google-cloud-kms-v1 0.6.2 → 0.10.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -325,8 +325,27 @@ module Google
325
325
  # Request message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#import_crypto_key_version KeyManagementService.ImportCryptoKeyVersion}.
326
326
  # @!attribute [rw] parent
327
327
  # @return [::String]
328
- # Required. The {::Google::Cloud::Kms::V1::CryptoKey#name name} of the {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} to
329
- # be imported into.
328
+ # Required. The {::Google::Cloud::Kms::V1::CryptoKey#name name} of the {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} to be imported into.
329
+ #
330
+ # The create permission is only required on this key when creating a new
331
+ # {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}.
332
+ # @!attribute [rw] crypto_key_version
333
+ # @return [::String]
334
+ # Optional. The optional {::Google::Cloud::Kms::V1::CryptoKeyVersion#name name} of an existing
335
+ # {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to target for an import operation.
336
+ # If this field is not present, a new {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} containing the
337
+ # supplied key material is created.
338
+ #
339
+ # If this field is present, the supplied key material is imported into
340
+ # the existing {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}. To import into an existing
341
+ # {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}, the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} must be a child of
342
+ # {::Google::Cloud::Kms::V1::ImportCryptoKeyVersionRequest#parent ImportCryptoKeyVersionRequest.parent}, have been previously created via
343
+ # [ImportCryptoKeyVersion][], and be in
344
+ # {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DESTROYED DESTROYED} or
345
+ # {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::IMPORT_FAILED IMPORT_FAILED}
346
+ # state. The key material and algorithm must match the previous
347
+ # {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} exactly if the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} has ever contained
348
+ # key material.
330
349
  # @!attribute [rw] algorithm
331
350
  # @return [::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionAlgorithm]
332
351
  # Required. The {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionAlgorithm algorithm} of
@@ -408,6 +427,36 @@ module Google
408
427
  extend ::Google::Protobuf::MessageExts::ClassMethods
409
428
  end
410
429
 
430
+ # Request message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#update_crypto_key_primary_version KeyManagementService.UpdateCryptoKeyPrimaryVersion}.
431
+ # @!attribute [rw] name
432
+ # @return [::String]
433
+ # Required. The resource name of the {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} to update.
434
+ # @!attribute [rw] crypto_key_version_id
435
+ # @return [::String]
436
+ # Required. The id of the child {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use as primary.
437
+ class UpdateCryptoKeyPrimaryVersionRequest
438
+ include ::Google::Protobuf::MessageExts
439
+ extend ::Google::Protobuf::MessageExts::ClassMethods
440
+ end
441
+
442
+ # Request message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#destroy_crypto_key_version KeyManagementService.DestroyCryptoKeyVersion}.
443
+ # @!attribute [rw] name
444
+ # @return [::String]
445
+ # Required. The resource name of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to destroy.
446
+ class DestroyCryptoKeyVersionRequest
447
+ include ::Google::Protobuf::MessageExts
448
+ extend ::Google::Protobuf::MessageExts::ClassMethods
449
+ end
450
+
451
+ # Request message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#restore_crypto_key_version KeyManagementService.RestoreCryptoKeyVersion}.
452
+ # @!attribute [rw] name
453
+ # @return [::String]
454
+ # Required. The resource name of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to restore.
455
+ class RestoreCryptoKeyVersionRequest
456
+ include ::Google::Protobuf::MessageExts
457
+ extend ::Google::Protobuf::MessageExts::ClassMethods
458
+ end
459
+
411
460
  # Request message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#encrypt KeyManagementService.Encrypt}.
412
461
  # @!attribute [rw] name
413
462
  # @return [::String]
@@ -452,8 +501,6 @@ module Google
452
501
  # different languages. However, it is a non-negative integer, which will
453
502
  # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
454
503
  # that support this type.
455
- #
456
- # NOTE: This field is in Beta.
