google-cloud-kms-v1 0.8.0 → 0.10.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.yardopts +1 -1
- data/AUTHENTICATION.md +7 -25
- data/lib/google/cloud/kms/v1/iam_policy/client.rb +60 -9
- data/lib/google/cloud/kms/v1/key_management_service/client.rb +579 -80
- data/lib/google/cloud/kms/v1/resources_pb.rb +8 -2
- data/lib/google/cloud/kms/v1/service_pb.rb +5 -2
- data/lib/google/cloud/kms/v1/service_services_pb.rb +1 -1
- data/lib/google/cloud/kms/v1/version.rb +1 -1
- data/proto_docs/google/api/resource.rb +10 -71
- data/proto_docs/google/cloud/kms/v1/resources.rb +18 -0
- data/proto_docs/google/cloud/kms/v1/service.rb +31 -1
- metadata +3 -3
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
# Generated by the protocol buffer compiler. DO NOT EDIT!
|
|
2
2
|
# source: google/cloud/kms/v1/resources.proto
|
|
3
3
|
|
|
4
|
-
require 'google/protobuf'
|
|
5
|
-
|
|
6
4
|
require 'google/api/field_behavior_pb'
|
|
7
5
|
require 'google/api/resource_pb'
|
|
8
6
|
require 'google/protobuf/duration_pb'
|
|
9
7
|
require 'google/protobuf/timestamp_pb'
|
|
10
8
|
require 'google/protobuf/wrappers_pb'
|
|
11
9
|
require 'google/api/annotations_pb'
|
|
10
|
+
require 'google/protobuf'
