google-cloud-kms-v1 0.7.0 → 0.10.1

data/lib/google/cloud/kms/v1/resources_pb.rb

@@ -1,14 +1,14 @@
 # Generated by the protocol buffer compiler.  DO NOT EDIT!
 # source: google/cloud/kms/v1/resources.proto
 
-require 'google/protobuf'
-
 require 'google/api/field_behavior_pb'
 require 'google/api/resource_pb'
 require 'google/protobuf/duration_pb'
 require 'google/protobuf/timestamp_pb'
 require 'google/protobuf/wrappers_pb'
 require 'google/api/annotations_pb'
+require 'google/protobuf'
+
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_file("google/cloud/kms/v1/resources.proto", :syntax => :proto3) do
     add_message "google.cloud.kms.v1.KeyRing" do
@@ -63,6 +63,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       optional :import_time, :message, 15, "google.protobuf.Timestamp"
       optional :import_failure_reason, :string, 16
       optional :external_protection_level_options, :message, 17, "google.cloud.kms.v1.ExternalProtectionLevelOptions"
+      optional :reimport_eligible, :bool, 18
     end
     add_enum "google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm" do
       value :CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED, 0
@@ -75,10 +76,16 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       value :RSA_SIGN_PKCS1_3072_SHA256, 6
       value :RSA_SIGN_PKCS1_4096_SHA256, 7
       value :RSA_SIGN_PKCS1_4096_SHA512, 16
+      value :RSA_SIGN_RAW_PKCS1_2048, 28
+      value :RSA_SIGN_RAW_PKCS1_3072, 29
+      value :RSA_SIGN_RAW_PKCS1_4096, 30
       value :RSA_DECRYPT_OAEP_2048_SHA256, 8
       value :RSA_DECRYPT_OAEP_3072_SHA256, 9
       value :RSA_DECRYPT_OAEP_4096_SHA256, 10
       value :RSA_DECRYPT_OAEP_4096_SHA512, 17
+      value :RSA_DECRYPT_OAEP_2048_SHA1, 37
+      value :RSA_DECRYPT_OAEP_3072_SHA1, 38
+      value :RSA_DECRYPT_OAEP_4096_SHA1, 39
       value :EC_SIGN_P256_SHA256, 12
       value :EC_SIGN_P384_SHA384, 13
       value :EC_SIGN_SECP256K1_SHA256, 31

data/lib/google/cloud/kms/v1/service_pb.rb

@@ -1,8 +1,6 @@
 # Generated by the protocol buffer compiler.  DO NOT EDIT!
 # source: google/cloud/kms/v1/service.proto
 
-require 'google/protobuf'
-
 require 'google/api/annotations_pb'
 require 'google/api/client_pb'
 require 'google/api/field_behavior_pb'
@@ -10,6 +8,8 @@ require 'google/api/resource_pb'
 require 'google/cloud/kms/v1/resources_pb'
 require 'google/protobuf/field_mask_pb'
 require 'google/protobuf/wrappers_pb'
+require 'google/protobuf'
+
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_file("google/cloud/kms/v1/service.proto", :syntax => :proto3) do
     add_message "google.cloud.kms.v1.ListKeyRingsRequest" do
@@ -94,6 +94,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
     end
     add_message "google.cloud.kms.v1.ImportCryptoKeyVersionRequest" do
       optional :parent, :string, 1
+      optional :crypto_key_version, :string, 6
       optional :algorithm, :enum, 2, "google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm"
       optional :import_job, :string, 4
       oneof :wrapped_key_material do
@@ -141,6 +142,8 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       optional :name, :string, 1
       optional :digest, :message, 3, "google.cloud.kms.v1.Digest"
       optional :digest_crc32c, :message, 4, "google.protobuf.Int64Value"
+      optional :data, :bytes, 6
+      optional :data_crc32c, :message, 7, "google.protobuf.Int64Value"
     end
     add_message "google.cloud.kms.v1.AsymmetricDecryptRequest" do
       optional :name, :string, 1
@@ -183,6 +186,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       optional :signature_crc32c, :message, 2, "google.protobuf.Int64Value"
       optional :verified_digest_crc32c, :bool, 3
       optional :name, :string, 4
+      optional :verified_data_crc32c, :bool, 5
       optional :protection_level, :enum, 6, "google.cloud.kms.v1.ProtectionLevel"
     end
     add_message "google.cloud.kms.v1.AsymmetricDecryptResponse" do

data/lib/google/cloud/kms/v1/service_services_pb.rb

@@ -38,7 +38,7 @@ module Google
           # [Using gRPC with Cloud KMS](https://cloud.google.com/kms/docs/grpc).
           class Service
 