457
504
  # @!attribute [rw] additional_authenticated_data_crc32c
458
505
  # @return [::Google::Protobuf::Int64Value]
459
506
  # Optional. An optional CRC32C checksum of the
@@ -470,8 +517,6 @@ module Google
470
517
  # different languages. However, it is a non-negative integer, which will
471
518
  # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
472
519
  # that support this type.
473
- #
474
- # NOTE: This field is in Beta.
475
520
  class EncryptRequest
476
521
  include ::Google::Protobuf::MessageExts
477
522
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -505,8 +550,6 @@ module Google
505
550
  # different languages. However, it is a non-negative integer, which will
506
551
  # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
507
552
  # that support this type.
508
- #
509
- # NOTE: This field is in Beta.
510
553
  # @!attribute [rw] additional_authenticated_data_crc32c
511
554
  # @return [::Google::Protobuf::Int64Value]
512
555
  # Optional. An optional CRC32C checksum of the
@@ -523,8 +566,6 @@ module Google
523
566
  # different languages. However, it is a non-negative integer, which will
524
567
  # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
525
568
  # that support this type.
526
- #
527
- # NOTE: This field is in Beta.
528
569
  class DecryptRequest
529
570
  include ::Google::Protobuf::MessageExts
530
571
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -536,7 +577,7 @@ module Google
536
577
  # Required. The resource name of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use for signing.
537
578
  # @!attribute [rw] digest
538
579
  # @return [::Google::Cloud::Kms::V1::Digest]
539
- # Required. The digest of the data to sign. The digest must be produced with
580
+ # Optional. The digest of the data to sign. The digest must be produced with
540
581
  # the same digest algorithm as specified by the key version's
541
582
  # {::Google::Cloud::Kms::V1::CryptoKeyVersion#algorithm algorithm}.
542
583
  # @!attribute [rw] digest_crc32c
@@ -554,8 +595,26 @@ module Google
554
595
  # different languages. However, it is a non-negative integer, which will
555
596
  # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
556
597
  # that support this type.
557
- #
558
- # NOTE: This field is in Beta.
598
+ # @!attribute [rw] data
599
+ # @return [::String]
600
+ # Optional. This field will only be honored for RAW_PKCS1 keys.
601
+ # The data to sign. A digest is computed over the data that will be signed,
602
+ # PKCS #1 padding is applied to the digest directly and then encrypted.
603
+ # @!attribute [rw] data_crc32c
604
+ # @return [::Google::Protobuf::Int64Value]
605
+ # Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::AsymmetricSignRequest#data AsymmetricSignRequest.data}. If
606
+ # specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the
607
+ # received {::Google::Cloud::Kms::V1::AsymmetricSignRequest#data AsymmetricSignRequest.data} using this checksum.
608
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
609
+ # fails. If you receive a checksum error, your client should verify that
610
+ # CRC32C({::Google::Cloud::Kms::V1::AsymmetricSignRequest#data AsymmetricSignRequest.data}) is equal to
611
+ # {::Google::Cloud::Kms::V1::AsymmetricSignRequest#data_crc32c AsymmetricSignRequest.data_crc32c}, and if so, perform a limited
612
+ # number of retries. A persistent mismatch may indicate an issue in your
613
+ # computation of the CRC32C checksum.
614
+ # Note: This field is defined as int64 for reasons of compatibility across
615
+ # different languages. However, it is a non-negative integer, which will
616
+ # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
617
+ # that support this type.
559
618
  class AsymmetricSignRequest
560
619
  include ::Google::Protobuf::MessageExts
561
620
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -585,35 +644,99 @@ module Google
585
644
  # different languages. However, it is a non-negative integer, which will
586
645
  # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
587
646
  # that support this type.
588
- #
589
- # NOTE: This field is in Beta.
