google-cloud-kms-v1 0.6.1 → 0.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -52,13 +52,12 @@ module Google
52
52
  # See {::Google::Cloud::Kms::V1::KeyManagementService::Client::Configuration}
53
53
  # for a description of the configuration fields.
54
54
  #
55
- # ## Example
55
+ # @example
56
56
  #
57
- # To modify the configuration for all KeyManagementService clients:
58
- #
59
- # ::Google::Cloud::Kms::V1::KeyManagementService::Client.configure do |config|
60
- # config.timeout = 10.0
61
- # end
57
+ # # Modify the configuration for all KeyManagementService clients
58
+ # ::Google::Cloud::Kms::V1::KeyManagementService::Client.configure do |config|
59
+ # config.timeout = 10.0
60
+ # end
62
61
  #
63
62
  # @yield [config] Configure the Client client.
64
63
  # @yieldparam config [Client::Configuration]
@@ -150,6 +149,21 @@ module Google
150
149
  initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
151
150
  }
152
151
 
152
+ default_config.rpcs.update_crypto_key_primary_version.timeout = 60.0
153
+ default_config.rpcs.update_crypto_key_primary_version.retry_policy = {
154
+ initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
155
+ }
156
+
157
+ default_config.rpcs.destroy_crypto_key_version.timeout = 60.0
158
+ default_config.rpcs.destroy_crypto_key_version.retry_policy = {
159
+ initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
160
+ }
161
+
162
+ default_config.rpcs.restore_crypto_key_version.timeout = 60.0
163
+ default_config.rpcs.restore_crypto_key_version.retry_policy = {
164
+ initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
165
+ }
166
+
153
167
  default_config.rpcs.encrypt.timeout = 60.0
154
168
  default_config.rpcs.encrypt.retry_policy = {
155
169
  initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
@@ -170,18 +184,18 @@ module Google
170
184
  initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
171
185
  }
172
186
 
173
- default_config.rpcs.update_crypto_key_primary_version.timeout = 60.0
174
- default_config.rpcs.update_crypto_key_primary_version.retry_policy = {
187
+ default_config.rpcs.mac_sign.timeout = 60.0
188
+ default_config.rpcs.mac_sign.retry_policy = {
175
189
  initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
176
190
  }
177
191
 
178
- default_config.rpcs.destroy_crypto_key_version.timeout = 60.0
179
- default_config.rpcs.destroy_crypto_key_version.retry_policy = {
192
+ default_config.rpcs.mac_verify.timeout = 60.0
193
+ default_config.rpcs.mac_verify.retry_policy = {
180
194
  initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
181
195
  }
182
196
 
183
- default_config.rpcs.restore_crypto_key_version.timeout = 60.0
184
- default_config.rpcs.restore_crypto_key_version.retry_policy = {
197
+ default_config.rpcs.generate_random_bytes.timeout = 60.0
198
+ default_config.rpcs.generate_random_bytes.retry_policy = {
185
199
  initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
186
200
  }
187
201
 
@@ -214,19 +228,15 @@ module Google
214
228
  ##
215
229
  # Create a new KeyManagementService client object.
216
230
  #
217
- # ## Examples
218
- #
219
- # To create a new KeyManagementService client with the default
220
- # configuration:
231
+ # @example
221
232
  #
222
- # client = ::Google::Cloud::Kms::V1::KeyManagementService::Client.new
233
+ # # Create a client using the default configuration
234
+ # client = ::Google::Cloud::Kms::V1::KeyManagementService::Client.new
223
235
  #
224
- # To create a new KeyManagementService client with a custom
225
- # configuration:
226
- #
227
- # client = ::Google::Cloud::Kms::V1::KeyManagementService::Client.new do |config|
228
- # config.timeout = 10.0
229
- # end
236
+ # # Create a client using a custom configuration
237
+ # client = ::Google::Cloud::Kms::V1::KeyManagementService::Client.new do |config|
238
+ # config.timeout = 10.0
239
+ # end
230
240
  #
231
241
  # @yield [config] Configure the KeyManagementService client.
232
242
  # @yieldparam config [Client::Configuration]
@@ -246,10 +256,9 @@ module Google
246
256
 
247
257
  # Create credentials
248
258
  credentials = @config.credentials
249
- # Use self-signed JWT if the scope and endpoint are unchanged from default,
259
+ # Use self-signed JWT if the endpoint is unchanged from default,
250
260
  # but only if the default endpoint does not have a region prefix.
251
- enable_self_signed_jwt = @config.scope == Client.configure.scope &&
252
- @config.endpoint == Client.configure.endpoint &&
261
+ enable_self_signed_jwt = @config.endpoint == Client.configure.endpoint &&
253
262
  !@config.endpoint.split(".").first.include?("-")
254
263
  credentials ||= Credentials.default scope: @config.scope,
255
264
  enable_self_signed_jwt: enable_self_signed_jwt
@@ -344,7 +353,9 @@ module Google
344
353
  options.apply_defaults timeout: @config.rpcs.list_key_rings.timeout,
345
354
  metadata: metadata,
346
355
  retry_policy: @config.rpcs.list_key_rings.retry_policy
347
- options.apply_defaults metadata: @config.metadata,
356
+
357
+ options.apply_defaults timeout: @config.timeout,
358
+ metadata: @config.metadata,
348
359
  retry_policy: @config.retry_policy
349
360
 
350
361
  @key_management_service_stub.call_rpc :list_key_rings, request, options: options do |response, operation|
@@ -432,7 +443,9 @@ module Google
432
443
  options.apply_defaults timeout: @config.rpcs.list_crypto_keys.timeout,
433
444
  metadata: metadata,
434
445
  retry_policy: @config.rpcs.list_crypto_keys.retry_policy
435
- options.apply_defaults metadata: @config.metadata,
446
+
447
+ options.apply_defaults timeout: @config.timeout,
448
+ metadata: @config.metadata,
436
449
  retry_policy: @config.retry_policy
437
450
 
438
451
  @key_management_service_stub.call_rpc :list_crypto_keys, request, options: options do |response, operation|
@@ -521,7 +534,9 @@ module Google
521
534
  options.apply_defaults timeout: @config.rpcs.list_crypto_key_versions.timeout,
522
535
  metadata: metadata,
523
536
  retry_policy: @config.rpcs.list_crypto_key_versions.retry_policy
524
- options.apply_defaults metadata: @config.metadata,
537
+
538
+ options.apply_defaults timeout: @config.timeout,
539
+ metadata: @config.metadata,
525
540
  retry_policy: @config.retry_policy
526
541
 
527
542
  @key_management_service_stub.call_rpc :list_crypto_key_versions, request, options: options do |response, operation|
@@ -607,7 +622,9 @@ module Google
607
622
  options.apply_defaults timeout: @config.rpcs.list_import_jobs.timeout,
608
623
  metadata: metadata,
609
624
  retry_policy: @config.rpcs.list_import_jobs.retry_policy
610
- options.apply_defaults metadata: @config.metadata,
625
+
626
+ options.apply_defaults timeout: @config.timeout,
627
+ metadata: @config.metadata,
611
628
  retry_policy: @config.retry_policy
612
629
 
613
630
  @key_management_service_stub.call_rpc :list_import_jobs, request, options: options do |response, operation|
@@ -674,7 +691,9 @@ module Google
674
691
  options.apply_defaults timeout: @config.rpcs.get_key_ring.timeout,
675
692
  metadata: metadata,
676
693
  retry_policy: @config.rpcs.get_key_ring.retry_policy
677
- options.apply_defaults metadata: @config.metadata,
694
+
695
+ options.apply_defaults timeout: @config.timeout,
696
+ metadata: @config.metadata,
678
697
  retry_policy: @config.retry_policy
679
698
 
