google-cloud-kms-v1 0.6.1 → 0.9.0

Sign up to get free protection for your applications and to get access to all the features.
@@ -52,13 +52,12 @@ module Google
52
52
  # See {::Google::Cloud::Kms::V1::KeyManagementService::Client::Configuration}
53
53
  # for a description of the configuration fields.
54
54
  #
55
- # ## Example
55
+ # @example
56
56
  #
57
- # To modify the configuration for all KeyManagementService clients:
58
- #
59
- # ::Google::Cloud::Kms::V1::KeyManagementService::Client.configure do |config|
60
- # config.timeout = 10.0
61
- # end
57
+ # # Modify the configuration for all KeyManagementService clients
58
+ # ::Google::Cloud::Kms::V1::KeyManagementService::Client.configure do |config|
59
+ # config.timeout = 10.0
60
+ # end
62
61
  #
63
62
  # @yield [config] Configure the Client client.
64
63
  # @yieldparam config [Client::Configuration]
@@ -150,6 +149,21 @@ module Google
150
149
  initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
151
150
  }
152
151
 
152
+ default_config.rpcs.update_crypto_key_primary_version.timeout = 60.0
153
+ default_config.rpcs.update_crypto_key_primary_version.retry_policy = {
154
+ initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
155
+ }
156
+
157
+ default_config.rpcs.destroy_crypto_key_version.timeout = 60.0
158
+ default_config.rpcs.destroy_crypto_key_version.retry_policy = {
159
+ initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
160
+ }
161
+
162
+ default_config.rpcs.restore_crypto_key_version.timeout = 60.0
163
+ default_config.rpcs.restore_crypto_key_version.retry_policy = {
164
+ initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
165
+ }
166
+
153
167
  default_config.rpcs.encrypt.timeout = 60.0
154
168
  default_config.rpcs.encrypt.retry_policy = {
155
169
  initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
@@ -170,18 +184,18 @@ module Google
170
184
  initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
171
185
  }
172
186
 
173
- default_config.rpcs.update_crypto_key_primary_version.timeout = 60.0
174
- default_config.rpcs.update_crypto_key_primary_version.retry_policy = {
187
+ default_config.rpcs.mac_sign.timeout = 60.0
188
+ default_config.rpcs.mac_sign.retry_policy = {
175
189
  initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
176
190
  }
177
191
 
178
- default_config.rpcs.destroy_crypto_key_version.timeout = 60.0
179
- default_config.rpcs.destroy_crypto_key_version.retry_policy = {
192
+ default_config.rpcs.mac_verify.timeout = 60.0
193
+ default_config.rpcs.mac_verify.retry_policy = {
180
194
  initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
181
195
  }
182
196
 
183
- default_config.rpcs.restore_crypto_key_version.timeout = 60.0
184
- default_config.rpcs.restore_crypto_key_version.retry_policy = {
197
+ default_config.rpcs.generate_random_bytes.timeout = 60.0
198
+ default_config.rpcs.generate_random_bytes.retry_policy = {
185
199
  initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
186
200
  }
187
201
 
@@ -214,19 +228,15 @@ module Google
214
228
  ##
215
229
  # Create a new KeyManagementService client object.
216
230
  #
217
- # ## Examples
218
- #
219
- # To create a new KeyManagementService client with the default
220
- # configuration:
231
+ # @example
221
232
  #
222
- # client = ::Google::Cloud::Kms::V1::KeyManagementService::Client.new
233
+ # # Create a client using the default configuration
234
+ # client = ::Google::Cloud::Kms::V1::KeyManagementService::Client.new
223
235
  #
224
- # To create a new KeyManagementService client with a custom
225
- # configuration:
226
- #
227
- # client = ::Google::Cloud::Kms::V1::KeyManagementService::Client.new do |config|
228
- # config.timeout = 10.0
229
- # end
236
+ # # Create a client using a custom configuration
237
+ # client = ::Google::Cloud::Kms::V1::KeyManagementService::Client.new do |config|
238
+ # config.timeout = 10.0
239
+ # end
230
240
  #
231
241
  # @yield [config] Configure the KeyManagementService client.
232
242
  # @yieldparam config [Client::Configuration]
@@ -246,10 +256,9 @@ module Google
246
256
 
247
257
  # Create credentials
248
258
  credentials = @config.credentials
249
- # Use self-signed JWT if the scope and endpoint are unchanged from default,
259
+ # Use self-signed JWT if the endpoint is unchanged from default,
250
260
  # but only if the default endpoint does not have a region prefix.
251
- enable_self_signed_jwt = @config.scope == Client.configure.scope &&
252
- @config.endpoint == Client.configure.endpoint &&
261
+ enable_self_signed_jwt = @config.endpoint == Client.configure.endpoint &&
253
262
  !@config.endpoint.split(".").first.include?("-")
254
263
  credentials ||= Credentials.default scope: @config.scope,
255
264
  enable_self_signed_jwt: enable_self_signed_jwt
@@ -344,7 +353,9 @@ module Google
344
353
  options.apply_defaults timeout: @config.rpcs.list_key_rings.timeout,
345
354
  metadata: metadata,
346
355
  retry_policy: @config.rpcs.list_key_rings.retry_policy
347
- options.apply_defaults metadata: @config.metadata,
356
+
357
+ options.apply_defaults timeout: @config.timeout,
358
+ metadata: @config.metadata,
348
359
  retry_policy: @config.retry_policy
349
360
 
350
361
  @key_management_service_stub.call_rpc :list_key_rings, request, options: options do |response, operation|
@@ -432,7 +443,9 @@ module Google
432
443
  options.apply_defaults timeout: @config.rpcs.list_crypto_keys.timeout,
433
444
  metadata: metadata,
434
445
  retry_policy: @config.rpcs.list_crypto_keys.retry_policy
435
- options.apply_defaults metadata: @config.metadata,
446
+
447
+ options.apply_defaults timeout: @config.timeout,
448
+ metadata: @config.metadata,
436
449
  retry_policy: @config.retry_policy
437
450
 
438
451
  @key_management_service_stub.call_rpc :list_crypto_keys, request, options: options do |response, operation|
@@ -521,7 +534,9 @@ module Google
521
534
  options.apply_defaults timeout: @config.rpcs.list_crypto_key_versions.timeout,
522
535
  metadata: metadata,
523
536
  retry_policy: @config.rpcs.list_crypto_key_versions.retry_policy
524
- options.apply_defaults metadata: @config.metadata,
537
+
538
+ options.apply_defaults timeout: @config.timeout,
539
+ metadata: @config.metadata,
525
540
  retry_policy: @config.retry_policy
526
541
 
527
542
  @key_management_service_stub.call_rpc :list_crypto_key_versions, request, options: options do |response, operation|
@@ -607,7 +622,9 @@ module Google
607
622
  options.apply_defaults timeout: @config.rpcs.list_import_jobs.timeout,
608
623
  metadata: metadata,
609
624
  retry_policy: @config.rpcs.list_import_jobs.retry_policy
610
- options.apply_defaults metadata: @config.metadata,
625
+
626
+ options.apply_defaults timeout: @config.timeout,
627
+ metadata: @config.metadata,
611
628
  retry_policy: @config.retry_policy
612
629
 
613
630
  @key_management_service_stub.call_rpc :list_import_jobs, request, options: options do |response, operation|
@@ -674,7 +691,9 @@ module Google
674
691
  options.apply_defaults timeout: @config.rpcs.get_key_ring.timeout,
675
692
  metadata: metadata,
676
693
  retry_policy: @config.rpcs.get_key_ring.retry_policy
677
- options.apply_defaults metadata: @config.metadata,
694
+
695
+ options.apply_defaults timeout: @config.timeout,
696
+ metadata: @config.metadata,
678
697
  retry_policy: @config.retry_policy
679
698
 