590
647
  class AsymmetricDecryptRequest
591
648
  include ::Google::Protobuf::MessageExts
592
649
  extend ::Google::Protobuf::MessageExts::ClassMethods
593
650
  end
594
651
 
595
- # Response message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#decrypt KeyManagementService.Decrypt}.
596
- # @!attribute [rw] plaintext
652
+ # Request message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#mac_sign KeyManagementService.MacSign}.
653
+ # @!attribute [rw] name
597
654
  # @return [::String]
598
- # The decrypted data originally supplied in {::Google::Cloud::Kms::V1::EncryptRequest#plaintext EncryptRequest.plaintext}.
599
- # @!attribute [rw] plaintext_crc32c
655
+ # Required. The resource name of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use for signing.
656
+ # @!attribute [rw] data
657
+ # @return [::String]
658
+ # Required. The data to sign. The MAC tag is computed over this data field based on
659
+ # the specific algorithm.
660
+ # @!attribute [rw] data_crc32c
600
661
  # @return [::Google::Protobuf::Int64Value]
601
- # Integrity verification field. A CRC32C checksum of the returned
602
- # {::Google::Cloud::Kms::V1::DecryptResponse#plaintext DecryptResponse.plaintext}. An integrity check of
603
- # {::Google::Cloud::Kms::V1::DecryptResponse#plaintext DecryptResponse.plaintext} can be performed by computing the CRC32C
604
- # checksum of {::Google::Cloud::Kms::V1::DecryptResponse#plaintext DecryptResponse.plaintext} and comparing your results to
605
- # this field. Discard the response in case of non-matching checksum values,
606
- # and perform a limited number of retries. A persistent mismatch may indicate
607
- # an issue in your computation of the CRC32C checksum. Note: receiving this
608
- # response message indicates that {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} is able to
609
- # successfully decrypt the {::Google::Cloud::Kms::V1::DecryptRequest#ciphertext ciphertext}.
662
+ # Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::MacSignRequest#data MacSignRequest.data}. If
663
+ # specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the
664
+ # received {::Google::Cloud::Kms::V1::MacSignRequest#data MacSignRequest.data} using this checksum.
665
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
666
+ # fails. If you receive a checksum error, your client should verify that
667
+ # CRC32C({::Google::Cloud::Kms::V1::MacSignRequest#data MacSignRequest.data}) is equal to
668
+ # {::Google::Cloud::Kms::V1::MacSignRequest#data_crc32c MacSignRequest.data_crc32c}, and if so, perform a limited
669
+ # number of retries. A persistent mismatch may indicate an issue in your
670
+ # computation of the CRC32C checksum.
610
671
  # Note: This field is defined as int64 for reasons of compatibility across
611
672
  # different languages. However, it is a non-negative integer, which will
612
673
  # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
613
674
  # that support this type.
614
- #
615
- # NOTE: This field is in Beta.
616
- class DecryptResponse
675
+ class MacSignRequest
676
+ include ::Google::Protobuf::MessageExts
677
+ extend ::Google::Protobuf::MessageExts::ClassMethods
678
+ end
679
+
680
+ # Request message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#mac_verify KeyManagementService.MacVerify}.
681
+ # @!attribute [rw] name
682
+ # @return [::String]
683
+ # Required. The resource name of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use for verification.
684
+ # @!attribute [rw] data
685
+ # @return [::String]
686
+ # Required. The data used previously as a {::Google::Cloud::Kms::V1::MacSignRequest#data MacSignRequest.data} to generate the MAC
687
+ # tag.
688
+ # @!attribute [rw] data_crc32c
689
+ # @return [::Google::Protobuf::Int64Value]
690
+ # Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::MacVerifyRequest#data MacVerifyRequest.data}. If
691
+ # specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the
692
+ # received {::Google::Cloud::Kms::V1::MacVerifyRequest#data MacVerifyRequest.data} using this checksum.
