google-cloud-kms-v1 0.7.0 → 0.10.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -1,14 +1,14 @@
1
1
  # Generated by the protocol buffer compiler. DO NOT EDIT!
2
2
  # source: google/cloud/kms/v1/resources.proto
3
3
 
4
- require 'google/protobuf'
5
-
6
4
  require 'google/api/field_behavior_pb'
7
5
  require 'google/api/resource_pb'
8
6
  require 'google/protobuf/duration_pb'
9
7
  require 'google/protobuf/timestamp_pb'
10
8
  require 'google/protobuf/wrappers_pb'
11
9
  require 'google/api/annotations_pb'
10
+ require 'google/protobuf'
11
+
12
12
  Google::Protobuf::DescriptorPool.generated_pool.build do
13
13
  add_file("google/cloud/kms/v1/resources.proto", :syntax => :proto3) do
14
14
  add_message "google.cloud.kms.v1.KeyRing" do
@@ -63,6 +63,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
63
63
  optional :import_time, :message, 15, "google.protobuf.Timestamp"
64
64
  optional :import_failure_reason, :string, 16
65
65
  optional :external_protection_level_options, :message, 17, "google.cloud.kms.v1.ExternalProtectionLevelOptions"
66
+ optional :reimport_eligible, :bool, 18
66
67
  end
67
68
  add_enum "google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm" do
68
69
  value :CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED, 0
@@ -75,10 +76,16 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
75
76
  value :RSA_SIGN_PKCS1_3072_SHA256, 6
76
77
  value :RSA_SIGN_PKCS1_4096_SHA256, 7
77
78
  value :RSA_SIGN_PKCS1_4096_SHA512, 16
79
+ value :RSA_SIGN_RAW_PKCS1_2048, 28
80
+ value :RSA_SIGN_RAW_PKCS1_3072, 29
81
+ value :RSA_SIGN_RAW_PKCS1_4096, 30
78
82
  value :RSA_DECRYPT_OAEP_2048_SHA256, 8
79
83
  value :RSA_DECRYPT_OAEP_3072_SHA256, 9
80
84
  value :RSA_DECRYPT_OAEP_4096_SHA256, 10
81
85
  value :RSA_DECRYPT_OAEP_4096_SHA512, 17
86
+ value :RSA_DECRYPT_OAEP_2048_SHA1, 37
87
+ value :RSA_DECRYPT_OAEP_3072_SHA1, 38
88
+ value :RSA_DECRYPT_OAEP_4096_SHA1, 39
82
89
  value :EC_SIGN_P256_SHA256, 12
83
90
  value :EC_SIGN_P384_SHA384, 13
84
91
  value :EC_SIGN_SECP256K1_SHA256, 31
@@ -1,8 +1,6 @@
1
1
  # Generated by the protocol buffer compiler. DO NOT EDIT!
2
2
  # source: google/cloud/kms/v1/service.proto
3
3
 
4
- require 'google/protobuf'
5
-
6
4
  require 'google/api/annotations_pb'
7
5
  require 'google/api/client_pb'
8
6
  require 'google/api/field_behavior_pb'
@@ -10,6 +8,8 @@ require 'google/api/resource_pb'
10
8
  require 'google/cloud/kms/v1/resources_pb'
11
9
  require 'google/protobuf/field_mask_pb'
12
10
  require 'google/protobuf/wrappers_pb'
11
+ require 'google/protobuf'
12
+
13
13
  Google::Protobuf::DescriptorPool.generated_pool.build do
14
14
  add_file("google/cloud/kms/v1/service.proto", :syntax => :proto3) do
15
15
  add_message "google.cloud.kms.v1.ListKeyRingsRequest" do
@@ -94,6 +94,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
94
94
  end
95
95
  add_message "google.cloud.kms.v1.ImportCryptoKeyVersionRequest" do
96
96
  optional :parent, :string, 1
97
+ optional :crypto_key_version, :string, 6
97
98
  optional :algorithm, :enum, 2, "google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm"
98
99
  optional :import_job, :string, 4
99
100
  oneof :wrapped_key_material do
@@ -141,6 +142,8 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
141
142
  optional :name, :string, 1
142
143
  optional :digest, :message, 3, "google.cloud.kms.v1.Digest"
143
144
  optional :digest_crc32c, :message, 4, "google.protobuf.Int64Value"
145
+ optional :data, :bytes, 6
146
+ optional :data_crc32c, :message, 7, "google.protobuf.Int64Value"
144
147
  end
145
148
  add_message "google.cloud.kms.v1.AsymmetricDecryptRequest" do
146
149
  optional :name, :string, 1
@@ -183,6 +186,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
183
186
  optional :signature_crc32c, :message, 2, "google.protobuf.Int64Value"
184
187
  optional :verified_digest_crc32c, :bool, 3
185
188
  optional :name, :string, 4
189
+ optional :verified_data_crc32c, :bool, 5
186
190
  optional :protection_level, :enum, 6, "google.cloud.kms.v1.ProtectionLevel"
187
191
  end
188
192
  add_message "google.cloud.kms.v1.AsymmetricDecryptResponse" do
@@ -38,7 +38,7 @@ module Google
38
38
  # [Using gRPC with Cloud KMS](https://cloud.google.com/kms/docs/grpc).
39
39
  class Service
40
40
 