680
699
  @key_management_service_stub.call_rpc :get_key_ring, request, options: options do |response, operation|
@@ -741,7 +760,9 @@ module Google
741
760
  options.apply_defaults timeout: @config.rpcs.get_crypto_key.timeout,
742
761
  metadata: metadata,
743
762
  retry_policy: @config.rpcs.get_crypto_key.retry_policy
744
- options.apply_defaults metadata: @config.metadata,
763
+
764
+ options.apply_defaults timeout: @config.timeout,
765
+ metadata: @config.metadata,
745
766
  retry_policy: @config.retry_policy
746
767
 
747
768
  @key_management_service_stub.call_rpc :get_crypto_key, request, options: options do |response, operation|
@@ -807,7 +828,9 @@ module Google
807
828
  options.apply_defaults timeout: @config.rpcs.get_crypto_key_version.timeout,
808
829
  metadata: metadata,
809
830
  retry_policy: @config.rpcs.get_crypto_key_version.retry_policy
810
- options.apply_defaults metadata: @config.metadata,
831
+
832
+ options.apply_defaults timeout: @config.timeout,
833
+ metadata: @config.metadata,
811
834
  retry_policy: @config.retry_policy
812
835
 
813
836
  @key_management_service_stub.call_rpc :get_crypto_key_version, request, options: options do |response, operation|
@@ -877,7 +900,9 @@ module Google
877
900
  options.apply_defaults timeout: @config.rpcs.get_public_key.timeout,
878
901
  metadata: metadata,
879
902
  retry_policy: @config.rpcs.get_public_key.retry_policy
880
- options.apply_defaults metadata: @config.metadata,
903
+
904
+ options.apply_defaults timeout: @config.timeout,
905
+ metadata: @config.metadata,
881
906
  retry_policy: @config.retry_policy
882
907
 
883
908
  @key_management_service_stub.call_rpc :get_public_key, request, options: options do |response, operation|
@@ -943,7 +968,9 @@ module Google
943
968
  options.apply_defaults timeout: @config.rpcs.get_import_job.timeout,
944
969
  metadata: metadata,
945
970
  retry_policy: @config.rpcs.get_import_job.retry_policy
946
- options.apply_defaults metadata: @config.metadata,
971
+
972
+ options.apply_defaults timeout: @config.timeout,
973
+ metadata: @config.metadata,
947
974
  retry_policy: @config.retry_policy
948
975
 
949
976
  @key_management_service_stub.call_rpc :get_import_job, request, options: options do |response, operation|
@@ -1015,7 +1042,9 @@ module Google
1015
1042
  options.apply_defaults timeout: @config.rpcs.create_key_ring.timeout,
1016
1043
  metadata: metadata,
1017
1044
  retry_policy: @config.rpcs.create_key_ring.retry_policy
1018
- options.apply_defaults metadata: @config.metadata,
1045
+
1046
+ options.apply_defaults timeout: @config.timeout,
1047
+ metadata: @config.metadata,
1019
1048
  retry_policy: @config.retry_policy
1020
1049
 
1021
1050
  @key_management_service_stub.call_rpc :create_key_ring, request, options: options do |response, operation|
@@ -1097,7 +1126,9 @@ module Google
1097
1126
  options.apply_defaults timeout: @config.rpcs.create_crypto_key.timeout,
1098
1127
  metadata: metadata,
1099
1128
  retry_policy: @config.rpcs.create_crypto_key.retry_policy
1100
- options.apply_defaults metadata: @config.metadata,
1129
+
1130
+ options.apply_defaults timeout: @config.timeout,
1131
+ metadata: @config.metadata,
1101
1132
  retry_policy: @config.retry_policy
1102
1133
 
1103
1134
  @key_management_service_stub.call_rpc :create_crypto_key, request, options: options do |response, operation|
@@ -1170,7 +1201,9 @@ module Google
1170
1201
  options.apply_defaults timeout: @config.rpcs.create_crypto_key_version.timeout,
1171
1202
  metadata: metadata,
1172
1203
  retry_policy: @config.rpcs.create_crypto_key_version.retry_policy
1173
- options.apply_defaults metadata: @config.metadata,
1204
+
1205
+ options.apply_defaults timeout: @config.timeout,
1206
+ metadata: @config.metadata,
1174
1207
  retry_policy: @config.retry_policy
1175
1208
 
1176
1209
  @key_management_service_stub.call_rpc :create_crypto_key_version, request, options: options do |response, operation|
@@ -1182,11 +1215,12 @@ module Google
1182
1215
  end
1183
1216
 
1184
1217
  ##
1185
- # Imports a new {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} into an existing {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} using the
1186
- # wrapped key material provided in the request.
1218
+ # Import wrapped key material into a {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}.
1187
1219
  #
1188
- # The version ID will be assigned the next sequential id within the
1189
- # {::Google::Cloud::Kms::V1::CryptoKey CryptoKey}.
1220
+ # All requests must specify a {::Google::Cloud::Kms::V1::CryptoKey CryptoKey}. If a {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} is
1221
+ # additionally specified in the request, key material will be reimported into
1222
+ # that version. Otherwise, a new version will be created, and will be
1223
+ # assigned the next sequential id within the {::Google::Cloud::Kms::V1::CryptoKey CryptoKey}.
1190
1224
  #
1191
1225
  # @overload import_crypto_key_version(request, options = nil)
1192
1226
  # Pass arguments to `import_crypto_key_version` via a request object, either of type
@@ -1198,14 +1232,32 @@ module Google
1198
1232
  # @param options [::Gapic::CallOptions, ::Hash]
1199
1233
  # Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
1200
1234
  #
1201
- # @overload import_crypto_key_version(parent: nil, algorithm: nil, import_job: nil, rsa_aes_wrapped_key: nil)
1235
+ # @overload import_crypto_key_version(parent: nil, crypto_key_version: nil, algorithm: nil, import_job: nil, rsa_aes_wrapped_key: nil)
1202
1236
  # Pass arguments to `import_crypto_key_version` via keyword arguments. Note that at
1203
1237
  # least one keyword argument is required. To specify no parameters, or to keep all
1204
1238
  # the default parameter values, pass an empty Hash as a request object (see above).
1205
1239
  #
1206
1240
  # @param parent [::String]
1207
- # Required. The {::Google::Cloud::Kms::V1::CryptoKey#name name} of the {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} to
1208
- # be imported into.
1241
+ # Required. The {::Google::Cloud::Kms::V1::CryptoKey#name name} of the {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} to be imported into.
1242
+ #
1243
+ # The create permission is only required on this key when creating a new
1244
+ # {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}.
1245
+ # @param crypto_key_version [::String]
1246
+ # Optional. The optional {::Google::Cloud::Kms::V1::CryptoKeyVersion#name name} of an existing
1247
+ # {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to target for an import operation.
1248
+ # If this field is not present, a new {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} containing the
1249
+ # supplied key material is created.
1250
+ #
1251
+ # If this field is present, the supplied key material is imported into
1252
+ # the existing {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}. To import into an existing
1253
+ # {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}, the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} must be a child of
1254
+ # {::Google::Cloud::Kms::V1::ImportCryptoKeyVersionRequest#parent ImportCryptoKeyVersionRequest.parent}, have been previously created via
1255
+ # [ImportCryptoKeyVersion][], and be in
1256
+ # {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DESTROYED DESTROYED} or
1257
+ # {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::IMPORT_FAILED IMPORT_FAILED}
1258
+ # state. The key material and algorithm must match the previous
1259
+ # {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} exactly if the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} has ever contained
1260
+ # key material.
1209
1261
  # @param algorithm [::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionAlgorithm]
1210
1262
  # Required. The {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionAlgorithm algorithm} of
1211
1263
  # the key being imported. This does not need to match the
@@ -1273,7 +1325,9 @@ module Google
1273
1325
  options.apply_defaults timeout: @config.rpcs.import_crypto_key_version.timeout,
1274
1326
  metadata: metadata,
1275
1327
  retry_policy: @config.rpcs.import_crypto_key_version.retry_policy
1276
- options.apply_defaults metadata: @config.metadata,
1328
+
1329
+ options.apply_defaults timeout: @config.timeout,
1330
+ metadata: @config.metadata,
1277
1331
  retry_policy: @config.retry_policy
1278
1332
 
