google-cloud-kms-v1 0.9.0 → 0.11.0

data/lib/google/cloud/kms/v1/resources_pb.rb

@@ -6,7 +6,6 @@ require 'google/api/resource_pb'
 require 'google/protobuf/duration_pb'
 require 'google/protobuf/timestamp_pb'
 require 'google/protobuf/wrappers_pb'
-require 'google/api/annotations_pb'
 require 'google/protobuf'
 
 Google::Protobuf::DescriptorPool.generated_pool.build do
@@ -25,6 +24,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       map :labels, :string, :string, 10
       optional :import_only, :bool, 13
       optional :destroy_scheduled_duration, :message, 14, "google.protobuf.Duration"
+      optional :crypto_key_backend, :string, 15
       oneof :rotation_schedule do
         optional :rotation_period, :message, 8, "google.protobuf.Duration"
       end
@@ -43,6 +43,12 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
     add_message "google.cloud.kms.v1.KeyOperationAttestation" do
       optional :format, :enum, 4, "google.cloud.kms.v1.KeyOperationAttestation.AttestationFormat"
       optional :content, :bytes, 5
+      optional :cert_chains, :message, 6, "google.cloud.kms.v1.KeyOperationAttestation.CertificateChains"
+    end
+    add_message "google.cloud.kms.v1.KeyOperationAttestation.CertificateChains" do
+      repeated :cavium_certs, :string, 1
+      repeated :google_card_certs, :string, 2
+      repeated :google_partition_certs, :string, 3
     end
     add_enum "google.cloud.kms.v1.KeyOperationAttestation.AttestationFormat" do
       value :ATTESTATION_FORMAT_UNSPECIFIED, 0
@@ -76,6 +82,9 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       value :RSA_SIGN_PKCS1_3072_SHA256, 6
       value :RSA_SIGN_PKCS1_4096_SHA256, 7
       value :RSA_SIGN_PKCS1_4096_SHA512, 16
+      value :RSA_SIGN_RAW_PKCS1_2048, 28
+      value :RSA_SIGN_RAW_PKCS1_3072, 29
+      value :RSA_SIGN_RAW_PKCS1_4096, 30
       value :RSA_DECRYPT_OAEP_2048_SHA256, 8
       value :RSA_DECRYPT_OAEP_3072_SHA256, 9
       value :RSA_DECRYPT_OAEP_4096_SHA256, 10
@@ -138,12 +147,14 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
     end
     add_message "google.cloud.kms.v1.ExternalProtectionLevelOptions" do
       optional :external_key_uri, :string, 1
+      optional :ekm_connection_key_path, :string, 2
     end
     add_enum "google.cloud.kms.v1.ProtectionLevel" do
       value :PROTECTION_LEVEL_UNSPECIFIED, 0
       value :SOFTWARE, 1
       value :HSM, 2
       value :EXTERNAL, 3
+      value :EXTERNAL_VPC, 4
     end
   end
 end
@@ -157,6 +168,7 @@ module Google
         CryptoKey::CryptoKeyPurpose = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose").enummodule
         CryptoKeyVersionTemplate = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.CryptoKeyVersionTemplate").msgclass
         KeyOperationAttestation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.KeyOperationAttestation").msgclass
+        KeyOperationAttestation::CertificateChains = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.KeyOperationAttestation.CertificateChains").msgclass
         KeyOperationAttestation::AttestationFormat = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.KeyOperationAttestation.AttestationFormat").enummodule
         CryptoKeyVersion = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.CryptoKeyVersion").msgclass
         CryptoKeyVersion::CryptoKeyVersionAlgorithm = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm").enummodule