693
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
694
+ # fails. If you receive a checksum error, your client should verify that
695
+ # CRC32C({::Google::Cloud::Kms::V1::MacVerifyRequest#data MacVerifyRequest.data}) is equal to
696
+ # {::Google::Cloud::Kms::V1::MacVerifyRequest#data_crc32c MacVerifyRequest.data_crc32c}, and if so, perform a limited
697
+ # number of retries. A persistent mismatch may indicate an issue in your
698
+ # computation of the CRC32C checksum.
699
+ # Note: This field is defined as int64 for reasons of compatibility across
700
+ # different languages. However, it is a non-negative integer, which will
701
+ # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
702
+ # that support this type.
703
+ # @!attribute [rw] mac
704
+ # @return [::String]
705
+ # Required. The signature to verify.
706
+ # @!attribute [rw] mac_crc32c
707
+ # @return [::Google::Protobuf::Int64Value]
708
+ # Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::MacVerifyRequest#mac MacVerifyRequest.mac}. If
709
+ # specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the
710
+ # received {::Google::Cloud::Kms::V1::MacVerifyRequest#mac MacVerifyRequest.mac} using this checksum.
711
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
712
+ # fails. If you receive a checksum error, your client should verify that
713
+ # CRC32C([MacVerifyRequest.tag][]) is equal to
714
+ # {::Google::Cloud::Kms::V1::MacVerifyRequest#mac_crc32c MacVerifyRequest.mac_crc32c}, and if so, perform a limited
715
+ # number of retries. A persistent mismatch may indicate an issue in your
716
+ # computation of the CRC32C checksum.
717
+ # Note: This field is defined as int64 for reasons of compatibility across
718
+ # different languages. However, it is a non-negative integer, which will
719
+ # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
720
+ # that support this type.
721
+ class MacVerifyRequest
722
+ include ::Google::Protobuf::MessageExts
723
+ extend ::Google::Protobuf::MessageExts::ClassMethods
724
+ end
725
+
726
+ # Request message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#generate_random_bytes KeyManagementService.GenerateRandomBytes}.
727
+ # @!attribute [rw] location
728
+ # @return [::String]
729
+ # The project-specific location in which to generate random bytes.
730
+ # For example, "projects/my-project/locations/us-central1".
731
+ # @!attribute [rw] length_bytes
732
+ # @return [::Integer]
733
+ # The length in bytes of the amount of randomness to retrieve. Minimum 8
734
+ # bytes, maximum 1024 bytes.
735
+ # @!attribute [rw] protection_level
736
+ # @return [::Google::Cloud::Kms::V1::ProtectionLevel]
737
+ # The {::Google::Cloud::Kms::V1::ProtectionLevel ProtectionLevel} to use when generating the random data. Defaults to
738
+ # {::Google::Cloud::Kms::V1::ProtectionLevel::SOFTWARE SOFTWARE}.
739
+ class GenerateRandomBytesRequest
617
740
  include ::Google::Protobuf::MessageExts
618
741
  extend ::Google::Protobuf::MessageExts::ClassMethods
619
742
  end
@@ -639,8 +762,6 @@ module Google
639
762
  # different languages. However, it is a non-negative integer, which will
640
763
  # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
641
764
  # that support this type.
642
- #
643
- # NOTE: This field is in Beta.
644
765
  # @!attribute [rw] verified_plaintext_crc32c
645
766
  # @return [::Boolean]
646
767
  # Integrity verification field. A flag indicating whether
@@ -651,8 +772,6 @@ module Google
651
772
  # that it was not delivered to {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}. If you've set
652
773
  # {::Google::Cloud::Kms::V1::EncryptRequest#plaintext_crc32c EncryptRequest.plaintext_crc32c} but this field is still false, discard
653
774
  # the response and perform a limited number of retries.
654
- #
655
- # NOTE: This field is in Beta.