680
699
  @key_management_service_stub.call_rpc :get_key_ring, request, options: options do |response, operation|
@@ -741,7 +760,9 @@ module Google
741
760
  options.apply_defaults timeout: @config.rpcs.get_crypto_key.timeout,
742
761
  metadata: metadata,
743
762
  retry_policy: @config.rpcs.get_crypto_key.retry_policy
744
- options.apply_defaults metadata: @config.metadata,
763
+
764
+ options.apply_defaults timeout: @config.timeout,
765
+ metadata: @config.metadata,
745
766
  retry_policy: @config.retry_policy
746
767
 
747
768
  @key_management_service_stub.call_rpc :get_crypto_key, request, options: options do |response, operation|
@@ -807,7 +828,9 @@ module Google
807
828
  options.apply_defaults timeout: @config.rpcs.get_crypto_key_version.timeout,
808
829
  metadata: metadata,
809
830
  retry_policy: @config.rpcs.get_crypto_key_version.retry_policy
810
- options.apply_defaults metadata: @config.metadata,
831
+
832
+ options.apply_defaults timeout: @config.timeout,
833
+ metadata: @config.metadata,
811
834
  retry_policy: @config.retry_policy
812
835
 
813
836
  @key_management_service_stub.call_rpc :get_crypto_key_version, request, options: options do |response, operation|
@@ -877,7 +900,9 @@ module Google
877
900
  options.apply_defaults timeout: @config.rpcs.get_public_key.timeout,
878
901
  metadata: metadata,
879
902
  retry_policy: @config.rpcs.get_public_key.retry_policy
880
- options.apply_defaults metadata: @config.metadata,
903
+
904
+ options.apply_defaults timeout: @config.timeout,
905
+ metadata: @config.metadata,
881
906
  retry_policy: @config.retry_policy
882
907
 
883
908
  @key_management_service_stub.call_rpc :get_public_key, request, options: options do |response, operation|
@@ -943,7 +968,9 @@ module Google
943
968
  options.apply_defaults timeout: @config.rpcs.get_import_job.timeout,
944
969
  metadata: metadata,
945
970
  retry_policy: @config.rpcs.get_import_job.retry_policy
946
- options.apply_defaults metadata: @config.metadata,
971
+
972
+ options.apply_defaults timeout: @config.timeout,
973
+ metadata: @config.metadata,
947
974
  retry_policy: @config.retry_policy
948
975
 
949
976
  @key_management_service_stub.call_rpc :get_import_job, request, options: options do |response, operation|
@@ -1015,7 +1042,9 @@ module Google
1015
1042
  options.apply_defaults timeout: @config.rpcs.create_key_ring.timeout,
1016
1043
  metadata: metadata,
1017
1044
  retry_policy: @config.rpcs.create_key_ring.retry_policy
1018
- options.apply_defaults metadata: @config.metadata,
1045
+
1046
+ options.apply_defaults timeout: @config.timeout,
1047
+ metadata: @config.metadata,
1019
1048
  retry_policy: @config.retry_policy
1020
1049
 
1021
1050
  @key_management_service_stub.call_rpc :create_key_ring, request, options: options do |response, operation|
@@ -1097,7 +1126,9 @@ module Google
1097
1126
  options.apply_defaults timeout: @config.rpcs.create_crypto_key.timeout,
1098
1127
  metadata: metadata,
1099
1128
  retry_policy: @config.rpcs.create_crypto_key.retry_policy
1100
- options.apply_defaults metadata: @config.metadata,
1129
+
1130
+ options.apply_defaults timeout: @config.timeout,
1131
+ metadata: @config.metadata,
1101
1132
  retry_policy: @config.retry_policy
1102
1133
 
1103
1134
  @key_management_service_stub.call_rpc :create_crypto_key, request, options: options do |response, operation|
@@ -1170,7 +1201,9 @@ module Google
1170
1201
  options.apply_defaults timeout: @config.rpcs.create_crypto_key_version.timeout,
1171
1202
  metadata: metadata,
1172
1203
  retry_policy: @config.rpcs.create_crypto_key_version.retry_policy
1173
- options.apply_defaults metadata: @config.metadata,
1204
+
1205
+ options.apply_defaults timeout: @config.timeout,
1206
+ metadata: @config.metadata,
1174
1207
  retry_policy: @config.retry_policy
1175
1208
 
1176
1209
  @key_management_service_stub.call_rpc :create_crypto_key_version, request, options: options do |response, operation|
@@ -1182,11 +1215,12 @@ module Google
1182
1215
  end
1183
1216
 
1184
1217
  ##
1185
- # Imports a new {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} into an existing {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} using the
1186
- # wrapped key material provided in the request.
1218
+ # Import wrapped key material into a {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}.
1187
1219
  #
1188
- # The version ID will be assigned the next sequential id within the
1189
- # {::Google::Cloud::Kms::V1::CryptoKey CryptoKey}.
1220
+ # All requests must specify a {::Google::Cloud::Kms::V1::CryptoKey CryptoKey}. If a {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} is
1221
+ # additionally specified in the request, key material will be reimported into
1222
+ # that version. Otherwise, a new version will be created, and will be
1223
+ # assigned the next sequential id within the {::Google::Cloud::Kms::V1::CryptoKey CryptoKey}.
1190
1224
  #
1191
1225
  # @overload import_crypto_key_version(request, options = nil)
1192
1226
  # Pass arguments to `import_crypto_key_version` via a request object, either of type
@@ -1198,14 +1232,32 @@ module Google
1198
1232
  # @param options [::Gapic::CallOptions, ::Hash]
1199
1233
  # Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
1200
1234
  #
1201
- # @overload import_crypto_key_version(parent: nil, algorithm: nil, import_job: nil, rsa_aes_wrapped_key: nil)
1235
+ # @overload import_crypto_key_version(parent: nil, crypto_key_version: nil, algorithm: nil, import_job: nil, rsa_aes_wrapped_key: nil)
1202
1236
  # Pass arguments to `import_crypto_key_version` via keyword arguments. Note that at
1203
1237
  # least one keyword argument is required. To specify no parameters, or to keep all
1204
1238
  # the default parameter values, pass an empty Hash as a request object (see above).
1205
1239
  #
1206
1240
  # @param parent [::String]
1207
- # Required. The {::Google::Cloud::Kms::V1::CryptoKey#name name} of the {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} to
1208
- # be imported into.
1241
+ # Required. The {::Google::Cloud::Kms::V1::CryptoKey#name name} of the {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} to be imported into.
1242
+ #
1243
+ # The create permission is only required on this key when creating a new
1244
+ # {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}.
1245
+ # @param crypto_key_version [::String]
1246
+ # Optional. The optional {::Google::Cloud::Kms::V1::CryptoKeyVersion#name name} of an existing
1247
+ # {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to target for an import operation.
1248
+ # If this field is not present, a new {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} containing the
1249
+ # supplied key material is created.
1250
+ #
1251
+ # If this field is present, the supplied key material is imported into
1252
+ # the existing {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}. To import into an existing
1253
+ # {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}, the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} must be a child of
1254
+ # {::Google::Cloud::Kms::V1::ImportCryptoKeyVersionRequest#parent ImportCryptoKeyVersionRequest.parent}, have been previously created via
1255
+ # [ImportCryptoKeyVersion][], and be in
1256
+ # {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DESTROYED DESTROYED} or
1257
+ # {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::IMPORT_FAILED IMPORT_FAILED}
1258
+ # state. The key material and algorithm must match the previous
1259
+ # {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} exactly if the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} has ever contained
1260
+ # key material.
1209
1261
  # @param algorithm [::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionAlgorithm]
1210
1262
  # Required. The {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionAlgorithm algorithm} of
1211
1263
  # the key being imported. This does not need to match the
@@ -1273,7 +1325,9 @@ module Google
1273
1325
  options.apply_defaults timeout: @config.rpcs.import_crypto_key_version.timeout,
1274
1326
  metadata: metadata,
1275
1327
  retry_policy: @config.rpcs.import_crypto_key_version.retry_policy
1276
- options.apply_defaults metadata: @config.metadata,
1328
+
1329
+ options.apply_defaults timeout: @config.timeout,
1330
+ metadata: @config.metadata,
1277
1331
  retry_policy: @config.retry_policy
1278
1332
 
