
+
# Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
|
|
139
|
+
# ASYMMETRIC_SIGN, producing a signature that can be verified with the public
|
|
140
|
+
# key retrieved from [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey].
|
|
141
|
+
rpc :AsymmetricSign, ::Google::Cloud::Kms::V1::AsymmetricSignRequest, ::Google::Cloud::Kms::V1::AsymmetricSignResponse
|
|
142
|
+
# Decrypts data that was encrypted with a public key retrieved from
|
|
143
|
+
# [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey] corresponding to a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with
|
|
144
|
+
# [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] ASYMMETRIC_DECRYPT.
|
|
145
|
+
rpc :AsymmetricDecrypt, ::Google::Cloud::Kms::V1::AsymmetricDecryptRequest, ::Google::Cloud::Kms::V1::AsymmetricDecryptResponse
|
|
146
|
+
# Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
|
|
147
|
+
# MAC, producing a tag that can be verified by another source with the
|
|
148
|
+
# same key.
|
|
149
|
+
rpc :MacSign, ::Google::Cloud::Kms::V1::MacSignRequest, ::Google::Cloud::Kms::V1::MacSignResponse
|
|
150
|
+
# Verifies MAC tag using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
|
|
151
|
+
# MAC, and returns a response that indicates whether or not the verification
|
|
152
|
+
# was successful.
|
|
153
|
+
rpc :MacVerify, ::Google::Cloud::Kms::V1::MacVerifyRequest, ::Google::Cloud::Kms::V1::MacVerifyResponse
|
|
154
|
+
# Generate random bytes using the Cloud KMS randomness source in the provided
|
|
155
|
+
# location.
|
|
156
|
+
rpc :GenerateRandomBytes, ::Google::Cloud::Kms::V1::GenerateRandomBytesRequest, ::Google::Cloud::Kms::V1::GenerateRandomBytesResponse
