google-cloud-kms-v1 0.8.0 → 0.10.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.yardopts +1 -1
- data/AUTHENTICATION.md +7 -25
- data/lib/google/cloud/kms/v1/iam_policy/client.rb +60 -9
- data/lib/google/cloud/kms/v1/key_management_service/client.rb +579 -80
- data/lib/google/cloud/kms/v1/resources_pb.rb +8 -2
- data/lib/google/cloud/kms/v1/service_pb.rb +5 -2
- data/lib/google/cloud/kms/v1/service_services_pb.rb +1 -1
- data/lib/google/cloud/kms/v1/version.rb +1 -1
- data/proto_docs/google/api/resource.rb +10 -71
- data/proto_docs/google/cloud/kms/v1/resources.rb +18 -0
- data/proto_docs/google/cloud/kms/v1/service.rb +31 -1
- metadata +3 -3
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
# Generated by the protocol buffer compiler. DO NOT EDIT!
|
|
2
2
|
# source: google/cloud/kms/v1/resources.proto
|
|
3
3
|
|
|
4
|
-
require 'google/protobuf'
|
|
5
|
-
|
|
6
4
|
require 'google/api/field_behavior_pb'
|
|
7
5
|
require 'google/api/resource_pb'
|
|
8
6
|
require 'google/protobuf/duration_pb'
|
|
9
7
|
require 'google/protobuf/timestamp_pb'
|
|
10
8
|
require 'google/protobuf/wrappers_pb'
|
|
11
9
|
require 'google/api/annotations_pb'
|
|
10
|
+
require 'google/protobuf'