41
- include GRPC::GenericService
41
+ include ::GRPC::GenericService
42
42
 
43
43
  self.marshal_class_method = :encode
44
44
  self.unmarshal_class_method = :decode
@@ -80,11 +80,12 @@ module Google
80
80
  # [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to
81
81
  # [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED].
82
82
  rpc :CreateCryptoKeyVersion, ::Google::Cloud::Kms::V1::CreateCryptoKeyVersionRequest, ::Google::Cloud::Kms::V1::CryptoKeyVersion
83
- # Imports a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] into an existing [CryptoKey][google.cloud.kms.v1.CryptoKey] using the
84
- # wrapped key material provided in the request.
83
+ # Import wrapped key material into a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
85
84
  #
86
- # The version ID will be assigned the next sequential id within the
87
- # [CryptoKey][google.cloud.kms.v1.CryptoKey].
85
+ # All requests must specify a [CryptoKey][google.cloud.kms.v1.CryptoKey]. If a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] is
86
+ # additionally specified in the request, key material will be reimported into
87
+ # that version. Otherwise, a new version will be created, and will be
88
+ # assigned the next sequential id within the [CryptoKey][google.cloud.kms.v1.CryptoKey].
88
89
  rpc :ImportCryptoKeyVersion, ::Google::Cloud::Kms::V1::ImportCryptoKeyVersionRequest, ::Google::Cloud::Kms::V1::CryptoKeyVersion
89
90
  # Create a new [ImportJob][google.cloud.kms.v1.ImportJob] within a [KeyRing][google.cloud.kms.v1.KeyRing].
90
91
  #
@@ -108,10 +109,11 @@ module Google
108
109
  # Schedule a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] for destruction.
109
110
  #
110
111
  # Upon calling this method, [CryptoKeyVersion.state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to
111
- # [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED]
112
- # and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will be set to a time 24
113
- # hours in the future, at which point the [state][google.cloud.kms.v1.CryptoKeyVersion.state]
114
- # will be changed to
112
+ # [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED],
113
+ # and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will be set to the time
114
+ # [destroy_scheduled_duration][google.cloud.kms.v1.CryptoKey.destroy_scheduled_duration] in the
115
+ # future. At that time, the [state][google.cloud.kms.v1.CryptoKeyVersion.state] will
116
+ # automatically change to
115
117
  # [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED], and the key
116
118
  # material will be irrevocably destroyed.
117
119
  #
@@ -21,7 +21,7 @@ module Google
21
21
  module Cloud
22
22
  module Kms
23
23
  module V1
24
- VERSION = "0.7.0"
24
+ VERSION = "0.10.1"
25
25
  end
26
26
  end
27
27
  end
@@ -249,16 +249,16 @@ module Google
249
249
  # {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DESTROYED DESTROYED}.
250
250
  # @!attribute [r] import_job
251
251
  # @return [::String]
252
- # Output only. The name of the {::Google::Cloud::Kms::V1::ImportJob ImportJob} used to import this
252
+ # Output only. The name of the {::Google::Cloud::Kms::V1::ImportJob ImportJob} used in the most recent import of this
253
253
  # {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}. Only present if the underlying key material was
254
254
  # imported.
255
255
  # @!attribute [r] import_time
256
256
  # @return [::Google::Protobuf::Timestamp]
257
257
  # Output only. The time at which this {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}'s key material
258
- # was imported.
258
+ # was most recently imported.
259
259
  # @!attribute [r] import_failure_reason
260
260
  # @return [::String]
261
- # Output only. The root cause of an import failure. Only present if
261
+ # Output only. The root cause of the most recent import failure. Only present if
262
262
  # {::Google::Cloud::Kms::V1::CryptoKeyVersion#state state} is
263
263
  # {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::IMPORT_FAILED IMPORT_FAILED}.
264
264
  # @!attribute [rw] external_protection_level_options
@@ -266,6 +266,11 @@ module Google
266
266
  # ExternalProtectionLevelOptions stores a group of additional fields for
267
267
  # configuring a {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} that are specific to the
268
268
  # {::Google::Cloud::Kms::V1::ProtectionLevel::EXTERNAL EXTERNAL} protection level.
269
+ # @!attribute [r] reimport_eligible
270
+ # @return [::Boolean]
271
+ # Output only. Whether or not this key version is eligible for reimport, by being
272
+ # specified as a target in
273
+ # {::Google::Cloud::Kms::V1::ImportCryptoKeyVersionRequest#crypto_key_version ImportCryptoKeyVersionRequest.crypto_key_version}.
269
274
  class CryptoKeyVersion
270
275
  include ::Google::Protobuf::MessageExts
271
276
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -341,6 +346,15 @@ module Google
341
346
  # RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest.
342
347
  RSA_SIGN_PKCS1_4096_SHA512 = 16
343
348
 