|
|
144
157
|
end
|
|
145
158
|
|
|
146
159
|
Stub = Service.rpc_stub_class
|
|
@@ -57,9 +57,15 @@ module Google
|
|
|
57
57
|
|
|
58
58
|
# Denotes that a (repeated) field is an unordered list.
|
|
59
59
|
# This indicates that the service may provide the elements of the list
|
|
60
|
-
# in any arbitrary
|
|
60
|
+
# in any arbitrary order, rather than the order the user originally
|
|
61
61
|
# provided. Additionally, the list's order may or may not be stable.
|
|
62
62
|
UNORDERED_LIST = 6
|
|
63
|
+
|
|
64
|
+
# Denotes that this field returns a non-empty default value if not set.
|
|
65
|
+
# This indicates that if the user provides the empty value in a request,
|
|
66
|
+
# a non-empty value will be returned. The user will not be aware of what
|
|
67
|
+
# non-empty value to expect.
|
|
68
|
+
NON_EMPTY_DEFAULT = 7
|
|
63
69
|
end
|
|
64
70
|
end
|
|
65
71
|
end
|
|
@@ -97,6 +97,16 @@ module Google
|
|
|
97
97
|
# @return [::Google::Protobuf::Map{::String => ::String}]
|
|
98
98
|
# Labels with user-defined metadata. For more information, see
|
|
99
99
|
# [Labeling Keys](https://cloud.google.com/kms/docs/labeling-keys).
|
|
100
|
+
# @!attribute [rw] import_only
|
|
101
|
+
# @return [::Boolean]
|
|
102
|
+
# Immutable. Whether this key may contain imported versions only.
|
|
103
|
+
# @!attribute [rw] destroy_scheduled_duration
|
|
104
|
+
# @return [::Google::Protobuf::Duration]
|
|
105
|
+
# Immutable. The period of time that versions of this key spend in the
|
|
106
|
+
# {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DESTROY_SCHEDULED DESTROY_SCHEDULED}
|
|
107
|
+
# state before transitioning to
|
|
108
|
+
# {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DESTROYED DESTROYED}. If not
|
|
109
|
+
# specified at creation time, the default duration is 24 hours.
|
|
100
110
|
class CryptoKey
|
|
101
111
|
include ::Google::Protobuf::MessageExts
|
|
102
112
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
@@ -132,6 +142,10 @@ module Google
|
|
|
132
142
|
# {::Google::Cloud::Kms::V1::KeyManagementService::Client#asymmetric_decrypt AsymmetricDecrypt} and
|
|
133
143
|
# {::Google::Cloud::Kms::V1::KeyManagementService::Client#get_public_key GetPublicKey}.
|
|
134
144
|
ASYMMETRIC_DECRYPT = 6
|
|
145
|
+
|
|
146
|
+
# {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} with this purpose may be used with
|
|
147
|
+
# {::Google::Cloud::Kms::V1::KeyManagementService::Client#mac_sign MacSign}.
|
|
148
|
+
MAC = 9
|
|
135
149
|
end
|
|
136
150
|
end
|
|
137
151
|
|
|
@@ -235,16 +249,16 @@ module Google
|
|
|
235
249
|
# {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DESTROYED DESTROYED}.
|
|
236
250
|
# @!attribute [r] import_job
|
|
237
251
|
# @return [::String]
|
|
238
|
-
# Output only. The name of the {::Google::Cloud::Kms::V1::ImportJob ImportJob} used
|
|
252
|
+
# Output only. The name of the {::Google::Cloud::Kms::V1::ImportJob ImportJob} used in the most recent import of this
|
|
239
253
|
# {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}. Only present if the underlying key material was
|
|
240
254
|
# imported.
|
|
241
255
|
# @!attribute [r] import_time
|
|
242
256
|
# @return [::Google::Protobuf::Timestamp]
|
|
243
257
|
# Output only. The time at which this {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}'s key material
|
|
244
|
-
# was imported.
|
|
258
|
+
# was most recently imported.
|
|
245
259
|
# @!attribute [r] import_failure_reason
|
|
246
260
|
# @return [::String]
|
|
247
|
-
# Output only. The root cause of
|
|
261
|
+
# Output only. The root cause of the most recent import failure. Only present if
|
|
248
262
|
# {::Google::Cloud::Kms::V1::CryptoKeyVersion#state state} is
|
|
249
263
|
# {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::IMPORT_FAILED IMPORT_FAILED}.
|
|
250
264
|
# @!attribute [rw] external_protection_level_options
|
|
@@ -252,6 +266,11 @@ module Google
|
|
|
252
266
|
# ExternalProtectionLevelOptions stores a group of additional fields for
|
|
253
267
|
# configuring a {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} that are specific to the
|
|
254
268
|
# {::Google::Cloud::Kms::V1::ProtectionLevel::EXTERNAL EXTERNAL} protection level.
|
|
269
|
+
# @!attribute [r] reimport_eligible
|
|
270
|
+
# @return [::Boolean]
|
|
271
|
+
# Output only. Whether or not this key version is eligible for reimport, by being
|
|
272
|
+
# specified as a target in
|
|
273
|
+
# {::Google::Cloud::Kms::V1::ImportCryptoKeyVersionRequest#crypto_key_version ImportCryptoKeyVersionRequest.crypto_key_version}.
|
|
255
274
|
class CryptoKeyVersion
|
|
256
275
|
include ::Google::Protobuf::MessageExts
|
|
257
276
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
@@ -288,6 +307,12 @@ module Google
|
|
|
288
307
|
# The fields in the name after "EC_SIGN_" correspond to the following
|
|
289
308
|
# parameters: elliptic curve, digest algorithm.
|
|
290
309
|
#
|
|
310
|
+
# Algorithms beginning with "HMAC_" are usable with {::Google::Cloud::Kms::V1::CryptoKey#purpose CryptoKey.purpose}
|
|
311
|
+
# {::Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose::MAC MAC}.
|
|
312
|
+
#
|
|
313
|
+
# The suffix following "HMAC_" corresponds to the hash algorithm being used
|
|
314
|
+
# (eg. SHA256).
|
|
315
|
+
#
|
|
291
316
|
# For more information, see [Key purposes and algorithms]
|
|
292
317
|
# (https://cloud.google.com/kms/docs/algorithms).
|
|
293
318
|
module CryptoKeyVersionAlgorithm
|
|
@@ -343,6 +368,9 @@ module Google
|
|
|
343
368
|
# HSM protection level.
|
|
344
369
|
EC_SIGN_SECP256K1_SHA256 = 31
|
|
345
370
|
|
|
371
|
+
# HMAC-SHA256 signing with a 256 bit key.
|
|
372
|
+
HMAC_SHA256 = 32
|
|
373
|
+
|
|
346
374
|
# Algorithm representing symmetric encryption by an external key manager.
|
|
347
375
|
EXTERNAL_SYMMETRIC_ENCRYPTION = 18
|
|
348
376
|
end
|
|
@@ -365,7 +393,10 @@ module Google
|
|
|
365
393
|
DISABLED = 2
|
|
366
394
|
|
|
367
395
|
# This version is destroyed, and the key material is no longer stored.
|
|
368
|
-
#
|
|
396
|
+
# This version may only become {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::ENABLED ENABLED} again if this version is
|
|
397
|
+
# {::Google::Cloud::Kms::V1::CryptoKeyVersion#reimport_eligible reimport_eligible} and the original
|
|
398
|
+
# key material is reimported with a call to
|
|
399
|
+
# {::Google::Cloud::Kms::V1::KeyManagementService::Client#import_crypto_key_version KeyManagementService.ImportCryptoKeyVersion}.
|
|
369
400
|
DESTROYED = 3
|
|
370
401
|
|
|
371
402
|
# This version is scheduled for destruction, and will be destroyed soon.
|
|
@@ -435,6 +466,9 @@ module Google
|
|
|
435
466
|
# Provided here for verification.
|
|
436
467
|
#
|
|
437
468
|
# NOTE: This field is in Beta.
|
|
469
|
+
# @!attribute [rw] protection_level
|
|
470
|
+
# @return [::Google::Cloud::Kms::V1::ProtectionLevel]
|
|
471
|
+
# The {::Google::Cloud::Kms::V1::ProtectionLevel ProtectionLevel} of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} public key.
|
|
438
472
|
class PublicKey
|
|
439
473
|
include ::Google::Protobuf::MessageExts
|
|
440
474
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
@@ -325,8 +325,27 @@ module Google
|
|
|
325
325
|
# Request message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#import_crypto_key_version KeyManagementService.ImportCryptoKeyVersion}.
