google-cloud-kms-v1 0.9.0 → 0.11.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.yardopts +1 -1
- data/AUTHENTICATION.md +13 -31
- data/README.md +4 -4
- data/lib/google/cloud/kms/v1/ekm_service/client.rb +731 -0
- data/lib/google/cloud/kms/v1/ekm_service/credentials.rb +52 -0
- data/lib/google/cloud/kms/v1/ekm_service/paths.rb +90 -0
- data/lib/google/cloud/kms/v1/ekm_service.rb +53 -0
- data/lib/google/cloud/kms/v1/ekm_service_pb.rb +79 -0
- data/lib/google/cloud/kms/v1/ekm_service_services_pb.rb +57 -0
- data/lib/google/cloud/kms/v1/iam_policy/client.rb +60 -9
- data/lib/google/cloud/kms/v1/key_management_service/client.rb +975 -340
- data/lib/google/cloud/kms/v1/resources_pb.rb +13 -1
- data/lib/google/cloud/kms/v1/service_pb.rb +3 -0
- data/lib/google/cloud/kms/v1/service_services_pb.rb +84 -48
- data/lib/google/cloud/kms/v1/version.rb +1 -1
- data/lib/google/cloud/kms/v1.rb +2 -1
- data/proto_docs/google/api/resource.rb +10 -71
- data/proto_docs/google/cloud/kms/v1/ekm_service.rb +226 -0
- data/proto_docs/google/cloud/kms/v1/resources.rb +308 -160
- data/proto_docs/google/cloud/kms/v1/service.rb +661 -390
- metadata +10 -3
@@ -6,7 +6,6 @@ require 'google/api/resource_pb'
|
|
6
6
|
require 'google/protobuf/duration_pb'
|
7
7
|
require 'google/protobuf/timestamp_pb'
|
8
8
|
require 'google/protobuf/wrappers_pb'
|
9
|
-
require 'google/api/annotations_pb'
|
10
9
|
require 'google/protobuf'
|
11
10
|
|
12
11
|
Google::Protobuf::DescriptorPool.generated_pool.build do
|
@@ -25,6 +24,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
25
24
|
map :labels, :string, :string, 10
|
26
25
|
optional :import_only, :bool, 13
|
27
26
|
optional :destroy_scheduled_duration, :message, 14, "google.protobuf.Duration"
|
27
|
+
optional :crypto_key_backend, :string, 15
|
28
28
|
oneof :rotation_schedule do
|
29
29
|
optional :rotation_period, :message, 8, "google.protobuf.Duration"
|
30
30
|
end
|
@@ -43,6 +43,12 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
43
43
|
add_message "google.cloud.kms.v1.KeyOperationAttestation" do
|
44
44
|
optional :format, :enum, 4, "google.cloud.kms.v1.KeyOperationAttestation.AttestationFormat"
|
45
45
|
optional :content, :bytes, 5
|
46
|
+
optional :cert_chains, :message, 6, "google.cloud.kms.v1.KeyOperationAttestation.CertificateChains"
|
47
|
+
end
|
48
|
+
add_message "google.cloud.kms.v1.KeyOperationAttestation.CertificateChains" do
|
49
|
+
repeated :cavium_certs, :string, 1
|
50
|
+
repeated :google_card_certs, :string, 2
|
51
|
+
repeated :google_partition_certs, :string, 3
|
46
52
|
end
|
47
53
|
add_enum "google.cloud.kms.v1.KeyOperationAttestation.AttestationFormat" do
|
48
54
|
value :ATTESTATION_FORMAT_UNSPECIFIED, 0
|
@@ -76,6 +82,9 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
76
82
|
value :RSA_SIGN_PKCS1_3072_SHA256, 6
|
77
83
|
value :RSA_SIGN_PKCS1_4096_SHA256, 7
|
78
84
|
value :RSA_SIGN_PKCS1_4096_SHA512, 16
|
85
|
+
value :RSA_SIGN_RAW_PKCS1_2048, 28
|
86
|
+
value :RSA_SIGN_RAW_PKCS1_3072, 29
|
87
|
+
value :RSA_SIGN_RAW_PKCS1_4096, 30
|
79
88
|
value :RSA_DECRYPT_OAEP_2048_SHA256, 8
|
80
89
|
value :RSA_DECRYPT_OAEP_3072_SHA256, 9
|
81
90
|
value :RSA_DECRYPT_OAEP_4096_SHA256, 10
|
@@ -138,12 +147,14 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
138
147
|
end
|
139
148
|
add_message "google.cloud.kms.v1.ExternalProtectionLevelOptions" do
|
140
149
|
optional :external_key_uri, :string, 1
|
150
|
+
optional :ekm_connection_key_path, :string, 2
|
141
151
|
end
|
142
152
|
add_enum "google.cloud.kms.v1.ProtectionLevel" do
|
143
153
|
value :PROTECTION_LEVEL_UNSPECIFIED, 0
|
144
154
|
value :SOFTWARE, 1
|
145
155
|
value :HSM, 2
|
146
156
|
value :EXTERNAL, 3
|
157
|
+
value :EXTERNAL_VPC, 4
|
147
158
|
end
|
148
159
|
end
|
149
160
|
end
|
@@ -157,6 +168,7 @@ module Google
|
|
157
168
|
CryptoKey::CryptoKeyPurpose = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose").enummodule
|
158
169
|