1279
1333
  @key_management_service_stub.call_rpc :import_crypto_key_version, request, options: options do |response, operation|
@@ -1347,7 +1401,9 @@ module Google
1347
1401
  options.apply_defaults timeout: @config.rpcs.create_import_job.timeout,
1348
1402
  metadata: metadata,
1349
1403
  retry_policy: @config.rpcs.create_import_job.retry_policy
1350
- options.apply_defaults metadata: @config.metadata,
1404
+
1405
+ options.apply_defaults timeout: @config.timeout,
1406
+ metadata: @config.metadata,
1351
1407
  retry_policy: @config.retry_policy
1352
1408
 
1353
1409
  @key_management_service_stub.call_rpc :create_import_job, request, options: options do |response, operation|
@@ -1415,7 +1471,9 @@ module Google
1415
1471
  options.apply_defaults timeout: @config.rpcs.update_crypto_key.timeout,
1416
1472
  metadata: metadata,
1417
1473
  retry_policy: @config.rpcs.update_crypto_key.retry_policy
1418
- options.apply_defaults metadata: @config.metadata,
1474
+
1475
+ options.apply_defaults timeout: @config.timeout,
1476
+ metadata: @config.metadata,
1419
1477
  retry_policy: @config.retry_policy
1420
1478
 
1421
1479
  @key_management_service_stub.call_rpc :update_crypto_key, request, options: options do |response, operation|
@@ -1489,7 +1547,9 @@ module Google
1489
1547
  options.apply_defaults timeout: @config.rpcs.update_crypto_key_version.timeout,
1490
1548
  metadata: metadata,
1491
1549
  retry_policy: @config.rpcs.update_crypto_key_version.retry_policy
1492
- options.apply_defaults metadata: @config.metadata,
1550
+
1551
+ options.apply_defaults timeout: @config.timeout,
1552
+ metadata: @config.metadata,
1493
1553
  retry_policy: @config.retry_policy
1494
1554
 
1495
1555
  @key_management_service_stub.call_rpc :update_crypto_key_version, request, options: options do |response, operation|
@@ -1500,6 +1560,233 @@ module Google
1500
1560
  raise ::Google::Cloud::Error.from_error(e)
1501
1561
  end
1502
1562
 