1279
1333
  @key_management_service_stub.call_rpc :import_crypto_key_version, request, options: options do |response, operation|
@@ -1347,7 +1401,9 @@ module Google
1347
1401
  options.apply_defaults timeout: @config.rpcs.create_import_job.timeout,
1348
1402
  metadata: metadata,
1349
1403
  retry_policy: @config.rpcs.create_import_job.retry_policy
1350
- options.apply_defaults metadata: @config.metadata,
1404
+
1405
+ options.apply_defaults timeout: @config.timeout,
1406
+ metadata: @config.metadata,
1351
1407
  retry_policy: @config.retry_policy
1352
1408
 
1353
1409
  @key_management_service_stub.call_rpc :create_import_job, request, options: options do |response, operation|
@@ -1415,7 +1471,9 @@ module Google
1415
1471
  options.apply_defaults timeout: @config.rpcs.update_crypto_key.timeout,
1416
1472
  metadata: metadata,
1417
1473
  retry_policy: @config.rpcs.update_crypto_key.retry_policy
1418
- options.apply_defaults metadata: @config.metadata,
1474
+
1475
+ options.apply_defaults timeout: @config.timeout,
1476
+ metadata: @config.metadata,
1419
1477
  retry_policy: @config.retry_policy
1420
1478
 
1421
1479
  @key_management_service_stub.call_rpc :update_crypto_key, request, options: options do |response, operation|
@@ -1489,7 +1547,9 @@ module Google
1489
1547
  options.apply_defaults timeout: @config.rpcs.update_crypto_key_version.timeout,
1490
1548
  metadata: metadata,
1491
1549
  retry_policy: @config.rpcs.update_crypto_key_version.retry_policy
1492
- options.apply_defaults metadata: @config.metadata,
1550
+
1551
+ options.apply_defaults timeout: @config.timeout,
1552
+ metadata: @config.metadata,
1493
1553
  retry_policy: @config.retry_policy
1494
1554
 
1495
1555
  @key_management_service_stub.call_rpc :update_crypto_key_version, request, options: options do |response, operation|
@@ -1500,6 +1560,233 @@ module Google
1500
1560
  raise ::Google::Cloud::Error.from_error(e)
1501
1561
  end
1502
1562
 