CryptoKeyVersionTemplate = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.CryptoKeyVersionTemplate").msgclass
|
159
170
|
KeyOperationAttestation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.KeyOperationAttestation").msgclass
|
171
|
+
KeyOperationAttestation::CertificateChains = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.KeyOperationAttestation.CertificateChains").msgclass
|
160
172
|
KeyOperationAttestation::AttestationFormat = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.KeyOperationAttestation.AttestationFormat").enummodule
|
161
173
|
CryptoKeyVersion = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.CryptoKeyVersion").msgclass
|
162
174
|
CryptoKeyVersion::CryptoKeyVersionAlgorithm = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm").enummodule
|
@@ -142,6 +142,8 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
142
142
|
optional :name, :string, 1
|
143
143
|
optional :digest, :message, 3, "google.cloud.kms.v1.Digest"
|
144
144
|
optional :digest_crc32c, :message, 4, "google.protobuf.Int64Value"
|
145
|
+
optional :data, :bytes, 6
|
146
|
+
optional :data_crc32c, :message, 7, "google.protobuf.Int64Value"
|
145
147
|
end
|
146
148
|
add_message "google.cloud.kms.v1.AsymmetricDecryptRequest" do
|
147
149
|
optional :name, :string, 1
|
@@ -184,6 +186,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
184
186
|
optional :signature_crc32c, :message, 2, "google.protobuf.Int64Value"
|
185
187
|
optional :verified_digest_crc32c, :bool, 3
|
186
188
|
optional :name, :string, 4
|
189
|
+
optional :verified_data_crc32c, :bool, 5
|
187
190
|
optional :protection_level, :enum, 6, "google.cloud.kms.v1.ProtectionLevel"
|
188
191
|
end
|
189
192
|
add_message "google.cloud.kms.v1.AsymmetricDecryptResponse" do
|
@@ -54,102 +54,138 @@ module Google
|
|
54
54
|
rpc :ListImportJobs, ::Google::Cloud::Kms::V1::ListImportJobsRequest, ::Google::Cloud::Kms::V1::ListImportJobsResponse
|
55
55
|
# Returns metadata for a given [KeyRing][google.cloud.kms.v1.KeyRing].
|
56
56
|
rpc :GetKeyRing, ::Google::Cloud::Kms::V1::GetKeyRingRequest, ::Google::Cloud::Kms::V1::KeyRing
|
57
|
-
# Returns metadata for a given [CryptoKey][google.cloud.kms.v1.CryptoKey], as
|
58
|
-
# [primary][google.cloud.kms.v1.CryptoKey.primary]
|
57
|
+
# Returns metadata for a given [CryptoKey][google.cloud.kms.v1.CryptoKey], as
|
58
|
+
# well as its [primary][google.cloud.kms.v1.CryptoKey.primary]
|
59
|
+
# [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
|
59
60
|
rpc :GetCryptoKey, ::Google::Cloud::Kms::V1::GetCryptoKeyRequest, ::Google::Cloud::Kms::V1::CryptoKey
|
60
|
-
# Returns metadata for a given
|
61
|
+
# Returns metadata for a given
|
62
|
+
# [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
|
61
63
|
rpc :GetCryptoKeyVersion, ::Google::Cloud::Kms::V1::GetCryptoKeyVersionRequest, ::Google::Cloud::Kms::V1::CryptoKeyVersion
|
62
|
-
# Returns the public key for the given
|
64
|
+
# Returns the public key for the given
|
65
|
+
# [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. The
|
63
66
|
# [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
|
64
|
-
# [ASYMMETRIC_SIGN][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN]
|
67
|
+
# [ASYMMETRIC_SIGN][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN]
|
68
|
+
# or
|
65
69
|
# [ASYMMETRIC_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_DECRYPT].
|
66
70
|
rpc :GetPublicKey, ::Google::Cloud::Kms::V1::GetPublicKeyRequest, ::Google::Cloud::Kms::V1::PublicKey
|
67
71
|
# Returns metadata for a given [ImportJob][google.cloud.kms.v1.ImportJob].
|
68
72
|
rpc :GetImportJob, ::Google::Cloud::Kms::V1::GetImportJobRequest, ::Google::Cloud::Kms::V1::ImportJob
|
69
|
-
# Create a new [KeyRing][google.cloud.kms.v1.KeyRing] in a given Project and
|
73
|
+
# Create a new [KeyRing][google.cloud.kms.v1.KeyRing] in a given Project and
|
74
|
+
# Location.
|
70
75
|
rpc :CreateKeyRing, ::Google::Cloud::Kms::V1::CreateKeyRingRequest, ::Google::Cloud::Kms::V1::KeyRing