1563
+ ##
1564
+ # Update the version of a {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} that will be used in {::Google::Cloud::Kms::V1::KeyManagementService::Client#encrypt Encrypt}.
1565
+ #
1566
+ # Returns an error if called on a key whose purpose is not
1567
+ # {::Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose::ENCRYPT_DECRYPT ENCRYPT_DECRYPT}.
1568
+ #
1569
+ # @overload update_crypto_key_primary_version(request, options = nil)
1570
+ # Pass arguments to `update_crypto_key_primary_version` via a request object, either of type
1571
+ # {::Google::Cloud::Kms::V1::UpdateCryptoKeyPrimaryVersionRequest} or an equivalent Hash.
1572
+ #
1573
+ # @param request [::Google::Cloud::Kms::V1::UpdateCryptoKeyPrimaryVersionRequest, ::Hash]
1574
+ # A request object representing the call parameters. Required. To specify no
1575
+ # parameters, or to keep all the default parameter values, pass an empty Hash.
1576
+ # @param options [::Gapic::CallOptions, ::Hash]
1577
+ # Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
1578
+ #
1579
+ # @overload update_crypto_key_primary_version(name: nil, crypto_key_version_id: nil)
1580
+ # Pass arguments to `update_crypto_key_primary_version` via keyword arguments. Note that at
1581
+ # least one keyword argument is required. To specify no parameters, or to keep all
1582
+ # the default parameter values, pass an empty Hash as a request object (see above).
1583
+ #
1584
+ # @param name [::String]
1585
+ # Required. The resource name of the {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} to update.
1586
+ # @param crypto_key_version_id [::String]
1587
+ # Required. The id of the child {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use as primary.
1588
+ #
1589
+ # @yield [response, operation] Access the result along with the RPC operation
1590
+ # @yieldparam response [::Google::Cloud::Kms::V1::CryptoKey]
1591
+ # @yieldparam operation [::GRPC::ActiveCall::Operation]
1592
+ #
1593
+ # @return [::Google::Cloud::Kms::V1::CryptoKey]
1594
+ #
1595
+ # @raise [::Google::Cloud::Error] if the RPC is aborted.
1596
+ #
1597
+ def update_crypto_key_primary_version request, options = nil
1598
+ raise ::ArgumentError, "request must be provided" if request.nil?
1599
+
1600
+ request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Kms::V1::UpdateCryptoKeyPrimaryVersionRequest
1601
+
1602
+ # Converts hash and nil to an options object
1603
+ options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
1604
+
1605
+ # Customize the options with defaults
1606
+ metadata = @config.rpcs.update_crypto_key_primary_version.metadata.to_h
1607
+
1608
+ # Set x-goog-api-client and x-goog-user-project headers
1609
+ metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
1610
+ lib_name: @config.lib_name, lib_version: @config.lib_version,
1611
+ gapic_version: ::Google::Cloud::Kms::V1::VERSION
1612
+ metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
1613
+
1614
+ header_params = {
1615
+ "name" => request.name
1616
+ }
1617
+ request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
1618
+ metadata[:"x-goog-request-params"] ||= request_params_header
1619
+
1620
+ options.apply_defaults timeout: @config.rpcs.update_crypto_key_primary_version.timeout,
1621
+ metadata: metadata,
1622
+ retry_policy: @config.rpcs.update_crypto_key_primary_version.retry_policy
1623
+
1624
+ options.apply_defaults timeout: @config.timeout,
1625
+ metadata: @config.metadata,
1626
+ retry_policy: @config.retry_policy
1627
+
1628
+ @key_management_service_stub.call_rpc :update_crypto_key_primary_version, request, options: options do |response, operation|
1629
+ yield response, operation if block_given?
1630
+ return response
1631
+ end
1632
+ rescue ::GRPC::BadStatus => e
1633
+ raise ::Google::Cloud::Error.from_error(e)
1634
+ end
1635
+
1636
+ ##
1637
+ # Schedule a {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} for destruction.
1638
+ #
1639
+ # Upon calling this method, {::Google::Cloud::Kms::V1::CryptoKeyVersion#state CryptoKeyVersion.state} will be set to
1640
+ # {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DESTROY_SCHEDULED DESTROY_SCHEDULED},
1641
+ # and {::Google::Cloud::Kms::V1::CryptoKeyVersion#destroy_time destroy_time} will be set to the time
1642
+ # {::Google::Cloud::Kms::V1::CryptoKey#destroy_scheduled_duration destroy_scheduled_duration} in the
1643
+ # future. At that time, the {::Google::Cloud::Kms::V1::CryptoKeyVersion#state state} will
1644
+ # automatically change to
1645
+ # {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DESTROYED DESTROYED}, and the key
1646
+ # material will be irrevocably destroyed.
1647
+ #
1648
+ # Before the {::Google::Cloud::Kms::V1::CryptoKeyVersion#destroy_time destroy_time} is reached,
1649
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client#restore_crypto_key_version RestoreCryptoKeyVersion} may be called to reverse the process.
1650
+ #
1651
+ # @overload destroy_crypto_key_version(request, options = nil)
1652
+ # Pass arguments to `destroy_crypto_key_version` via a request object, either of type
1653
+ # {::Google::Cloud::Kms::V1::DestroyCryptoKeyVersionRequest} or an equivalent Hash.
1654
+ #
1655
+ # @param request [::Google::Cloud::Kms::V1::DestroyCryptoKeyVersionRequest, ::Hash]
1656
+ # A request object representing the call parameters. Required. To specify no
1657
+ # parameters, or to keep all the default parameter values, pass an empty Hash.
1658
+ # @param options [::Gapic::CallOptions, ::Hash]
1659
+ # Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
1660
+ #
1661
+ # @overload destroy_crypto_key_version(name: nil)
1662
+ # Pass arguments to `destroy_crypto_key_version` via keyword arguments. Note that at
1663
+ # least one keyword argument is required. To specify no parameters, or to keep all
1664
+ # the default parameter values, pass an empty Hash as a request object (see above).
1665
+ #
1666
+ # @param name [::String]
1667
+ # Required. The resource name of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to destroy.
1668
+ #
1669
+ # @yield [response, operation] Access the result along with the RPC operation
1670
+ # @yieldparam response [::Google::Cloud::Kms::V1::CryptoKeyVersion]
1671
+ # @yieldparam operation [::GRPC::ActiveCall::Operation]
1672
+ #
1673
+ # @return [::Google::Cloud::Kms::V1::CryptoKeyVersion]
1674
+ #
1675
+ # @raise [::Google::Cloud::Error] if the RPC is aborted.
1676
+ #
1677
+ def destroy_crypto_key_version request, options = nil
1678
+ raise ::ArgumentError, "request must be provided" if request.nil?
1679
+
1680
+ request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Kms::V1::DestroyCryptoKeyVersionRequest
1681
+
1682
+ # Converts hash and nil to an options object
1683
+ options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
1684
+
1685
+ # Customize the options with defaults
1686
+ metadata = @config.rpcs.destroy_crypto_key_version.metadata.to_h
1687
+
1688
+ # Set x-goog-api-client and x-goog-user-project headers
1689
+ metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
1690
+ lib_name: @config.lib_name, lib_version: @config.lib_version,
1691
+ gapic_version: ::Google::Cloud::Kms::V1::VERSION
1692
+ metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
1693
+
1694
+ header_params = {
1695
+ "name" => request.name
1696
+ }
1697
+ request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
1698
+ metadata[:"x-goog-request-params"] ||= request_params_header
1699
+
1700
+ options.apply_defaults timeout: @config.rpcs.destroy_crypto_key_version.timeout,
1701
+ metadata: metadata,
1702
+ retry_policy: @config.rpcs.destroy_crypto_key_version.retry_policy
1703
+
1704
+ options.apply_defaults timeout: @config.timeout,
1705
+ metadata: @config.metadata,
1706
+ retry_policy: @config.retry_policy
1707
+
1708
+ @key_management_service_stub.call_rpc :destroy_crypto_key_version, request, options: options do |response, operation|
1709
+ yield response, operation if block_given?
1710
+ return response
1711
+ end
1712
+ rescue ::GRPC::BadStatus => e
1713
+ raise ::Google::Cloud::Error.from_error(e)
1714
+ end
1715
+
1716
+ ##
1717
+ # Restore a {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} in the
1718
+ # {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DESTROY_SCHEDULED DESTROY_SCHEDULED}
1719
+ # state.
1720
+ #
1721
+ # Upon restoration of the CryptoKeyVersion, {::Google::Cloud::Kms::V1::CryptoKeyVersion#state state}
1722
+ # will be set to {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DISABLED DISABLED},
1723
+ # and {::Google::Cloud::Kms::V1::CryptoKeyVersion#destroy_time destroy_time} will be cleared.
1724
+ #
1725
+ # @overload restore_crypto_key_version(request, options = nil)
1726
+ # Pass arguments to `restore_crypto_key_version` via a request object, either of type
1727
+ # {::Google::Cloud::Kms::V1::RestoreCryptoKeyVersionRequest} or an equivalent Hash.
1728
+ #
1729
+ # @param request [::Google::Cloud::Kms::V1::RestoreCryptoKeyVersionRequest, ::Hash]
1730
+ # A request object representing the call parameters. Required. To specify no
1731
+ # parameters, or to keep all the default parameter values, pass an empty Hash.
1732
+ # @param options [::Gapic::CallOptions, ::Hash]
1733
+ # Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
1734
+ #
1735
+ # @overload restore_crypto_key_version(name: nil)
1736
+ # Pass arguments to `restore_crypto_key_version` via keyword arguments. Note that at
1737
+ # least one keyword argument is required. To specify no parameters, or to keep all
1738
+ # the default parameter values, pass an empty Hash as a request object (see above).
1739
+ #
1740
+ # @param name [::String]
1741
+ # Required. The resource name of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to restore.
1742
+ #
1743
+ # @yield [response, operation] Access the result along with the RPC operation
1744
+ # @yieldparam response [::Google::Cloud::Kms::V1::CryptoKeyVersion]
1745
+ # @yieldparam operation [::GRPC::ActiveCall::Operation]
1746
+ #
1747
+ # @return [::Google::Cloud::Kms::V1::CryptoKeyVersion]
1748
+ #
1749
+ # @raise [::Google::Cloud::Error] if the RPC is aborted.
1750
+ #
1751
+ def restore_crypto_key_version request, options = nil
1752
+ raise ::ArgumentError, "request must be provided" if request.nil?
1753
+
1754
+ request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Kms::V1::RestoreCryptoKeyVersionRequest
1755
+
1756
+ # Converts hash and nil to an options object
1757
+ options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
1758
+
1759
+ # Customize the options with defaults
1760
+ metadata = @config.rpcs.restore_crypto_key_version.metadata.to_h
1761
+
1762
+ # Set x-goog-api-client and x-goog-user-project headers
1763
+ metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
1764
+ lib_name: @config.lib_name, lib_version: @config.lib_version,
1765
+ gapic_version: ::Google::Cloud::Kms::V1::VERSION
1766
+ metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
1767
+
1768
+ header_params = {
1769
+ "name" => request.name
1770
+ }
1771
+ request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
1772
+ metadata[:"x-goog-request-params"] ||= request_params_header
1773
+
1774
+ options.apply_defaults timeout: @config.rpcs.restore_crypto_key_version.timeout,
1775
+ metadata: metadata,
1776
+ retry_policy: @config.rpcs.restore_crypto_key_version.retry_policy
1777
+
1778
+ options.apply_defaults timeout: @config.timeout,
1779
+ metadata: @config.metadata,
1780
+ retry_policy: @config.retry_policy
1781
+
1782
+ @key_management_service_stub.call_rpc :restore_crypto_key_version, request, options: options do |response, operation|
1783
+ yield response, operation if block_given?
1784
+ return response
1785
+ end
1786
+ rescue ::GRPC::BadStatus => e
1787
+ raise ::Google::Cloud::Error.from_error(e)
1788
+ end
1789
+
1503
1790
  ##
1504
1791
  # Encrypts data, so that it can only be recovered by a call to {::Google::Cloud::Kms::V1::KeyManagementService::Client#decrypt Decrypt}.
1505
1792
  # The {::Google::Cloud::Kms::V1::CryptoKey#purpose CryptoKey.purpose} must be
@@ -1559,8 +1846,6 @@ module Google
1559
1846
  # different languages. However, it is a non-negative integer, which will
1560
1847
  # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
1561
1848
  # that support this type.
1562
- #
1563
- # NOTE: This field is in Beta.
1564
1849
  # @param additional_authenticated_data_crc32c [::Google::Protobuf::Int64Value, ::Hash]
1565
1850
  # Optional. An optional CRC32C checksum of the
1566
1851
  # {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data EncryptRequest.additional_authenticated_data}. If specified,
@@ -1577,8 +1862,6 @@ module Google
1577
1862
  # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
1578
1863
  # that support this type.
1579
1864
  #
1580
- # NOTE: This field is in Beta.
1581
- #
1582
1865
  # @yield [response, operation] Access the result along with the RPC operation
1583
1866
  # @yieldparam response [::Google::Cloud::Kms::V1::EncryptResponse]
1584
1867
  # @yieldparam operation [::GRPC::ActiveCall::Operation]
@@ -1613,7 +1896,9 @@ module Google
1613
1896
  options.apply_defaults timeout: @config.rpcs.encrypt.timeout,
1614
1897
  metadata: metadata,
1615
1898
  retry_policy: @config.rpcs.encrypt.retry_policy
1616
- options.apply_defaults metadata: @config.metadata,
1899
+
1900
+ options.apply_defaults timeout: @config.timeout,
1901
+ metadata: @config.metadata,
1617
1902
  retry_policy: @config.retry_policy
1618
1903
 