1563
+ ##
1564
+ # Update the version of a {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} that will be used in {::Google::Cloud::Kms::V1::KeyManagementService::Client#encrypt Encrypt}.
1565
+ #
1566
+ # Returns an error if called on a key whose purpose is not
1567
+ # {::Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose::ENCRYPT_DECRYPT ENCRYPT_DECRYPT}.
1568
+ #
1569
+ # @overload update_crypto_key_primary_version(request, options = nil)
1570
+ # Pass arguments to `update_crypto_key_primary_version` via a request object, either of type
1571
+ # {::Google::Cloud::Kms::V1::UpdateCryptoKeyPrimaryVersionRequest} or an equivalent Hash.
1572
+ #
1573
+ # @param request [::Google::Cloud::Kms::V1::UpdateCryptoKeyPrimaryVersionRequest, ::Hash]
1574
+ # A request object representing the call parameters. Required. To specify no
1575
+ # parameters, or to keep all the default parameter values, pass an empty Hash.
1576
+ # @param options [::Gapic::CallOptions, ::Hash]
1577
+ # Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
1578
+ #
1579
+ # @overload update_crypto_key_primary_version(name: nil, crypto_key_version_id: nil)
1580
+ # Pass arguments to `update_crypto_key_primary_version` via keyword arguments. Note that at
1581
+ # least one keyword argument is required. To specify no parameters, or to keep all
1582
+ # the default parameter values, pass an empty Hash as a request object (see above).
1583
+ #
1584
+ # @param name [::String]
1585
+ # Required. The resource name of the {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} to update.
1586
+ # @param crypto_key_version_id [::String]
1587
+ # Required. The id of the child {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use as primary.
1588
+ #
1589
+ # @yield [response, operation] Access the result along with the RPC operation
1590
+ # @yieldparam response [::Google::Cloud::Kms::V1::CryptoKey]
1591
+ # @yieldparam operation [::GRPC::ActiveCall::Operation]
1592
+ #
1593
+ # @return [::Google::Cloud::Kms::V1::CryptoKey]
1594
+ #
1595
+ # @raise [::Google::Cloud::Error] if the RPC is aborted.
1596
+ #
1597
+ def update_crypto_key_primary_version request, options = nil
1598
+ raise ::ArgumentError, "request must be provided" if request.nil?
1599
+
1600
+ request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Kms::V1::UpdateCryptoKeyPrimaryVersionRequest
1601
+
1602
+ # Converts hash and nil to an options object
1603
+ options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
1604
+
1605
+ # Customize the options with defaults
1606
+ metadata = @config.rpcs.update_crypto_key_primary_version.metadata.to_h
1607
+
1608
+ # Set x-goog-api-client and x-goog-user-project headers
1609
+ metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
1610
+ lib_name: @config.lib_name, lib_version: @config.lib_version,
1611
+ gapic_version: ::Google::Cloud::Kms::V1::VERSION
1612
+ metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
1613
+
1614
+ header_params = {
1615
+ "name" => request.name
1616
+ }
1617
+ request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
1618
+ metadata[:"x-goog-request-params"] ||= request_params_header
1619
+
1620
+ options.apply_defaults timeout: @config.rpcs.update_crypto_key_primary_version.timeout,
1621
+ metadata: metadata,
1622
+ retry_policy: @config.rpcs.update_crypto_key_primary_version.retry_policy
1623
+
1624
+ options.apply_defaults timeout: @config.timeout,
1625
+ metadata: @config.metadata,
1626
+ retry_policy: @config.retry_policy
1627
+
1628
+ @key_management_service_stub.call_rpc :update_crypto_key_primary_version, request, options: options do |response, operation|
1629
+ yield response, operation if block_given?
1630
+ return response
1631
+ end
1632
+ rescue ::GRPC::BadStatus => e
1633
+ raise ::Google::Cloud::Error.from_error(e)
1634
+ end
1635
+
1636
+ ##
1637
+ # Schedule a {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} for destruction.
1638
+ #
1639
+ # Upon calling this method, {::Google::Cloud::Kms::V1::CryptoKeyVersion#state CryptoKeyVersion.state} will be set to
1640
+ # {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DESTROY_SCHEDULED DESTROY_SCHEDULED},
1641
+ # and {::Google::Cloud::Kms::V1::CryptoKeyVersion#destroy_time destroy_time} will be set to the time
1642
+ # {::Google::Cloud::Kms::V1::CryptoKey#destroy_scheduled_duration destroy_scheduled_duration} in the
1643
+ # future. At that time, the {::Google::Cloud::Kms::V1::CryptoKeyVersion#state state} will
1644
+ # automatically change to
1645
+ # {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DESTROYED DESTROYED}, and the key
1646
+ # material will be irrevocably destroyed.
1647
+ #
1648
+ # Before the {::Google::Cloud::Kms::V1::CryptoKeyVersion#destroy_time destroy_time} is reached,
1649
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client#restore_crypto_key_version RestoreCryptoKeyVersion} may be called to reverse the process.
1650
+ #
1651
+ # @overload destroy_crypto_key_version(request, options = nil)
1652
+ # Pass arguments to `destroy_crypto_key_version` via a request object, either of type
1653
+ # {::Google::Cloud::Kms::V1::DestroyCryptoKeyVersionRequest} or an equivalent Hash.
1654
+ #
1655
+ # @param request [::Google::Cloud::Kms::V1::DestroyCryptoKeyVersionRequest, ::Hash]
1656
+ # A request object representing the call parameters. Required. To specify no
1657
+ # parameters, or to keep all the default parameter values, pass an empty Hash.
1658
+ # @param options [::Gapic::CallOptions, ::Hash]
1659
+ # Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
1660
+ #
1661
+ # @overload destroy_crypto_key_version(name: nil)
1662
+ # Pass arguments to `destroy_crypto_key_version` via keyword arguments. Note that at
1663
+ # least one keyword argument is required. To specify no parameters, or to keep all
1664
+ # the default parameter values, pass an empty Hash as a request object (see above).
1665
+ #
1666
+ # @param name [::String]
1667
+ # Required. The resource name of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to destroy.
1668
+ #
1669
+ # @yield [response, operation] Access the result along with the RPC operation
1670
+ # @yieldparam response [::Google::Cloud::Kms::V1::CryptoKeyVersion]
1671
+ # @yieldparam operation [::GRPC::ActiveCall::Operation]
1672
+ #
1673
+ # @return [::Google::Cloud::Kms::V1::CryptoKeyVersion]
1674
+ #
1675
+ # @raise [::Google::Cloud::Error] if the RPC is aborted.
1676
+ #
1677
+ def destroy_crypto_key_version request, options = nil
1678
+ raise ::ArgumentError, "request must be provided" if request.nil?
1679
+
1680
+ request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Kms::V1::DestroyCryptoKeyVersionRequest
1681
+
1682
+ # Converts hash and nil to an options object
1683
+ options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
1684
+
1685
+ # Customize the options with defaults
1686
+ metadata = @config.rpcs.destroy_crypto_key_version.metadata.to_h
1687
+
1688
+ # Set x-goog-api-client and x-goog-user-project headers
1689
+ metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
1690
+ lib_name: @config.lib_name, lib_version: @config.lib_version,
1691
+ gapic_version: ::Google::Cloud::Kms::V1::VERSION
1692
+ metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
1693
+
1694
+ header_params = {
1695
+ "name" => request.name
1696
+ }
1697
+ request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
1698
+ metadata[:"x-goog-request-params"] ||= request_params_header
1699
+
1700
+ options.apply_defaults timeout: @config.rpcs.destroy_crypto_key_version.timeout,
1701
+ metadata: metadata,
1702
+ retry_policy: @config.rpcs.destroy_crypto_key_version.retry_policy
1703
+
1704
+ options.apply_defaults timeout: @config.timeout,
1705
+ metadata: @config.metadata,
1706
+ retry_policy: @config.retry_policy
1707
+
1708
+ @key_management_service_stub.call_rpc :destroy_crypto_key_version, request, options: options do |response, operation|
1709
+ yield response, operation if block_given?
1710
+ return response
1711
+ end
1712
+ rescue ::GRPC::BadStatus => e
1713
+ raise ::Google::Cloud::Error.from_error(e)
1714
+ end
1715
+
1716
+ ##
1717
+ # Restore a {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} in the
1718
+ # {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DESTROY_SCHEDULED DESTROY_SCHEDULED}
1719
+ # state.
1720
+ #
1721
+ # Upon restoration of the CryptoKeyVersion, {::Google::Cloud::Kms::V1::CryptoKeyVersion#state state}
1722
+ # will be set to {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DISABLED DISABLED},
1723
+ # and {::Google::Cloud::Kms::V1::CryptoKeyVersion#destroy_time destroy_time} will be cleared.
1724
+ #
1725
+ # @overload restore_crypto_key_version(request, options = nil)
1726
+ # Pass arguments to `restore_crypto_key_version` via a request object, either of type
1727
+ # {::Google::Cloud::Kms::V1::RestoreCryptoKeyVersionRequest} or an equivalent Hash.
1728
+ #
1729
+ # @param request [::Google::Cloud::Kms::V1::RestoreCryptoKeyVersionRequest, ::Hash]
1730
+ # A request object representing the call parameters. Required. To specify no
1731
+ # parameters, or to keep all the default parameter values, pass an empty Hash.
1732
+ # @param options [::Gapic::CallOptions, ::Hash]
1733
+ # Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
1734
+ #
1735
+ # @overload restore_crypto_key_version(name: nil)
1736
+ # Pass arguments to `restore_crypto_key_version` via keyword arguments. Note that at
1737
+ # least one keyword argument is required. To specify no parameters, or to keep all
1738
+ # the default parameter values, pass an empty Hash as a request object (see above).
1739
+ #
1740
+ # @param name [::String]
1741
+ # Required. The resource name of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to restore.
1742
+ #
1743
+ # @yield [response, operation] Access the result along with the RPC operation
1744
+ # @yieldparam response [::Google::Cloud::Kms::V1::CryptoKeyVersion]
1745
+ # @yieldparam operation [::GRPC::ActiveCall::Operation]
1746
+ #
1747
+ # @return [::Google::Cloud::Kms::V1::CryptoKeyVersion]
1748
+ #
1749
+ # @raise [::Google::Cloud::Error] if the RPC is aborted.
1750
+ #
1751
+ def restore_crypto_key_version request, options = nil
1752
+ raise ::ArgumentError, "request must be provided" if request.nil?
1753
+
1754
+ request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Kms::V1::RestoreCryptoKeyVersionRequest
1755
+
1756
+ # Converts hash and nil to an options object
1757
+ options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
1758
+
1759
+ # Customize the options with defaults
1760
+ metadata = @config.rpcs.restore_crypto_key_version.metadata.to_h
1761
+
1762
+ # Set x-goog-api-client and x-goog-user-project headers
1763
+ metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
1764
+ lib_name: @config.lib_name, lib_version: @config.lib_version,
1765
+ gapic_version: ::Google::Cloud::Kms::V1::VERSION
1766
+ metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
1767
+
1768
+ header_params = {
1769
+ "name" => request.name
1770
+ }
1771
+ request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
1772
+ metadata[:"x-goog-request-params"] ||= request_params_header
1773
+
1774
+ options.apply_defaults timeout: @config.rpcs.restore_crypto_key_version.timeout,
1775
+ metadata: metadata,
1776
+ retry_policy: @config.rpcs.restore_crypto_key_version.retry_policy
1777
+
1778
+ options.apply_defaults timeout: @config.timeout,
1779
+ metadata: @config.metadata,
1780
+ retry_policy: @config.retry_policy
1781
+
1782
+ @key_management_service_stub.call_rpc :restore_crypto_key_version, request, options: options do |response, operation|
1783
+ yield response, operation if block_given?
1784
+ return response
1785
+ end
1786
+ rescue ::GRPC::BadStatus => e
1787
+ raise ::Google::Cloud::Error.from_error(e)
1788
+ end
1789
+
1503
1790
  ##
1504
1791
  # Encrypts data, so that it can only be recovered by a call to {::Google::Cloud::Kms::V1::KeyManagementService::Client#decrypt Decrypt}.
1505
1792
  # The {::Google::Cloud::Kms::V1::CryptoKey#purpose CryptoKey.purpose} must be
@@ -1559,8 +1846,6 @@ module Google
1559
1846
  # different languages. However, it is a non-negative integer, which will
1560
1847
  # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
1561
1848
  # that support this type.
1562
- #
1563
- # NOTE: This field is in Beta.
1564
1849
  # @param additional_authenticated_data_crc32c [::Google::Protobuf::Int64Value, ::Hash]
1565
1850
  # Optional. An optional CRC32C checksum of the
1566
1851
  # {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data EncryptRequest.additional_authenticated_data}. If specified,
@@ -1577,8 +1862,6 @@ module Google
1577
1862
  # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
1578
1863
  # that support this type.
1579
1864
  #
1580
- # NOTE: This field is in Beta.
1581
- #
1582
1865
  # @yield [response, operation] Access the result along with the RPC operation
1583
1866
  # @yieldparam response [::Google::Cloud::Kms::V1::EncryptResponse]
1584
1867
  # @yieldparam operation [::GRPC::ActiveCall::Operation]
@@ -1613,7 +1896,9 @@ module Google
1613
1896
  options.apply_defaults timeout: @config.rpcs.encrypt.timeout,
1614
1897
  metadata: metadata,
1615
1898
  retry_policy: @config.rpcs.encrypt.retry_policy
1616
- options.apply_defaults metadata: @config.metadata,
1899
+
1900
+ options.apply_defaults timeout: @config.timeout,
1901
+ metadata: @config.metadata,
1617
1902
  retry_policy: @config.retry_policy
1618
1903
 