|
71
|
-
# Create a new [CryptoKey][google.cloud.kms.v1.CryptoKey] within a
|
76
|
+
# Create a new [CryptoKey][google.cloud.kms.v1.CryptoKey] within a
|
77
|
+
# [KeyRing][google.cloud.kms.v1.KeyRing].
|
72
78
|
#
|
73
79
|
# [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] and
|
74
80
|
# [CryptoKey.version_template.algorithm][google.cloud.kms.v1.CryptoKeyVersionTemplate.algorithm]
|
75
81
|
# are required.
|
76
82
|
rpc :CreateCryptoKey, ::Google::Cloud::Kms::V1::CreateCryptoKeyRequest, ::Google::Cloud::Kms::V1::CryptoKey
|
77
|
-
# Create a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in a
|
83
|
+
# Create a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in a
|
84
|
+
# [CryptoKey][google.cloud.kms.v1.CryptoKey].
|
78
85
|
#
|
79
86
|
# The server will assign the next sequential id. If unset,
|
80
87
|
# [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to
|
81
88
|
# [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED].
|
82
89
|
rpc :CreateCryptoKeyVersion, ::Google::Cloud::Kms::V1::CreateCryptoKeyVersionRequest, ::Google::Cloud::Kms::V1::CryptoKeyVersion
|
83
|
-
# Import wrapped key material into a
|
90
|
+
# Import wrapped key material into a
|
91
|
+
# [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
|
84
92
|
#
|
85
|
-
# All requests must specify a [CryptoKey][google.cloud.kms.v1.CryptoKey]. If
|
86
|
-
#
|
87
|
-
#
|
88
|
-
#
|
93
|
+
# All requests must specify a [CryptoKey][google.cloud.kms.v1.CryptoKey]. If
|
94
|
+
# a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] is additionally
|
95
|
+
# specified in the request, key material will be reimported into that
|
96
|
+
# version. Otherwise, a new version will be created, and will be assigned the
|
97
|
+
# next sequential id within the [CryptoKey][google.cloud.kms.v1.CryptoKey].
|
89
98
|
rpc :ImportCryptoKeyVersion, ::Google::Cloud::Kms::V1::ImportCryptoKeyVersionRequest, ::Google::Cloud::Kms::V1::CryptoKeyVersion
|
90
|
-
# Create a new [ImportJob][google.cloud.kms.v1.ImportJob] within a
|
99
|
+
# Create a new [ImportJob][google.cloud.kms.v1.ImportJob] within a
|
100
|
+
# [KeyRing][google.cloud.kms.v1.KeyRing].
|
91
101
|
#
|
92
|
-
# [ImportJob.import_method][google.cloud.kms.v1.ImportJob.import_method] is
|
102
|
+
# [ImportJob.import_method][google.cloud.kms.v1.ImportJob.import_method] is
|
103
|
+
# required.
|
93
104
|
rpc :CreateImportJob, ::Google::Cloud::Kms::V1::CreateImportJobRequest, ::Google::Cloud::Kms::V1::ImportJob
|
94
105
|
# Update a [CryptoKey][google.cloud.kms.v1.CryptoKey].
|
95
106
|
rpc :UpdateCryptoKey, ::Google::Cloud::Kms::V1::UpdateCryptoKeyRequest, ::Google::Cloud::Kms::V1::CryptoKey
|
96
|
-
# Update a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s
|
107
|
+
# Update a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s
|
108
|
+
# metadata.
|
97
109
|
#
|
98
110
|
# [state][google.cloud.kms.v1.CryptoKeyVersion.state] may be changed between
|
99
|
-
# [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED]
|
100
|
-
#
|
101
|
-
#
|
102
|
-
#
|
111
|
+
# [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED]
|
112
|
+
# and
|
113
|
+
# [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED]
|
114
|
+
# using this method. See
|
115
|
+
# [DestroyCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion]
|
116
|
+
# and
|
117
|
+
# [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion]
|
118
|
+
# to move between other states.
|
103
119
|
rpc :UpdateCryptoKeyVersion, ::Google::Cloud::Kms::V1::UpdateCryptoKeyVersionRequest, ::Google::Cloud::Kms::V1::CryptoKeyVersion
|
104
|
-
# Update the version of a [CryptoKey][google.cloud.kms.v1.CryptoKey] that
|
120
|
+
# Update the version of a [CryptoKey][google.cloud.kms.v1.CryptoKey] that
|
121
|
+
# will be used in
|
122
|
+
# [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt].
|
105
123
|
#
|
106
124
|
# Returns an error if called on a key whose purpose is not
|
107
125
|
# [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
|
108
126
|
rpc :UpdateCryptoKeyPrimaryVersion, ::Google::Cloud::Kms::V1::UpdateCryptoKeyPrimaryVersionRequest, ::Google::Cloud::Kms::V1::CryptoKey