data/lib/google/cloud/kms/v1/service_pb.rb

@@ -142,6 +142,8 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       optional :name, :string, 1
       optional :digest, :message, 3, "google.cloud.kms.v1.Digest"
       optional :digest_crc32c, :message, 4, "google.protobuf.Int64Value"
+      optional :data, :bytes, 6
+      optional :data_crc32c, :message, 7, "google.protobuf.Int64Value"
     end
     add_message "google.cloud.kms.v1.AsymmetricDecryptRequest" do
       optional :name, :string, 1
@@ -184,6 +186,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       optional :signature_crc32c, :message, 2, "google.protobuf.Int64Value"
       optional :verified_digest_crc32c, :bool, 3
       optional :name, :string, 4
+      optional :verified_data_crc32c, :bool, 5
       optional :protection_level, :enum, 6, "google.cloud.kms.v1.ProtectionLevel"
     end
     add_message "google.cloud.kms.v1.AsymmetricDecryptResponse" do

data/lib/google/cloud/kms/v1/service_services_pb.rb

@@ -54,102 +54,138 @@ module Google
             rpc :ListImportJobs, ::Google::Cloud::Kms::V1::ListImportJobsRequest, ::Google::Cloud::Kms::V1::ListImportJobsResponse
             # Returns metadata for a given [KeyRing][google.cloud.kms.v1.KeyRing].
             rpc :GetKeyRing, ::Google::Cloud::Kms::V1::GetKeyRingRequest, ::Google::Cloud::Kms::V1::KeyRing
-            # Returns metadata for a given [CryptoKey][google.cloud.kms.v1.CryptoKey], as well as its
-            # [primary][google.cloud.kms.v1.CryptoKey.primary] [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
+            # Returns metadata for a given [CryptoKey][google.cloud.kms.v1.CryptoKey], as
+            # well as its [primary][google.cloud.kms.v1.CryptoKey.primary]
+            # [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
             rpc :GetCryptoKey, ::Google::Cloud::Kms::V1::GetCryptoKeyRequest, ::Google::Cloud::Kms::V1::CryptoKey
-            # Returns metadata for a given [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
+            # Returns metadata for a given
+            # [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
             rpc :GetCryptoKeyVersion, ::Google::Cloud::Kms::V1::GetCryptoKeyVersionRequest, ::Google::Cloud::Kms::V1::CryptoKeyVersion
-            # Returns the public key for the given [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. The
+            # Returns the public key for the given
+            # [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. The
             # [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
-            # [ASYMMETRIC_SIGN][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN] or
+            # [ASYMMETRIC_SIGN][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN]
+            # or
             # [ASYMMETRIC_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_DECRYPT].
             rpc :GetPublicKey, ::Google::Cloud::Kms::V1::GetPublicKeyRequest, ::Google::Cloud::Kms::V1::PublicKey
             # Returns metadata for a given [ImportJob][google.cloud.kms.v1.ImportJob].
             rpc :GetImportJob, ::Google::Cloud::Kms::V1::GetImportJobRequest, ::Google::Cloud::Kms::V1::ImportJob
-            # Create a new [KeyRing][google.cloud.kms.v1.KeyRing] in a given Project and Location.
+            # Create a new [KeyRing][google.cloud.kms.v1.KeyRing] in a given Project and
+            # Location.
             rpc :CreateKeyRing, ::Google::Cloud::Kms::V1::CreateKeyRingRequest, ::Google::Cloud::Kms::V1::KeyRing
-            # Create a new [CryptoKey][google.cloud.kms.v1.CryptoKey] within a [KeyRing][google.cloud.kms.v1.KeyRing].
+            # Create a new [CryptoKey][google.cloud.kms.v1.CryptoKey] within a
+            # [KeyRing][google.cloud.kms.v1.KeyRing].
             #
             # [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] and
             # [CryptoKey.version_template.algorithm][google.cloud.kms.v1.CryptoKeyVersionTemplate.algorithm]
             # are required.
             rpc :CreateCryptoKey, ::Google::Cloud::Kms::V1::CreateCryptoKeyRequest, ::Google::Cloud::Kms::V1::CryptoKey
-            # Create a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in a [CryptoKey][google.cloud.kms.v1.CryptoKey].
+            # Create a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in a
+            # [CryptoKey][google.cloud.kms.v1.CryptoKey].
             #
             # The server will assign the next sequential id. If unset,
             # [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to
             # [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED].
             rpc :CreateCryptoKeyVersion, ::Google::Cloud::Kms::V1::CreateCryptoKeyVersionRequest, ::Google::Cloud::Kms::V1::CryptoKeyVersion
-            # Import wrapped key material into a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
+            # Import wrapped key material into a
+            # [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
             #
-            # All requests must specify a [CryptoKey][google.cloud.kms.v1.CryptoKey]. If a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] is
-            # additionally specified in the request, key material will be reimported into