1619
1904
  @key_management_service_stub.call_rpc :encrypt, request, options: options do |response, operation|
@@ -1666,8 +1951,6 @@ module Google
1666
1951
  # different languages. However, it is a non-negative integer, which will
1667
1952
  # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
1668
1953
  # that support this type.
1669
- #
1670
- # NOTE: This field is in Beta.
1671
1954
  # @param additional_authenticated_data_crc32c [::Google::Protobuf::Int64Value, ::Hash]
1672
1955
  # Optional. An optional CRC32C checksum of the
1673
1956
  # {::Google::Cloud::Kms::V1::DecryptRequest#additional_authenticated_data DecryptRequest.additional_authenticated_data}. If specified,
@@ -1684,8 +1967,6 @@ module Google
1684
1967
  # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
1685
1968
  # that support this type.
1686
1969
  #
1687
- # NOTE: This field is in Beta.
1688
- #
1689
1970
  # @yield [response, operation] Access the result along with the RPC operation
1690
1971
  # @yieldparam response [::Google::Cloud::Kms::V1::DecryptResponse]
1691
1972
  # @yieldparam operation [::GRPC::ActiveCall::Operation]
@@ -1720,7 +2001,9 @@ module Google
1720
2001
  options.apply_defaults timeout: @config.rpcs.decrypt.timeout,
1721
2002
  metadata: metadata,
1722
2003
  retry_policy: @config.rpcs.decrypt.retry_policy
1723
- options.apply_defaults metadata: @config.metadata,
2004
+
2005
+ options.apply_defaults timeout: @config.timeout,
2006
+ metadata: @config.metadata,
1724
2007
  retry_policy: @config.retry_policy
1725
2008
 
1726
2009
  @key_management_service_stub.call_rpc :decrypt, request, options: options do |response, operation|
@@ -1772,8 +2055,6 @@ module Google
1772
2055
  # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
1773
2056
  # that support this type.
1774
2057
  #
1775
- # NOTE: This field is in Beta.
1776
- #
1777
2058
  # @yield [response, operation] Access the result along with the RPC operation
1778
2059
  # @yieldparam response [::Google::Cloud::Kms::V1::AsymmetricSignResponse]
1779
2060
  # @yieldparam operation [::GRPC::ActiveCall::Operation]
@@ -1808,7 +2089,9 @@ module Google
1808
2089
  options.apply_defaults timeout: @config.rpcs.asymmetric_sign.timeout,
1809
2090
  metadata: metadata,
1810
2091
  retry_policy: @config.rpcs.asymmetric_sign.retry_policy
1811
- options.apply_defaults metadata: @config.metadata,
2092
+
2093
+ options.apply_defaults timeout: @config.timeout,
2094
+ metadata: @config.metadata,
1812
2095
  retry_policy: @config.retry_policy
1813
2096
 
1814
2097
  @key_management_service_stub.call_rpc :asymmetric_sign, request, options: options do |response, operation|
@@ -1860,8 +2143,6 @@ module Google
1860
2143
  # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
1861
2144
  # that support this type.
1862
2145
  #
1863
- # NOTE: This field is in Beta.
1864
- #
1865
2146
  # @yield [response, operation] Access the result along with the RPC operation
1866
2147
  # @yieldparam response [::Google::Cloud::Kms::V1::AsymmetricDecryptResponse]
1867
2148
  # @yieldparam operation [::GRPC::ActiveCall::Operation]
@@ -1896,7 +2177,9 @@ module Google
1896
2177
  options.apply_defaults timeout: @config.rpcs.asymmetric_decrypt.timeout,
1897
2178
  metadata: metadata,
1898
2179
  retry_policy: @config.rpcs.asymmetric_decrypt.retry_policy
1899
- options.apply_defaults metadata: @config.metadata,
2180
+
2181
+ options.apply_defaults timeout: @config.timeout,
2182
+ metadata: @config.metadata,
1900
2183
  retry_policy: @config.retry_policy
1901
2184
 
1902
2185
  @key_management_service_stub.call_rpc :asymmetric_decrypt, request, options: options do |response, operation|
@@ -1908,49 +2191,63 @@ module Google
1908
2191
  end
1909
2192
 
1910
2193
  ##
1911
- # Update the version of a {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} that will be used in {::Google::Cloud::Kms::V1::KeyManagementService::Client#encrypt Encrypt}.
1912
- #
1913
- # Returns an error if called on a key whose purpose is not
1914
- # {::Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose::ENCRYPT_DECRYPT ENCRYPT_DECRYPT}.
2194
+ # Signs data using a {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} with {::Google::Cloud::Kms::V1::CryptoKey#purpose CryptoKey.purpose}
2195
+ # MAC, producing a tag that can be verified by another source with the
2196
+ # same key.
1915
2197
  #
1916
- # @overload update_crypto_key_primary_version(request, options = nil)
1917
- # Pass arguments to `update_crypto_key_primary_version` via a request object, either of type
1918
- # {::Google::Cloud::Kms::V1::UpdateCryptoKeyPrimaryVersionRequest} or an equivalent Hash.
2198
+ # @overload mac_sign(request, options = nil)
2199
+ # Pass arguments to `mac_sign` via a request object, either of type
2200
+ # {::Google::Cloud::Kms::V1::MacSignRequest} or an equivalent Hash.
1919
2201
  #
1920
- # @param request [::Google::Cloud::Kms::V1::UpdateCryptoKeyPrimaryVersionRequest, ::Hash]
2202
+ # @param request [::Google::Cloud::Kms::V1::MacSignRequest, ::Hash]
1921
2203
  # A request object representing the call parameters. Required. To specify no
1922
2204
  # parameters, or to keep all the default parameter values, pass an empty Hash.
1923
2205
  # @param options [::Gapic::CallOptions, ::Hash]
1924
2206
  # Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
1925
2207
  #
1926
- # @overload update_crypto_key_primary_version(name: nil, crypto_key_version_id: nil)
1927
- # Pass arguments to `update_crypto_key_primary_version` via keyword arguments. Note that at
2208
+ # @overload mac_sign(name: nil, data: nil, data_crc32c: nil)
2209
+ # Pass arguments to `mac_sign` via keyword arguments. Note that at
1928
2210
  # least one keyword argument is required. To specify no parameters, or to keep all
1929
2211
  # the default parameter values, pass an empty Hash as a request object (see above).
1930
2212
  #
1931
2213
  # @param name [::String]
1932
- # Required. The resource name of the {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} to update.
1933
- # @param crypto_key_version_id [::String]
1934
- # Required. The id of the child {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use as primary.
2214
+ # Required. The resource name of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use for signing.
2215
+ # @param data [::String]
2216
+ # Required. The data to sign. The MAC tag is computed over this data field based on
2217
+ # the specific algorithm.
2218
+ # @param data_crc32c [::Google::Protobuf::Int64Value, ::Hash]
2219
+ # Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::MacSignRequest#data MacSignRequest.data}. If
2220
+ # specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the
2221
+ # received {::Google::Cloud::Kms::V1::MacSignRequest#data MacSignRequest.data} using this checksum.
2222
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
2223
+ # fails. If you receive a checksum error, your client should verify that
2224
+ # CRC32C({::Google::Cloud::Kms::V1::MacSignRequest#data MacSignRequest.data}) is equal to
2225
+ # {::Google::Cloud::Kms::V1::MacSignRequest#data_crc32c MacSignRequest.data_crc32c}, and if so, perform a limited
2226
+ # number of retries. A persistent mismatch may indicate an issue in your
2227
+ # computation of the CRC32C checksum.
2228
+ # Note: This field is defined as int64 for reasons of compatibility across
2229
+ # different languages. However, it is a non-negative integer, which will
2230
+ # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
2231
+ # that support this type.
1935
2232
  #
1936
2233
  # @yield [response, operation] Access the result along with the RPC operation
1937
- # @yieldparam response [::Google::Cloud::Kms::V1::CryptoKey]
2234
+ # @yieldparam response [::Google::Cloud::Kms::V1::MacSignResponse]
1938
2235
  # @yieldparam operation [::GRPC::ActiveCall::Operation]
1939
2236
  #
1940
- # @return [::Google::Cloud::Kms::V1::CryptoKey]
2237
+ # @return [::Google::Cloud::Kms::V1::MacSignResponse]
1941
2238
  #
1942
2239
  # @raise [::Google::Cloud::Error] if the RPC is aborted.
1943
2240
  #
1944
- def update_crypto_key_primary_version request, options = nil
2241
+ def mac_sign request, options = nil
1945
2242
  raise ::ArgumentError, "request must be provided" if request.nil?
1946
2243
 