|
109
|
-
# Schedule a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] for
|
127
|
+
# Schedule a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] for
|
128
|
+
# destruction.
|
110
129
|
#
|
111
|
-
# Upon calling this method,
|
130
|
+
# Upon calling this method,
|
131
|
+
# [CryptoKeyVersion.state][google.cloud.kms.v1.CryptoKeyVersion.state] will
|
132
|
+
# be set to
|
112
133
|
# [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED],
|
113
|
-
# and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will
|
114
|
-
#
|
115
|
-
#
|
116
|
-
#
|
117
|
-
# [
|
118
|
-
#
|
134
|
+
# and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will
|
135
|
+
# be set to the time
|
136
|
+
# [destroy_scheduled_duration][google.cloud.kms.v1.CryptoKey.destroy_scheduled_duration]
|
137
|
+
# in the future. At that time, the
|
138
|
+
# [state][google.cloud.kms.v1.CryptoKeyVersion.state] will automatically
|
139
|
+
# change to
|
140
|
+
# [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED],
|
141
|
+
# and the key material will be irrevocably destroyed.
|
119
142
|
#
|
120
|
-
# Before the
|
121
|
-
# [
|
143
|
+
# Before the
|
144
|
+
# [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] is
|
145
|
+
# reached,
|
146
|
+
# [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion]
|
147
|
+
# may be called to reverse the process.
|
122
148
|
rpc :DestroyCryptoKeyVersion, ::Google::Cloud::Kms::V1::DestroyCryptoKeyVersionRequest, ::Google::Cloud::Kms::V1::CryptoKeyVersion
|
123
149
|
# Restore a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in the
|
124
150
|
# [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED]
|
125
151
|
# state.
|
126
152
|
#
|
127
|
-
# Upon restoration of the CryptoKeyVersion,
|
128
|
-
#
|
129
|
-
#
|
153
|
+
# Upon restoration of the CryptoKeyVersion,
|
154
|
+
# [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to
|
155
|
+
# [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED],
|
156
|
+
# and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will
|
157
|
+
# be cleared.
|
130
158
|
rpc :RestoreCryptoKeyVersion, ::Google::Cloud::Kms::V1::RestoreCryptoKeyVersionRequest, ::Google::Cloud::Kms::V1::CryptoKeyVersion
|
131
|
-
# Encrypts data, so that it can only be recovered by a call to
|
132
|
-
#
|
159
|
+
# Encrypts data, so that it can only be recovered by a call to
|
160
|
+
# [Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt]. The
|
161
|
+
# [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
|
133
162
|
# [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
|
134
163
|
rpc :Encrypt, ::Google::Cloud::Kms::V1::EncryptRequest, ::Google::Cloud::Kms::V1::EncryptResponse
|
135
|
-
# Decrypts data that was protected by
|
136
|
-
#
|
164
|
+
# Decrypts data that was protected by
|
165
|
+
# [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. The
|
166
|
+
# [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
|
167
|
+
# [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
|
137
168
|
rpc :Decrypt, ::Google::Cloud::Kms::V1::DecryptRequest, ::Google::Cloud::Kms::V1::DecryptResponse
|
138
|
-
# Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
|
169
|
+
# Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
|
170
|
+
# with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
|
139
171
|
# ASYMMETRIC_SIGN, producing a signature that can be verified with the public
|
140
|
-
# key retrieved from
|
172
|
+
# key retrieved from
|
173
|
+
# [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey].
|
141
174
|
rpc :AsymmetricSign, ::Google::Cloud::Kms::V1::AsymmetricSignRequest, ::Google::Cloud::Kms::V1::AsymmetricSignResponse
|
142
175
|
# Decrypts data that was encrypted with a public key retrieved from
|
143
|
-
# [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey]
|
144
|
-
# [
|
176
|
+
# [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey]
|
177
|
+
# corresponding to a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
|
178
|
+
# with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
|
179
|
+
# ASYMMETRIC_DECRYPT.
|
145
180
|
rpc :AsymmetricDecrypt, ::Google::Cloud::Kms::V1::AsymmetricDecryptRequest, ::Google::Cloud::Kms::V1::AsymmetricDecryptResponse
|
146
|
-
# Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
|
147
|
-
# MAC,
|
148
|
-
# same key.
|
181
|
+
# Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
|
182
|
+
# with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] MAC,
|
183
|
+
# producing a tag that can be verified by another source with the same key.
|
149
184
|
rpc :MacSign, ::Google::Cloud::Kms::V1::MacSignRequest, ::Google::Cloud::Kms::V1::MacSignResponse
|
150
|
-
# Verifies MAC tag using a
|
151
|
-
#
|
152
|
-
#
|
185
|
+
# Verifies MAC tag using a
|
186
|
+
# [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with
|
187
|
+
# [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] MAC, and returns
|
188
|
+
# a response that indicates whether or not the verification was successful.
|
153
189
|
rpc :MacVerify, ::Google::Cloud::Kms::V1::MacVerifyRequest, ::Google::Cloud::Kms::V1::MacVerifyResponse