|
|
11
|
+
|
|
12
12
|
Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
13
13
|
add_file("google/cloud/kms/v1/resources.proto", :syntax => :proto3) do
|
|
14
14
|
add_message "google.cloud.kms.v1.KeyRing" do
|
|
@@ -76,10 +76,16 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
|
76
76
|
value :RSA_SIGN_PKCS1_3072_SHA256, 6
|
|
77
77
|
value :RSA_SIGN_PKCS1_4096_SHA256, 7
|
|
78
78
|
value :RSA_SIGN_PKCS1_4096_SHA512, 16
|
|
79
|
+
value :RSA_SIGN_RAW_PKCS1_2048, 28
|
|
80
|
+
value :RSA_SIGN_RAW_PKCS1_3072, 29
|
|
81
|
+
value :RSA_SIGN_RAW_PKCS1_4096, 30
|
|
79
82
|
value :RSA_DECRYPT_OAEP_2048_SHA256, 8
|
|
80
83
|
value :RSA_DECRYPT_OAEP_3072_SHA256, 9
|
|
81
84
|
value :RSA_DECRYPT_OAEP_4096_SHA256, 10
|
|
82
85
|
value :RSA_DECRYPT_OAEP_4096_SHA512, 17
|
|
86
|
+
value :RSA_DECRYPT_OAEP_2048_SHA1, 37
|
|
87
|
+
value :RSA_DECRYPT_OAEP_3072_SHA1, 38
|
|
88
|
+
value :RSA_DECRYPT_OAEP_4096_SHA1, 39
|
|
83
89
|
value :EC_SIGN_P256_SHA256, 12
|
|
84
90
|
value :EC_SIGN_P384_SHA384, 13
|
|
85
91
|
value :EC_SIGN_SECP256K1_SHA256, 31
|
|
@@ -1,8 +1,6 @@
|
|
|
1
1
|
# Generated by the protocol buffer compiler. DO NOT EDIT!
|
|
2
2
|
# source: google/cloud/kms/v1/service.proto
|
|
3
3
|
|
|
4
|
-
require 'google/protobuf'
|
|
5
|
-
|
|
6
4
|
require 'google/api/annotations_pb'
|
|
7
5
|
require 'google/api/client_pb'
|
|
8
6
|
require 'google/api/field_behavior_pb'
|
|
@@ -10,6 +8,8 @@ require 'google/api/resource_pb'
|
|
|
10
8
|
require 'google/cloud/kms/v1/resources_pb'
|
|
11
9
|
require 'google/protobuf/field_mask_pb'
|
|
12
10
|
require 'google/protobuf/wrappers_pb'
|
|
11
|
+
require 'google/protobuf'
|
|
12
|
+
|
|
13
13
|
Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
14
14
|
add_file("google/cloud/kms/v1/service.proto", :syntax => :proto3) do
|
|
15
15
|
add_message "google.cloud.kms.v1.ListKeyRingsRequest" do
|
|
@@ -142,6 +142,8 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
|
142
142
|
optional :name, :string, 1
|
|
143
143
|
optional :digest, :message, 3, "google.cloud.kms.v1.Digest"
|
|
144
144
|
optional :digest_crc32c, :message, 4, "google.protobuf.Int64Value"
|
|
145
|
+
optional :data, :bytes, 6
|
|
146
|
+
optional :data_crc32c, :message, 7, "google.protobuf.Int64Value"
|
|
145
147
|
end
|
|
146
148
|
add_message "google.cloud.kms.v1.AsymmetricDecryptRequest" do
|
|
147
149
|
optional :name, :string, 1
|
|
@@ -184,6 +186,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
|
184
186
|
optional :signature_crc32c, :message, 2, "google.protobuf.Int64Value"
|
|
185
187
|
optional :verified_digest_crc32c, :bool, 3
|
|
186
188
|
optional :name, :string, 4
|
|
189
|
+
optional :verified_data_crc32c, :bool, 5
|
|
187
190
|
optional :protection_level, :enum, 6, "google.cloud.kms.v1.ProtectionLevel"