-            # that version. Otherwise, a new version will be created, and will be
-            # assigned the next sequential id within the [CryptoKey][google.cloud.kms.v1.CryptoKey].
+            # All requests must specify a [CryptoKey][google.cloud.kms.v1.CryptoKey]. If
+            # a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] is additionally
+            # specified in the request, key material will be reimported into that
+            # version. Otherwise, a new version will be created, and will be assigned the
+            # next sequential id within the [CryptoKey][google.cloud.kms.v1.CryptoKey].
             rpc :ImportCryptoKeyVersion, ::Google::Cloud::Kms::V1::ImportCryptoKeyVersionRequest, ::Google::Cloud::Kms::V1::CryptoKeyVersion
-            # Create a new [ImportJob][google.cloud.kms.v1.ImportJob] within a [KeyRing][google.cloud.kms.v1.KeyRing].
+            # Create a new [ImportJob][google.cloud.kms.v1.ImportJob] within a
+            # [KeyRing][google.cloud.kms.v1.KeyRing].
             #
-            # [ImportJob.import_method][google.cloud.kms.v1.ImportJob.import_method] is required.
+            # [ImportJob.import_method][google.cloud.kms.v1.ImportJob.import_method] is
+            # required.
             rpc :CreateImportJob, ::Google::Cloud::Kms::V1::CreateImportJobRequest, ::Google::Cloud::Kms::V1::ImportJob
             # Update a [CryptoKey][google.cloud.kms.v1.CryptoKey].
             rpc :UpdateCryptoKey, ::Google::Cloud::Kms::V1::UpdateCryptoKeyRequest, ::Google::Cloud::Kms::V1::CryptoKey
-            # Update a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s metadata.
+            # Update a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s
+            # metadata.
             #
             # [state][google.cloud.kms.v1.CryptoKeyVersion.state] may be changed between
-            # [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED] and
-            # [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED] using this
-            # method. See [DestroyCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion] and [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion] to
-            # move between other states.
+            # [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED]
+            # and
+            # [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED]
+            # using this method. See
+            # [DestroyCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion]
+            # and
+            # [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion]
+            # to move between other states.
             rpc :UpdateCryptoKeyVersion, ::Google::Cloud::Kms::V1::UpdateCryptoKeyVersionRequest, ::Google::Cloud::Kms::V1::CryptoKeyVersion
-            # Update the version of a [CryptoKey][google.cloud.kms.v1.CryptoKey] that will be used in [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt].
+            # Update the version of a [CryptoKey][google.cloud.kms.v1.CryptoKey] that
+            # will be used in
+            # [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt].
             #
             # Returns an error if called on a key whose purpose is not
             # [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
             rpc :UpdateCryptoKeyPrimaryVersion, ::Google::Cloud::Kms::V1::UpdateCryptoKeyPrimaryVersionRequest, ::Google::Cloud::Kms::V1::CryptoKey
-            # Schedule a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] for destruction.
+            # Schedule a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] for
+            # destruction.
             #
-            # Upon calling this method, [CryptoKeyVersion.state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to
+            # Upon calling this method,
+            # [CryptoKeyVersion.state][google.cloud.kms.v1.CryptoKeyVersion.state] will
+            # be set to
             # [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED],
-            # and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will be set to the time
-            # [destroy_scheduled_duration][google.cloud.kms.v1.CryptoKey.destroy_scheduled_duration] in the
-            # future. At that time, the [state][google.cloud.kms.v1.CryptoKeyVersion.state] will
-            # automatically change to
-            # [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED], and the key
-            # material will be irrevocably destroyed.
+            # and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will
+            # be set to the time
+            # [destroy_scheduled_duration][google.cloud.kms.v1.CryptoKey.destroy_scheduled_duration]
+            # in the future. At that time, the
+            # [state][google.cloud.kms.v1.CryptoKeyVersion.state] will automatically
+            # change to
+            # [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED],
+            # and the key material will be irrevocably destroyed.
             #
-            # Before the [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] is reached,
-            # [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion] may be called to reverse the process.