|
|
326
326
|
# @!attribute [rw] parent
|
|
327
327
|
# @return [::String]
|
|
328
|
-
# Required. The {::Google::Cloud::Kms::V1::CryptoKey#name name} of the {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} to
|
|
329
|
-
#
|
|
328
|
+
# Required. The {::Google::Cloud::Kms::V1::CryptoKey#name name} of the {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} to be imported into.
|
|
329
|
+
#
|
|
330
|
+
# The create permission is only required on this key when creating a new
|
|
331
|
+
# {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}.
|
|
332
|
+
# @!attribute [rw] crypto_key_version
|
|
333
|
+
# @return [::String]
|
|
334
|
+
# Optional. The optional {::Google::Cloud::Kms::V1::CryptoKeyVersion#name name} of an existing
|
|
335
|
+
# {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to target for an import operation.
|
|
336
|
+
# If this field is not present, a new {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} containing the
|
|
337
|
+
# supplied key material is created.
|
|
338
|
+
#
|
|
339
|
+
# If this field is present, the supplied key material is imported into
|
|
340
|
+
# the existing {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}. To import into an existing
|
|
341
|
+
# {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}, the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} must be a child of
|
|
342
|
+
# {::Google::Cloud::Kms::V1::ImportCryptoKeyVersionRequest#parent ImportCryptoKeyVersionRequest.parent}, have been previously created via
|
|
343
|
+
# [ImportCryptoKeyVersion][], and be in
|
|
344
|
+
# {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DESTROYED DESTROYED} or
|
|
345
|
+
# {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::IMPORT_FAILED IMPORT_FAILED}
|
|
346
|
+
# state. The key material and algorithm must match the previous
|
|
347
|
+
# {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} exactly if the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} has ever contained
|
|
348
|
+
# key material.
|
|
330
349
|
# @!attribute [rw] algorithm
|
|
331
350
|
# @return [::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionAlgorithm]
|
|
332
351
|
# Required. The {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionAlgorithm algorithm} of
|
|
@@ -408,6 +427,36 @@ module Google
|
|
|
408
427
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
409
428
|
end
|
|
410
429
|
|
|
430
|
+
# Request message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#update_crypto_key_primary_version KeyManagementService.UpdateCryptoKeyPrimaryVersion}.
|
|
431
|
+
# @!attribute [rw] name
|
|
432
|
+
# @return [::String]
|
|
433
|
+
# Required. The resource name of the {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} to update.
|
|
434
|
+
# @!attribute [rw] crypto_key_version_id
|
|
435
|
+
# @return [::String]
|
|
436
|
+
# Required. The id of the child {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use as primary.
|
|
437
|
+
class UpdateCryptoKeyPrimaryVersionRequest
|
|
438
|
+
include ::Google::Protobuf::MessageExts
|
|
439
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
440
|
+
end
|
|
441
|
+
|
|
442
|
+
# Request message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#destroy_crypto_key_version KeyManagementService.DestroyCryptoKeyVersion}.
|
|
443
|
+
# @!attribute [rw] name
|
|
444
|
+
# @return [::String]
|
|
445
|
+
# Required. The resource name of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to destroy.
|
|
446
|
+
class DestroyCryptoKeyVersionRequest
|
|
447
|
+
include ::Google::Protobuf::MessageExts
|
|
448
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
449
|
+
end
|
|
450
|
+
|
|
451
|
+
# Request message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#restore_crypto_key_version KeyManagementService.RestoreCryptoKeyVersion}.