1619
1904
  @key_management_service_stub.call_rpc :encrypt, request, options: options do |response, operation|
@@ -1666,8 +1951,6 @@ module Google
1666
1951
  # different languages. However, it is a non-negative integer, which will
1667
1952
  # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
1668
1953
  # that support this type.
1669
- #
1670
- # NOTE: This field is in Beta.
1671
1954
  # @param additional_authenticated_data_crc32c [::Google::Protobuf::Int64Value, ::Hash]
1672
1955
  # Optional. An optional CRC32C checksum of the
1673
1956
  # {::Google::Cloud::Kms::V1::DecryptRequest#additional_authenticated_data DecryptRequest.additional_authenticated_data}. If specified,
@@ -1684,8 +1967,6 @@ module Google
1684
1967
  # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
1685
1968
  # that support this type.
1686
1969
  #
1687
- # NOTE: This field is in Beta.
1688
- #
1689
1970
  # @yield [response, operation] Access the result along with the RPC operation
1690
1971
  # @yieldparam response [::Google::Cloud::Kms::V1::DecryptResponse]
1691
1972
  # @yieldparam operation [::GRPC::ActiveCall::Operation]
@@ -1720,7 +2001,9 @@ module Google
1720
2001
  options.apply_defaults timeout: @config.rpcs.decrypt.timeout,
1721
2002
  metadata: metadata,
1722
2003
  retry_policy: @config.rpcs.decrypt.retry_policy
1723
- options.apply_defaults metadata: @config.metadata,
2004
+
2005
+ options.apply_defaults timeout: @config.timeout,
2006
+ metadata: @config.metadata,
1724
2007
  retry_policy: @config.retry_policy
1725
2008
 
1726
2009
  @key_management_service_stub.call_rpc :decrypt, request, options: options do |response, operation|
@@ -1772,8 +2055,6 @@ module Google
1772
2055
  # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
1773
2056
  # that support this type.
1774
2057
  #
1775
- # NOTE: This field is in Beta.
1776
- #
1777
2058
  # @yield [response, operation] Access the result along with the RPC operation
1778
2059
  # @yieldparam response [::Google::Cloud::Kms::V1::AsymmetricSignResponse]
1779
2060
  # @yieldparam operation [::GRPC::ActiveCall::Operation]
@@ -1808,7 +2089,9 @@ module Google
1808
2089
  options.apply_defaults timeout: @config.rpcs.asymmetric_sign.timeout,
1809
2090
  metadata: metadata,
1810
2091
  retry_policy: @config.rpcs.asymmetric_sign.retry_policy
1811
- options.apply_defaults metadata: @config.metadata,
2092
+
2093
+ options.apply_defaults timeout: @config.timeout,
2094
+ metadata: @config.metadata,
1812
2095
  retry_policy: @config.retry_policy
1813
2096
 
1814
2097
  @key_management_service_stub.call_rpc :asymmetric_sign, request, options: options do |response, operation|
@@ -1860,8 +2143,6 @@ module Google
1860
2143
  # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
1861
2144
  # that support this type.
1862
2145
  #
1863
- # NOTE: This field is in Beta.
1864
- #
1865
2146
  # @yield [response, operation] Access the result along with the RPC operation
1866
2147
  # @yieldparam response [::Google::Cloud::Kms::V1::AsymmetricDecryptResponse]
1867
2148
  # @yieldparam operation [::GRPC::ActiveCall::Operation]
@@ -1896,7 +2177,9 @@ module Google
1896
2177
  options.apply_defaults timeout: @config.rpcs.asymmetric_decrypt.timeout,
1897
2178
  metadata: metadata,
1898
2179
  retry_policy: @config.rpcs.asymmetric_decrypt.retry_policy
1899
- options.apply_defaults metadata: @config.metadata,
2180
+
2181
+ options.apply_defaults timeout: @config.timeout,
2182
+ metadata: @config.metadata,
1900
2183
  retry_policy: @config.retry_policy
1901
2184
 
1902
2185
  @key_management_service_stub.call_rpc :asymmetric_decrypt, request, options: options do |response, operation|
@@ -1908,49 +2191,63 @@ module Google
1908
2191
  end
1909
2192
 
1910
2193
  ##
1911
- # Update the version of a {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} that will be used in {::Google::Cloud::Kms::V1::KeyManagementService::Client#encrypt Encrypt}.
1912
- #
1913
- # Returns an error if called on a key whose purpose is not
1914
- # {::Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose::ENCRYPT_DECRYPT ENCRYPT_DECRYPT}.
2194
+ # Signs data using a {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} with {::Google::Cloud::Kms::V1::CryptoKey#purpose CryptoKey.purpose}
2195
+ # MAC, producing a tag that can be verified by another source with the
2196
+ # same key.
1915
2197
  #
1916
- # @overload update_crypto_key_primary_version(request, options = nil)
1917
- # Pass arguments to `update_crypto_key_primary_version` via a request object, either of type
1918
- # {::Google::Cloud::Kms::V1::UpdateCryptoKeyPrimaryVersionRequest} or an equivalent Hash.
2198
+ # @overload mac_sign(request, options = nil)
2199
+ # Pass arguments to `mac_sign` via a request object, either of type
2200
+ # {::Google::Cloud::Kms::V1::MacSignRequest} or an equivalent Hash.
1919
2201
  #
1920
- # @param request [::Google::Cloud::Kms::V1::UpdateCryptoKeyPrimaryVersionRequest, ::Hash]
2202
+ # @param request [::Google::Cloud::Kms::V1::MacSignRequest, ::Hash]
1921
2203
  # A request object representing the call parameters. Required. To specify no
1922
2204
  # parameters, or to keep all the default parameter values, pass an empty Hash.
1923
2205
  # @param options [::Gapic::CallOptions, ::Hash]
1924
2206
  # Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
1925
2207
  #
1926
- # @overload update_crypto_key_primary_version(name: nil, crypto_key_version_id: nil)
1927
- # Pass arguments to `update_crypto_key_primary_version` via keyword arguments. Note that at
2208
+ # @overload mac_sign(name: nil, data: nil, data_crc32c: nil)
2209
+ # Pass arguments to `mac_sign` via keyword arguments. Note that at
1928
2210
  # least one keyword argument is required. To specify no parameters, or to keep all
1929
2211
  # the default parameter values, pass an empty Hash as a request object (see above).
1930
2212
  #
1931
2213
  # @param name [::String]
1932
- # Required. The resource name of the {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} to update.
1933
- # @param crypto_key_version_id [::String]
1934
- # Required. The id of the child {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use as primary.
2214
+ # Required. The resource name of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use for signing.
2215
+ # @param data [::String]
2216
+ # Required. The data to sign. The MAC tag is computed over this data field based on
2217
+ # the specific algorithm.
2218
+ # @param data_crc32c [::Google::Protobuf::Int64Value, ::Hash]
2219
+ # Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::MacSignRequest#data MacSignRequest.data}. If
2220
+ # specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the
2221
+ # received {::Google::Cloud::Kms::V1::MacSignRequest#data MacSignRequest.data} using this checksum.
2222
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
2223
+ # fails. If you receive a checksum error, your client should verify that
2224
+ # CRC32C({::Google::Cloud::Kms::V1::MacSignRequest#data MacSignRequest.data}) is equal to
2225
+ # {::Google::Cloud::Kms::V1::MacSignRequest#data_crc32c MacSignRequest.data_crc32c}, and if so, perform a limited
2226
+ # number of retries. A persistent mismatch may indicate an issue in your
2227
+ # computation of the CRC32C checksum.
2228
+ # Note: This field is defined as int64 for reasons of compatibility across
2229
+ # different languages. However, it is a non-negative integer, which will
2230
+ # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
2231
+ # that support this type.
1935
2232
  #
1936
2233
  # @yield [response, operation] Access the result along with the RPC operation
1937
- # @yieldparam response [::Google::Cloud::Kms::V1::CryptoKey]
2234
+ # @yieldparam response [::Google::Cloud::Kms::V1::MacSignResponse]
1938
2235
  # @yieldparam operation [::GRPC::ActiveCall::Operation]
1939
2236
  #
1940
- # @return [::Google::Cloud::Kms::V1::CryptoKey]
2237
+ # @return [::Google::Cloud::Kms::V1::MacSignResponse]
1941
2238
  #
1942
2239
  # @raise [::Google::Cloud::Error] if the RPC is aborted.
1943
2240
  #
1944
- def update_crypto_key_primary_version request, options = nil
2241
+ def mac_sign request, options = nil
1945
2242
  raise ::ArgumentError, "request must be provided" if request.nil?
1946
2243
 