+            # Before the
+            # [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] is
+            # reached,
+            # [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion]
+            # may be called to reverse the process.
             rpc :DestroyCryptoKeyVersion, ::Google::Cloud::Kms::V1::DestroyCryptoKeyVersionRequest, ::Google::Cloud::Kms::V1::CryptoKeyVersion
             # Restore a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in the
             # [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED]
             # state.
             #
-            # Upon restoration of the CryptoKeyVersion, [state][google.cloud.kms.v1.CryptoKeyVersion.state]
-            # will be set to [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED],
-            # and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will be cleared.
+            # Upon restoration of the CryptoKeyVersion,
+            # [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to
+            # [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED],
+            # and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will
+            # be cleared.
             rpc :RestoreCryptoKeyVersion, ::Google::Cloud::Kms::V1::RestoreCryptoKeyVersionRequest, ::Google::Cloud::Kms::V1::CryptoKeyVersion
-            # Encrypts data, so that it can only be recovered by a call to [Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt].
-            # The [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
+            # Encrypts data, so that it can only be recovered by a call to
+            # [Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt]. The
+            # [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
             # [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
             rpc :Encrypt, ::Google::Cloud::Kms::V1::EncryptRequest, ::Google::Cloud::Kms::V1::EncryptResponse
-            # Decrypts data that was protected by [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. The [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
-            # must be [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
+            # Decrypts data that was protected by
+            # [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. The
+            # [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
+            # [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
             rpc :Decrypt, ::Google::Cloud::Kms::V1::DecryptRequest, ::Google::Cloud::Kms::V1::DecryptResponse
-            # Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
+            # Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
+            # with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
             # ASYMMETRIC_SIGN, producing a signature that can be verified with the public
-            # key retrieved from [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey].
+            # key retrieved from
+            # [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey].
             rpc :AsymmetricSign, ::Google::Cloud::Kms::V1::AsymmetricSignRequest, ::Google::Cloud::Kms::V1::AsymmetricSignResponse
             # Decrypts data that was encrypted with a public key retrieved from
-            # [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey] corresponding to a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with
-            # [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] ASYMMETRIC_DECRYPT.
+            # [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey]
+            # corresponding to a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
+            # with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
+            # ASYMMETRIC_DECRYPT.
             rpc :AsymmetricDecrypt, ::Google::Cloud::Kms::V1::AsymmetricDecryptRequest, ::Google::Cloud::Kms::V1::AsymmetricDecryptResponse
-            # Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
-            # MAC, producing a tag that can be verified by another source with the
-            # same key.
+            # Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
+            # with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] MAC,
+            # producing a tag that can be verified by another source with the same key.
             rpc :MacSign, ::Google::Cloud::Kms::V1::MacSignRequest, ::Google::Cloud::Kms::V1::MacSignResponse
-            # Verifies MAC tag using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
-            # MAC, and returns a response that indicates whether or not the verification
-            # was successful.
+            # Verifies MAC tag using a
+            # [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with
+            # [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] MAC, and returns
+            # a response that indicates whether or not the verification was successful.
             rpc :MacVerify, ::Google::Cloud::Kms::V1::MacVerifyRequest, ::Google::Cloud::Kms::V1::MacVerifyResponse
             # Generate random bytes using the Cloud KMS randomness source in the provided
             # location.