|
|
188
191
|
end
|
|
189
192
|
add_message "google.cloud.kms.v1.AsymmetricDecryptResponse" do
|
|
@@ -33,11 +33,7 @@ module Google
|
|
|
33
33
|
# // For Kubernetes resources, the format is {api group}/{kind}.
|
|
34
34
|
# option (google.api.resource) = {
|
|
35
35
|
# type: "pubsub.googleapis.com/Topic"
|
|
36
|
-
#
|
|
37
|
-
# pattern: "projects/{project}/topics/{topic}"
|
|
38
|
-
# parent_type: "cloudresourcemanager.googleapis.com/Project"
|
|
39
|
-
# parent_name_extractor: "projects/{project}"
|
|
40
|
-
# }
|
|
36
|
+
# pattern: "projects/{project}/topics/{topic}"
|
|
41
37
|
# };
|
|
42
38
|
# }
|
|
43
39
|
#
|
|
@@ -45,10 +41,7 @@ module Google
|
|
|
45
41
|
#
|
|
46
42
|
# resources:
|
|
47
43
|
# - type: "pubsub.googleapis.com/Topic"
|
|
48
|
-
#
|
|
49
|
-
# - pattern: "projects/{project}/topics/{topic}"
|
|
50
|
-
# parent_type: "cloudresourcemanager.googleapis.com/Project"
|
|
51
|
-
# parent_name_extractor: "projects/{project}"
|
|
44
|
+
# pattern: "projects/{project}/topics/{topic}"
|
|
52
45
|
#
|
|
53
46
|
# Sometimes, resources have multiple patterns, typically because they can
|
|
54
47
|
# live under multiple parents.
|
|
@@ -58,26 +51,10 @@ module Google
|
|
|
58
51
|
# message LogEntry {
|
|
59
52
|
# option (google.api.resource) = {
|
|
60
53
|
# type: "logging.googleapis.com/LogEntry"
|
|
61
|
-
#
|
|
62
|
-
#
|
|
63
|
-
#
|
|
64
|
-
#
|
|
65
|
-
# }
|
|
66
|
-
# name_descriptor: {
|
|
67
|
-
# pattern: "folders/{folder}/logs/{log}"
|
|
68
|
-
# parent_type: "cloudresourcemanager.googleapis.com/Folder"
|
|
69
|
-
# parent_name_extractor: "folders/{folder}"
|
|
70
|
-
# }
|
|
71
|
-
# name_descriptor: {
|
|
72
|
-
# pattern: "organizations/{organization}/logs/{log}"
|
|
73
|
-
# parent_type: "cloudresourcemanager.googleapis.com/Organization"
|
|
74
|
-
# parent_name_extractor: "organizations/{organization}"
|
|
75
|
-
# }
|
|
76
|
-
# name_descriptor: {
|
|
77
|
-
# pattern: "billingAccounts/{billing_account}/logs/{log}"
|
|
78
|
-
# parent_type: "billing.googleapis.com/BillingAccount"
|
|
79
|
-
# parent_name_extractor: "billingAccounts/{billing_account}"
|
|
80
|
-
# }
|
|
54
|
+
# pattern: "projects/{project}/logs/{log}"
|
|
55
|
+
# pattern: "folders/{folder}/logs/{log}"
|
|
56
|
+
# pattern: "organizations/{organization}/logs/{log}"
|
|
57
|
+
# pattern: "billingAccounts/{billing_account}/logs/{log}"
|
|
81
58
|
# };
|
|
82
59
|
# }
|
|
83
60
|
#
|
|
@@ -85,48 +62,10 @@ module Google
|
|
|
85
62
|
#
|
|
86
63
|
# resources:
|
|
87
64
|
# - type: 'logging.googleapis.com/LogEntry'
|
|
88
|
-
#
|
|
89
|
-
#
|
|
90
|
-
#
|
|
91
|
-
#
|
|
92
|
-
# - pattern: "folders/{folder}/logs/{log}"
|
|
93
|
-
# parent_type: "cloudresourcemanager.googleapis.com/Folder"
|
|
94
|
-
# parent_name_extractor: "folders/{folder}"
|
|
95
|
-
# - pattern: "organizations/{organization}/logs/{log}"
|
|
96
|
-
# parent_type: "cloudresourcemanager.googleapis.com/Organization"
|
|
97
|
-
# parent_name_extractor: "organizations/{organization}"
|
|
98
|
-
# - pattern: "billingAccounts/{billing_account}/logs/{log}"
|
|
99
|
-
# parent_type: "billing.googleapis.com/BillingAccount"
|
|
100
|
-
# parent_name_extractor: "billingAccounts/{billing_account}"
|
|
101
|
-
#
|
|
102
|
-
# For flexible resources, the resource name doesn't contain parent names, but
|
|
103
|
-
# the resource itself has parents for policy evaluation.
|
|
104
|
-
#
|
|
105
|
-
# Example:
|
|
106
|
-
#
|
|
107
|
-
# message Shelf {
|
|
108
|
-
# option (google.api.resource) = {
|
|
109
|
-
# type: "library.googleapis.com/Shelf"
|
|
110
|
-
# name_descriptor: {
|
|
111
|
-
# pattern: "shelves/{shelf}"
|
