google-cloud-kms-v1 0.9.0 → 0.11.0

Sign up to get free protection for your applications and to get access to all the features.
@@ -6,7 +6,6 @@ require 'google/api/resource_pb'
6
6
  require 'google/protobuf/duration_pb'
7
7
  require 'google/protobuf/timestamp_pb'
8
8
  require 'google/protobuf/wrappers_pb'
9
- require 'google/api/annotations_pb'
10
9
  require 'google/protobuf'
11
10
 
12
11
  Google::Protobuf::DescriptorPool.generated_pool.build do
@@ -25,6 +24,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
25
24
  map :labels, :string, :string, 10
26
25
  optional :import_only, :bool, 13
27
26
  optional :destroy_scheduled_duration, :message, 14, "google.protobuf.Duration"
27
+ optional :crypto_key_backend, :string, 15
28
28
  oneof :rotation_schedule do
29
29
  optional :rotation_period, :message, 8, "google.protobuf.Duration"
30
30
  end
@@ -43,6 +43,12 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
43
43
  add_message "google.cloud.kms.v1.KeyOperationAttestation" do
44
44
  optional :format, :enum, 4, "google.cloud.kms.v1.KeyOperationAttestation.AttestationFormat"
45
45
  optional :content, :bytes, 5
46
+ optional :cert_chains, :message, 6, "google.cloud.kms.v1.KeyOperationAttestation.CertificateChains"
47
+ end
48
+ add_message "google.cloud.kms.v1.KeyOperationAttestation.CertificateChains" do
49
+ repeated :cavium_certs, :string, 1
50
+ repeated :google_card_certs, :string, 2
51
+ repeated :google_partition_certs, :string, 3
46
52
  end
47
53
  add_enum "google.cloud.kms.v1.KeyOperationAttestation.AttestationFormat" do
48
54
  value :ATTESTATION_FORMAT_UNSPECIFIED, 0
@@ -76,6 +82,9 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
76
82
  value :RSA_SIGN_PKCS1_3072_SHA256, 6
77
83
  value :RSA_SIGN_PKCS1_4096_SHA256, 7
78
84
  value :RSA_SIGN_PKCS1_4096_SHA512, 16
85
+ value :RSA_SIGN_RAW_PKCS1_2048, 28
86
+ value :RSA_SIGN_RAW_PKCS1_3072, 29
87
+ value :RSA_SIGN_RAW_PKCS1_4096, 30
79
88
  value :RSA_DECRYPT_OAEP_2048_SHA256, 8
80
89
  value :RSA_DECRYPT_OAEP_3072_SHA256, 9
81
90
  value :RSA_DECRYPT_OAEP_4096_SHA256, 10
@@ -138,12 +147,14 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
138
147
  end
139
148
  add_message "google.cloud.kms.v1.ExternalProtectionLevelOptions" do
140
149
  optional :external_key_uri, :string, 1
150
+ optional :ekm_connection_key_path, :string, 2
141
151
  end
142
152
  add_enum "google.cloud.kms.v1.ProtectionLevel" do
143
153
  value :PROTECTION_LEVEL_UNSPECIFIED, 0
144
154
  value :SOFTWARE, 1
145
155
  value :HSM, 2
146
156
  value :EXTERNAL, 3
157
+ value :EXTERNAL_VPC, 4
147
158
  end
148
159
  end
149
160
  end
@@ -157,6 +168,7 @@ module Google
157
168
  CryptoKey::CryptoKeyPurpose = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose").enummodule
158
169
  CryptoKeyVersionTemplate = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.CryptoKeyVersionTemplate").msgclass
159
170
  KeyOperationAttestation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.KeyOperationAttestation").msgclass
171
+ KeyOperationAttestation::CertificateChains = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.KeyOperationAttestation.CertificateChains").msgclass
160
172
  KeyOperationAttestation::AttestationFormat = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.KeyOperationAttestation.AttestationFormat").enummodule
161
173
  CryptoKeyVersion = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.CryptoKeyVersion").msgclass
162
174
  CryptoKeyVersion::CryptoKeyVersionAlgorithm = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm").enummodule