349
+ # RSASSA-PKCS1-v1_5 signing without encoding, with a 2048 bit key.
350
+ RSA_SIGN_RAW_PKCS1_2048 = 28
351
+
352
+ # RSASSA-PKCS1-v1_5 signing without encoding, with a 3072 bit key.
353
+ RSA_SIGN_RAW_PKCS1_3072 = 29
354
+
355
+ # RSASSA-PKCS1-v1_5 signing without encoding, with a 4096 bit key.
356
+ RSA_SIGN_RAW_PKCS1_4096 = 30
357
+
344
358
  # RSAES-OAEP 2048 bit key with a SHA256 digest.
345
359
  RSA_DECRYPT_OAEP_2048_SHA256 = 8
346
360
 
@@ -353,6 +367,15 @@ module Google
353
367
  # RSAES-OAEP 4096 bit key with a SHA512 digest.
354
368
  RSA_DECRYPT_OAEP_4096_SHA512 = 17
355
369
 
370
+ # RSAES-OAEP 2048 bit key with a SHA1 digest.
371
+ RSA_DECRYPT_OAEP_2048_SHA1 = 37
372
+
373
+ # RSAES-OAEP 3072 bit key with a SHA1 digest.
374
+ RSA_DECRYPT_OAEP_3072_SHA1 = 38
375
+
376
+ # RSAES-OAEP 4096 bit key with a SHA1 digest.
377
+ RSA_DECRYPT_OAEP_4096_SHA1 = 39
378
+
356
379
  # ECDSA on the NIST P-256 curve with a SHA256 digest.
357
380
  EC_SIGN_P256_SHA256 = 12
358
381
 
@@ -388,6 +411,10 @@ module Google
388
411
  DISABLED = 2
389
412
 
390
413
  # This version is destroyed, and the key material is no longer stored.
414
+ # This version may only become {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::ENABLED ENABLED} again if this version is
415
+ # {::Google::Cloud::Kms::V1::CryptoKeyVersion#reimport_eligible reimport_eligible} and the original
416
+ # key material is reimported with a call to
417
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client#import_crypto_key_version KeyManagementService.ImportCryptoKeyVersion}.
391
418
  DESTROYED = 3
392
419
 