data/lib/google/cloud/kms/v1/version.rb

@@ -21,7 +21,7 @@ module Google
   module Cloud
     module Kms
       module V1
-        VERSION = "0.9.0"
+        VERSION = "0.11.0"
       end
     end
   end

data/lib/google/cloud/kms/v1.rb

@@ -16,6 +16,7 @@
 
 # Auto-generated by gapic-generator-ruby. DO NOT EDIT!
 
+require "google/cloud/kms/v1/ekm_service"
 require "google/cloud/kms/v1/key_management_service"
 require "google/cloud/kms/v1/iam_policy"
 require "google/cloud/kms/v1/version"
@@ -27,7 +28,7 @@ module Google
       # To load this package, including all its services, and instantiate a client:
       #
       #     require "google/cloud/kms/v1"
-      #     client = ::Google::Cloud::Kms::V1::KeyManagementService::Client.new
+      #     client = ::Google::Cloud::Kms::V1::EkmService::Client.new
       #
       module V1
       end

data/proto_docs/google/api/resource.rb

@@ -33,11 +33,7 @@ module Google
     #       // For Kubernetes resources, the format is {api group}/{kind}.
     #       option (google.api.resource) = {
     #         type: "pubsub.googleapis.com/Topic"
-    #         name_descriptor: {
-    #           pattern: "projects/{project}/topics/{topic}"
-    #           parent_type: "cloudresourcemanager.googleapis.com/Project"
-    #           parent_name_extractor: "projects/{project}"
-    #         }
+    #         pattern: "projects/{project}/topics/{topic}"
     #       };
     #     }
     #
@@ -45,10 +41,7 @@ module Google
     #
     #     resources:
     #     - type: "pubsub.googleapis.com/Topic"
-    #       name_descriptor:
-    #         - pattern: "projects/{project}/topics/{topic}"
-    #           parent_type: "cloudresourcemanager.googleapis.com/Project"
-    #           parent_name_extractor: "projects/{project}"
+    #       pattern: "projects/{project}/topics/{topic}"
     #
     # Sometimes, resources have multiple patterns, typically because they can
     # live under multiple parents.
@@ -58,26 +51,10 @@ module Google
     #     message LogEntry {
     #       option (google.api.resource) = {
     #         type: "logging.googleapis.com/LogEntry"
-    #         name_descriptor: {
-    #           pattern: "projects/{project}/logs/{log}"
-    #           parent_type: "cloudresourcemanager.googleapis.com/Project"
-    #           parent_name_extractor: "projects/{project}"
-    #         }
-    #         name_descriptor: {
-    #           pattern: "folders/{folder}/logs/{log}"
-    #           parent_type: "cloudresourcemanager.googleapis.com/Folder"
-    #           parent_name_extractor: "folders/{folder}"
-    #         }
-    #         name_descriptor: {
-    #           pattern: "organizations/{organization}/logs/{log}"
-    #           parent_type: "cloudresourcemanager.googleapis.com/Organization"
-    #           parent_name_extractor: "organizations/{organization}"
-    #         }
-    #         name_descriptor: {