@@ -142,6 +142,8 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
142
142
  optional :name, :string, 1
143
143
  optional :digest, :message, 3, "google.cloud.kms.v1.Digest"
144
144
  optional :digest_crc32c, :message, 4, "google.protobuf.Int64Value"
145
+ optional :data, :bytes, 6
146
+ optional :data_crc32c, :message, 7, "google.protobuf.Int64Value"
145
147
  end
146
148
  add_message "google.cloud.kms.v1.AsymmetricDecryptRequest" do
147
149
  optional :name, :string, 1
@@ -184,6 +186,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
184
186
  optional :signature_crc32c, :message, 2, "google.protobuf.Int64Value"
185
187
  optional :verified_digest_crc32c, :bool, 3
186
188
  optional :name, :string, 4
189
+ optional :verified_data_crc32c, :bool, 5
187
190
  optional :protection_level, :enum, 6, "google.cloud.kms.v1.ProtectionLevel"
188
191
  end
189
192
  add_message "google.cloud.kms.v1.AsymmetricDecryptResponse" do
@@ -54,102 +54,138 @@ module Google
54
54
  rpc :ListImportJobs, ::Google::Cloud::Kms::V1::ListImportJobsRequest, ::Google::Cloud::Kms::V1::ListImportJobsResponse
55
55
  # Returns metadata for a given [KeyRing][google.cloud.kms.v1.KeyRing].
56
56
  rpc :GetKeyRing, ::Google::Cloud::Kms::V1::GetKeyRingRequest, ::Google::Cloud::Kms::V1::KeyRing
57
- # Returns metadata for a given [CryptoKey][google.cloud.kms.v1.CryptoKey], as well as its
58
- # [primary][google.cloud.kms.v1.CryptoKey.primary] [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
57
+ # Returns metadata for a given [CryptoKey][google.cloud.kms.v1.CryptoKey], as
58
+ # well as its [primary][google.cloud.kms.v1.CryptoKey.primary]
59
+ # [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
59
60
  rpc :GetCryptoKey, ::Google::Cloud::Kms::V1::GetCryptoKeyRequest, ::Google::Cloud::Kms::V1::CryptoKey
60
- # Returns metadata for a given [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
61
+ # Returns metadata for a given
62
+ # [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
61
63
  rpc :GetCryptoKeyVersion, ::Google::Cloud::Kms::V1::GetCryptoKeyVersionRequest, ::Google::Cloud::Kms::V1::CryptoKeyVersion
62
- # Returns the public key for the given [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. The
64
+ # Returns the public key for the given
65
+ # [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. The
63
66
  # [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
64
- # [ASYMMETRIC_SIGN][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN] or
67
+ # [ASYMMETRIC_SIGN][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN]
68
+ # or
65
69
  # [ASYMMETRIC_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_DECRYPT].
66
70
  rpc :GetPublicKey, ::Google::Cloud::Kms::V1::GetPublicKeyRequest, ::Google::Cloud::Kms::V1::PublicKey
67
71
  # Returns metadata for a given [ImportJob][google.cloud.kms.v1.ImportJob].
68
72
  rpc :GetImportJob, ::Google::Cloud::Kms::V1::GetImportJobRequest, ::Google::Cloud::Kms::V1::ImportJob
69
- # Create a new [KeyRing][google.cloud.kms.v1.KeyRing] in a given Project and Location.
73
+ # Create a new [KeyRing][google.cloud.kms.v1.KeyRing] in a given Project and
74
+ # Location.
70
75
  rpc :CreateKeyRing, ::Google::Cloud::Kms::V1::CreateKeyRingRequest, ::Google::Cloud::Kms::V1::KeyRing
71
- # Create a new [CryptoKey][google.cloud.kms.v1.CryptoKey] within a [KeyRing][google.cloud.kms.v1.KeyRing].
76
+ # Create a new [CryptoKey][google.cloud.kms.v1.CryptoKey] within a
77
+ # [KeyRing][google.cloud.kms.v1.KeyRing].