393
420
  # This version is scheduled for destruction, and will be destroyed soon.
@@ -325,8 +325,27 @@ module Google
325
325
  # Request message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#import_crypto_key_version KeyManagementService.ImportCryptoKeyVersion}.
326
326
  # @!attribute [rw] parent
327
327
  # @return [::String]
328
- # Required. The {::Google::Cloud::Kms::V1::CryptoKey#name name} of the {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} to
329
- # be imported into.
328
+ # Required. The {::Google::Cloud::Kms::V1::CryptoKey#name name} of the {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} to be imported into.
329
+ #
330
+ # The create permission is only required on this key when creating a new
331
+ # {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}.
332
+ # @!attribute [rw] crypto_key_version
333
+ # @return [::String]
334
+ # Optional. The optional {::Google::Cloud::Kms::V1::CryptoKeyVersion#name name} of an existing
335
+ # {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to target for an import operation.
336
+ # If this field is not present, a new {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} containing the
337
+ # supplied key material is created.
338
+ #
339
+ # If this field is present, the supplied key material is imported into
340
+ # the existing {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}. To import into an existing
341
+ # {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}, the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} must be a child of
342
+ # {::Google::Cloud::Kms::V1::ImportCryptoKeyVersionRequest#parent ImportCryptoKeyVersionRequest.parent}, have been previously created via
343
+ # [ImportCryptoKeyVersion][], and be in
344
+ # {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DESTROYED DESTROYED} or
345
+ # {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::IMPORT_FAILED IMPORT_FAILED}
346
+ # state. The key material and algorithm must match the previous
347
+ # {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} exactly if the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} has ever contained
348
+ # key material.
330
349
  # @!attribute [rw] algorithm
331
350
  # @return [::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionAlgorithm]
332
351
  # Required. The {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionAlgorithm algorithm} of
@@ -558,7 +577,7 @@ module Google
558
577
  # Required. The resource name of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use for signing.
559
578
  # @!attribute [rw] digest
560
579
  # @return [::Google::Cloud::Kms::V1::Digest]
561
- # Required. The digest of the data to sign. The digest must be produced with
580
+ # Optional. The digest of the data to sign. The digest must be produced with
562
581
  # the same digest algorithm as specified by the key version's
563
582
  # {::Google::Cloud::Kms::V1::CryptoKeyVersion#algorithm algorithm}.
564
583
  # @!attribute [rw] digest_crc32c
@@ -576,6 +595,26 @@ module Google
576
595
  # different languages. However, it is a non-negative integer, which will
577
596
  # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
578
597
  # that support this type.
598
+ # @!attribute [rw] data
599
+ # @return [::String]
600
+ # Optional. This field will only be honored for RAW_PKCS1 keys.
601
+ # The data to sign. A digest is computed over the data that will be signed,
602
+ # PKCS #1 padding is applied to the digest directly and then encrypted.
603
+ # @!attribute [rw] data_crc32c
604
+ # @return [::Google::Protobuf::Int64Value]
605
+ # Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::AsymmetricSignRequest#data AsymmetricSignRequest.data}. If
606
+ # specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the
607
+ # received {::Google::Cloud::Kms::V1::AsymmetricSignRequest#data AsymmetricSignRequest.data} using this checksum.
608
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
609
+ # fails. If you receive a checksum error, your client should verify that
610
+ # CRC32C({::Google::Cloud::Kms::V1::AsymmetricSignRequest#data AsymmetricSignRequest.data}) is equal to
611
+ # {::Google::Cloud::Kms::V1::AsymmetricSignRequest#data_crc32c AsymmetricSignRequest.data_crc32c}, and if so, perform a limited
612
+ # number of retries. A persistent mismatch may indicate an issue in your
613
+ # computation of the CRC32C checksum.
614
+ # Note: This field is defined as int64 for reasons of compatibility across
615
+ # different languages. However, it is a non-negative integer, which will
616
+ # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
617
+ # that support this type.
579
618
  class AsymmetricSignRequest
580
619
  include ::Google::Protobuf::MessageExts
581
620
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -813,6 +852,16 @@ module Google
813
852
  # @return [::String]
814
853
  # The resource name of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} used for signing. Check
815
854
  # this field to verify that the intended resource was used for signing.
855
+ # @!attribute [rw] verified_data_crc32c
856
+ # @return [::Boolean]
857
+ # Integrity verification field. A flag indicating whether
858
+ # {::Google::Cloud::Kms::V1::AsymmetricSignRequest#data_crc32c AsymmetricSignRequest.data_crc32c} was received by
859
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} and used for the integrity verification of the
860
+ # {::Google::Cloud::Kms::V1::AsymmetricSignRequest#data data}. A false value of this field
861
+ # indicates either that {::Google::Cloud::Kms::V1::AsymmetricSignRequest#data_crc32c AsymmetricSignRequest.data_crc32c} was left
862
+ # unset or that it was not delivered to {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}. If you've
863
+ # set {::Google::Cloud::Kms::V1::AsymmetricSignRequest#data_crc32c AsymmetricSignRequest.data_crc32c} but this field is still false,
864
+ # discard the response and perform a limited number of retries.
816
865
  # @!attribute [rw] protection_level
817
866
  # @return [::Google::Cloud::Kms::V1::ProtectionLevel]
818
867
  # The {::Google::Cloud::Kms::V1::ProtectionLevel ProtectionLevel} of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} used for signing.
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: google-cloud-kms-v1
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.7.0
4
+ version: 0.10.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Google LLC
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-08-11 00:00:00.000000000 Z
11
+ date: 2021-11-08 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: gapic-common