656
775
  # @!attribute [rw] verified_additional_authenticated_data_crc32c
657
776
  # @return [::Boolean]
658
777
  # Integrity verification field. A flag indicating whether
@@ -664,13 +783,44 @@ module Google
664
783
  # that it was not delivered to {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}. If you've set
665
784
  # {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data_crc32c EncryptRequest.additional_authenticated_data_crc32c} but this field is
666
785
  # still false, discard the response and perform a limited number of retries.
667
- #
668
- # NOTE: This field is in Beta.
786
+ # @!attribute [rw] protection_level
787
+ # @return [::Google::Cloud::Kms::V1::ProtectionLevel]
788
+ # The {::Google::Cloud::Kms::V1::ProtectionLevel ProtectionLevel} of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} used in encryption.
669
789
  class EncryptResponse
670
790
  include ::Google::Protobuf::MessageExts
671
791
  extend ::Google::Protobuf::MessageExts::ClassMethods
672
792
  end
673
793
 
794
+ # Response message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#decrypt KeyManagementService.Decrypt}.
795
+ # @!attribute [rw] plaintext
796
+ # @return [::String]
797
+ # The decrypted data originally supplied in {::Google::Cloud::Kms::V1::EncryptRequest#plaintext EncryptRequest.plaintext}.
798
+ # @!attribute [rw] plaintext_crc32c
799
+ # @return [::Google::Protobuf::Int64Value]
800
+ # Integrity verification field. A CRC32C checksum of the returned
801
+ # {::Google::Cloud::Kms::V1::DecryptResponse#plaintext DecryptResponse.plaintext}. An integrity check of
802
+ # {::Google::Cloud::Kms::V1::DecryptResponse#plaintext DecryptResponse.plaintext} can be performed by computing the CRC32C
803
+ # checksum of {::Google::Cloud::Kms::V1::DecryptResponse#plaintext DecryptResponse.plaintext} and comparing your results to
804
+ # this field. Discard the response in case of non-matching checksum values,
805
+ # and perform a limited number of retries. A persistent mismatch may indicate
806
+ # an issue in your computation of the CRC32C checksum. Note: receiving this
807
+ # response message indicates that {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} is able to
808
+ # successfully decrypt the {::Google::Cloud::Kms::V1::DecryptRequest#ciphertext ciphertext}.
809
+ # Note: This field is defined as int64 for reasons of compatibility across
810
+ # different languages. However, it is a non-negative integer, which will
811
+ # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
812
+ # that support this type.
813
+ # @!attribute [rw] used_primary
814
+ # @return [::Boolean]
815
+ # Whether the Decryption was performed using the primary key version.
816
+ # @!attribute [rw] protection_level
817
+ # @return [::Google::Cloud::Kms::V1::ProtectionLevel]
818
+ # The {::Google::Cloud::Kms::V1::ProtectionLevel ProtectionLevel} of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} used in decryption.
819
+ class DecryptResponse
820
+ include ::Google::Protobuf::MessageExts
821
+ extend ::Google::Protobuf::MessageExts::ClassMethods
822
+ end
823
+
674
824
  # Response message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#asymmetric_sign KeyManagementService.AsymmetricSign}.
675
825
  # @!attribute [rw] signature
676
826
  # @return [::String]
@@ -688,8 +838,6 @@ module Google
688
838
  # different languages. However, it is a non-negative integer, which will
689
839
  # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
690
840
  # that support this type.
691
- #
692
- # NOTE: This field is in Beta.
693
841
  # @!attribute [rw] verified_digest_crc32c
694
842
  # @return [::Boolean]
695
843
  # Integrity verification field. A flag indicating whether
@@ -700,14 +848,23 @@ module Google
700
848
  # unset or that it was not delivered to {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}. If you've
701
849
  # set {::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest_crc32c AsymmetricSignRequest.digest_crc32c} but this field is still false,
702
850
  # discard the response and perform a limited number of retries.
703
- #
704
- # NOTE: This field is in Beta.