1947
- request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Kms::V1::UpdateCryptoKeyPrimaryVersionRequest
2244
+ request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Kms::V1::MacSignRequest
1948
2245
 
1949
2246
  # Converts hash and nil to an options object
1950
2247
  options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
1951
2248
 
1952
2249
  # Customize the options with defaults
1953
- metadata = @config.rpcs.update_crypto_key_primary_version.metadata.to_h
2250
+ metadata = @config.rpcs.mac_sign.metadata.to_h
1954
2251
 
1955
2252
  # Set x-goog-api-client and x-goog-user-project headers
1956
2253
  metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
@@ -1964,13 +2261,15 @@ module Google
1964
2261
  request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
1965
2262
  metadata[:"x-goog-request-params"] ||= request_params_header
1966
2263
 
1967
- options.apply_defaults timeout: @config.rpcs.update_crypto_key_primary_version.timeout,
2264
+ options.apply_defaults timeout: @config.rpcs.mac_sign.timeout,
1968
2265
  metadata: metadata,
1969
- retry_policy: @config.rpcs.update_crypto_key_primary_version.retry_policy
1970
- options.apply_defaults metadata: @config.metadata,
2266
+ retry_policy: @config.rpcs.mac_sign.retry_policy
2267
+
2268
+ options.apply_defaults timeout: @config.timeout,
2269
+ metadata: @config.metadata,
1971
2270
  retry_policy: @config.retry_policy
1972
2271
 
1973
- @key_management_service_stub.call_rpc :update_crypto_key_primary_version, request, options: options do |response, operation|
2272
+ @key_management_service_stub.call_rpc :mac_sign, request, options: options do |response, operation|
1974
2273
  yield response, operation if block_given?
1975
2274
  return response
1976
2275
  end
@@ -1979,55 +2278,79 @@ module Google
1979
2278
  end
1980
2279
 
1981
2280
  ##
1982
- # Schedule a {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} for destruction.
2281
+ # Verifies MAC tag using a {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} with {::Google::Cloud::Kms::V1::CryptoKey#purpose CryptoKey.purpose}
2282
+ # MAC, and returns a response that indicates whether or not the verification
2283
+ # was successful.
1983
2284
  #
1984
- # Upon calling this method, {::Google::Cloud::Kms::V1::CryptoKeyVersion#state CryptoKeyVersion.state} will be set to
1985
- # {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DESTROY_SCHEDULED DESTROY_SCHEDULED}
1986
- # and {::Google::Cloud::Kms::V1::CryptoKeyVersion#destroy_time destroy_time} will be set to a time 24
1987
- # hours in the future, at which point the {::Google::Cloud::Kms::V1::CryptoKeyVersion#state state}
1988
- # will be changed to
1989
- # {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DESTROYED DESTROYED}, and the key
1990
- # material will be irrevocably destroyed.
2285
+ # @overload mac_verify(request, options = nil)
2286
+ # Pass arguments to `mac_verify` via a request object, either of type
2287
+ # {::Google::Cloud::Kms::V1::MacVerifyRequest} or an equivalent Hash.
1991
2288
  #
1992
- # Before the {::Google::Cloud::Kms::V1::CryptoKeyVersion#destroy_time destroy_time} is reached,
1993
- # {::Google::Cloud::Kms::V1::KeyManagementService::Client#restore_crypto_key_version RestoreCryptoKeyVersion} may be called to reverse the process.
1994
- #
1995
- # @overload destroy_crypto_key_version(request, options = nil)
1996
- # Pass arguments to `destroy_crypto_key_version` via a request object, either of type
1997
- # {::Google::Cloud::Kms::V1::DestroyCryptoKeyVersionRequest} or an equivalent Hash.
1998
- #
1999
- # @param request [::Google::Cloud::Kms::V1::DestroyCryptoKeyVersionRequest, ::Hash]
2289
+ # @param request [::Google::Cloud::Kms::V1::MacVerifyRequest, ::Hash]
2000
2290
  # A request object representing the call parameters. Required. To specify no
2001
2291
  # parameters, or to keep all the default parameter values, pass an empty Hash.
2002
2292
  # @param options [::Gapic::CallOptions, ::Hash]
2003
2293
  # Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
2004
2294
  #
2005
- # @overload destroy_crypto_key_version(name: nil)
2006
- # Pass arguments to `destroy_crypto_key_version` via keyword arguments. Note that at
2295
+ # @overload mac_verify(name: nil, data: nil, data_crc32c: nil, mac: nil, mac_crc32c: nil)
2296
+ # Pass arguments to `mac_verify` via keyword arguments. Note that at
2007
2297
  # least one keyword argument is required. To specify no parameters, or to keep all
2008
2298
  # the default parameter values, pass an empty Hash as a request object (see above).
2009
2299
  #
2010
2300
  # @param name [::String]
2011
- # Required. The resource name of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to destroy.
2301
+ # Required. The resource name of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use for verification.
2302
+ # @param data [::String]
2303
+ # Required. The data used previously as a {::Google::Cloud::Kms::V1::MacSignRequest#data MacSignRequest.data} to generate the MAC
2304
+ # tag.
2305
+ # @param data_crc32c [::Google::Protobuf::Int64Value, ::Hash]
2306
+ # Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::MacVerifyRequest#data MacVerifyRequest.data}. If
2307
+ # specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the
2308
+ # received {::Google::Cloud::Kms::V1::MacVerifyRequest#data MacVerifyRequest.data} using this checksum.
2309
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
2310
+ # fails. If you receive a checksum error, your client should verify that
2311
+ # CRC32C({::Google::Cloud::Kms::V1::MacVerifyRequest#data MacVerifyRequest.data}) is equal to
2312
+ # {::Google::Cloud::Kms::V1::MacVerifyRequest#data_crc32c MacVerifyRequest.data_crc32c}, and if so, perform a limited
2313
+ # number of retries. A persistent mismatch may indicate an issue in your
2314
+ # computation of the CRC32C checksum.
2315
+ # Note: This field is defined as int64 for reasons of compatibility across
2316
+ # different languages. However, it is a non-negative integer, which will
2317
+ # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
2318
+ # that support this type.
2319
+ # @param mac [::String]
2320
+ # Required. The signature to verify.
2321
+ # @param mac_crc32c [::Google::Protobuf::Int64Value, ::Hash]
2322
+ # Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::MacVerifyRequest#mac MacVerifyRequest.mac}. If
2323
+ # specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the
2324
+ # received {::Google::Cloud::Kms::V1::MacVerifyRequest#mac MacVerifyRequest.mac} using this checksum.
2325
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
2326
+ # fails. If you receive a checksum error, your client should verify that
2327
+ # CRC32C([MacVerifyRequest.tag][]) is equal to
2328
+ # {::Google::Cloud::Kms::V1::MacVerifyRequest#mac_crc32c MacVerifyRequest.mac_crc32c}, and if so, perform a limited
2329
+ # number of retries. A persistent mismatch may indicate an issue in your
2330
+ # computation of the CRC32C checksum.
2331
+ # Note: This field is defined as int64 for reasons of compatibility across
2332
+ # different languages. However, it is a non-negative integer, which will
2333
+ # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
2334
+ # that support this type.
2012
2335
  #
2013
2336
  # @yield [response, operation] Access the result along with the RPC operation
2014
- # @yieldparam response [::Google::Cloud::Kms::V1::CryptoKeyVersion]
2337
+ # @yieldparam response [::Google::Cloud::Kms::V1::MacVerifyResponse]
2015
2338
  # @yieldparam operation [::GRPC::ActiveCall::Operation]
2016
2339
  #
2017
- # @return [::Google::Cloud::Kms::V1::CryptoKeyVersion]
2340
+ # @return [::Google::Cloud::Kms::V1::MacVerifyResponse]
2018
2341
  #
2019
2342
  # @raise [::Google::Cloud::Error] if the RPC is aborted.
2020
2343
  #
2021
- def destroy_crypto_key_version request, options = nil
2344
+ def mac_verify request, options = nil
2022
2345
  raise ::ArgumentError, "request must be provided" if request.nil?
2023
2346
 