|
154
190
|
# Generate random bytes using the Cloud KMS randomness source in the provided
|
155
191
|
# location.
|
data/lib/google/cloud/kms/v1.rb
CHANGED
@@ -16,6 +16,7 @@
|
|
16
16
|
|
17
17
|
# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
|
18
18
|
|
19
|
+
require "google/cloud/kms/v1/ekm_service"
|
19
20
|
require "google/cloud/kms/v1/key_management_service"
|
20
21
|
require "google/cloud/kms/v1/iam_policy"
|
21
22
|
require "google/cloud/kms/v1/version"
|
@@ -27,7 +28,7 @@ module Google
|
|
27
28
|
# To load this package, including all its services, and instantiate a client:
|
28
29
|
#
|
29
30
|
# require "google/cloud/kms/v1"
|
30
|
-
# client = ::Google::Cloud::Kms::V1::
|
31
|
+
# client = ::Google::Cloud::Kms::V1::EkmService::Client.new
|
31
32
|
#
|
32
33
|
module V1
|
33
34
|
end
|
@@ -33,11 +33,7 @@ module Google
|
|
33
33
|
# // For Kubernetes resources, the format is {api group}/{kind}.
|
34
34
|
# option (google.api.resource) = {
|
35
35
|
# type: "pubsub.googleapis.com/Topic"
|
36
|
-
#
|
37
|
-
# pattern: "projects/{project}/topics/{topic}"
|
38
|
-
# parent_type: "cloudresourcemanager.googleapis.com/Project"
|
39
|
-
# parent_name_extractor: "projects/{project}"
|
40
|
-
# }
|
36
|
+
# pattern: "projects/{project}/topics/{topic}"
|
41
37
|
# };
|
42
38
|
# }
|
43
39
|
#
|
@@ -45,10 +41,7 @@ module Google
|
|
45
41
|
#
|
46
42
|
# resources:
|
47
43
|
# - type: "pubsub.googleapis.com/Topic"
|
48
|
-
#
|
49
|
-
# - pattern: "projects/{project}/topics/{topic}"
|
50
|
-
# parent_type: "cloudresourcemanager.googleapis.com/Project"
|
51
|
-
# parent_name_extractor: "projects/{project}"
|
44
|
+
# pattern: "projects/{project}/topics/{topic}"
|
52
45
|
#
|
53
46
|
# Sometimes, resources have multiple patterns, typically because they can
|
54
47
|
# live under multiple parents.
|
@@ -58,26 +51,10 @@ module Google
|
|
58
51
|
# message LogEntry {
|
59
52
|
# option (google.api.resource) = {
|
60
53
|
# type: "logging.googleapis.com/LogEntry"
|
61
|
-
#
|
62
|
-
#
|
63
|
-
#
|
64
|
-
#
|
65
|
-
# }
|
66
|
-
# name_descriptor: {
|
67
|
-
# pattern: "folders/{folder}/logs/{log}"
|
68
|
-
# parent_type: "cloudresourcemanager.googleapis.com/Folder"
|
69
|
-
# parent_name_extractor: "folders/{folder}"
|
70
|
-
# }
|
71
|
-
# name_descriptor: {
|
72
|
-
# pattern: "organizations/{organization}/logs/{log}"
|
73
|
-
# parent_type: "cloudresourcemanager.googleapis.com/Organization"
|
74
|
-
# parent_name_extractor: "organizations/{organization}"
|
75
|
-
# }
|
76
|
-
# name_descriptor: {
|
77
|
-
# pattern: "billingAccounts/{billing_account}/logs/{log}"
|
78
|
-
# parent_type: "billing.googleapis.com/BillingAccount"
|
79
|
-
# parent_name_extractor: "billingAccounts/{billing_account}"
|
80
|
-
# }
|
54
|
+
# pattern: "projects/{project}/logs/{log}"
|
55
|
+
# pattern: "folders/{folder}/logs/{log}"
|
56
|
+
# pattern: "organizations/{organization}/logs/{log}"
|
57
|
+
# pattern: "billingAccounts/{billing_account}/logs/{log}"
|
81
58
|
# };
|
82
59
|
# }
|
83
60
|
#
|
@@ -85,48 +62,10 @@ module Google
|
|
85
62
|
#
|
86
63
|
# resources:
|
87
64
|
# - type: 'logging.googleapis.com/LogEntry'
|
88
|
-
#
|
89
|
-
#
|
90
|
-
#
|
91
|
-
#
|
92
|
-
# - pattern: "folders/{folder}/logs/{log}"
|
93
|
-
# parent_type: "cloudresourcemanager.googleapis.com/Folder"
|
94
|
-
# parent_name_extractor: "folders/{folder}"
|
95
|
-
# - pattern: "organizations/{organization}/logs/{log}"
|
96
|
-
# parent_type: "cloudresourcemanager.googleapis.com/Organization"
|
97
|
-
# parent_name_extractor: "organizations/{organization}"
|
98
|
-
# - pattern: "billingAccounts/{billing_account}/logs/{log}"
|
99
|
-
# parent_type: "billing.googleapis.com/BillingAccount"
|
100
|
-
# parent_name_extractor: "billingAccounts/{billing_account}"
|
101
|
-
#
|
102
|
-
# For flexible resources, the resource name doesn't contain parent names, but
|
103
|
-
# the resource itself has parents for policy evaluation.
|
104
|
-
#
|
105
|
-
# Example:
|
106
|
-
#
|
107
|
-
# message Shelf {
|
108
|
-
# option (google.api.resource) = {
|
109
|
-
# type: "library.googleapis.com/Shelf"
|
110
|
-
# name_descriptor: {
|
111
|
-
# pattern: "shelves/{shelf}"
|
112
|
-
# parent_type: "cloudresourcemanager.googleapis.com/Project"
|