-    #           pattern: "billingAccounts/{billing_account}/logs/{log}"
-    #           parent_type: "billing.googleapis.com/BillingAccount"
-    #           parent_name_extractor: "billingAccounts/{billing_account}"
-    #         }
+    #         pattern: "projects/{project}/logs/{log}"
+    #         pattern: "folders/{folder}/logs/{log}"
+    #         pattern: "organizations/{organization}/logs/{log}"
+    #         pattern: "billingAccounts/{billing_account}/logs/{log}"
     #       };
     #     }
     #
@@ -85,48 +62,10 @@ module Google
     #
     #     resources:
     #     - type: 'logging.googleapis.com/LogEntry'
-    #       name_descriptor:
-    #         - pattern: "projects/{project}/logs/{log}"
-    #           parent_type: "cloudresourcemanager.googleapis.com/Project"
-    #           parent_name_extractor: "projects/{project}"
-    #         - pattern: "folders/{folder}/logs/{log}"
-    #           parent_type: "cloudresourcemanager.googleapis.com/Folder"
-    #           parent_name_extractor: "folders/{folder}"
-    #         - pattern: "organizations/{organization}/logs/{log}"
-    #           parent_type: "cloudresourcemanager.googleapis.com/Organization"
-    #           parent_name_extractor: "organizations/{organization}"
-    #         - pattern: "billingAccounts/{billing_account}/logs/{log}"
-    #           parent_type: "billing.googleapis.com/BillingAccount"
-    #           parent_name_extractor: "billingAccounts/{billing_account}"
-    #
-    # For flexible resources, the resource name doesn't contain parent names, but
-    # the resource itself has parents for policy evaluation.
-    #
-    # Example:
-    #
-    #     message Shelf {
-    #       option (google.api.resource) = {
-    #         type: "library.googleapis.com/Shelf"
-    #         name_descriptor: {
-    #           pattern: "shelves/{shelf}"
-    #           parent_type: "cloudresourcemanager.googleapis.com/Project"
-    #         }
-    #         name_descriptor: {
-    #           pattern: "shelves/{shelf}"
-    #           parent_type: "cloudresourcemanager.googleapis.com/Folder"
-    #         }
-    #       };
-    #     }
-    #
-    # The ResourceDescriptor Yaml config will look like:
-    #
-    #     resources:
-    #     - type: 'library.googleapis.com/Shelf'
-    #       name_descriptor:
-    #         - pattern: "shelves/{shelf}"
-    #           parent_type: "cloudresourcemanager.googleapis.com/Project"
-    #         - pattern: "shelves/{shelf}"
-    #           parent_type: "cloudresourcemanager.googleapis.com/Folder"
+    #       pattern: "projects/{project}/logs/{log}"
+    #       pattern: "folders/{folder}/logs/{log}"
+    #       pattern: "organizations/{organization}/logs/{log}"
+    #       pattern: "billingAccounts/{billing_account}/logs/{log}"
     # @!attribute [rw] type
     #   @return [::String]
     #     The resource type. It must be in the format of