|
|
11
|
+
|
|
12
12
|
Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
13
13
|
add_file("google/cloud/kms/v1/resources.proto", :syntax => :proto3) do
|
|
14
14
|
add_message "google.cloud.kms.v1.KeyRing" do
|
|
@@ -76,10 +76,16 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
|
76
76
|
value :RSA_SIGN_PKCS1_3072_SHA256, 6
|
|
77
77
|
value :RSA_SIGN_PKCS1_4096_SHA256, 7
|
|
78
78
|
value :RSA_SIGN_PKCS1_4096_SHA512, 16
|
|
79
|
+
value :RSA_SIGN_RAW_PKCS1_2048, 28
|
|
80
|
+
value :RSA_SIGN_RAW_PKCS1_3072, 29
|
|
81
|
+
value :RSA_SIGN_RAW_PKCS1_4096, 30
|
|
79
82
|
value :RSA_DECRYPT_OAEP_2048_SHA256, 8
|
|
80
83
|
value :RSA_DECRYPT_OAEP_3072_SHA256, 9
|
|
81
84
|
value :RSA_DECRYPT_OAEP_4096_SHA256, 10
|
|
82
85
|
value :RSA_DECRYPT_OAEP_4096_SHA512, 17
|
|
86
|
+
value :RSA_DECRYPT_OAEP_2048_SHA1, 37
|
|
87
|
+
value :RSA_DECRYPT_OAEP_3072_SHA1, 38
|
|
88
|
+
value :RSA_DECRYPT_OAEP_4096_SHA1, 39
|
|
83
89
|
value :EC_SIGN_P256_SHA256, 12
|
|
84
90
|
value :EC_SIGN_P384_SHA384, 13
|
|
85
91
|
value :EC_SIGN_SECP256K1_SHA256, 31
|
|
@@ -1,8 +1,6 @@
|
|
|
1
1
|
# Generated by the protocol buffer compiler. DO NOT EDIT!
|
|
2
2
|
# source: google/cloud/kms/v1/service.proto
|
|
3
3
|
|
|
4
|
-
require 'google/protobuf'
|
|
5
|
-
|
|
6
4
|
require 'google/api/annotations_pb'
|
|
7
5
|
require 'google/api/client_pb'
|
|
8
6
|
require 'google/api/field_behavior_pb'
|
|
@@ -10,6 +8,8 @@ require 'google/api/resource_pb'
|
|
|
10
8
|
require 'google/cloud/kms/v1/resources_pb'
|
|
11
9
|
require 'google/protobuf/field_mask_pb'
|
|
12
10
|
require 'google/protobuf/wrappers_pb'
|
|
11
|
+
require 'google/protobuf'
|
|
12
|
+
|
|
13
13
|
Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
14
14
|
add_file("google/cloud/kms/v1/service.proto", :syntax => :proto3) do
|
|
15
15
|
add_message "google.cloud.kms.v1.ListKeyRingsRequest" do
|
|
@@ -142,6 +142,8 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
|
142
142
|
optional :name, :string, 1
|
|
143
143
|
optional :digest, :message, 3, "google.cloud.kms.v1.Digest"
|
|
144
144
|
optional :digest_crc32c, :message, 4, "google.protobuf.Int64Value"
|
|
145
|
+
optional :data, :bytes, 6
|
|
146
|
+
optional :data_crc32c, :message, 7, "google.protobuf.Int64Value"
|
|
145
147
|
end
|
|
146
148
|
add_message "google.cloud.kms.v1.AsymmetricDecryptRequest" do
|
|
147
149
|
optional :name, :string, 1
|
|
@@ -184,6 +186,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
|
184
186
|
optional :signature_crc32c, :message, 2, "google.protobuf.Int64Value"
|
|
185
187
|
optional :verified_digest_crc32c, :bool, 3
|
|
186
188
|
optional :name, :string, 4
|
|
189
|
+
optional :verified_data_crc32c, :bool, 5
|
|
187
190
|
optional :protection_level, :enum, 6, "google.cloud.kms.v1.ProtectionLevel"