1947
- request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Kms::V1::UpdateCryptoKeyPrimaryVersionRequest
2244
+ request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Kms::V1::MacSignRequest
1948
2245
 
1949
2246
  # Converts hash and nil to an options object
1950
2247
  options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
1951
2248
 
1952
2249
  # Customize the options with defaults
1953
- metadata = @config.rpcs.update_crypto_key_primary_version.metadata.to_h
2250
+ metadata = @config.rpcs.mac_sign.metadata.to_h
1954
2251
 
1955
2252
  # Set x-goog-api-client and x-goog-user-project headers
1956
2253
  metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
@@ -1964,13 +2261,15 @@ module Google
1964
2261
  request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
1965
2262
  metadata[:"x-goog-request-params"] ||= request_params_header
1966
2263
 
1967
- options.apply_defaults timeout: @config.rpcs.update_crypto_key_primary_version.timeout,
2264
+ options.apply_defaults timeout: @config.rpcs.mac_sign.timeout,
1968
2265
  metadata: metadata,
1969
- retry_policy: @config.rpcs.update_crypto_key_primary_version.retry_policy
1970
- options.apply_defaults metadata: @config.metadata,
2266
+ retry_policy: @config.rpcs.mac_sign.retry_policy
2267
+
2268
+ options.apply_defaults timeout: @config.timeout,
2269
+ metadata: @config.metadata,
1971
2270
  retry_policy: @config.retry_policy
1972
2271
 
1973
- @key_management_service_stub.call_rpc :update_crypto_key_primary_version, request, options: options do |response, operation|
2272
+ @key_management_service_stub.call_rpc :mac_sign, request, options: options do |response, operation|
1974
2273
  yield response, operation if block_given?
1975
2274
  return response
1976
2275
  end
@@ -1979,55 +2278,79 @@ module Google
1979
2278
  end
1980
2279
 
1981
2280
  ##
1982
- # Schedule a {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} for destruction.
2281
+ # Verifies MAC tag using a {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} with {::Google::Cloud::Kms::V1::CryptoKey#purpose CryptoKey.purpose}
2282
+ # MAC, and returns a response that indicates whether or not the verification
2283
+ # was successful.
1983
2284
  #
1984
- # Upon calling this method, {::Google::Cloud::Kms::V1::CryptoKeyVersion#state CryptoKeyVersion.state} will be set to
1985
- # {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DESTROY_SCHEDULED DESTROY_SCHEDULED}
1986
- # and {::Google::Cloud::Kms::V1::CryptoKeyVersion#destroy_time destroy_time} will be set to a time 24
1987
- # hours in the future, at which point the {::Google::Cloud::Kms::V1::CryptoKeyVersion#state state}
1988
- # will be changed to
1989
- # {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DESTROYED DESTROYED}, and the key
1990
- # material will be irrevocably destroyed.
2285
+ # @overload mac_verify(request, options = nil)
2286
+ # Pass arguments to `mac_verify` via a request object, either of type
2287
+ # {::Google::Cloud::Kms::V1::MacVerifyRequest} or an equivalent Hash.
1991
2288
  #
1992
- # Before the {::Google::Cloud::Kms::V1::CryptoKeyVersion#destroy_time destroy_time} is reached,
1993
- # {::Google::Cloud::Kms::V1::KeyManagementService::Client#restore_crypto_key_version RestoreCryptoKeyVersion} may be called to reverse the process.
1994
- #
1995
- # @overload destroy_crypto_key_version(request, options = nil)
1996
- # Pass arguments to `destroy_crypto_key_version` via a request object, either of type
1997
- # {::Google::Cloud::Kms::V1::DestroyCryptoKeyVersionRequest} or an equivalent Hash.
1998
- #
1999
- # @param request [::Google::Cloud::Kms::V1::DestroyCryptoKeyVersionRequest, ::Hash]
2289
+ # @param request [::Google::Cloud::Kms::V1::MacVerifyRequest, ::Hash]
2000
2290
  # A request object representing the call parameters. Required. To specify no
2001
2291
  # parameters, or to keep all the default parameter values, pass an empty Hash.
2002
2292
  # @param options [::Gapic::CallOptions, ::Hash]
2003
2293
  # Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
2004
2294
  #
2005
- # @overload destroy_crypto_key_version(name: nil)
2006
- # Pass arguments to `destroy_crypto_key_version` via keyword arguments. Note that at
2295
+ # @overload mac_verify(name: nil, data: nil, data_crc32c: nil, mac: nil, mac_crc32c: nil)
2296
+ # Pass arguments to `mac_verify` via keyword arguments. Note that at
2007
2297
  # least one keyword argument is required. To specify no parameters, or to keep all
2008
2298
  # the default parameter values, pass an empty Hash as a request object (see above).
2009
2299
  #
2010
2300
  # @param name [::String]
2011
- # Required. The resource name of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to destroy.
2301
+ # Required. The resource name of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use for verification.
2302
+ # @param data [::String]
2303
+ # Required. The data used previously as a {::Google::Cloud::Kms::V1::MacSignRequest#data MacSignRequest.data} to generate the MAC
2304
+ # tag.
2305
+ # @param data_crc32c [::Google::Protobuf::Int64Value, ::Hash]
2306
+ # Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::MacVerifyRequest#data MacVerifyRequest.data}. If
2307
+ # specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the
2308
+ # received {::Google::Cloud::Kms::V1::MacVerifyRequest#data MacVerifyRequest.data} using this checksum.
2309
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
2310
+ # fails. If you receive a checksum error, your client should verify that
2311
+ # CRC32C({::Google::Cloud::Kms::V1::MacVerifyRequest#data MacVerifyRequest.data}) is equal to
2312
+ # {::Google::Cloud::Kms::V1::MacVerifyRequest#data_crc32c MacVerifyRequest.data_crc32c}, and if so, perform a limited
2313
+ # number of retries. A persistent mismatch may indicate an issue in your
2314
+ # computation of the CRC32C checksum.
2315
+ # Note: This field is defined as int64 for reasons of compatibility across
2316
+ # different languages. However, it is a non-negative integer, which will
2317
+ # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
2318
+ # that support this type.
2319
+ # @param mac [::String]
2320
+ # Required. The signature to verify.
2321
+ # @param mac_crc32c [::Google::Protobuf::Int64Value, ::Hash]
2322
+ # Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::MacVerifyRequest#mac MacVerifyRequest.mac}. If
2323
+ # specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the
2324
+ # received {::Google::Cloud::Kms::V1::MacVerifyRequest#mac MacVerifyRequest.mac} using this checksum.
2325
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
2326
+ # fails. If you receive a checksum error, your client should verify that
2327
+ # CRC32C([MacVerifyRequest.tag][]) is equal to
2328
+ # {::Google::Cloud::Kms::V1::MacVerifyRequest#mac_crc32c MacVerifyRequest.mac_crc32c}, and if so, perform a limited
2329
+ # number of retries. A persistent mismatch may indicate an issue in your
2330
+ # computation of the CRC32C checksum.
2331
+ # Note: This field is defined as int64 for reasons of compatibility across
2332
+ # different languages. However, it is a non-negative integer, which will
2333
+ # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
2334
+ # that support this type.
2012
2335
  #
2013
2336
  # @yield [response, operation] Access the result along with the RPC operation
2014
- # @yieldparam response [::Google::Cloud::Kms::V1::CryptoKeyVersion]
2337
+ # @yieldparam response [::Google::Cloud::Kms::V1::MacVerifyResponse]
2015
2338
  # @yieldparam operation [::GRPC::ActiveCall::Operation]
2016
2339
  #
2017
- # @return [::Google::Cloud::Kms::V1::CryptoKeyVersion]
2340
+ # @return [::Google::Cloud::Kms::V1::MacVerifyResponse]
2018
2341
  #
2019
2342
  # @raise [::Google::Cloud::Error] if the RPC is aborted.
2020
2343
  #
2021
- def destroy_crypto_key_version request, options = nil
2344
+ def mac_verify request, options = nil
2022
2345
  raise ::ArgumentError, "request must be provided" if request.nil?
2023
2346
 