705
851
  # @!attribute [rw] name
706
852
  # @return [::String]
707
853
  # The resource name of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} used for signing. Check
708
854
  # this field to verify that the intended resource was used for signing.
709
- #
710
- # NOTE: This field is in Beta.
855
+ # @!attribute [rw] verified_data_crc32c
856
+ # @return [::Boolean]
857
+ # Integrity verification field. A flag indicating whether
858
+ # {::Google::Cloud::Kms::V1::AsymmetricSignRequest#data_crc32c AsymmetricSignRequest.data_crc32c} was received by
859
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} and used for the integrity verification of the
860
+ # {::Google::Cloud::Kms::V1::AsymmetricSignRequest#data data}. A false value of this field
861
+ # indicates either that {::Google::Cloud::Kms::V1::AsymmetricSignRequest#data_crc32c AsymmetricSignRequest.data_crc32c} was left
862
+ # unset or that it was not delivered to {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}. If you've
863
+ # set {::Google::Cloud::Kms::V1::AsymmetricSignRequest#data_crc32c AsymmetricSignRequest.data_crc32c} but this field is still false,
864
+ # discard the response and perform a limited number of retries.
865
+ # @!attribute [rw] protection_level
866
+ # @return [::Google::Cloud::Kms::V1::ProtectionLevel]
867
+ # The {::Google::Cloud::Kms::V1::ProtectionLevel ProtectionLevel} of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} used for signing.
711
868
  class AsymmetricSignResponse
712
869
  include ::Google::Protobuf::MessageExts
713
870
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -730,8 +887,6 @@ module Google
730
887
  # different languages. However, it is a non-negative integer, which will
731
888
  # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
732
889
  # that support this type.
733
- #
734
- # NOTE: This field is in Beta.
735
890
  # @!attribute [rw] verified_ciphertext_crc32c
736
891
  # @return [::Boolean]
737
892
  # Integrity verification field. A flag indicating whether
@@ -742,39 +897,115 @@ module Google
742
897
  # was left unset or that it was not delivered to {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}. If
743
898
  # you've set {::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext_crc32c AsymmetricDecryptRequest.ciphertext_crc32c} but this field is
744
899
  # still false, discard the response and perform a limited number of retries.
745
- #
746
- # NOTE: This field is in Beta.
900
+ # @!attribute [rw] protection_level
901
+ # @return [::Google::Cloud::Kms::V1::ProtectionLevel]
902
+ # The {::Google::Cloud::Kms::V1::ProtectionLevel ProtectionLevel} of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} used in decryption.
747
903
  class AsymmetricDecryptResponse
748
904
  include ::Google::Protobuf::MessageExts
749
905
  extend ::Google::Protobuf::MessageExts::ClassMethods
750
906
  end
751
907
 
752
- # Request message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#update_crypto_key_primary_version KeyManagementService.UpdateCryptoKeyPrimaryVersion}.
908
+ # Response message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#mac_sign KeyManagementService.MacSign}.
753
909
  # @!attribute [rw] name
754
910
  # @return [::String]
755
- # Required. The resource name of the {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} to update.
756
- # @!attribute [rw] crypto_key_version_id
911
+ # The resource name of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} used for signing. Check
912
+ # this field to verify that the intended resource was used for signing.
913
+ # @!attribute [rw] mac
757
914
  # @return [::String]
758
- # Required. The id of the child {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use as primary.
759
- class UpdateCryptoKeyPrimaryVersionRequest
915
+ # The created signature.
916
+ # @!attribute [rw] mac_crc32c
917
+ # @return [::Google::Protobuf::Int64Value]
918
+ # Integrity verification field. A CRC32C checksum of the returned
919
+ # {::Google::Cloud::Kms::V1::MacSignResponse#mac MacSignResponse.mac}. An integrity check of
920
+ # {::Google::Cloud::Kms::V1::MacSignResponse#mac MacSignResponse.mac} can be performed by computing the
921
+ # CRC32C checksum of {::Google::Cloud::Kms::V1::MacSignResponse#mac MacSignResponse.mac} and comparing your
922
+ # results to this field. Discard the response in case of non-matching
923
+ # checksum values, and perform a limited number of retries. A persistent
924
+ # mismatch may indicate an issue in your computation of the CRC32C checksum.