data/proto_docs/google/cloud/kms/v1/ekm_service.rb

@@ -0,0 +1,226 @@
+# frozen_string_literal: true
+
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Google
+  module Cloud
+    module Kms
+      module V1
+        # Request message for [KeyManagementService.ListEkmConnections][].
+        # @!attribute [rw] parent
+        #   @return [::String]
+        #     Required. The resource name of the location associated with the
+        #     {::Google::Cloud::Kms::V1::EkmConnection EkmConnections} to list, in the format
+        #     `projects/*/locations/*`.
+        # @!attribute [rw] page_size
+        #   @return [::Integer]
+        #     Optional. Optional limit on the number of
+        #     {::Google::Cloud::Kms::V1::EkmConnection EkmConnections} to include in the
+        #     response. Further {::Google::Cloud::Kms::V1::EkmConnection EkmConnections} can
+        #     subsequently be obtained by including the
+        #     {::Google::Cloud::Kms::V1::ListEkmConnectionsResponse#next_page_token ListEkmConnectionsResponse.next_page_token}
+        #     in a subsequent request. If unspecified, the server will pick an
+        #     appropriate default.
+        # @!attribute [rw] page_token
+        #   @return [::String]
+        #     Optional. Optional pagination token, returned earlier via
+        #     {::Google::Cloud::Kms::V1::ListEkmConnectionsResponse#next_page_token ListEkmConnectionsResponse.next_page_token}.
+        # @!attribute [rw] filter
+        #   @return [::String]
+        #     Optional. Only include resources that match the filter in the response. For
+        #     more information, see
+        #     [Sorting and filtering list
+        #     results](https://cloud.google.com/kms/docs/sorting-and-filtering).
+        # @!attribute [rw] order_by
+        #   @return [::String]
+        #     Optional. Specify how the results should be sorted. If not specified, the
+        #     results will be sorted in the default order.  For more information, see
+        #     [Sorting and filtering list
+        #     results](https://cloud.google.com/kms/docs/sorting-and-filtering).
+        class ListEkmConnectionsRequest
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # Response message for [KeyManagementService.ListEkmConnections][].
+        # @!attribute [rw] ekm_connections
+        #   @return [::Array<::Google::Cloud::Kms::V1::EkmConnection>]
+        #     The list of {::Google::Cloud::Kms::V1::EkmConnection EkmConnections}.
+        # @!attribute [rw] next_page_token
+        #   @return [::String]
+        #     A token to retrieve next page of results. Pass this value in
+        #     {::Google::Cloud::Kms::V1::ListEkmConnectionsRequest#page_token ListEkmConnectionsRequest.page_token}
+        #     to retrieve the next page of results.
+        # @!attribute [rw] total_size
+        #   @return [::Integer]
+        #     The total number of {::Google::Cloud::Kms::V1::EkmConnection EkmConnections}
+        #     that matched the query.
+        class ListEkmConnectionsResponse
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # Request message for [KeyManagementService.GetEkmConnection][].
+        # @!attribute [rw] name
+        #   @return [::String]
+        #     Required. The {::Google::Cloud::Kms::V1::EkmConnection#name name} of the
+        #     {::Google::Cloud::Kms::V1::EkmConnection EkmConnection} to get.
+        class GetEkmConnectionRequest
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # Request message for [KeyManagementService.CreateEkmConnection][].
+        # @!attribute [rw] parent
+        #   @return [::String]
+        #     Required. The resource name of the location associated with the
+        #     {::Google::Cloud::Kms::V1::EkmConnection EkmConnection}, in the format
+        #     `projects/*/locations/*`.
+        # @!attribute [rw] ekm_connection_id
+        #   @return [::String]
+        #     Required. It must be unique within a location and match the regular
+        #     expression `[a-zA-Z0-9_-]{1,63}`.
+        # @!attribute [rw] ekm_connection
+        #   @return [::Google::Cloud::Kms::V1::EkmConnection]
+        #     Required. An {::Google::Cloud::Kms::V1::EkmConnection EkmConnection} with
+        #     initial field values.
+        class CreateEkmConnectionRequest
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # Request message for [KeyManagementService.UpdateEkmConnection][].
+        # @!attribute [rw] ekm_connection
+        #   @return [::Google::Cloud::Kms::V1::EkmConnection]
+        #     Required. {::Google::Cloud::Kms::V1::EkmConnection EkmConnection} with updated
+        #     values.
+        # @!attribute [rw] update_mask
+        #   @return [::Google::Protobuf::FieldMask]
+        #     Required. List of fields to be updated in this request.
+        class UpdateEkmConnectionRequest
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # A {::Google::Cloud::Kms::V1::Certificate Certificate} represents an X.509
+        # certificate used to authenticate HTTPS connections to EKM replicas.
+        # @!attribute [rw] raw_der
+        #   @return [::String]
+        #     Required. The raw certificate bytes in DER format.
+        # @!attribute [r] parsed
+        #   @return [::Boolean]
+        #     Output only. True if the certificate was parsed successfully.
+        # @!attribute [r] issuer