2024
- request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Kms::V1::DestroyCryptoKeyVersionRequest
2347
+ request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Kms::V1::MacVerifyRequest
2025
2348
 
2026
2349
  # Converts hash and nil to an options object
2027
2350
  options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
2028
2351
 
2029
2352
  # Customize the options with defaults
2030
- metadata = @config.rpcs.destroy_crypto_key_version.metadata.to_h
2353
+ metadata = @config.rpcs.mac_verify.metadata.to_h
2031
2354
 
2032
2355
  # Set x-goog-api-client and x-goog-user-project headers
2033
2356
  metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
@@ -2041,13 +2364,15 @@ module Google
2041
2364
  request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
2042
2365
  metadata[:"x-goog-request-params"] ||= request_params_header
2043
2366
 
2044
- options.apply_defaults timeout: @config.rpcs.destroy_crypto_key_version.timeout,
2367
+ options.apply_defaults timeout: @config.rpcs.mac_verify.timeout,
2045
2368
  metadata: metadata,
2046
- retry_policy: @config.rpcs.destroy_crypto_key_version.retry_policy
2047
- options.apply_defaults metadata: @config.metadata,
2369
+ retry_policy: @config.rpcs.mac_verify.retry_policy
2370
+
2371
+ options.apply_defaults timeout: @config.timeout,
2372
+ metadata: @config.metadata,
2048
2373
  retry_policy: @config.retry_policy
2049
2374
 
2050
- @key_management_service_stub.call_rpc :destroy_crypto_key_version, request, options: options do |response, operation|
2375
+ @key_management_service_stub.call_rpc :mac_verify, request, options: options do |response, operation|
2051
2376
  yield response, operation if block_given?
2052
2377
  return response
2053
2378
  end
@@ -2056,50 +2381,52 @@ module Google
2056
2381
  end
2057
2382
 
2058
2383
  ##
2059
- # Restore a {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} in the
2060
- # {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DESTROY_SCHEDULED DESTROY_SCHEDULED}
2061
- # state.
2062
- #
2063
- # Upon restoration of the CryptoKeyVersion, {::Google::Cloud::Kms::V1::CryptoKeyVersion#state state}
2064
- # will be set to {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DISABLED DISABLED},
2065
- # and {::Google::Cloud::Kms::V1::CryptoKeyVersion#destroy_time destroy_time} will be cleared.
2384
+ # Generate random bytes using the Cloud KMS randomness source in the provided
2385
+ # location.
2066
2386
  #
2067
- # @overload restore_crypto_key_version(request, options = nil)
2068
- # Pass arguments to `restore_crypto_key_version` via a request object, either of type
2069
- # {::Google::Cloud::Kms::V1::RestoreCryptoKeyVersionRequest} or an equivalent Hash.
2387
+ # @overload generate_random_bytes(request, options = nil)
2388
+ # Pass arguments to `generate_random_bytes` via a request object, either of type
2389
+ # {::Google::Cloud::Kms::V1::GenerateRandomBytesRequest} or an equivalent Hash.
2070
2390
  #
2071
- # @param request [::Google::Cloud::Kms::V1::RestoreCryptoKeyVersionRequest, ::Hash]
2391
+ # @param request [::Google::Cloud::Kms::V1::GenerateRandomBytesRequest, ::Hash]
2072
2392
  # A request object representing the call parameters. Required. To specify no
2073
2393
  # parameters, or to keep all the default parameter values, pass an empty Hash.
2074
2394
  # @param options [::Gapic::CallOptions, ::Hash]
2075
2395
  # Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
2076
2396
  #
2077
- # @overload restore_crypto_key_version(name: nil)
2078
- # Pass arguments to `restore_crypto_key_version` via keyword arguments. Note that at
2397
+ # @overload generate_random_bytes(location: nil, length_bytes: nil, protection_level: nil)
2398
+ # Pass arguments to `generate_random_bytes` via keyword arguments. Note that at
2079
2399
  # least one keyword argument is required. To specify no parameters, or to keep all
2080
2400
  # the default parameter values, pass an empty Hash as a request object (see above).
2081
2401
  #
2082
- # @param name [::String]
2083
- # Required. The resource name of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to restore.
2402
+ # @param location [::String]
2403
+ # The project-specific location in which to generate random bytes.
2404
+ # For example, "projects/my-project/locations/us-central1".
2405
+ # @param length_bytes [::Integer]
2406
+ # The length in bytes of the amount of randomness to retrieve. Minimum 8
2407
+ # bytes, maximum 1024 bytes.
2408
+ # @param protection_level [::Google::Cloud::Kms::V1::ProtectionLevel]
2409
+ # The {::Google::Cloud::Kms::V1::ProtectionLevel ProtectionLevel} to use when generating the random data. Defaults to
2410
+ # {::Google::Cloud::Kms::V1::ProtectionLevel::SOFTWARE SOFTWARE}.
2084
2411
  #
2085
2412
  # @yield [response, operation] Access the result along with the RPC operation
2086
- # @yieldparam response [::Google::Cloud::Kms::V1::CryptoKeyVersion]
2413
+ # @yieldparam response [::Google::Cloud::Kms::V1::GenerateRandomBytesResponse]
2087
2414
  # @yieldparam operation [::GRPC::ActiveCall::Operation]
2088
2415
  #
2089
- # @return [::Google::Cloud::Kms::V1::CryptoKeyVersion]
2416
+ # @return [::Google::Cloud::Kms::V1::GenerateRandomBytesResponse]
2090
2417
  #
2091
2418
  # @raise [::Google::Cloud::Error] if the RPC is aborted.
2092
2419
  #
2093
- def restore_crypto_key_version request, options = nil
2420
+ def generate_random_bytes request, options = nil
2094
2421
  raise ::ArgumentError, "request must be provided" if request.nil?
2095
2422
 
2096
- request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Kms::V1::RestoreCryptoKeyVersionRequest
2423
+ request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Kms::V1::GenerateRandomBytesRequest
2097
2424
 
2098
2425
  # Converts hash and nil to an options object
2099
2426
  options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
2100
2427
 
2101
2428
  # Customize the options with defaults
2102
- metadata = @config.rpcs.restore_crypto_key_version.metadata.to_h
2429
+ metadata = @config.rpcs.generate_random_bytes.metadata.to_h
2103
2430
 
2104
2431
  # Set x-goog-api-client and x-goog-user-project headers
2105
2432
  metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
@@ -2108,18 +2435,20 @@ module Google
2108
2435
  metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
2109
2436
 
2110
2437
  header_params = {
2111
- "name" => request.name
2438
+ "location" => request.location
2112
2439
  }
2113
2440
  request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
2114
2441
  metadata[:"x-goog-request-params"] ||= request_params_header
2115
2442
 
2116
- options.apply_defaults timeout: @config.rpcs.restore_crypto_key_version.timeout,
2443
+ options.apply_defaults timeout: @config.rpcs.generate_random_bytes.timeout,
2117
2444
  metadata: metadata,
2118
- retry_policy: @config.rpcs.restore_crypto_key_version.retry_policy
2119
- options.apply_defaults metadata: @config.metadata,
2445
+ retry_policy: @config.rpcs.generate_random_bytes.retry_policy
2446
+
2447
+ options.apply_defaults timeout: @config.timeout,
2448
+ metadata: @config.metadata,
2120
2449
  retry_policy: @config.retry_policy
2121
2450
 