2024
- request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Kms::V1::DestroyCryptoKeyVersionRequest
2347
+ request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Kms::V1::MacVerifyRequest
2025
2348
 
2026
2349
  # Converts hash and nil to an options object
2027
2350
  options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
2028
2351
 
2029
2352
  # Customize the options with defaults
2030
- metadata = @config.rpcs.destroy_crypto_key_version.metadata.to_h
2353
+ metadata = @config.rpcs.mac_verify.metadata.to_h
2031
2354
 
2032
2355
  # Set x-goog-api-client and x-goog-user-project headers
2033
2356
  metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
@@ -2041,13 +2364,15 @@ module Google
2041
2364
  request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
2042
2365
  metadata[:"x-goog-request-params"] ||= request_params_header
2043
2366
 
2044
- options.apply_defaults timeout: @config.rpcs.destroy_crypto_key_version.timeout,
2367
+ options.apply_defaults timeout: @config.rpcs.mac_verify.timeout,
2045
2368
  metadata: metadata,
2046
- retry_policy: @config.rpcs.destroy_crypto_key_version.retry_policy
2047
- options.apply_defaults metadata: @config.metadata,
2369
+ retry_policy: @config.rpcs.mac_verify.retry_policy
2370
+
2371
+ options.apply_defaults timeout: @config.timeout,
2372
+ metadata: @config.metadata,
2048
2373
  retry_policy: @config.retry_policy
2049
2374
 
2050
- @key_management_service_stub.call_rpc :destroy_crypto_key_version, request, options: options do |response, operation|
2375
+ @key_management_service_stub.call_rpc :mac_verify, request, options: options do |response, operation|
2051
2376
  yield response, operation if block_given?
2052
2377
  return response
2053
2378
  end
@@ -2056,50 +2381,52 @@ module Google
2056
2381
  end
2057
2382
 
2058
2383
  ##
2059
- # Restore a {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} in the
2060
- # {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DESTROY_SCHEDULED DESTROY_SCHEDULED}
2061
- # state.
2062
- #
2063
- # Upon restoration of the CryptoKeyVersion, {::Google::Cloud::Kms::V1::CryptoKeyVersion#state state}
2064
- # will be set to {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DISABLED DISABLED},
2065
- # and {::Google::Cloud::Kms::V1::CryptoKeyVersion#destroy_time destroy_time} will be cleared.
2384
+ # Generate random bytes using the Cloud KMS randomness source in the provided
2385
+ # location.
2066
2386
  #
2067
- # @overload restore_crypto_key_version(request, options = nil)
2068
- # Pass arguments to `restore_crypto_key_version` via a request object, either of type
2069
- # {::Google::Cloud::Kms::V1::RestoreCryptoKeyVersionRequest} or an equivalent Hash.
2387
+ # @overload generate_random_bytes(request, options = nil)
2388
+ # Pass arguments to `generate_random_bytes` via a request object, either of type
2389
+ # {::Google::Cloud::Kms::V1::GenerateRandomBytesRequest} or an equivalent Hash.
2070
2390
  #
2071
- # @param request [::Google::Cloud::Kms::V1::RestoreCryptoKeyVersionRequest, ::Hash]
2391
+ # @param request [::Google::Cloud::Kms::V1::GenerateRandomBytesRequest, ::Hash]
2072
2392
  # A request object representing the call parameters. Required. To specify no
2073
2393
  # parameters, or to keep all the default parameter values, pass an empty Hash.
2074
2394
  # @param options [::Gapic::CallOptions, ::Hash]
2075
2395
  # Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
2076
2396
  #
2077
- # @overload restore_crypto_key_version(name: nil)
2078
- # Pass arguments to `restore_crypto_key_version` via keyword arguments. Note that at
2397
+ # @overload generate_random_bytes(location: nil, length_bytes: nil, protection_level: nil)
2398
+ # Pass arguments to `generate_random_bytes` via keyword arguments. Note that at
2079
2399
  # least one keyword argument is required. To specify no parameters, or to keep all
2080
2400
  # the default parameter values, pass an empty Hash as a request object (see above).
2081
2401
  #
2082
- # @param name [::String]
2083
- # Required. The resource name of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to restore.
2402
+ # @param location [::String]
2403
+ # The project-specific location in which to generate random bytes.
2404
+ # For example, "projects/my-project/locations/us-central1".
2405
+ # @param length_bytes [::Integer]
2406
+ # The length in bytes of the amount of randomness to retrieve. Minimum 8
2407
+ # bytes, maximum 1024 bytes.
2408
+ # @param protection_level [::Google::Cloud::Kms::V1::ProtectionLevel]
2409
+ # The {::Google::Cloud::Kms::V1::ProtectionLevel ProtectionLevel} to use when generating the random data. Defaults to
2410
+ # {::Google::Cloud::Kms::V1::ProtectionLevel::SOFTWARE SOFTWARE}.
2084
2411
  #
2085
2412
  # @yield [response, operation] Access the result along with the RPC operation
2086
- # @yieldparam response [::Google::Cloud::Kms::V1::CryptoKeyVersion]
2413
+ # @yieldparam response [::Google::Cloud::Kms::V1::GenerateRandomBytesResponse]
2087
2414
  # @yieldparam operation [::GRPC::ActiveCall::Operation]
2088
2415
  #
2089
- # @return [::Google::Cloud::Kms::V1::CryptoKeyVersion]
2416
+ # @return [::Google::Cloud::Kms::V1::GenerateRandomBytesResponse]
2090
2417
  #
2091
2418
  # @raise [::Google::Cloud::Error] if the RPC is aborted.
2092
2419
  #
2093
- def restore_crypto_key_version request, options = nil
2420
+ def generate_random_bytes request, options = nil
2094
2421
  raise ::ArgumentError, "request must be provided" if request.nil?
2095
2422
 
2096
- request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Kms::V1::RestoreCryptoKeyVersionRequest
2423
+ request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Kms::V1::GenerateRandomBytesRequest
2097
2424
 
2098
2425
  # Converts hash and nil to an options object
2099
2426
  options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
2100
2427
 
2101
2428
  # Customize the options with defaults
2102
- metadata = @config.rpcs.restore_crypto_key_version.metadata.to_h
2429
+ metadata = @config.rpcs.generate_random_bytes.metadata.to_h
2103
2430
 
2104
2431
  # Set x-goog-api-client and x-goog-user-project headers
2105
2432
  metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
@@ -2108,18 +2435,20 @@ module Google
2108
2435
  metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
2109
2436
 
2110
2437
  header_params = {
2111
- "name" => request.name
2438
+ "location" => request.location
2112
2439
  }
2113
2440
  request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
2114
2441
  metadata[:"x-goog-request-params"] ||= request_params_header
2115
2442
 
2116
- options.apply_defaults timeout: @config.rpcs.restore_crypto_key_version.timeout,
2443
+ options.apply_defaults timeout: @config.rpcs.generate_random_bytes.timeout,
2117
2444
  metadata: metadata,
2118
- retry_policy: @config.rpcs.restore_crypto_key_version.retry_policy
2119
- options.apply_defaults metadata: @config.metadata,
2445
+ retry_policy: @config.rpcs.generate_random_bytes.retry_policy
2446
+
2447
+ options.apply_defaults timeout: @config.timeout,
2448
+ metadata: @config.metadata,
2120
2449
  retry_policy: @config.retry_policy
2121
2450
 