|
|
452
|
+
# @!attribute [rw] name
|
|
453
|
+
# @return [::String]
|
|
454
|
+
# Required. The resource name of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to restore.
|
|
455
|
+
class RestoreCryptoKeyVersionRequest
|
|
456
|
+
include ::Google::Protobuf::MessageExts
|
|
457
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
458
|
+
end
|
|
459
|
+
|
|
411
460
|
# Request message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#encrypt KeyManagementService.Encrypt}.
|
|
412
461
|
# @!attribute [rw] name
|
|
413
462
|
# @return [::String]
|
|
@@ -452,8 +501,6 @@ module Google
|
|
|
452
501
|
# different languages. However, it is a non-negative integer, which will
|
|
453
502
|
# never exceed 2^32-1, and can be safely downconverted to uint32 in languages
|
|
454
503
|
# that support this type.
|
|
455
|
-
#
|
|
456
|
-
# NOTE: This field is in Beta.
|
|
457
504
|
# @!attribute [rw] additional_authenticated_data_crc32c
|
|
458
505
|
# @return [::Google::Protobuf::Int64Value]
|
|
459
506
|
# Optional. An optional CRC32C checksum of the
|
|
@@ -470,8 +517,6 @@ module Google
|
|
|
470
517
|
# different languages. However, it is a non-negative integer, which will
|
|
471
518
|
# never exceed 2^32-1, and can be safely downconverted to uint32 in languages
|
|
472
519
|
# that support this type.
|
|
473
|
-
#
|
|
474
|
-
# NOTE: This field is in Beta.
|
|
475
520
|
class EncryptRequest
|
|
476
521
|
include ::Google::Protobuf::MessageExts
|
|
477
522
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
@@ -505,8 +550,6 @@ module Google
|
|
|
505
550
|
# different languages. However, it is a non-negative integer, which will
|
|
506
551
|
# never exceed 2^32-1, and can be safely downconverted to uint32 in languages
|
|
507
552
|
# that support this type.
|
|
508
|
-
#
|
|
509
|
-
# NOTE: This field is in Beta.
|
|
510
553
|
# @!attribute [rw] additional_authenticated_data_crc32c
|
|
511
554
|
# @return [::Google::Protobuf::Int64Value]
|
|
512
555
|
# Optional. An optional CRC32C checksum of the
|
|
@@ -523,8 +566,6 @@ module Google
|
|
|
523
566
|
# different languages. However, it is a non-negative integer, which will
|
|
524
567
|
# never exceed 2^32-1, and can be safely downconverted to uint32 in languages
|
|
525
568
|
# that support this type.
|
|
526
|
-
#
|
|
527
|
-
# NOTE: This field is in Beta.
|
|
528
569
|
class DecryptRequest
|
|
529
570
|
include ::Google::Protobuf::MessageExts
|
|
530
571
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
@@ -554,8 +595,6 @@ module Google
|
|
|
554
595
|
# different languages. However, it is a non-negative integer, which will
|
|
555
596
|
# never exceed 2^32-1, and can be safely downconverted to uint32 in languages
|
|
556
597
|
# that support this type.
|
|
557
|
-
#
|
|
558
|
-
# NOTE: This field is in Beta.
|
|
559
598
|
class AsymmetricSignRequest
|
|
560
599
|
include ::Google::Protobuf::MessageExts
|
|
561
600
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
@@ -585,35 +624,99 @@ module Google
|
|
|
585
624
|
# different languages. However, it is a non-negative integer, which will
|
|
586
625
|
# never exceed 2^32-1, and can be safely downconverted to uint32 in languages
|
|
587
626
|
# that support this type.
|
|
588
|
-
#
|
|
589
|
-
# NOTE: This field is in Beta.
|
|
590
627
|
class AsymmetricDecryptRequest
|
|
591
628
|
include ::Google::Protobuf::MessageExts
|
|
592
629
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
593
630
|
end
|
|
594
631
|
|
|
595
|
-
#
|
|
596
|
-
# @!attribute [rw]
|
|
632
|
+
# Request message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#mac_sign KeyManagementService.MacSign}.
|
|
633
|
+
# @!attribute [rw] name
|
|
597
634
|
# @return [::String]
|
|
598
|
-
# The
|
|
599
|
-
# @!attribute [rw]
|
|
635
|
+
# Required. The resource name of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use for signing.
|
|
636
|
+
# @!attribute [rw] data
|
|
637
|
+
# @return [::String]
|
|
638
|
+
# Required. The data to sign. The MAC tag is computed over this data field based on
|
|
639
|
+
# the specific algorithm.
|
|
640
|
+
# @!attribute [rw] data_crc32c
|
|
600
641
|
# @return [::Google::Protobuf::Int64Value]
|
|
601
|
-
#
|
|
602
|
-
# {::Google::Cloud::Kms::V1::
|
|
603
|
-
# {::Google::Cloud::Kms::V1::
|
|
604
|
-
#
|
|
605
|
-
#
|
|
606
|
-
#
|
|
607
|
-
#
|
|
608
|
-
#
|
|
609
|
-
#
|
|
642
|
+
# Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::MacSignRequest#data MacSignRequest.data}. If
|
|
643
|
+
# specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the
|
|
644
|
+
# received {::Google::Cloud::Kms::V1::MacSignRequest#data MacSignRequest.data} using this checksum.
|
|
645
|
+
# {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
|
|
646
|
+
# fails. If you receive a checksum error, your client should verify that
|
|
647
|
+
# CRC32C({::Google::Cloud::Kms::V1::MacSignRequest#data MacSignRequest.data}) is equal to
|
|
648
|
+
# {::Google::Cloud::Kms::V1::MacSignRequest#data_crc32c MacSignRequest.data_crc32c}, and if so, perform a limited
|
|
649
|
+
# number of retries. A persistent mismatch may indicate an issue in your
|
|
650
|
+
# computation of the CRC32C checksum.
|
|
610
651
|
# Note: This field is defined as int64 for reasons of compatibility across
|
|
611
652
|
# different languages. However, it is a non-negative integer, which will
|
|
612
653
|
# never exceed 2^32-1, and can be safely downconverted to uint32 in languages
|
|
613
654
|
# that support this type.
|
|
614
|
-
|
|
615
|
-
|
|
616
|
-
|
|
655
|
+
class MacSignRequest
|
|
656
|
+
include ::Google::Protobuf::MessageExts
|
|
657
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
658
|
+
end
|
|
659
|
+
|
|
660
|
+
# Request message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#mac_verify KeyManagementService.MacVerify}.
|
|
661
|
+
# @!attribute [rw] name
|
|
662
|
+
# @return [::String]
|
|
663
|
+
# Required. The resource name of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use for verification.
|
|
664
|
+
# @!attribute [rw] data
|
|
665
|
+
# @return [::String]
|
|
666
|
+
# Required. The data used previously as a {::Google::Cloud::Kms::V1::MacSignRequest#data MacSignRequest.data} to generate the MAC
|
|
667
|
+
# tag.
|
|
668
|
+
# @!attribute [rw] data_crc32c
|
|
669
|
+
# @return [::Google::Protobuf::Int64Value]
|
|
670
|
+
# Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::MacVerifyRequest#data MacVerifyRequest.data}. If