72
78
  #
73
79
  # [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] and
74
80
  # [CryptoKey.version_template.algorithm][google.cloud.kms.v1.CryptoKeyVersionTemplate.algorithm]
75
81
  # are required.
76
82
  rpc :CreateCryptoKey, ::Google::Cloud::Kms::V1::CreateCryptoKeyRequest, ::Google::Cloud::Kms::V1::CryptoKey
77
- # Create a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in a [CryptoKey][google.cloud.kms.v1.CryptoKey].
83
+ # Create a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in a
84
+ # [CryptoKey][google.cloud.kms.v1.CryptoKey].
78
85
  #
79
86
  # The server will assign the next sequential id. If unset,
80
87
  # [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to
81
88
  # [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED].
82
89
  rpc :CreateCryptoKeyVersion, ::Google::Cloud::Kms::V1::CreateCryptoKeyVersionRequest, ::Google::Cloud::Kms::V1::CryptoKeyVersion
83
- # Import wrapped key material into a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
90
+ # Import wrapped key material into a
91
+ # [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
84
92
  #
85
- # All requests must specify a [CryptoKey][google.cloud.kms.v1.CryptoKey]. If a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] is
86
- # additionally specified in the request, key material will be reimported into
87
- # that version. Otherwise, a new version will be created, and will be
88
- # assigned the next sequential id within the [CryptoKey][google.cloud.kms.v1.CryptoKey].
93
+ # All requests must specify a [CryptoKey][google.cloud.kms.v1.CryptoKey]. If
94
+ # a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] is additionally
95
+ # specified in the request, key material will be reimported into that
96
+ # version. Otherwise, a new version will be created, and will be assigned the
97
+ # next sequential id within the [CryptoKey][google.cloud.kms.v1.CryptoKey].
89
98
  rpc :ImportCryptoKeyVersion, ::Google::Cloud::Kms::V1::ImportCryptoKeyVersionRequest, ::Google::Cloud::Kms::V1::CryptoKeyVersion
90
- # Create a new [ImportJob][google.cloud.kms.v1.ImportJob] within a [KeyRing][google.cloud.kms.v1.KeyRing].
99
+ # Create a new [ImportJob][google.cloud.kms.v1.ImportJob] within a
100
+ # [KeyRing][google.cloud.kms.v1.KeyRing].
91
101
  #
92
- # [ImportJob.import_method][google.cloud.kms.v1.ImportJob.import_method] is required.
102
+ # [ImportJob.import_method][google.cloud.kms.v1.ImportJob.import_method] is
103
+ # required.
93
104
  rpc :CreateImportJob, ::Google::Cloud::Kms::V1::CreateImportJobRequest, ::Google::Cloud::Kms::V1::ImportJob
94
105
  # Update a [CryptoKey][google.cloud.kms.v1.CryptoKey].
95
106
  rpc :UpdateCryptoKey, ::Google::Cloud::Kms::V1::UpdateCryptoKeyRequest, ::Google::Cloud::Kms::V1::CryptoKey
96
- # Update a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s metadata.
107
+ # Update a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s
108
+ # metadata.
97
109
  #
98
110
  # [state][google.cloud.kms.v1.CryptoKeyVersion.state] may be changed between
99
- # [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED] and
100
- # [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED] using this
101
- # method. See [DestroyCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion] and [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion] to
102
- # move between other states.
111
+ # [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED]
112
+ # and
113
+ # [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED]
114
+ # using this method. See
115
+ # [DestroyCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion]
116
+ # and
117
+ # [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion]
118
+ # to move between other states.
103
119
  rpc :UpdateCryptoKeyVersion, ::Google::Cloud::Kms::V1::UpdateCryptoKeyVersionRequest, ::Google::Cloud::Kms::V1::CryptoKeyVersion
104
- # Update the version of a [CryptoKey][google.cloud.kms.v1.CryptoKey] that will be used in [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt].
120
+ # Update the version of a [CryptoKey][google.cloud.kms.v1.CryptoKey] that
121
+ # will be used in
122
+ # [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt].
105
123
  #
106
124
  # Returns an error if called on a key whose purpose is not
107
125
  # [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
108
126
  rpc :UpdateCryptoKeyPrimaryVersion, ::Google::Cloud::Kms::V1::UpdateCryptoKeyPrimaryVersionRequest, ::Google::Cloud::Kms::V1::CryptoKey
109
- # Schedule a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] for destruction.