2122
- @key_management_service_stub.call_rpc :restore_crypto_key_version, request, options: options do |response, operation|
2451
+ @key_management_service_stub.call_rpc :generate_random_bytes, request, options: options do |response, operation|
2123
2452
  yield response, operation if block_given?
2124
2453
  return response
2125
2454
  end
@@ -2140,22 +2469,21 @@ module Google
2140
2469
  # Configuration can be applied globally to all clients, or to a single client
2141
2470
  # on construction.
2142
2471
  #
2143
- # # Examples
2144
- #
2145
- # To modify the global config, setting the timeout for list_key_rings
2146
- # to 20 seconds, and all remaining timeouts to 10 seconds:
2472
+ # @example
2147
2473
  #
2148
- # ::Google::Cloud::Kms::V1::KeyManagementService::Client.configure do |config|
2149
- # config.timeout = 10.0
2150
- # config.rpcs.list_key_rings.timeout = 20.0
2151
- # end
2474
+ # # Modify the global config, setting the timeout for
2475
+ # # list_key_rings to 20 seconds,
2476
+ # # and all remaining timeouts to 10 seconds.
2477
+ # ::Google::Cloud::Kms::V1::KeyManagementService::Client.configure do |config|
2478
+ # config.timeout = 10.0
2479
+ # config.rpcs.list_key_rings.timeout = 20.0
2480
+ # end
2152
2481
  #
2153
- # To apply the above configuration only to a new client:
2154
- #
2155
- # client = ::Google::Cloud::Kms::V1::KeyManagementService::Client.new do |config|
2156
- # config.timeout = 10.0
2157
- # config.rpcs.list_key_rings.timeout = 20.0
2158
- # end
2482
+ # # Apply the above configuration only to a new client.
2483
+ # client = ::Google::Cloud::Kms::V1::KeyManagementService::Client.new do |config|
2484
+ # config.timeout = 10.0
2485
+ # config.rpcs.list_key_rings.timeout = 20.0
2486
+ # end
2159
2487
  #
2160
2488
  # @!attribute [rw] endpoint
2161
2489
  # The hostname or hostname:port of the service endpoint.
@@ -2344,6 +2672,21 @@ module Google
2344
2672
  #
2345
2673
  attr_reader :update_crypto_key_version
2346
2674
  ##
2675
+ # RPC-specific configuration for `update_crypto_key_primary_version`
2676
+ # @return [::Gapic::Config::Method]
2677
+ #
2678
+ attr_reader :update_crypto_key_primary_version
2679
+ ##
2680
+ # RPC-specific configuration for `destroy_crypto_key_version`
2681
+ # @return [::Gapic::Config::Method]
2682
+ #
2683
+ attr_reader :destroy_crypto_key_version
2684
+ ##
2685
+ # RPC-specific configuration for `restore_crypto_key_version`
2686
+ # @return [::Gapic::Config::Method]
2687
+ #
2688
+ attr_reader :restore_crypto_key_version
2689
+ ##
2347
2690
  # RPC-specific configuration for `encrypt`
2348
2691
  # @return [::Gapic::Config::Method]
2349
2692
  #
@@ -2364,20 +2707,20 @@ module Google
2364
2707
  #
2365
2708
  attr_reader :asymmetric_decrypt
2366
2709
  ##
2367
- # RPC-specific configuration for `update_crypto_key_primary_version`
2710
+ # RPC-specific configuration for `mac_sign`
2368
2711
  # @return [::Gapic::Config::Method]
2369
2712
  #
2370
- attr_reader :update_crypto_key_primary_version
2713
+ attr_reader :mac_sign
2371
2714
  ##
2372
- # RPC-specific configuration for `destroy_crypto_key_version`
2715
+ # RPC-specific configuration for `mac_verify`
2373
2716
  # @return [::Gapic::Config::Method]
2374
2717
  #
2375
- attr_reader :destroy_crypto_key_version
2718
+ attr_reader :mac_verify
2376
2719
  ##
2377
- # RPC-specific configuration for `restore_crypto_key_version`
2720
+ # RPC-specific configuration for `generate_random_bytes`
2378
2721
  # @return [::Gapic::Config::Method]
2379
2722
  #
2380
- attr_reader :restore_crypto_key_version
2723
+ attr_reader :generate_random_bytes
2381
2724
 
2382
2725
  # @private
2383
2726
  def initialize parent_rpcs = nil
@@ -2413,6 +2756,12 @@ module Google
2413
2756
  @update_crypto_key = ::Gapic::Config::Method.new update_crypto_key_config
2414
2757
  update_crypto_key_version_config = parent_rpcs.update_crypto_key_version if parent_rpcs.respond_to? :update_crypto_key_version
2415
2758
  @update_crypto_key_version = ::Gapic::Config::Method.new update_crypto_key_version_config
2759
+ update_crypto_key_primary_version_config = parent_rpcs.update_crypto_key_primary_version if parent_rpcs.respond_to? :update_crypto_key_primary_version
2760
+ @update_crypto_key_primary_version = ::Gapic::Config::Method.new update_crypto_key_primary_version_config
2761
+ destroy_crypto_key_version_config = parent_rpcs.destroy_crypto_key_version if parent_rpcs.respond_to? :destroy_crypto_key_version
2762
+ @destroy_crypto_key_version = ::Gapic::Config::Method.new destroy_crypto_key_version_config
2763
+ restore_crypto_key_version_config = parent_rpcs.restore_crypto_key_version if parent_rpcs.respond_to? :restore_crypto_key_version
2764
+ @restore_crypto_key_version = ::Gapic::Config::Method.new restore_crypto_key_version_config
2416
2765
  encrypt_config = parent_rpcs.encrypt if parent_rpcs.respond_to? :encrypt
2417
2766
  @encrypt = ::Gapic::Config::Method.new encrypt_config
2418
2767
  decrypt_config = parent_rpcs.decrypt if parent_rpcs.respond_to? :decrypt
@@ -2421,12 +2770,12 @@ module Google
2421
2770
  @asymmetric_sign = ::Gapic::Config::Method.new asymmetric_sign_config
2422
2771
  asymmetric_decrypt_config = parent_rpcs.asymmetric_decrypt if parent_rpcs.respond_to? :asymmetric_decrypt
2423
2772
  @asymmetric_decrypt = ::Gapic::Config::Method.new asymmetric_decrypt_config
2424
- update_crypto_key_primary_version_config = parent_rpcs.update_crypto_key_primary_version if parent_rpcs.respond_to? :update_crypto_key_primary_version
2425
- @update_crypto_key_primary_version = ::Gapic::Config::Method.new update_crypto_key_primary_version_config
2426
- destroy_crypto_key_version_config = parent_rpcs.destroy_crypto_key_version if parent_rpcs.respond_to? :destroy_crypto_key_version
2427
- @destroy_crypto_key_version = ::Gapic::Config::Method.new destroy_crypto_key_version_config
2428
- restore_crypto_key_version_config = parent_rpcs.restore_crypto_key_version if parent_rpcs.respond_to? :restore_crypto_key_version
2429
- @restore_crypto_key_version = ::Gapic::Config::Method.new restore_crypto_key_version_config
2773
+ mac_sign_config = parent_rpcs.mac_sign if parent_rpcs.respond_to? :mac_sign
2774
+ @mac_sign = ::Gapic::Config::Method.new mac_sign_config
2775
+ mac_verify_config = parent_rpcs.mac_verify if parent_rpcs.respond_to? :mac_verify
2776
+ @mac_verify = ::Gapic::Config::Method.new mac_verify_config
2777
+ generate_random_bytes_config = parent_rpcs.generate_random_bytes if parent_rpcs.respond_to? :generate_random_bytes
2778
+ @generate_random_bytes = ::Gapic::Config::Method.new generate_random_bytes_config
2430
2779
 
2431
2780
  yield self if block_given?
2432
2781
  end