-            include GRPC::GenericService
+            include ::GRPC::GenericService
 
             self.marshal_class_method = :encode
             self.unmarshal_class_method = :decode
@@ -80,11 +80,12 @@ module Google
             # [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to
             # [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED].
             rpc :CreateCryptoKeyVersion, ::Google::Cloud::Kms::V1::CreateCryptoKeyVersionRequest, ::Google::Cloud::Kms::V1::CryptoKeyVersion
-            # Imports a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] into an existing [CryptoKey][google.cloud.kms.v1.CryptoKey] using the
-            # wrapped key material provided in the request.
+            # Import wrapped key material into a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
             #
-            # The version ID will be assigned the next sequential id within the
-            # [CryptoKey][google.cloud.kms.v1.CryptoKey].
+            # All requests must specify a [CryptoKey][google.cloud.kms.v1.CryptoKey]. If a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] is
+            # additionally specified in the request, key material will be reimported into
+            # that version. Otherwise, a new version will be created, and will be
+            # assigned the next sequential id within the [CryptoKey][google.cloud.kms.v1.CryptoKey].
             rpc :ImportCryptoKeyVersion, ::Google::Cloud::Kms::V1::ImportCryptoKeyVersionRequest, ::Google::Cloud::Kms::V1::CryptoKeyVersion
             # Create a new [ImportJob][google.cloud.kms.v1.ImportJob] within a [KeyRing][google.cloud.kms.v1.KeyRing].
             #
@@ -108,10 +109,11 @@ module Google
             # Schedule a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] for destruction.
             #
             # Upon calling this method, [CryptoKeyVersion.state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to
-            # [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED]
-            # and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will be set to a time 24
-            # hours in the future, at which point the [state][google.cloud.kms.v1.CryptoKeyVersion.state]
-            # will be changed to
+            # [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED],
+            # and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will be set to the time
+            # [destroy_scheduled_duration][google.cloud.kms.v1.CryptoKey.destroy_scheduled_duration] in the
+            # future. At that time, the [state][google.cloud.kms.v1.CryptoKeyVersion.state] will
+            # automatically change to
             # [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED], and the key
             # material will be irrevocably destroyed.
             #

data/lib/google/cloud/kms/v1/version.rb

@@ -21,7 +21,7 @@ module Google
   module Cloud
     module Kms
       module V1
-        VERSION = "0.7.0"
+        VERSION = "0.10.1"
       end
     end
   end

data/proto_docs/google/cloud/kms/v1/resources.rb

@@ -249,16 +249,16 @@ module Google
         #     {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DESTROYED DESTROYED}.
         # @!attribute [r] import_job
         #   @return [::String]
-        #     Output only. The name of the {::Google::Cloud::Kms::V1::ImportJob ImportJob} used to import this
+        #     Output only. The name of the {::Google::Cloud::Kms::V1::ImportJob ImportJob} used in the most recent import of this
         #     {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}. Only present if the underlying key material was
         #     imported.
         # @!attribute [r] import_time
         #   @return [::Google::Protobuf::Timestamp]
         #     Output only. The time at which this {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}'s key material
-        #     was imported.
+        #     was most recently imported.
         # @!attribute [r] import_failure_reason
         #   @return [::String]
-        #     Output only. The root cause of an import failure. Only present if
+        #     Output only. The root cause of the most recent import failure. Only present if
         #     {::Google::Cloud::Kms::V1::CryptoKeyVersion#state state} is
         #     {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::IMPORT_FAILED IMPORT_FAILED}.
         # @!attribute [rw] external_protection_level_options
@@ -266,6 +266,11 @@ module Google
         #     ExternalProtectionLevelOptions stores a group of additional fields for
         #     configuring a {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} that are specific to the
         #     {::Google::Cloud::Kms::V1::ProtectionLevel::EXTERNAL EXTERNAL} protection level.
+        # @!attribute [r] reimport_eligible
+        #   @return [::Boolean]
+        #     Output only. Whether or not this key version is eligible for reimport, by being
+        #     specified as a target in
+        #     {::Google::Cloud::Kms::V1::ImportCryptoKeyVersionRequest#crypto_key_version ImportCryptoKeyVersionRequest.crypto_key_version}.
         class CryptoKeyVersion
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -341,6 +346,15 @@ module Google
             # RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest.
             RSA_SIGN_PKCS1_4096_SHA512 = 16
 