|
112
|
-
# parent_type: "cloudresourcemanager.googleapis.com/Project"
|
|
113
|
-
# }
|
|
114
|
-
# name_descriptor: {
|
|
115
|
-
# pattern: "shelves/{shelf}"
|
|
116
|
-
# parent_type: "cloudresourcemanager.googleapis.com/Folder"
|
|
117
|
-
# }
|
|
118
|
-
# };
|
|
119
|
-
# }
|
|
120
|
-
#
|
|
121
|
-
# The ResourceDescriptor Yaml config will look like:
|
|
122
|
-
#
|
|
123
|
-
# resources:
|
|
124
|
-
# - type: 'library.googleapis.com/Shelf'
|
|
125
|
-
# name_descriptor:
|
|
126
|
-
# - pattern: "shelves/{shelf}"
|
|
127
|
-
# parent_type: "cloudresourcemanager.googleapis.com/Project"
|
|
128
|
-
# - pattern: "shelves/{shelf}"
|
|
129
|
-
# parent_type: "cloudresourcemanager.googleapis.com/Folder"
|
|
65
|
+
# pattern: "projects/{project}/logs/{log}"
|
|
66
|
+
# pattern: "folders/{folder}/logs/{log}"
|
|
67
|
+
# pattern: "organizations/{organization}/logs/{log}"
|
|
68
|
+
# pattern: "billingAccounts/{billing_account}/logs/{log}"
|
|
130
69
|
# @!attribute [rw] type
|
|
131
70
|
# @return [::String]
|
|
132
71
|
# The resource type. It must be in the format of
|
|
@@ -346,6 +346,15 @@ module Google
|
|
|
346
346
|
# RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest.
|
|
347
347
|
RSA_SIGN_PKCS1_4096_SHA512 = 16
|
|
348
348
|
|
|
349
|
+
# RSASSA-PKCS1-v1_5 signing without encoding, with a 2048 bit key.
|
|
350
|
+
RSA_SIGN_RAW_PKCS1_2048 = 28
|
|
351
|
+
|
|
352
|
+
# RSASSA-PKCS1-v1_5 signing without encoding, with a 3072 bit key.
|
|
353
|
+
RSA_SIGN_RAW_PKCS1_3072 = 29
|
|
354
|
+
|
|
355
|
+
# RSASSA-PKCS1-v1_5 signing without encoding, with a 4096 bit key.
|
|
356
|
+
RSA_SIGN_RAW_PKCS1_4096 = 30
|
|
357
|
+
|
|
349
358
|
# RSAES-OAEP 2048 bit key with a SHA256 digest.
|
|
350
359
|
RSA_DECRYPT_OAEP_2048_SHA256 = 8
|
|
351
360
|
|
|
@@ -358,6 +367,15 @@ module Google
|
|
|
358
367
|
# RSAES-OAEP 4096 bit key with a SHA512 digest.
|
|
359
368
|
RSA_DECRYPT_OAEP_4096_SHA512 = 17
|
|
360
369
|
|
|
370
|
+
# RSAES-OAEP 2048 bit key with a SHA1 digest.
|
|
371
|
+
RSA_DECRYPT_OAEP_2048_SHA1 = 37
|
|
372
|
+
|
|
373
|
+
# RSAES-OAEP 3072 bit key with a SHA1 digest.
|
|
374
|
+
RSA_DECRYPT_OAEP_3072_SHA1 = 38
|
|
375
|
+
|
|
376
|
+
# RSAES-OAEP 4096 bit key with a SHA1 digest.
|
|
377
|
+
RSA_DECRYPT_OAEP_4096_SHA1 = 39
|
|
378
|
+
|
|
361
379
|
# ECDSA on the NIST P-256 curve with a SHA256 digest.
|
|
362
380
|
EC_SIGN_P256_SHA256 = 12
|
|
363
381
|
|
|
@@ -577,7 +577,7 @@ module Google
|
|
|
577
577
|
# Required. The resource name of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use for signing.
|
|
578
578
|
# @!attribute [rw] digest
|
|
579
579
|
# @return [::Google::Cloud::Kms::V1::Digest]
|
|
580
|
-
#
|
|
580
|
+
# Optional. The digest of the data to sign. The digest must be produced with
|
|
581
581
|
# the same digest algorithm as specified by the key version's
|
|
582
582
|
# {::Google::Cloud::Kms::V1::CryptoKeyVersion#algorithm algorithm}.
|
|
583
583
|
# @!attribute [rw] digest_crc32c
|
|
@@ -595,6 +595,26 @@ module Google
|
|
|
595
595
|
# different languages. However, it is a non-negative integer, which will
|
|
596
596
|
# never exceed 2^32-1, and can be safely downconverted to uint32 in languages
|
|
597
597
|
# that support this type.
|
|
598
|
+
# @!attribute [rw] data
|
|
599
|
+
# @return [::String]
|
|
600
|
+
# Optional. This field will only be honored for RAW_PKCS1 keys.
|
|
601
|
+
# The data to sign. A digest is computed over the data that will be signed,
|
|
602
|
+
# PKCS #1 padding is applied to the digest directly and then encrypted.
|
|
603
|
+
# @!attribute [rw] data_crc32c
|
|
604
|
+