127
+ # Schedule a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] for
128
+ # destruction.
110
129
  #
111
- # Upon calling this method, [CryptoKeyVersion.state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to
130
+ # Upon calling this method,
131
+ # [CryptoKeyVersion.state][google.cloud.kms.v1.CryptoKeyVersion.state] will
132
+ # be set to
112
133
  # [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED],
113
- # and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will be set to the time
114
- # [destroy_scheduled_duration][google.cloud.kms.v1.CryptoKey.destroy_scheduled_duration] in the
115
- # future. At that time, the [state][google.cloud.kms.v1.CryptoKeyVersion.state] will
116
- # automatically change to
117
- # [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED], and the key
118
- # material will be irrevocably destroyed.
134
+ # and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will
135
+ # be set to the time
136
+ # [destroy_scheduled_duration][google.cloud.kms.v1.CryptoKey.destroy_scheduled_duration]
137
+ # in the future. At that time, the
138
+ # [state][google.cloud.kms.v1.CryptoKeyVersion.state] will automatically
139
+ # change to
140
+ # [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED],
141
+ # and the key material will be irrevocably destroyed.
119
142
  #
120
- # Before the [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] is reached,
121
- # [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion] may be called to reverse the process.
143
+ # Before the
144
+ # [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] is
145
+ # reached,
146
+ # [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion]
147
+ # may be called to reverse the process.
122
148
  rpc :DestroyCryptoKeyVersion, ::Google::Cloud::Kms::V1::DestroyCryptoKeyVersionRequest, ::Google::Cloud::Kms::V1::CryptoKeyVersion
123
149
  # Restore a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in the
124
150
  # [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED]
125
151
  # state.
126
152
  #
127
- # Upon restoration of the CryptoKeyVersion, [state][google.cloud.kms.v1.CryptoKeyVersion.state]
128
- # will be set to [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED],
129
- # and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will be cleared.
153
+ # Upon restoration of the CryptoKeyVersion,
154
+ # [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to
155
+ # [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED],
156
+ # and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will
157
+ # be cleared.
130
158
  rpc :RestoreCryptoKeyVersion, ::Google::Cloud::Kms::V1::RestoreCryptoKeyVersionRequest, ::Google::Cloud::Kms::V1::CryptoKeyVersion
131
- # Encrypts data, so that it can only be recovered by a call to [Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt].
132
- # The [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
159
+ # Encrypts data, so that it can only be recovered by a call to
160
+ # [Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt]. The
161
+ # [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
133
162
  # [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
134
163
  rpc :Encrypt, ::Google::Cloud::Kms::V1::EncryptRequest, ::Google::Cloud::Kms::V1::EncryptResponse
135
- # Decrypts data that was protected by [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. The [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
136
- # must be [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
164
+ # Decrypts data that was protected by
165
+ # [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. The
166
+ # [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
167
+ # [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
137
168
  rpc :Decrypt, ::Google::Cloud::Kms::V1::DecryptRequest, ::Google::Cloud::Kms::V1::DecryptResponse
138
- # Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
169
+ # Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
170
+ # with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
139
171
  # ASYMMETRIC_SIGN, producing a signature that can be verified with the public
140
- # key retrieved from [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey].
172
+ # key retrieved from
173
+ # [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey].
141
174
  rpc :AsymmetricSign, ::Google::Cloud::Kms::V1::AsymmetricSignRequest, ::Google::Cloud::Kms::V1::AsymmetricSignResponse
142
175
  # Decrypts data that was encrypted with a public key retrieved from
143
- # [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey] corresponding to a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with
144
- # [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] ASYMMETRIC_DECRYPT.
176
+ # [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey]
177
+ # corresponding to a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
178
+ # with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
179
+ # ASYMMETRIC_DECRYPT.
145
180
  rpc :AsymmetricDecrypt, ::Google::Cloud::Kms::V1::AsymmetricDecryptRequest, ::Google::Cloud::Kms::V1::AsymmetricDecryptResponse
146
- # Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
147
- # MAC, producing a tag that can be verified by another source with the
148
- # same key.