113
|
-
# }
|
114
|
-
# name_descriptor: {
|
115
|
-
# pattern: "shelves/{shelf}"
|
116
|
-
# parent_type: "cloudresourcemanager.googleapis.com/Folder"
|
117
|
-
# }
|
118
|
-
# };
|
119
|
-
# }
|
120
|
-
#
|
121
|
-
# The ResourceDescriptor Yaml config will look like:
|
122
|
-
#
|
123
|
-
# resources:
|
124
|
-
# - type: 'library.googleapis.com/Shelf'
|
125
|
-
# name_descriptor:
|
126
|
-
# - pattern: "shelves/{shelf}"
|
127
|
-
# parent_type: "cloudresourcemanager.googleapis.com/Project"
|
128
|
-
# - pattern: "shelves/{shelf}"
|
129
|
-
# parent_type: "cloudresourcemanager.googleapis.com/Folder"
|
65
|
+
# pattern: "projects/{project}/logs/{log}"
|
66
|
+
# pattern: "folders/{folder}/logs/{log}"
|
67
|
+
# pattern: "organizations/{organization}/logs/{log}"
|
68
|
+
# pattern: "billingAccounts/{billing_account}/logs/{log}"
|
130
69
|
# @!attribute [rw] type
|
131
70
|
# @return [::String]
|
132
71
|
# The resource type. It must be in the format of
|
@@ -0,0 +1,226 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
# Copyright 2022 Google LLC
|
4
|
+
#
|
5
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
6
|
+
# you may not use this file except in compliance with the License.
|
7
|
+
# You may obtain a copy of the License at
|
8
|
+
#
|
9
|
+
# https://www.apache.org/licenses/LICENSE-2.0
|
10
|
+
#
|
11
|
+
# Unless required by applicable law or agreed to in writing, software
|
12
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
13
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14
|
+
# See the License for the specific language governing permissions and
|
15
|
+
# limitations under the License.
|
16
|
+
|
17
|
+
# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
|
18
|
+
|
19
|
+
|
20
|
+
module Google
|
21
|
+
module Cloud
|
22
|
+
module Kms
|
23
|
+
module V1
|
24
|
+
# Request message for [KeyManagementService.ListEkmConnections][].
|
25
|
+
# @!attribute [rw] parent
|
26
|
+
# @return [::String]
|
27
|
+
# Required. The resource name of the location associated with the
|
28
|
+
# {::Google::Cloud::Kms::V1::EkmConnection EkmConnections} to list, in the format
|
29
|
+
# `projects/*/locations/*`.
|
30
|
+
# @!attribute [rw] page_size
|
31
|
+
# @return [::Integer]
|
32
|
+
# Optional. Optional limit on the number of
|
33
|
+
# {::Google::Cloud::Kms::V1::EkmConnection EkmConnections} to include in the
|
34
|
+
# response. Further {::Google::Cloud::Kms::V1::EkmConnection EkmConnections} can
|
35
|
+
# subsequently be obtained by including the
|
36
|
+
# {::Google::Cloud::Kms::V1::ListEkmConnectionsResponse#next_page_token ListEkmConnectionsResponse.next_page_token}
|
37
|
+
# in a subsequent request. If unspecified, the server will pick an
|
38
|
+
# appropriate default.
|
39
|
+
# @!attribute [rw] page_token
|
40
|
+
# @return [::String]
|
41
|
+
# Optional. Optional pagination token, returned earlier via
|
42
|
+
# {::Google::Cloud::Kms::V1::ListEkmConnectionsResponse#next_page_token ListEkmConnectionsResponse.next_page_token}.
|
43
|
+
# @!attribute [rw] filter
|
44
|
+
# @return [::String]
|
45
|
+
# Optional. Only include resources that match the filter in the response. For
|
46
|
+
# more information, see
|
47
|
+
# [Sorting and filtering list
|
48
|
+
# results](https://cloud.google.com/kms/docs/sorting-and-filtering).
|
49
|
+
# @!attribute [rw] order_by
|
50
|
+
# @return [::String]
|
51
|
+
# Optional. Specify how the results should be sorted. If not specified, the
|
52
|
+
# results will be sorted in the default order. For more information, see
|
53
|
+
# [Sorting and filtering list
|
54
|
+
# results](https://cloud.google.com/kms/docs/sorting-and-filtering).
|
55
|
+
class ListEkmConnectionsRequest
|
56
|
+
include ::Google::Protobuf::MessageExts
|
57
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
58
|
+
end
|
59
|
+
|
60
|
+
# Response message for [KeyManagementService.ListEkmConnections][].
|
61
|
+
# @!attribute [rw] ekm_connections
|
62
|
+
# @return [::Array<::Google::Cloud::Kms::V1::EkmConnection>]
|
63
|
+
# The list of {::Google::Cloud::Kms::V1::EkmConnection EkmConnections}.
|
64
|
+
# @!attribute [rw] next_page_token
|
65
|
+
# @return [::String]
|
66
|
+
# A token to retrieve next page of results. Pass this value in
|