|
|
188
191
|
end
|
|
189
192
|
add_message "google.cloud.kms.v1.AsymmetricDecryptResponse" do
|
|
@@ -33,11 +33,7 @@ module Google
|
|
|
33
33
|
# // For Kubernetes resources, the format is {api group}/{kind}.
|
|
34
34
|
# option (google.api.resource) = {
|
|
35
35
|
# type: "pubsub.googleapis.com/Topic"
|
|
36
|
-
#
|
|
37
|
-
# pattern: "projects/{project}/topics/{topic}"
|
|
38
|
-
# parent_type: "cloudresourcemanager.googleapis.com/Project"
|
|
39
|
-
# parent_name_extractor: "projects/{project}"
|
|
40
|
-
# }
|
|
36
|
+
# pattern: "projects/{project}/topics/{topic}"
|
|
41
37
|
# };
|
|
42
38
|
# }
|
|
43
39
|
#
|
|
@@ -45,10 +41,7 @@ module Google
|
|
|
45
41
|
#
|
|
46
42
|
# resources:
|
|
47
43
|
# - type: "pubsub.googleapis.com/Topic"
|
|
48
|
-
#
|
|
49
|
-
# - pattern: "projects/{project}/topics/{topic}"
|
|
50
|
-
# parent_type: "cloudresourcemanager.googleapis.com/Project"
|
|
51
|
-
# parent_name_extractor: "projects/{project}"
|
|
44
|
+
# pattern: "projects/{project}/topics/{topic}"
|
|
52
45
|
#
|
|
53
46
|
# Sometimes, resources have multiple patterns, typically because they can
|
|
54
47
|
# live under multiple parents.
|
|
@@ -58,26 +51,10 @@ module Google
|
|
|
58
51
|
# message LogEntry {
|
|
59
52
|
# option (google.api.resource) = {
|
|
60
53
|
# type: "logging.googleapis.com/LogEntry"
|
|
61
|
-
#
|
|
62
|
-
#
|
|
63
|
-
#
|
|
64
|
-
#
|
|
65
|
-
# }
|
|
66
|
-
# name_descriptor: {
|
|
67
|
-
# pattern: "folders/{folder}/logs/{log}"
|
|
68
|
-
# parent_type: "cloudresourcemanager.googleapis.com/Folder"
|
|
69
|
-
# parent_name_extractor: "folders/{folder}"
|
|
70
|
-
# }
|
|
71
|
-
# name_descriptor: {
|
|
72
|
-
# pattern: "organizations/{organization}/logs/{log}"
|
|
73
|
-
# parent_type: "cloudresourcemanager.googleapis.com/Organization"
|
|
74
|
-
# parent_name_extractor: "organizations/{organization}"
|
|
75
|
-
# }
|
|
76
|
-
# name_descriptor: {
|
|
77
|
-
# pattern: "billingAccounts/{billing_account}/logs/{log}"
|
|
78
|
-
# parent_type: "billing.googleapis.com/BillingAccount"
|
|
79
|
-
# parent_name_extractor: "billingAccounts/{billing_account}"
|
|
80
|
-
# }
|
|
54
|
+
# pattern: "projects/{project}/logs/{log}"
|
|
55
|
+
# pattern: "folders/{folder}/logs/{log}"
|
|
56
|
+
# pattern: "organizations/{organization}/logs/{log}"
|
|
57
|
+
# pattern: "billingAccounts/{billing_account}/logs/{log}"
|
|
81
58
|
# };
|
|
82
59
|
# }
|
|
83
60
|
#
|
|
@@ -85,48 +62,10 @@ module Google
|
|
|
85
62
|
#
|
|
86
63
|
# resources:
|
|
87
64
|
# - type: 'logging.googleapis.com/LogEntry'
|
|
88
|
-
#
|
|
89
|
-
#
|
|
90
|
-
#
|
|
91
|
-
#
|
|
92
|
-
# - pattern: "folders/{folder}/logs/{log}"
|
|
93
|
-
# parent_type: "cloudresourcemanager.googleapis.com/Folder"
|
|
94
|
-
# parent_name_extractor: "folders/{folder}"
|
|
95
|
-
# - pattern: "organizations/{organization}/logs/{log}"
|
|
96
|
-
# parent_type: "cloudresourcemanager.googleapis.com/Organization"
|
|
97
|
-
# parent_name_extractor: "organizations/{organization}"
|
|
98
|
-
# - pattern: "billingAccounts/{billing_account}/logs/{log}"
|
|
99
|
-
# parent_type: "billing.googleapis.com/BillingAccount"
|
|
100
|
-
# parent_name_extractor: "billingAccounts/{billing_account}"
|
|
101
|
-
#
|
|
102
|
-
# For flexible resources, the resource name doesn't contain parent names, but
|
|
103
|
-
# the resource itself has parents for policy evaluation.
|
|
104
|
-
#
|
|
105
|
-
# Example:
|
|
106
|
-
#
|
|
107
|
-
# message Shelf {
|
|
108
|
-
# option (google.api.resource) = {
|
|
109
|
-
# type: "library.googleapis.com/Shelf"
|
|
110
|
-
# name_descriptor: {
|
|
111
|
-
# pattern: "shelves/{shelf}"
|