181
+ # Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
182
+ # with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] MAC,
183
+ # producing a tag that can be verified by another source with the same key.
149
184
  rpc :MacSign, ::Google::Cloud::Kms::V1::MacSignRequest, ::Google::Cloud::Kms::V1::MacSignResponse
150
- # Verifies MAC tag using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
151
- # MAC, and returns a response that indicates whether or not the verification
152
- # was successful.
185
+ # Verifies MAC tag using a
186
+ # [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with
187
+ # [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] MAC, and returns
188
+ # a response that indicates whether or not the verification was successful.
153
189
  rpc :MacVerify, ::Google::Cloud::Kms::V1::MacVerifyRequest, ::Google::Cloud::Kms::V1::MacVerifyResponse
154
190
  # Generate random bytes using the Cloud KMS randomness source in the provided
155
191
  # location.
@@ -21,7 +21,7 @@ module Google
21
21
  module Cloud
22
22
  module Kms
23
23
  module V1
24
- VERSION = "0.9.0"
24
+ VERSION = "0.11.0"
25
25
  end
26
26
  end
27
27
  end
@@ -16,6 +16,7 @@
16
16
 
17
17
  # Auto-generated by gapic-generator-ruby. DO NOT EDIT!
18
18
 
19
+ require "google/cloud/kms/v1/ekm_service"
19
20
  require "google/cloud/kms/v1/key_management_service"
20
21
  require "google/cloud/kms/v1/iam_policy"
21
22
  require "google/cloud/kms/v1/version"
@@ -27,7 +28,7 @@ module Google
27
28
  # To load this package, including all its services, and instantiate a client:
28
29
  #
29
30
  # require "google/cloud/kms/v1"
30
- # client = ::Google::Cloud::Kms::V1::KeyManagementService::Client.new
31
+ # client = ::Google::Cloud::Kms::V1::EkmService::Client.new
31
32
  #
32
33
  module V1
33
34
  end
@@ -33,11 +33,7 @@ module Google
33
33
  # // For Kubernetes resources, the format is {api group}/{kind}.
34
34
  # option (google.api.resource) = {
35
35
  # type: "pubsub.googleapis.com/Topic"
36
- # name_descriptor: {
37
- # pattern: "projects/{project}/topics/{topic}"
38
- # parent_type: "cloudresourcemanager.googleapis.com/Project"
39
- # parent_name_extractor: "projects/{project}"
40
- # }
36
+ # pattern: "projects/{project}/topics/{topic}"
41
37
  # };
42
38
  # }
43
39
  #
@@ -45,10 +41,7 @@ module Google
45
41
  #
46
42
  # resources:
47
43
  # - type: "pubsub.googleapis.com/Topic"
48
- # name_descriptor:
49
- # - pattern: "projects/{project}/topics/{topic}"
50
- # parent_type: "cloudresourcemanager.googleapis.com/Project"
51
- # parent_name_extractor: "projects/{project}"
44
+ # pattern: "projects/{project}/topics/{topic}"