|
|
671
|
+
# specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the
|
|
672
|
+
# received {::Google::Cloud::Kms::V1::MacVerifyRequest#data MacVerifyRequest.data} using this checksum.
|
|
673
|
+
# {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
|
|
674
|
+
# fails. If you receive a checksum error, your client should verify that
|
|
675
|
+
# CRC32C({::Google::Cloud::Kms::V1::MacVerifyRequest#data MacVerifyRequest.data}) is equal to
|
|
676
|
+
# {::Google::Cloud::Kms::V1::MacVerifyRequest#data_crc32c MacVerifyRequest.data_crc32c}, and if so, perform a limited
|
|
677
|
+
# number of retries. A persistent mismatch may indicate an issue in your
|
|
678
|
+
# computation of the CRC32C checksum.
|
|
679
|
+
# Note: This field is defined as int64 for reasons of compatibility across
|
|
680
|
+
# different languages. However, it is a non-negative integer, which will
|
|
681
|
+
# never exceed 2^32-1, and can be safely downconverted to uint32 in languages
|
|
682
|
+
# that support this type.
|
|
683
|
+
# @!attribute [rw] mac
|
|
684
|
+
# @return [::String]
|
|
685
|
+
# Required. The signature to verify.
|
|
686
|
+
# @!attribute [rw] mac_crc32c
|
|
687
|
+
# @return [::Google::Protobuf::Int64Value]
|
|
688
|
+
# Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::MacVerifyRequest#mac MacVerifyRequest.mac}. If
|
|
689
|
+
# specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the
|
|
690
|
+
# received {::Google::Cloud::Kms::V1::MacVerifyRequest#mac MacVerifyRequest.mac} using this checksum.
|
|
691
|
+
# {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
|
|
692
|
+
# fails. If you receive a checksum error, your client should verify that
|
|
693
|
+
# CRC32C([MacVerifyRequest.tag][]) is equal to
|
|
694
|
+
# {::Google::Cloud::Kms::V1::MacVerifyRequest#mac_crc32c MacVerifyRequest.mac_crc32c}, and if so, perform a limited
|
|
695
|
+
# number of retries. A persistent mismatch may indicate an issue in your
|
|
696
|
+
# computation of the CRC32C checksum.
|
|
697
|
+
# Note: This field is defined as int64 for reasons of compatibility across
|
|
698
|
+
# different languages. However, it is a non-negative integer, which will
|
|
699
|
+
# never exceed 2^32-1, and can be safely downconverted to uint32 in languages
|
|
700
|
+
# that support this type.
|
|
701
|
+
class MacVerifyRequest
|
|
702
|
+
include ::Google::Protobuf::MessageExts
|
|
703
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
704
|
+
end
|
|
705
|
+
|
|
706
|
+
# Request message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#generate_random_bytes KeyManagementService.GenerateRandomBytes}.
|
|
707
|
+
# @!attribute [rw] location
|
|
708
|
+
# @return [::String]
|
|
709
|
+
# The project-specific location in which to generate random bytes.
|
|
710
|
+
# For example, "projects/my-project/locations/us-central1".
|
|
711
|
+
# @!attribute [rw] length_bytes
|
|
712
|
+
# @return [::Integer]
|
|
713
|
+
# The length in bytes of the amount of randomness to retrieve. Minimum 8
|
|
714
|
+
# bytes, maximum 1024 bytes.
|
|
715
|
+
# @!attribute [rw] protection_level
|
|
716
|
+
# @return [::Google::Cloud::Kms::V1::ProtectionLevel]
|
|
717
|
+
# The {::Google::Cloud::Kms::V1::ProtectionLevel ProtectionLevel} to use when generating the random data. Defaults to
|
|
718
|
+
# {::Google::Cloud::Kms::V1::ProtectionLevel::SOFTWARE SOFTWARE}.
|
|
719
|
+
class GenerateRandomBytesRequest
|
|
617
720
|
include ::Google::Protobuf::MessageExts
|
|
618
721
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
619
722
|
end
|
|
@@ -639,8 +742,6 @@ module Google
|
|
|
639
742
|
# different languages. However, it is a non-negative integer, which will
|
|
640
743
|
# never exceed 2^32-1, and can be safely downconverted to uint32 in languages
|
|
641
744
|
# that support this type.
|
|
642
|
-
#
|
|
643
|
-
# NOTE: This field is in Beta.
|
|
644
745
|
# @!attribute [rw] verified_plaintext_crc32c
|
|
645
746
|
# @return [::Boolean]
|
|
646
747
|
# Integrity verification field. A flag indicating whether
|
|
@@ -651,8 +752,6 @@ module Google
|
|
|
651
752
|
# that it was not delivered to {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}. If you've set
|
|
652
753
|
# {::Google::Cloud::Kms::V1::EncryptRequest#plaintext_crc32c EncryptRequest.plaintext_crc32c} but this field is still false, discard
|
|
653
754
|
# the response and perform a limited number of retries.
|
|
654
|
-
#
|
|
655
|
-
# NOTE: This field is in Beta.
|
|
656
755
|
# @!attribute [rw] verified_additional_authenticated_data_crc32c
|
|
657
756
|
# @return [::Boolean]
|
|
658
757
|
# Integrity verification field. A flag indicating whether
|
|
@@ -664,13 +763,44 @@ module Google
|
|
|
664
763
|
# that it was not delivered to {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}. If you've set
|
|
665
764
|
# {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data_crc32c EncryptRequest.additional_authenticated_data_crc32c} but this field is
|
|
666
765
|
# still false, discard the response and perform a limited number of retries.
|
|
667
|
-
#
|
|
668
|
-
#
|
|
766
|
+
# @!attribute [rw] protection_level
|
|
767
|
+
# @return [::Google::Cloud::Kms::V1::ProtectionLevel]
|
|
768
|
+
# The {::Google::Cloud::Kms::V1::ProtectionLevel ProtectionLevel} of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} used in encryption.