67
|
+
# {::Google::Cloud::Kms::V1::ListEkmConnectionsRequest#page_token ListEkmConnectionsRequest.page_token}
|
68
|
+
# to retrieve the next page of results.
|
69
|
+
# @!attribute [rw] total_size
|
70
|
+
# @return [::Integer]
|
71
|
+
# The total number of {::Google::Cloud::Kms::V1::EkmConnection EkmConnections}
|
72
|
+
# that matched the query.
|
73
|
+
class ListEkmConnectionsResponse
|
74
|
+
include ::Google::Protobuf::MessageExts
|
75
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
76
|
+
end
|
77
|
+
|
78
|
+
# Request message for [KeyManagementService.GetEkmConnection][].
|
79
|
+
# @!attribute [rw] name
|
80
|
+
# @return [::String]
|
81
|
+
# Required. The {::Google::Cloud::Kms::V1::EkmConnection#name name} of the
|
82
|
+
# {::Google::Cloud::Kms::V1::EkmConnection EkmConnection} to get.
|
83
|
+
class GetEkmConnectionRequest
|
84
|
+
include ::Google::Protobuf::MessageExts
|
85
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
86
|
+
end
|
87
|
+
|
88
|
+
# Request message for [KeyManagementService.CreateEkmConnection][].
|
89
|
+
# @!attribute [rw] parent
|
90
|
+
# @return [::String]
|
91
|
+
# Required. The resource name of the location associated with the
|
92
|
+
# {::Google::Cloud::Kms::V1::EkmConnection EkmConnection}, in the format
|
93
|
+
# `projects/*/locations/*`.
|
94
|
+
# @!attribute [rw] ekm_connection_id
|
95
|
+
# @return [::String]
|
96
|
+
# Required. It must be unique within a location and match the regular
|
97
|
+
# expression `[a-zA-Z0-9_-]{1,63}`.
|
98
|
+
# @!attribute [rw] ekm_connection
|
99
|
+
# @return [::Google::Cloud::Kms::V1::EkmConnection]
|
100
|
+
# Required. An {::Google::Cloud::Kms::V1::EkmConnection EkmConnection} with
|
101
|
+
# initial field values.
|
102
|
+
class CreateEkmConnectionRequest
|
103
|
+
include ::Google::Protobuf::MessageExts
|
104
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
105
|
+
end
|
106
|
+
|
107
|
+
# Request message for [KeyManagementService.UpdateEkmConnection][].
|
108
|
+
# @!attribute [rw] ekm_connection
|
109
|
+
# @return [::Google::Cloud::Kms::V1::EkmConnection]
|
110
|
+
# Required. {::Google::Cloud::Kms::V1::EkmConnection EkmConnection} with updated
|
111
|
+
# values.
|
112
|
+
# @!attribute [rw] update_mask
|
113
|
+
# @return [::Google::Protobuf::FieldMask]
|
114
|
+
# Required. List of fields to be updated in this request.
|
115
|
+
class UpdateEkmConnectionRequest
|
116
|
+
include ::Google::Protobuf::MessageExts
|
117
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
118
|
+
end
|
119
|
+
|
120
|
+
# A {::Google::Cloud::Kms::V1::Certificate Certificate} represents an X.509
|
121
|
+
# certificate used to authenticate HTTPS connections to EKM replicas.
|
122
|
+
# @!attribute [rw] raw_der
|
123
|
+
# @return [::String]
|
124
|
+
# Required. The raw certificate bytes in DER format.
|
125
|
+
# @!attribute [r] parsed
|
126
|
+
# @return [::Boolean]
|
127
|
+
# Output only. True if the certificate was parsed successfully.
|
128
|
+
# @!attribute [r] issuer
|
129
|
+
# @return [::String]
|
130
|
+
# Output only. The issuer distinguished name in RFC 2253 format. Only present
|
131
|
+
# if {::Google::Cloud::Kms::V1::Certificate#parsed parsed} is true.
|
132
|
+
# @!attribute [r] subject
|
133
|
+
# @return [::String]
|
134
|
+
# Output only. The subject distinguished name in RFC 2253 format. Only
|
135
|
+
# present if {::Google::Cloud::Kms::V1::Certificate#parsed parsed} is true.
|
136
|
+
# @!attribute [r] subject_alternative_dns_names
|
137
|
+
# @return [::Array<::String>]
|
138
|
+
# Output only. The subject Alternative DNS names. Only present if
|
139
|
+
# {::Google::Cloud::Kms::V1::Certificate#parsed parsed} is true.
|
140
|
+
# @!attribute [r] not_before_time
|
141
|
+
# @return [::Google::Protobuf::Timestamp]
|
142
|
+
# Output only. The certificate is not valid before this time. Only present if
|
143
|
+
# {::Google::Cloud::Kms::V1::Certificate#parsed parsed} is true.
|
144
|
+
# @!attribute [r] not_after_time
|
145
|
+
# @return [::Google::Protobuf::Timestamp]
|
146
|
+
# Output only. The certificate is not valid after this time. Only present if
|
147
|
+
# {::Google::Cloud::Kms::V1::Certificate#parsed parsed} is true.
|
148
|
+
# @!attribute [r] serial_number
|