52
45
  #
53
46
  # Sometimes, resources have multiple patterns, typically because they can
54
47
  # live under multiple parents.
@@ -58,26 +51,10 @@ module Google
58
51
  # message LogEntry {
59
52
  # option (google.api.resource) = {
60
53
  # type: "logging.googleapis.com/LogEntry"
61
- # name_descriptor: {
62
- # pattern: "projects/{project}/logs/{log}"
63
- # parent_type: "cloudresourcemanager.googleapis.com/Project"
64
- # parent_name_extractor: "projects/{project}"
65
- # }
66
- # name_descriptor: {
67
- # pattern: "folders/{folder}/logs/{log}"
68
- # parent_type: "cloudresourcemanager.googleapis.com/Folder"
69
- # parent_name_extractor: "folders/{folder}"
70
- # }
71
- # name_descriptor: {
72
- # pattern: "organizations/{organization}/logs/{log}"
73
- # parent_type: "cloudresourcemanager.googleapis.com/Organization"
74
- # parent_name_extractor: "organizations/{organization}"
75
- # }
76
- # name_descriptor: {
77
- # pattern: "billingAccounts/{billing_account}/logs/{log}"
78
- # parent_type: "billing.googleapis.com/BillingAccount"
79
- # parent_name_extractor: "billingAccounts/{billing_account}"
80
- # }
54
+ # pattern: "projects/{project}/logs/{log}"
55
+ # pattern: "folders/{folder}/logs/{log}"
56
+ # pattern: "organizations/{organization}/logs/{log}"
57
+ # pattern: "billingAccounts/{billing_account}/logs/{log}"
81
58
  # };
82
59
  # }
83
60
  #
@@ -85,48 +62,10 @@ module Google
85
62
  #
86
63
  # resources:
87
64
  # - type: 'logging.googleapis.com/LogEntry'
88
- # name_descriptor:
89
- # - pattern: "projects/{project}/logs/{log}"
90
- # parent_type: "cloudresourcemanager.googleapis.com/Project"
91
- # parent_name_extractor: "projects/{project}"
92
- # - pattern: "folders/{folder}/logs/{log}"
93
- # parent_type: "cloudresourcemanager.googleapis.com/Folder"
94
- # parent_name_extractor: "folders/{folder}"
95
- # - pattern: "organizations/{organization}/logs/{log}"
96
- # parent_type: "cloudresourcemanager.googleapis.com/Organization"
97
- # parent_name_extractor: "organizations/{organization}"
98
- # - pattern: "billingAccounts/{billing_account}/logs/{log}"
99
- # parent_type: "billing.googleapis.com/BillingAccount"
100
- # parent_name_extractor: "billingAccounts/{billing_account}"
101
- #
102
- # For flexible resources, the resource name doesn't contain parent names, but
103
- # the resource itself has parents for policy evaluation.
104
- #
105
- # Example:
106
- #
107
- # message Shelf {
108
- # option (google.api.resource) = {
109
- # type: "library.googleapis.com/Shelf"
110
- # name_descriptor: {
111
- # pattern: "shelves/{shelf}"
112
- # parent_type: "cloudresourcemanager.googleapis.com/Project"
113
- # }
114
- # name_descriptor: {
115
- # pattern: "shelves/{shelf}"
116
- # parent_type: "cloudresourcemanager.googleapis.com/Folder"
117
- # }
118
- # };
119
- # }
120
- #
121
- # The ResourceDescriptor Yaml config will look like:
122
- #
123
- # resources:
124
- # - type: 'library.googleapis.com/Shelf'
125
- # name_descriptor:
126
- # - pattern: "shelves/{shelf}"
127
- # parent_type: "cloudresourcemanager.googleapis.com/Project"
128
- # - pattern: "shelves/{shelf}"
129
- # parent_type: "cloudresourcemanager.googleapis.com/Folder"
65
+ # pattern: "projects/{project}/logs/{log}"
66
+ # pattern: "folders/{folder}/logs/{log}"
67
+ # pattern: "organizations/{organization}/logs/{log}"
68
+ # pattern: "billingAccounts/{billing_account}/logs/{log}"
130
69
  # @!attribute [rw] type
131
70
  # @return [::String]
132
71
  # The resource type. It must be in the format of
@@ -0,0 +1,226 @@
1
+ # frozen_string_literal: true
2
+
3
+ # Copyright 2022 Google LLC
4
+ #
5
+ # Licensed under the Apache License, Version 2.0 (the "License");
6
+ # you may not use this file except in compliance with the License.
7
+ # You may obtain a copy of the License at
8
+ #
9
+ # https://www.apache.org/licenses/LICENSE-2.0
10
+ #
11
+ # Unless required by applicable law or agreed to in writing, software
12
+ # distributed under the License is distributed on an "AS IS" BASIS,
13
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+ # See the License for the specific language governing permissions and
15
+ # limitations under the License.
16
+
17
+ # Auto-generated by gapic-generator-ruby. DO NOT EDIT!
18
+
19
+
20
+ module Google
21
+ module Cloud
22
+ module Kms
23
+ module V1
24
+ # Request message for [KeyManagementService.ListEkmConnections][].