925
+ # Note: This field is defined as int64 for reasons of compatibility across
926
+ # different languages. However, it is a non-negative integer, which will
927
+ # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
928
+ # that support this type.
929
+ # @!attribute [rw] verified_data_crc32c
930
+ # @return [::Boolean]
931
+ # Integrity verification field. A flag indicating whether
932
+ # {::Google::Cloud::Kms::V1::MacSignRequest#data_crc32c MacSignRequest.data_crc32c} was received by
933
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} and used for the integrity verification of the
934
+ # {::Google::Cloud::Kms::V1::MacSignRequest#data data}. A false value of this field
935
+ # indicates either that {::Google::Cloud::Kms::V1::MacSignRequest#data_crc32c MacSignRequest.data_crc32c} was left
936
+ # unset or that it was not delivered to {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}. If you've
937
+ # set {::Google::Cloud::Kms::V1::MacSignRequest#data_crc32c MacSignRequest.data_crc32c} but this field is still false,
938
+ # discard the response and perform a limited number of retries.
939
+ # @!attribute [rw] protection_level
940
+ # @return [::Google::Cloud::Kms::V1::ProtectionLevel]
941
+ # The {::Google::Cloud::Kms::V1::ProtectionLevel ProtectionLevel} of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} used for signing.
942
+ class MacSignResponse
760
943
  include ::Google::Protobuf::MessageExts
761
944
  extend ::Google::Protobuf::MessageExts::ClassMethods
762
945
  end
763
946
 
764
- # Request message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#destroy_crypto_key_version KeyManagementService.DestroyCryptoKeyVersion}.
947
+ # Response message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#mac_verify KeyManagementService.MacVerify}.
765
948
  # @!attribute [rw] name
766
949
  # @return [::String]
767
- # Required. The resource name of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to destroy.
768
- class DestroyCryptoKeyVersionRequest
950
+ # The resource name of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} used for verification.
951
+ # Check this field to verify that the intended resource was used for
952
+ # verification.
953
+ # @!attribute [rw] success
954
+ # @return [::Boolean]
955
+ # This field indicates whether or not the verification operation for
956
+ # {::Google::Cloud::Kms::V1::MacVerifyRequest#mac MacVerifyRequest.mac} over {::Google::Cloud::Kms::V1::MacVerifyRequest#data MacVerifyRequest.data} was successful.
957
+ # @!attribute [rw] verified_data_crc32c
958
+ # @return [::Boolean]
959
+ # Integrity verification field. A flag indicating whether
960
+ # {::Google::Cloud::Kms::V1::MacVerifyRequest#data_crc32c MacVerifyRequest.data_crc32c} was received by
961
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} and used for the integrity verification of the
962
+ # {::Google::Cloud::Kms::V1::MacVerifyRequest#data data}. A false value of this field
963
+ # indicates either that {::Google::Cloud::Kms::V1::MacVerifyRequest#data_crc32c MacVerifyRequest.data_crc32c} was left
964
+ # unset or that it was not delivered to {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}. If you've
965
+ # set {::Google::Cloud::Kms::V1::MacVerifyRequest#data_crc32c MacVerifyRequest.data_crc32c} but this field is still false,
966
+ # discard the response and perform a limited number of retries.