|
112
|
-
# parent_type: "cloudresourcemanager.googleapis.com/Project"
|
|
113
|
-
# }
|
|
114
|
-
# name_descriptor: {
|
|
115
|
-
# pattern: "shelves/{shelf}"
|
|
116
|
-
# parent_type: "cloudresourcemanager.googleapis.com/Folder"
|
|
117
|
-
# }
|
|
118
|
-
# };
|
|
119
|
-
# }
|
|
120
|
-
#
|
|
121
|
-
# The ResourceDescriptor Yaml config will look like:
|
|
122
|
-
#
|
|
123
|
-
# resources:
|
|
124
|
-
# - type: 'library.googleapis.com/Shelf'
|
|
125
|
-
# name_descriptor:
|
|
126
|
-
# - pattern: "shelves/{shelf}"
|
|
127
|
-
# parent_type: "cloudresourcemanager.googleapis.com/Project"
|
|
128
|
-
# - pattern: "shelves/{shelf}"
|
|
129
|
-
# parent_type: "cloudresourcemanager.googleapis.com/Folder"
|
|
65
|
+
# pattern: "projects/{project}/logs/{log}"
|
|
66
|
+
# pattern: "folders/{folder}/logs/{log}"
|
|
67
|
+
# pattern: "organizations/{organization}/logs/{log}"
|
|
68
|
+
# pattern: "billingAccounts/{billing_account}/logs/{log}"
|
|
130
69
|
# @!attribute [rw] type
|
|
131
70
|
# @return [::String]
|
|
132
71
|
# The resource type. It must be in the format of
|
|
@@ -346,6 +346,15 @@ module Google
|
|
|
346
346
|
# RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest.
|
|
347
347
|
RSA_SIGN_PKCS1_4096_SHA512 = 16
|
|
348
348
|
|
|
349
|
+
# RSASSA-PKCS1-v1_5 signing without encoding, with a 2048 bit key.
|
|
350
|
+
RSA_SIGN_RAW_PKCS1_2048 = 28
|
|
351
|
+
|
|
352
|
+
# RSASSA-PKCS1-v1_5 signing without encoding, with a 3072 bit key.
|
|
353
|
+
RSA_SIGN_RAW_PKCS1_3072 = 29
|
|
354
|
+
|
|
355
|
+
# RSASSA-PKCS1-v1_5 signing without encoding, with a 4096 bit key.
|
|
356
|
+
RSA_SIGN_RAW_PKCS1_4096 = 30
|
|
357
|
+
|
|
349
358
|
# RSAES-OAEP 2048 bit key with a SHA256 digest.
|
|
350
359
|
RSA_DECRYPT_OAEP_2048_SHA256 = 8
|
|
351
360
|
|
|
@@ -358,6 +367,15 @@ module Google
|
|
|
358
367
|
# RSAES-OAEP 4096 bit key with a SHA512 digest.
|
|
359
368
|
RSA_DECRYPT_OAEP_4096_SHA512 = 17
|
|
360
369
|
|
|
370
|
+
# RSAES-OAEP 2048 bit key with a SHA1 digest.
|
|
371
|
+
RSA_DECRYPT_OAEP_2048_SHA1 = 37
|
|
372
|
+
|
|
373
|
+
# RSAES-OAEP 3072 bit key with a SHA1 digest.
|
|
374
|
+
RSA_DECRYPT_OAEP_3072_SHA1 = 38
|
|
375
|
+
|
|
376
|
+
# RSAES-OAEP 4096 bit key with a SHA1 digest.
|
|
377
|
+
RSA_DECRYPT_OAEP_4096_SHA1 = 39
|
|
378
|
+
|
|
361
379
|
# ECDSA on the NIST P-256 curve with a SHA256 digest.
|
|
362
380
|
EC_SIGN_P256_SHA256 = 12
|
|
363
381
|
|
|
@@ -577,7 +577,7 @@ module Google
|
|
|
577
577
|
# Required. The resource name of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use for signing.
|
|
578
578
|
# @!attribute [rw] digest
|
|
579
579
|
# @return [::Google::Cloud::Kms::V1::Digest]
|
|
580
|
-
#
|
|
580
|
+
# Optional. The digest of the data to sign. The digest must be produced with
|
|
581
581
|
# the same digest algorithm as specified by the key version's
|
|
582
582
|
# {::Google::Cloud::Kms::V1::CryptoKeyVersion#algorithm algorithm}.
|
|
583
583
|
# @!attribute [rw] digest_crc32c
|
|
@@ -595,6 +595,26 @@ module Google
|
|
|
595
595
|
# different languages. However, it is a non-negative integer, which will
|
|
596
596
|
# never exceed 2^32-1, and can be safely downconverted to uint32 in languages
|
|
597
597
|
# that support this type.
|
|
598
|
+
# @!attribute [rw] data
|
|
599
|
+
# @return [::String]
|
|
600
|
+
# Optional. This field will only be honored for RAW_PKCS1 keys.
|
|
601
|
+
# The data to sign. A digest is computed over the data that will be signed,
|
|
602
|
+
# PKCS #1 padding is applied to the digest directly and then encrypted.
|
|
603
|
+
# @!attribute [rw] data_crc32c
|
|
604
|
+