+            # RSASSA-PKCS1-v1_5 signing without encoding, with a 2048 bit key.
+            RSA_SIGN_RAW_PKCS1_2048 = 28
+
+            # RSASSA-PKCS1-v1_5 signing without encoding, with a 3072 bit key.
+            RSA_SIGN_RAW_PKCS1_3072 = 29
+
+            # RSASSA-PKCS1-v1_5 signing without encoding, with a 4096 bit key.
+            RSA_SIGN_RAW_PKCS1_4096 = 30
+
             # RSAES-OAEP 2048 bit key with a SHA256 digest.
             RSA_DECRYPT_OAEP_2048_SHA256 = 8
 
@@ -353,6 +367,15 @@ module Google
             # RSAES-OAEP 4096 bit key with a SHA512 digest.
             RSA_DECRYPT_OAEP_4096_SHA512 = 17
 
+            # RSAES-OAEP 2048 bit key with a SHA1 digest.
+            RSA_DECRYPT_OAEP_2048_SHA1 = 37
+
+            # RSAES-OAEP 3072 bit key with a SHA1 digest.
+            RSA_DECRYPT_OAEP_3072_SHA1 = 38
+
+            # RSAES-OAEP 4096 bit key with a SHA1 digest.
+            RSA_DECRYPT_OAEP_4096_SHA1 = 39
+
             # ECDSA on the NIST P-256 curve with a SHA256 digest.
             EC_SIGN_P256_SHA256 = 12
 
@@ -388,6 +411,10 @@ module Google
             DISABLED = 2
 
             # This version is destroyed, and the key material is no longer stored.
+            # This version may only become {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::ENABLED ENABLED} again if this version is
+            # {::Google::Cloud::Kms::V1::CryptoKeyVersion#reimport_eligible reimport_eligible} and the original
+            # key material is reimported with a call to
+            # {::Google::Cloud::Kms::V1::KeyManagementService::Client#import_crypto_key_version KeyManagementService.ImportCryptoKeyVersion}.
             DESTROYED = 3
 