|
|
669
769
|
class EncryptResponse
|
|
670
770
|
include ::Google::Protobuf::MessageExts
|
|
671
771
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
672
772
|
end
|
|
673
773
|
|
|
774
|
+
# Response message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#decrypt KeyManagementService.Decrypt}.
|
|
775
|
+
# @!attribute [rw] plaintext
|
|
776
|
+
# @return [::String]
|
|
777
|
+
# The decrypted data originally supplied in {::Google::Cloud::Kms::V1::EncryptRequest#plaintext EncryptRequest.plaintext}.
|
|
778
|
+
# @!attribute [rw] plaintext_crc32c
|
|
779
|
+
# @return [::Google::Protobuf::Int64Value]
|
|
780
|
+
# Integrity verification field. A CRC32C checksum of the returned
|
|
781
|
+
# {::Google::Cloud::Kms::V1::DecryptResponse#plaintext DecryptResponse.plaintext}. An integrity check of
|
|
782
|
+
# {::Google::Cloud::Kms::V1::DecryptResponse#plaintext DecryptResponse.plaintext} can be performed by computing the CRC32C
|
|
783
|
+
# checksum of {::Google::Cloud::Kms::V1::DecryptResponse#plaintext DecryptResponse.plaintext} and comparing your results to
|
|
784
|
+
# this field. Discard the response in case of non-matching checksum values,
|
|
785
|
+
# and perform a limited number of retries. A persistent mismatch may indicate
|
|
786
|
+
# an issue in your computation of the CRC32C checksum. Note: receiving this
|
|
787
|
+
# response message indicates that {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} is able to
|
|
788
|
+
# successfully decrypt the {::Google::Cloud::Kms::V1::DecryptRequest#ciphertext ciphertext}.
|
|
789
|
+
# Note: This field is defined as int64 for reasons of compatibility across
|
|
790
|
+
# different languages. However, it is a non-negative integer, which will
|
|
791
|
+
# never exceed 2^32-1, and can be safely downconverted to uint32 in languages
|
|
792
|
+
# that support this type.
|
|
793
|
+
# @!attribute [rw] used_primary
|
|
794
|
+
# @return [::Boolean]
|
|
795
|
+
# Whether the Decryption was performed using the primary key version.
|
|
796
|
+
# @!attribute [rw] protection_level
|
|
797
|
+
# @return [::Google::Cloud::Kms::V1::ProtectionLevel]
|
|
798
|
+
# The {::Google::Cloud::Kms::V1::ProtectionLevel ProtectionLevel} of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} used in decryption.
|
|
799
|
+
class DecryptResponse
|
|
800
|
+
include ::Google::Protobuf::MessageExts
|
|
801
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
802
|
+
end
|
|
803
|
+
|
|
674
804
|
# Response message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#asymmetric_sign KeyManagementService.AsymmetricSign}.
|
|
675
805
|
# @!attribute [rw] signature
|
|
676
806
|
# @return [::String]
|
|
@@ -688,8 +818,6 @@ module Google
|
|
|
688
818
|
# different languages. However, it is a non-negative integer, which will
|
|
689
819
|
# never exceed 2^32-1, and can be safely downconverted to uint32 in languages
|
|
690
820
|
# that support this type.
|
|
691
|
-
#
|
|
692
|
-
# NOTE: This field is in Beta.
|
|
693
821
|
# @!attribute [rw] verified_digest_crc32c
|
|
694
822
|
# @return [::Boolean]
|
|
695
823
|
# Integrity verification field. A flag indicating whether
|
|
@@ -700,14 +828,13 @@ module Google
|
|
|
700
828
|
# unset or that it was not delivered to {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}. If you've
|
|
701
829
|
# set {::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest_crc32c AsymmetricSignRequest.digest_crc32c} but this field is still false,
|
|
702
830
|
# discard the response and perform a limited number of retries.
|
|
703
|
-
#
|
|
704
|
-
# NOTE: This field is in Beta.
|
|
705
831
|
# @!attribute [rw] name
|
|
706
832
|
# @return [::String]
|
|
707
833
|
# The resource name of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} used for signing. Check
|
|
708
834
|
# this field to verify that the intended resource was used for signing.
|
|
709
|
-
#
|
|
710
|
-
#
|
|
835
|
+
# @!attribute [rw] protection_level
|
|
836
|
+
# @return [::Google::Cloud::Kms::V1::ProtectionLevel]
|
|
837
|
+
# The {::Google::Cloud::Kms::V1::ProtectionLevel ProtectionLevel} of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} used for signing.