# @return [::Google::Protobuf::Int64Value]
|
|
605
|
+
# Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::AsymmetricSignRequest#data AsymmetricSignRequest.data}. If
|
|
606
|
+
# specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the
|
|
607
|
+
# received {::Google::Cloud::Kms::V1::AsymmetricSignRequest#data AsymmetricSignRequest.data} using this checksum.
|
|
608
|
+
# {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
|
|
609
|
+
# fails. If you receive a checksum error, your client should verify that
|
|
610
|
+
# CRC32C({::Google::Cloud::Kms::V1::AsymmetricSignRequest#data AsymmetricSignRequest.data}) is equal to
|
|
611
|
+
# {::Google::Cloud::Kms::V1::AsymmetricSignRequest#data_crc32c AsymmetricSignRequest.data_crc32c}, and if so, perform a limited
|
|
612
|
+
# number of retries. A persistent mismatch may indicate an issue in your
|
|
613
|
+
# computation of the CRC32C checksum.
|
|
614
|
+
# Note: This field is defined as int64 for reasons of compatibility across
|
|
615
|
+
# different languages. However, it is a non-negative integer, which will
|
|
616
|
+
# never exceed 2^32-1, and can be safely downconverted to uint32 in languages
|
|
617
|
+
# that support this type.
|
|
598
618
|
class AsymmetricSignRequest
|
|
599
619
|
include ::Google::Protobuf::MessageExts
|
|
600
620
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
@@ -832,6 +852,16 @@ module Google
|
|
|
832
852
|
# @return [::String]
|
|
833
853
|
# The resource name of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} used for signing. Check
|
|
834
854
|
# this field to verify that the intended resource was used for signing.
|
|
855
|
+
# @!attribute [rw] verified_data_crc32c
|
|
856
|
+
# @return [::Boolean]
|
|
857
|
+
# Integrity verification field. A flag indicating whether
|
|
858
|
+
# {::Google::Cloud::Kms::V1::AsymmetricSignRequest#data_crc32c AsymmetricSignRequest.data_crc32c} was received by
|
|
859
|
+
# {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} and used for the integrity verification of the
|
|
860
|
+
# {::Google::Cloud::Kms::V1::AsymmetricSignRequest#data data}. A false value of this field
|
|
861
|
+
# indicates either that {::Google::Cloud::Kms::V1::AsymmetricSignRequest#data_crc32c AsymmetricSignRequest.data_crc32c} was left
|
|
862
|
+
# unset or that it was not delivered to {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}. If you've
|
|
863
|
+
# set {::Google::Cloud::Kms::V1::AsymmetricSignRequest#data_crc32c AsymmetricSignRequest.data_crc32c} but this field is still false,
|
|
864
|
+
# discard the response and perform a limited number of retries.
|
|
835
865
|
# @!attribute [rw] protection_level
|
|
836
866
|
# @return [::Google::Cloud::Kms::V1::ProtectionLevel]
|
|
837
867
|
# The {::Google::Cloud::Kms::V1::ProtectionLevel ProtectionLevel} of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} used for signing.
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: google-cloud-kms-v1
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.10.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Google LLC
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2022-01-11 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: gapic-common
|
|
@@ -234,7 +234,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
234
234
|
- !ruby/object:Gem::Version
|
|
235
235
|
version: '0'
|
|
236
236
|
requirements: []
|
|
237
|
-
rubygems_version: 3.
|
|
237
|
+
rubygems_version: 3.3.4
|
|
238
238
|
signing_key:
|
|
239
239
|
specification_version: 4
|
|
240
240
|
summary: API Client library for the Cloud Key Management Service (KMS) V1 API
|