149
|
+
# @return [::String]
|
150
|
+
# Output only. The certificate serial number as a hex string. Only present if
|
151
|
+
# {::Google::Cloud::Kms::V1::Certificate#parsed parsed} is true.
|
152
|
+
# @!attribute [r] sha256_fingerprint
|
153
|
+
# @return [::String]
|
154
|
+
# Output only. The SHA-256 certificate fingerprint as a hex string. Only
|
155
|
+
# present if {::Google::Cloud::Kms::V1::Certificate#parsed parsed} is true.
|
156
|
+
class Certificate
|
157
|
+
include ::Google::Protobuf::MessageExts
|
158
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
159
|
+
end
|
160
|
+
|
161
|
+
# An {::Google::Cloud::Kms::V1::EkmConnection EkmConnection} represents an
|
162
|
+
# individual EKM connection. It can be used for creating
|
163
|
+
# {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} and
|
164
|
+
# {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersions} with a
|
165
|
+
# {::Google::Cloud::Kms::V1::ProtectionLevel ProtectionLevel} of
|
166
|
+
# [EXTERNAL_VPC][CryptoKeyVersion.ProtectionLevel.EXTERNAL_VPC], as well as
|
167
|
+
# performing cryptographic operations using keys created within the
|
168
|
+
# {::Google::Cloud::Kms::V1::EkmConnection EkmConnection}.
|
169
|
+
# @!attribute [r] name
|
170
|
+
# @return [::String]
|
171
|
+
# Output only. The resource name for the
|
172
|
+
# {::Google::Cloud::Kms::V1::EkmConnection EkmConnection} in the format
|
173
|
+
# `projects/*/locations/*/ekmConnections/*`.
|
174
|
+
# @!attribute [r] create_time
|
175
|
+
# @return [::Google::Protobuf::Timestamp]
|
176
|
+
# Output only. The time at which the
|
177
|
+
# {::Google::Cloud::Kms::V1::EkmConnection EkmConnection} was created.
|
178
|
+
# @!attribute [rw] service_resolvers
|
179
|
+
# @return [::Array<::Google::Cloud::Kms::V1::EkmConnection::ServiceResolver>]
|
180
|
+
# A list of
|
181
|
+
# {::Google::Cloud::Kms::V1::EkmConnection::ServiceResolver ServiceResolvers} where
|
182
|
+
# the EKM can be reached. There should be one ServiceResolver per EKM
|
183
|
+
# replica. Currently, only a single
|
184
|
+
# {::Google::Cloud::Kms::V1::EkmConnection::ServiceResolver ServiceResolver} is
|
185
|
+
# supported.
|
186
|
+
# @!attribute [rw] etag
|
187
|
+
# @return [::String]
|
188
|
+
# This checksum is computed by the server based on the value of other fields,
|
189
|
+
# and may be sent on update requests to ensure the client has an up-to-date
|
190
|
+
# value before proceeding.
|
191
|
+
class EkmConnection
|
192
|
+
include ::Google::Protobuf::MessageExts
|
193
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
194
|
+
|
195
|
+
# A {::Google::Cloud::Kms::V1::EkmConnection::ServiceResolver ServiceResolver}
|
196
|
+
# represents an EKM replica that can be reached within an
|
197
|
+
# {::Google::Cloud::Kms::V1::EkmConnection EkmConnection}.
|
198
|
+
# @!attribute [rw] service_directory_service
|
199
|
+
# @return [::String]
|
200
|
+
# Required. The resource name of the Service Directory service pointing to
|
201
|
+
# an EKM replica, in the format
|
202
|
+
# `projects/*/locations/*/namespaces/*/services/*`.
|
203
|
+
# @!attribute [rw] endpoint_filter
|
204
|
+
# @return [::String]
|
205
|
+
# Optional. The filter applied to the endpoints of the resolved service. If
|
206
|
+
# no filter is specified, all endpoints will be considered. An endpoint
|
207
|
+
# will be chosen arbitrarily from the filtered list for each request.
|
208
|
+
#
|
209
|
+
# For endpoint filter syntax and examples, see
|
210
|
+
# https://cloud.google.com/service-directory/docs/reference/rpc/google.cloud.servicedirectory.v1#resolveservicerequest.
|
211
|
+
# @!attribute [rw] hostname
|
212
|
+
# @return [::String]
|
213
|
+
# Required. The hostname of the EKM replica used at TLS and HTTP layers.
|
214
|
+
# @!attribute [rw] server_certificates
|
215
|
+
# @return [::Array<::Google::Cloud::Kms::V1::Certificate>]
|
216
|
+
# Required. A list of leaf server certificates used to authenticate HTTPS
|
217
|
+
# connections to the EKM replica.
|
218
|
+
class ServiceResolver
|
219
|
+
include ::Google::Protobuf::MessageExts
|
220
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
221
|
+
end
|
222
|
+
end
|
223
|
+
end
|
224
|
+
end
|
225
|
+
end
|
226
|
+
end
|