             # This version is scheduled for destruction, and will be destroyed soon.

data/proto_docs/google/cloud/kms/v1/service.rb

@@ -325,8 +325,27 @@ module Google
         # Request message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#import_crypto_key_version KeyManagementService.ImportCryptoKeyVersion}.
         # @!attribute [rw] parent
         #   @return [::String]
-        #     Required. The {::Google::Cloud::Kms::V1::CryptoKey#name name} of the {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} to
-        #     be imported into.
+        #     Required. The {::Google::Cloud::Kms::V1::CryptoKey#name name} of the {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} to be imported into.
+        #
+        #     The create permission is only required on this key when creating a new
+        #     {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}.
+        # @!attribute [rw] crypto_key_version
+        #   @return [::String]
+        #     Optional. The optional {::Google::Cloud::Kms::V1::CryptoKeyVersion#name name} of an existing
+        #     {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to target for an import operation.
+        #     If this field is not present, a new {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} containing the
+        #     supplied key material is created.
+        #
+        #     If this field is present, the supplied key material is imported into
+        #     the existing {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}. To import into an existing
+        #     {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}, the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} must be a child of
+        #     {::Google::Cloud::Kms::V1::ImportCryptoKeyVersionRequest#parent ImportCryptoKeyVersionRequest.parent}, have been previously created via
+        #     [ImportCryptoKeyVersion][], and be in
+        #     {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DESTROYED DESTROYED} or
+        #     {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::IMPORT_FAILED IMPORT_FAILED}
+        #     state. The key material and algorithm must match the previous
+        #     {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} exactly if the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} has ever contained
+        #     key material.
         # @!attribute [rw] algorithm
         #   @return [::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionAlgorithm]
         #     Required. The {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionAlgorithm algorithm} of
@@ -558,7 +577,7 @@ module Google
         #     Required. The resource name of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use for signing.
         # @!attribute [rw] digest
         #   @return [::Google::Cloud::Kms::V1::Digest]
-        #     Required. The digest of the data to sign. The digest must be produced with
+        #     Optional. The digest of the data to sign. The digest must be produced with
         #     the same digest algorithm as specified by the key version's
         #     {::Google::Cloud::Kms::V1::CryptoKeyVersion#algorithm algorithm}.
         # @!attribute [rw] digest_crc32c
@@ -576,6 +595,26 @@ module Google
         #     different languages. However, it is a non-negative integer, which will
         #     never exceed 2^32-1, and can be safely downconverted to uint32 in languages
         #     that support this type.
+        # @!attribute [rw] data
+        #   @return [::String]
+        #     Optional. This field will only be honored for RAW_PKCS1 keys.
+        #     The data to sign. A digest is computed over the data that will be signed,
+        #     PKCS #1 padding is applied to the digest directly and then encrypted.
+        # @!attribute [rw] data_crc32c
+        #   @return [::Google::Protobuf::Int64Value]
+        #     Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::AsymmetricSignRequest#data AsymmetricSignRequest.data}. If
+        #     specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the
+        #     received {::Google::Cloud::Kms::V1::AsymmetricSignRequest#data AsymmetricSignRequest.data} using this checksum.
+        #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
+        #     fails. If you receive a checksum error, your client should verify that
+        #     CRC32C({::Google::Cloud::Kms::V1::AsymmetricSignRequest#data AsymmetricSignRequest.data}) is equal to
+        #     {::Google::Cloud::Kms::V1::AsymmetricSignRequest#data_crc32c AsymmetricSignRequest.data_crc32c}, and if so, perform a limited
+        #     number of retries. A persistent mismatch may indicate an issue in your
+        #     computation of the CRC32C checksum.
+        #     Note: This field is defined as int64 for reasons of compatibility across
+        #     different languages. However, it is a non-negative integer, which will
+        #     never exceed 2^32-1, and can be safely downconverted to uint32 in languages
+        #     that support this type.
         class AsymmetricSignRequest
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -813,6 +852,16 @@ module Google
         #   @return [::String]
         #     The resource name of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} used for signing. Check
         #     this field to verify that the intended resource was used for signing.
+        # @!attribute [rw] verified_data_crc32c
+        #   @return [::Boolean]
+        #     Integrity verification field. A flag indicating whether
+        #     {::Google::Cloud::Kms::V1::AsymmetricSignRequest#data_crc32c AsymmetricSignRequest.data_crc32c} was received by
+        #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} and used for the integrity verification of the
+        #     {::Google::Cloud::Kms::V1::AsymmetricSignRequest#data data}. A false value of this field
+        #     indicates either that {::Google::Cloud::Kms::V1::AsymmetricSignRequest#data_crc32c AsymmetricSignRequest.data_crc32c} was left
+        #     unset or that it was not delivered to {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}. If you've
+        #     set {::Google::Cloud::Kms::V1::AsymmetricSignRequest#data_crc32c AsymmetricSignRequest.data_crc32c} but this field is still false,
+        #     discard the response and perform a limited number of retries.
         # @!attribute [rw] protection_level
         #   @return [::Google::Cloud::Kms::V1::ProtectionLevel]
         #     The {::Google::Cloud::Kms::V1::ProtectionLevel ProtectionLevel} of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} used for signing.

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: google-cloud-kms-v1
 version: !ruby/object:Gem::Version
-  version: 0.7.0
+  version: 0.10.1
 platform: ruby
 authors:
 - Google LLC
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-08-11 00:00:00.000000000 Z
+date: 2021-11-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: gapic-common