|
|
711
838
|
class AsymmetricSignResponse
|
|
712
839
|
include ::Google::Protobuf::MessageExts
|
|
713
840
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
@@ -730,8 +857,6 @@ module Google
|
|
|
730
857
|
# different languages. However, it is a non-negative integer, which will
|
|
731
858
|
# never exceed 2^32-1, and can be safely downconverted to uint32 in languages
|
|
732
859
|
# that support this type.
|
|
733
|
-
#
|
|
734
|
-
# NOTE: This field is in Beta.
|
|
735
860
|
# @!attribute [rw] verified_ciphertext_crc32c
|
|
736
861
|
# @return [::Boolean]
|
|
737
862
|
# Integrity verification field. A flag indicating whether
|
|
@@ -742,39 +867,115 @@ module Google
|
|
|
742
867
|
# was left unset or that it was not delivered to {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}. If
|
|
743
868
|
# you've set {::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext_crc32c AsymmetricDecryptRequest.ciphertext_crc32c} but this field is
|
|
744
869
|
# still false, discard the response and perform a limited number of retries.
|
|
745
|
-
#
|
|
746
|
-
#
|
|
870
|
+
# @!attribute [rw] protection_level
|
|
871
|
+
# @return [::Google::Cloud::Kms::V1::ProtectionLevel]
|
|
872
|
+
# The {::Google::Cloud::Kms::V1::ProtectionLevel ProtectionLevel} of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} used in decryption.
|
|
747
873
|
class AsymmetricDecryptResponse
|
|
748
874
|
include ::Google::Protobuf::MessageExts
|
|
749
875
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
750
876
|
end
|
|
751
877
|
|
|
752
|
-
#
|
|
878
|
+
# Response message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#mac_sign KeyManagementService.MacSign}.
|
|
753
879
|
# @!attribute [rw] name
|
|
754
880
|
# @return [::String]
|
|
755
|
-
#
|
|
756
|
-
#
|
|
881
|
+
# The resource name of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} used for signing. Check
|
|
882
|
+
# this field to verify that the intended resource was used for signing.
|
|
883
|
+
# @!attribute [rw] mac
|
|
757
884
|
# @return [::String]
|
|
758
|
-
#
|
|
759
|
-
|
|
885
|
+
# The created signature.
|
|
886
|
+
# @!attribute [rw] mac_crc32c
|
|
887
|
+
# @return [::Google::Protobuf::Int64Value]
|
|
888
|
+
# Integrity verification field. A CRC32C checksum of the returned
|
|
889
|
+
# {::Google::Cloud::Kms::V1::MacSignResponse#mac MacSignResponse.mac}. An integrity check of
|
|
890
|
+
# {::Google::Cloud::Kms::V1::MacSignResponse#mac MacSignResponse.mac} can be performed by computing the
|
|
891
|
+
# CRC32C checksum of {::Google::Cloud::Kms::V1::MacSignResponse#mac MacSignResponse.mac} and comparing your
|
|
892
|
+
# results to this field. Discard the response in case of non-matching
|
|
893
|
+
# checksum values, and perform a limited number of retries. A persistent
|
|
894
|
+
# mismatch may indicate an issue in your computation of the CRC32C checksum.
|
|
895
|
+
# Note: This field is defined as int64 for reasons of compatibility across
|
|
896
|
+
# different languages. However, it is a non-negative integer, which will
|
|
897
|
+
# never exceed 2^32-1, and can be safely downconverted to uint32 in languages
|
|
898
|
+
# that support this type.
|
|
899
|
+
# @!attribute [rw] verified_data_crc32c
|
|
900
|
+
# @return [::Boolean]
|
|
901
|
+
# Integrity verification field. A flag indicating whether
|
|
902
|
+
# {::Google::Cloud::Kms::V1::MacSignRequest#data_crc32c MacSignRequest.data_crc32c} was received by
|
|
903
|
+
# {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} and used for the integrity verification of the
|
|
904
|
+
# {::Google::Cloud::Kms::V1::MacSignRequest#data data}. A false value of this field
|
|
905
|
+
# indicates either that {::Google::Cloud::Kms::V1::MacSignRequest#data_crc32c MacSignRequest.data_crc32c} was left
|
|
906
|
+
# unset or that it was not delivered to {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}. If you've
|
|
907
|
+
# set {::Google::Cloud::Kms::V1::MacSignRequest#data_crc32c MacSignRequest.data_crc32c} but this field is still false,
|
|
908
|
+
# discard the response and perform a limited number of retries.
|
|
909
|
+
# @!attribute [rw] protection_level
|
|
910
|
+
# @return [::Google::Cloud::Kms::V1::ProtectionLevel]
|
|
911
|
+
# The {::Google::Cloud::Kms::V1::ProtectionLevel ProtectionLevel} of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} used for signing.
|
|
912
|
+
class MacSignResponse
|
|
760
913
|
include ::Google::Protobuf::MessageExts
|
|
761
914
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
762
915
|
end
|
|
763
916
|
|
|
764
|
-
#
|
|
917
|
+
# Response message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#mac_verify KeyManagementService.MacVerify}.
|
|
765
918
|
# @!attribute [rw] name
|
|
766
919
|
# @return [::String]
|
|
767
|
-
#
|
|
768
|
-
|
|
920
|
+
# The resource name of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} used for verification.
|
|
921
|
+
# Check this field to verify that the intended resource was used for
|
|
922
|
+
# verification.
|
|
923
|
+
# @!attribute [rw] success
|
|
924
|
+
# @return [::Boolean]
|
|
925
|
+
# This field indicates whether or not the verification operation for
|
|
926
|
+
# {::Google::Cloud::Kms::V1::MacVerifyRequest#mac MacVerifyRequest.mac} over {::Google::Cloud::Kms::V1::MacVerifyRequest#data MacVerifyRequest.data} was successful.