+        #   @return [::String]
+        #     Output only. The issuer distinguished name in RFC 2253 format. Only present
+        #     if {::Google::Cloud::Kms::V1::Certificate#parsed parsed} is true.
+        # @!attribute [r] subject
+        #   @return [::String]
+        #     Output only. The subject distinguished name in RFC 2253 format. Only
+        #     present if {::Google::Cloud::Kms::V1::Certificate#parsed parsed} is true.
+        # @!attribute [r] subject_alternative_dns_names
+        #   @return [::Array<::String>]
+        #     Output only. The subject Alternative DNS names. Only present if
+        #     {::Google::Cloud::Kms::V1::Certificate#parsed parsed} is true.
+        # @!attribute [r] not_before_time
+        #   @return [::Google::Protobuf::Timestamp]
+        #     Output only. The certificate is not valid before this time. Only present if
+        #     {::Google::Cloud::Kms::V1::Certificate#parsed parsed} is true.
+        # @!attribute [r] not_after_time
+        #   @return [::Google::Protobuf::Timestamp]
+        #     Output only. The certificate is not valid after this time. Only present if
+        #     {::Google::Cloud::Kms::V1::Certificate#parsed parsed} is true.
+        # @!attribute [r] serial_number
+        #   @return [::String]
+        #     Output only. The certificate serial number as a hex string. Only present if
+        #     {::Google::Cloud::Kms::V1::Certificate#parsed parsed} is true.
+        # @!attribute [r] sha256_fingerprint
+        #   @return [::String]
+        #     Output only. The SHA-256 certificate fingerprint as a hex string. Only
+        #     present if {::Google::Cloud::Kms::V1::Certificate#parsed parsed} is true.
+        class Certificate
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # An {::Google::Cloud::Kms::V1::EkmConnection EkmConnection} represents an
+        # individual EKM connection. It can be used for creating
+        # {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} and
+        # {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersions} with a
+        # {::Google::Cloud::Kms::V1::ProtectionLevel ProtectionLevel} of
+        # [EXTERNAL_VPC][CryptoKeyVersion.ProtectionLevel.EXTERNAL_VPC], as well as
+        # performing cryptographic operations using keys created within the
+        # {::Google::Cloud::Kms::V1::EkmConnection EkmConnection}.
+        # @!attribute [r] name
+        #   @return [::String]
+        #     Output only. The resource name for the
+        #     {::Google::Cloud::Kms::V1::EkmConnection EkmConnection} in the format
+        #     `projects/*/locations/*/ekmConnections/*`.
+        # @!attribute [r] create_time
+        #   @return [::Google::Protobuf::Timestamp]
+        #     Output only. The time at which the
+        #     {::Google::Cloud::Kms::V1::EkmConnection EkmConnection} was created.
+        # @!attribute [rw] service_resolvers
+        #   @return [::Array<::Google::Cloud::Kms::V1::EkmConnection::ServiceResolver>]
+        #     A list of
+        #     {::Google::Cloud::Kms::V1::EkmConnection::ServiceResolver ServiceResolvers} where
+        #     the EKM can be reached. There should be one ServiceResolver per EKM
+        #     replica. Currently, only a single
+        #     {::Google::Cloud::Kms::V1::EkmConnection::ServiceResolver ServiceResolver} is
+        #     supported.
+        # @!attribute [rw] etag
+        #   @return [::String]
+        #     This checksum is computed by the server based on the value of other fields,
+        #     and may be sent on update requests to ensure the client has an up-to-date
+        #     value before proceeding.
+        class EkmConnection
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+
+          # A {::Google::Cloud::Kms::V1::EkmConnection::ServiceResolver ServiceResolver}
+          # represents an EKM replica that can be reached within an
+          # {::Google::Cloud::Kms::V1::EkmConnection EkmConnection}.
+          # @!attribute [rw] service_directory_service
+          #   @return [::String]
+          #     Required. The resource name of the Service Directory service pointing to
+          #     an EKM replica, in the format
+          #     `projects/*/locations/*/namespaces/*/services/*`.
+          # @!attribute [rw] endpoint_filter
+          #   @return [::String]
+          #     Optional. The filter applied to the endpoints of the resolved service. If
+          #     no filter is specified, all endpoints will be considered. An endpoint
+          #     will be chosen arbitrarily from the filtered list for each request.
+          #
+          #     For endpoint filter syntax and examples, see
+          #     https://cloud.google.com/service-directory/docs/reference/rpc/google.cloud.servicedirectory.v1#resolveservicerequest.
+          # @!attribute [rw] hostname
+          #   @return [::String]
+          #     Required. The hostname of the EKM replica used at TLS and HTTP layers.
+          # @!attribute [rw] server_certificates
+          #   @return [::Array<::Google::Cloud::Kms::V1::Certificate>]
+          #     Required. A list of leaf server certificates used to authenticate HTTPS
+          #     connections to the EKM replica.
+          class ServiceResolver
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+          end
+        end
+      end
+    end
+  end
+end