# @return [::Google::Protobuf::Int64Value]
|
|
605
|
+
# Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::AsymmetricSignRequest#data AsymmetricSignRequest.data}. If
|
|
606
|
+
# specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the
|
|
607
|
+
# received {::Google::Cloud::Kms::V1::AsymmetricSignRequest#data AsymmetricSignRequest.data} using this checksum.
|
|
608
|
+
# {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
|
|
609
|
+
# fails. If you receive a checksum error, your client should verify that
|
|
610
|
+
# CRC32C({::Google::Cloud::Kms::V1::AsymmetricSignRequest#data AsymmetricSignRequest.data}) is equal to
|
|
611
|
+
# {::Google::Cloud::Kms::V1::AsymmetricSignRequest#data_crc32c AsymmetricSignRequest.data_crc32c}, and if so, perform a limited
|
|
612
|
+
# number of retries. A persistent mismatch may indicate an issue in your
|
|
613
|
+
# computation of the CRC32C checksum.
|
|
614
|
+
# Note: This field is defined as int64 for reasons of compatibility across
|
|
615
|
+
# different languages. However, it is a non-negative integer, which will
|
|
616
|
+
# never exceed 2^32-1, and can be safely downconverted to uint32 in languages
|
|
617
|
+
# that support this type.
|
|
598
618
|
class AsymmetricSignRequest
|
|
599
619
|
include ::Google::Protobuf::MessageExts
|
|
600
620
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
@@ -832,6 +852,16 @@ module Google
|
|
|
832
852
|
# @return [::String]
|
|
833
853
|
# The resource name of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} used for signing. Check
|
|
834
854
|
# this field to verify that the intended resource was used for signing.
|
|
855
|
+
# @!attribute [rw] verified_data_crc32c
|
|
856
|
+
# @return [::Boolean]
|
|
857
|
+
# Integrity verification field. A flag indicating whether
|
|
858
|
+
# {::Google::Cloud::Kms::V1::AsymmetricSignRequest#data_crc32c AsymmetricSignRequest.data_crc32c} was received by
|
|
859
|
+
# {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} and used for the integrity verification of the
|
|
860
|
+
# {::Google::Cloud::Kms::V1::AsymmetricSignRequest#data data}. A false value of this field
|
|
861
|
+
# indicates either that {::Google::Cloud::Kms::V1::AsymmetricSignRequest#data_crc32c AsymmetricSignRequest.data_crc32c} was left
|
|
862
|
+
# unset or that it was not delivered to {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}. If you've
|
|
863
|
+
# set {::Google::Cloud::Kms::V1::AsymmetricSignRequest#data_crc32c AsymmetricSignRequest.data_crc32c} but this field is still false,
|
|
864
|
+
# discard the response and perform a limited number of retries.
|
|
835
865
|
# @!attribute [rw] protection_level
|
|
836
866
|
# @return [::Google::Cloud::Kms::V1::ProtectionLevel]
|
|
837
867
|
# The {::Google::Cloud::Kms::V1::ProtectionLevel ProtectionLevel} of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} used for signing.
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: google-cloud-kms-v1
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.10.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Google LLC
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2022-01-11 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: gapic-common
|
|
@@ -234,7 +234,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
234
234
|
- !ruby/object:Gem::Version
|
|
235
235
|
version: '0'
|
|
236
236
|
requirements: []
|
|
237
|
-
rubygems_version: 3.
|
|
237
|
+
rubygems_version: 3.3.4
|
|
238
238
|
signing_key:
|
|
239
239
|
specification_version: 4
|
|
240
240
|
summary: API Client library for the Cloud Key Management Service (KMS) V1 API
|