|
|
927
|
+
# @!attribute [rw] verified_data_crc32c
|
|
928
|
+
# @return [::Boolean]
|
|
929
|
+
# Integrity verification field. A flag indicating whether
|
|
930
|
+
# {::Google::Cloud::Kms::V1::MacVerifyRequest#data_crc32c MacVerifyRequest.data_crc32c} was received by
|
|
931
|
+
# {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} and used for the integrity verification of the
|
|
932
|
+
# {::Google::Cloud::Kms::V1::MacVerifyRequest#data data}. A false value of this field
|
|
933
|
+
# indicates either that {::Google::Cloud::Kms::V1::MacVerifyRequest#data_crc32c MacVerifyRequest.data_crc32c} was left
|
|
934
|
+
# unset or that it was not delivered to {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}. If you've
|
|
935
|
+
# set {::Google::Cloud::Kms::V1::MacVerifyRequest#data_crc32c MacVerifyRequest.data_crc32c} but this field is still false,
|
|
936
|
+
# discard the response and perform a limited number of retries.
|
|
937
|
+
# @!attribute [rw] verified_mac_crc32c
|
|
938
|
+
# @return [::Boolean]
|
|
939
|
+
# Integrity verification field. A flag indicating whether
|
|
940
|
+
# {::Google::Cloud::Kms::V1::MacVerifyRequest#mac_crc32c MacVerifyRequest.mac_crc32c} was received by
|
|
941
|
+
# {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} and used for the integrity verification of the
|
|
942
|
+
# {::Google::Cloud::Kms::V1::MacVerifyRequest#mac data}. A false value of this field
|
|
943
|
+
# indicates either that {::Google::Cloud::Kms::V1::MacVerifyRequest#mac_crc32c MacVerifyRequest.mac_crc32c} was left
|
|
944
|
+
# unset or that it was not delivered to {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}. If you've
|
|
945
|
+
# set {::Google::Cloud::Kms::V1::MacVerifyRequest#mac_crc32c MacVerifyRequest.mac_crc32c} but this field is still false,
|
|
946
|
+
# discard the response and perform a limited number of retries.
|
|
947
|
+
# @!attribute [rw] verified_success_integrity
|
|
948
|
+
# @return [::Boolean]
|
|
949
|
+
# Integrity verification field. This value is used for the integrity
|
|
950
|
+
# verification of [MacVerifyResponse.success]. If the value of this field
|
|
951
|
+
# contradicts the value of [MacVerifyResponse.success], discard the response
|
|
952
|
+
# and perform a limited number of retries.
|
|
953
|
+
# @!attribute [rw] protection_level
|
|
954
|
+
# @return [::Google::Cloud::Kms::V1::ProtectionLevel]
|
|
955
|
+
# The {::Google::Cloud::Kms::V1::ProtectionLevel ProtectionLevel} of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} used for verification.
|
|
956
|
+
class MacVerifyResponse
|
|
769
957
|
include ::Google::Protobuf::MessageExts
|
|
770
958
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
771
959
|
end
|
|
772
960
|
|
|
773
|
-
#
|
|
774
|
-
# @!attribute [rw]
|
|
961
|
+
# Response message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#generate_random_bytes KeyManagementService.GenerateRandomBytes}.
|
|
962
|
+
# @!attribute [rw] data
|
|
775
963
|
# @return [::String]
|
|
776
|
-
#
|
|
777
|
-
|
|
964
|
+
# The generated data.
|
|
965
|
+
# @!attribute [rw] data_crc32c
|
|
966
|
+
# @return [::Google::Protobuf::Int64Value]
|
|
967
|
+
# Integrity verification field. A CRC32C checksum of the returned
|
|
968
|
+
# {::Google::Cloud::Kms::V1::GenerateRandomBytesResponse#data GenerateRandomBytesResponse.data}. An integrity check of
|
|
969
|
+
# {::Google::Cloud::Kms::V1::GenerateRandomBytesResponse#data GenerateRandomBytesResponse.data} can be performed by computing the
|
|
970
|
+
# CRC32C checksum of {::Google::Cloud::Kms::V1::GenerateRandomBytesResponse#data GenerateRandomBytesResponse.data} and comparing your
|
|
971
|
+
# results to this field. Discard the response in case of non-matching
|
|
972
|
+
# checksum values, and perform a limited number of retries. A persistent
|
|
973
|
+
# mismatch may indicate an issue in your computation of the CRC32C checksum.
|
|
974
|
+
# Note: This field is defined as int64 for reasons of compatibility across
|
|
975
|
+
# different languages. However, it is a non-negative integer, which will
|
|
976
|
+
# never exceed 2^32-1, and can be safely downconverted to uint32 in languages
|
|
977
|
+
# that support this type.
|
|
978
|
+
class GenerateRandomBytesResponse
|
|
778
979
|
include ::Google::Protobuf::MessageExts
|
|
779
980
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
780
981
|
end
|