967
+ # @!attribute [rw] verified_mac_crc32c
968
+ # @return [::Boolean]
969
+ # Integrity verification field. A flag indicating whether
970
+ # {::Google::Cloud::Kms::V1::MacVerifyRequest#mac_crc32c MacVerifyRequest.mac_crc32c} was received by
971
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} and used for the integrity verification of the
972
+ # {::Google::Cloud::Kms::V1::MacVerifyRequest#mac data}. A false value of this field
973
+ # indicates either that {::Google::Cloud::Kms::V1::MacVerifyRequest#mac_crc32c MacVerifyRequest.mac_crc32c} was left
974
+ # unset or that it was not delivered to {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}. If you've
975
+ # set {::Google::Cloud::Kms::V1::MacVerifyRequest#mac_crc32c MacVerifyRequest.mac_crc32c} but this field is still false,
976
+ # discard the response and perform a limited number of retries.
977
+ # @!attribute [rw] verified_success_integrity
978
+ # @return [::Boolean]
979
+ # Integrity verification field. This value is used for the integrity
980
+ # verification of [MacVerifyResponse.success]. If the value of this field
981
+ # contradicts the value of [MacVerifyResponse.success], discard the response
982
+ # and perform a limited number of retries.
983
+ # @!attribute [rw] protection_level
984
+ # @return [::Google::Cloud::Kms::V1::ProtectionLevel]
985
+ # The {::Google::Cloud::Kms::V1::ProtectionLevel ProtectionLevel} of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} used for verification.
986
+ class MacVerifyResponse
769
987
  include ::Google::Protobuf::MessageExts
770
988
  extend ::Google::Protobuf::MessageExts::ClassMethods
771
989
  end
772
990
 
773
- # Request message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#restore_crypto_key_version KeyManagementService.RestoreCryptoKeyVersion}.
774
- # @!attribute [rw] name
991
+ # Response message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#generate_random_bytes KeyManagementService.GenerateRandomBytes}.
992
+ # @!attribute [rw] data
775
993
  # @return [::String]
776
- # Required. The resource name of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to restore.
777
- class RestoreCryptoKeyVersionRequest
994
+ # The generated data.
995
+ # @!attribute [rw] data_crc32c
996
+ # @return [::Google::Protobuf::Int64Value]
997
+ # Integrity verification field. A CRC32C checksum of the returned
998
+ # {::Google::Cloud::Kms::V1::GenerateRandomBytesResponse#data GenerateRandomBytesResponse.data}. An integrity check of
999
+ # {::Google::Cloud::Kms::V1::GenerateRandomBytesResponse#data GenerateRandomBytesResponse.data} can be performed by computing the
1000
+ # CRC32C checksum of {::Google::Cloud::Kms::V1::GenerateRandomBytesResponse#data GenerateRandomBytesResponse.data} and comparing your
1001
+ # results to this field. Discard the response in case of non-matching
1002
+ # checksum values, and perform a limited number of retries. A persistent
1003
+ # mismatch may indicate an issue in your computation of the CRC32C checksum.
1004
+ # Note: This field is defined as int64 for reasons of compatibility across
1005
+ # different languages. However, it is a non-negative integer, which will
1006
+ # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
1007
+ # that support this type.
1008
+ class GenerateRandomBytesResponse
778
1009
  include ::Google::Protobuf::MessageExts
779
1010
  extend ::Google::Protobuf::MessageExts::ClassMethods
780
1011
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: google-cloud-kms-v1
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.6.2
4
+ version: 0.10.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Google LLC
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-07-12 00:00:00.000000000 Z
11
+ date: 2021-10-21 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: gapic-common
@@ -16,7 +16,7 @@ dependencies:
16
16
  requirements:
17
17
  - - ">="
18
18
  - !ruby/object:Gem::Version
19
- version: '0.5'
19
+ version: '0.7'
20
20
  - - "<"
21
21
  - !ruby/object:Gem::Version
22
22
  version: 2.a
@@ -26,7 +26,7 @@ dependencies:
26
26
  requirements:
27
27
  - - ">="
28
28
  - !ruby/object:Gem::Version
29
- version: '0.5'
29
+ version: '0.7'
30
30
  - - "<"
31
31
  - !ruby/object:Gem::Version
32
32
  version: 2.a