2122
- @key_management_service_stub.call_rpc :restore_crypto_key_version, request, options: options do |response, operation|
2451
+ @key_management_service_stub.call_rpc :generate_random_bytes, request, options: options do |response, operation|
2123
2452
  yield response, operation if block_given?
2124
2453
  return response
2125
2454
  end
@@ -2140,22 +2469,21 @@ module Google
2140
2469
  # Configuration can be applied globally to all clients, or to a single client
2141
2470
  # on construction.
2142
2471
  #
2143
- # # Examples
2144
- #
2145
- # To modify the global config, setting the timeout for list_key_rings
2146
- # to 20 seconds, and all remaining timeouts to 10 seconds:
2472
+ # @example
2147
2473
  #
2148
- # ::Google::Cloud::Kms::V1::KeyManagementService::Client.configure do |config|
2149
- # config.timeout = 10.0
2150
- # config.rpcs.list_key_rings.timeout = 20.0
2151
- # end
2474
+ # # Modify the global config, setting the timeout for
2475
+ # # list_key_rings to 20 seconds,
2476
+ # # and all remaining timeouts to 10 seconds.
2477
+ # ::Google::Cloud::Kms::V1::KeyManagementService::Client.configure do |config|
2478
+ # config.timeout = 10.0
2479
+ # config.rpcs.list_key_rings.timeout = 20.0
2480
+ # end
2152
2481
  #
2153
- # To apply the above configuration only to a new client:
2154
- #
2155
- # client = ::Google::Cloud::Kms::V1::KeyManagementService::Client.new do |config|
2156
- # config.timeout = 10.0
2157
- # config.rpcs.list_key_rings.timeout = 20.0
2158
- # end
2482
+ # # Apply the above configuration only to a new client.
2483
+ # client = ::Google::Cloud::Kms::V1::KeyManagementService::Client.new do |config|
2484
+ # config.timeout = 10.0
2485
+ # config.rpcs.list_key_rings.timeout = 20.0
2486
+ # end
2159
2487
  #
2160
2488
  # @!attribute [rw] endpoint
2161
2489
  # The hostname or hostname:port of the service endpoint.
@@ -2344,6 +2672,21 @@ module Google
2344
2672
  #
2345
2673
  attr_reader :update_crypto_key_version
2346
2674
  ##
2675
+ # RPC-specific configuration for `update_crypto_key_primary_version`
2676
+ # @return [::Gapic::Config::Method]
2677
+ #
2678
+ attr_reader :update_crypto_key_primary_version
2679
+ ##
2680
+ # RPC-specific configuration for `destroy_crypto_key_version`
2681
+ # @return [::Gapic::Config::Method]
2682
+ #
2683
+ attr_reader :destroy_crypto_key_version
2684
+ ##
2685
+ # RPC-specific configuration for `restore_crypto_key_version`
2686
+ # @return [::Gapic::Config::Method]
2687
+ #
2688
+ attr_reader :restore_crypto_key_version
2689
+ ##
2347
2690
  # RPC-specific configuration for `encrypt`
2348
2691
  # @return [::Gapic::Config::Method]
2349
2692
  #
@@ -2364,20 +2707,20 @@ module Google
2364
2707
  #
2365
2708
  attr_reader :asymmetric_decrypt
2366
2709
  ##
2367
- # RPC-specific configuration for `update_crypto_key_primary_version`
2710
+ # RPC-specific configuration for `mac_sign`
2368
2711
  # @return [::Gapic::Config::Method]
2369
2712
  #
2370
- attr_reader :update_crypto_key_primary_version
2713
+ attr_reader :mac_sign
2371
2714
  ##
2372
- # RPC-specific configuration for `destroy_crypto_key_version`
2715
+ # RPC-specific configuration for `mac_verify`
2373
2716
  # @return [::Gapic::Config::Method]
2374
2717
  #
2375
- attr_reader :destroy_crypto_key_version
2718
+ attr_reader :mac_verify
2376
2719
  ##
2377
- # RPC-specific configuration for `restore_crypto_key_version`
2720
+ # RPC-specific configuration for `generate_random_bytes`
2378
2721
  # @return [::Gapic::Config::Method]
2379
2722
  #
2380
- attr_reader :restore_crypto_key_version
2723
+ attr_reader :generate_random_bytes
2381
2724
 
2382
2725
  # @private
2383
2726
  def initialize parent_rpcs = nil
@@ -2413,6 +2756,12 @@ module Google
2413
2756
  @update_crypto_key = ::Gapic::Config::Method.new update_crypto_key_config
2414
2757
  update_crypto_key_version_config = parent_rpcs.update_crypto_key_version if parent_rpcs.respond_to? :update_crypto_key_version
2415
2758
  @update_crypto_key_version = ::Gapic::Config::Method.new update_crypto_key_version_config
2759
+ update_crypto_key_primary_version_config = parent_rpcs.update_crypto_key_primary_version if parent_rpcs.respond_to? :update_crypto_key_primary_version
2760
+ @update_crypto_key_primary_version = ::Gapic::Config::Method.new update_crypto_key_primary_version_config
2761
+ destroy_crypto_key_version_config = parent_rpcs.destroy_crypto_key_version if parent_rpcs.respond_to? :destroy_crypto_key_version
2762
+ @destroy_crypto_key_version = ::Gapic::Config::Method.new destroy_crypto_key_version_config
2763
+ restore_crypto_key_version_config = parent_rpcs.restore_crypto_key_version if parent_rpcs.respond_to? :restore_crypto_key_version
2764
+ @restore_crypto_key_version = ::Gapic::Config::Method.new restore_crypto_key_version_config
2416
2765
  encrypt_config = parent_rpcs.encrypt if parent_rpcs.respond_to? :encrypt
2417
2766
  @encrypt = ::Gapic::Config::Method.new encrypt_config
2418
2767
  decrypt_config = parent_rpcs.decrypt if parent_rpcs.respond_to? :decrypt
@@ -2421,12 +2770,12 @@ module Google
2421
2770
  @asymmetric_sign = ::Gapic::Config::Method.new asymmetric_sign_config
2422
2771
  asymmetric_decrypt_config = parent_rpcs.asymmetric_decrypt if parent_rpcs.respond_to? :asymmetric_decrypt
2423
2772
  @asymmetric_decrypt = ::Gapic::Config::Method.new asymmetric_decrypt_config
2424
- update_crypto_key_primary_version_config = parent_rpcs.update_crypto_key_primary_version if parent_rpcs.respond_to? :update_crypto_key_primary_version
2425
- @update_crypto_key_primary_version = ::Gapic::Config::Method.new update_crypto_key_primary_version_config
2426
- destroy_crypto_key_version_config = parent_rpcs.destroy_crypto_key_version if parent_rpcs.respond_to? :destroy_crypto_key_version
2427
- @destroy_crypto_key_version = ::Gapic::Config::Method.new destroy_crypto_key_version_config
2428
- restore_crypto_key_version_config = parent_rpcs.restore_crypto_key_version if parent_rpcs.respond_to? :restore_crypto_key_version
2429
- @restore_crypto_key_version = ::Gapic::Config::Method.new restore_crypto_key_version_config
2773
+ mac_sign_config = parent_rpcs.mac_sign if parent_rpcs.respond_to? :mac_sign
2774
+ @mac_sign = ::Gapic::Config::Method.new mac_sign_config
2775
+ mac_verify_config = parent_rpcs.mac_verify if parent_rpcs.respond_to? :mac_verify
2776
+ @mac_verify = ::Gapic::Config::Method.new mac_verify_config
2777
+ generate_random_bytes_config = parent_rpcs.generate_random_bytes if parent_rpcs.respond_to? :generate_random_bytes
2778
+ @generate_random_bytes = ::Gapic::Config::Method.new generate_random_bytes_config
2430
2779
 
2431
2780
  yield self if block_given?
2432
2781
  end