25
+ # @!attribute [rw] parent
26
+ # @return [::String]
27
+ # Required. The resource name of the location associated with the
28
+ # {::Google::Cloud::Kms::V1::EkmConnection EkmConnections} to list, in the format
29
+ # `projects/*/locations/*`.
30
+ # @!attribute [rw] page_size
31
+ # @return [::Integer]
32
+ # Optional. Optional limit on the number of
33
+ # {::Google::Cloud::Kms::V1::EkmConnection EkmConnections} to include in the
34
+ # response. Further {::Google::Cloud::Kms::V1::EkmConnection EkmConnections} can
35
+ # subsequently be obtained by including the
36
+ # {::Google::Cloud::Kms::V1::ListEkmConnectionsResponse#next_page_token ListEkmConnectionsResponse.next_page_token}
37
+ # in a subsequent request. If unspecified, the server will pick an
38
+ # appropriate default.
39
+ # @!attribute [rw] page_token
40
+ # @return [::String]
41
+ # Optional. Optional pagination token, returned earlier via
42
+ # {::Google::Cloud::Kms::V1::ListEkmConnectionsResponse#next_page_token ListEkmConnectionsResponse.next_page_token}.
43
+ # @!attribute [rw] filter
44
+ # @return [::String]
45
+ # Optional. Only include resources that match the filter in the response. For
46
+ # more information, see
47
+ # [Sorting and filtering list
48
+ # results](https://cloud.google.com/kms/docs/sorting-and-filtering).
49
+ # @!attribute [rw] order_by
50
+ # @return [::String]
51
+ # Optional. Specify how the results should be sorted. If not specified, the
52
+ # results will be sorted in the default order. For more information, see
53
+ # [Sorting and filtering list
54
+ # results](https://cloud.google.com/kms/docs/sorting-and-filtering).
55
+ class ListEkmConnectionsRequest
56
+ include ::Google::Protobuf::MessageExts
57
+ extend ::Google::Protobuf::MessageExts::ClassMethods
58
+ end
59
+
60
+ # Response message for [KeyManagementService.ListEkmConnections][].
61
+ # @!attribute [rw] ekm_connections
62
+ # @return [::Array<::Google::Cloud::Kms::V1::EkmConnection>]
63
+ # The list of {::Google::Cloud::Kms::V1::EkmConnection EkmConnections}.
64
+ # @!attribute [rw] next_page_token
65
+ # @return [::String]
66
+ # A token to retrieve next page of results. Pass this value in
67
+ # {::Google::Cloud::Kms::V1::ListEkmConnectionsRequest#page_token ListEkmConnectionsRequest.page_token}
68
+ # to retrieve the next page of results.
69
+ # @!attribute [rw] total_size
70
+ # @return [::Integer]
71
+ # The total number of {::Google::Cloud::Kms::V1::EkmConnection EkmConnections}
72
+ # that matched the query.
73
+ class ListEkmConnectionsResponse
74
+ include ::Google::Protobuf::MessageExts
75
+ extend ::Google::Protobuf::MessageExts::ClassMethods
76
+ end
77
+
78
+ # Request message for [KeyManagementService.GetEkmConnection][].
79
+ # @!attribute [rw] name
80
+ # @return [::String]
81
+ # Required. The {::Google::Cloud::Kms::V1::EkmConnection#name name} of the
82
+ # {::Google::Cloud::Kms::V1::EkmConnection EkmConnection} to get.
83
+ class GetEkmConnectionRequest
84
+ include ::Google::Protobuf::MessageExts
85
+ extend ::Google::Protobuf::MessageExts::ClassMethods
86
+ end
87
+
88
+ # Request message for [KeyManagementService.CreateEkmConnection][].
89
+ # @!attribute [rw] parent
90
+ # @return [::String]
91
+ # Required. The resource name of the location associated with the
92
+ # {::Google::Cloud::Kms::V1::EkmConnection EkmConnection}, in the format
93
+ # `projects/*/locations/*`.
94
+ # @!attribute [rw] ekm_connection_id
95
+ # @return [::String]
96
+ # Required. It must be unique within a location and match the regular
97
+ # expression `[a-zA-Z0-9_-]{1,63}`.
98
+ # @!attribute [rw] ekm_connection
99
+ # @return [::Google::Cloud::Kms::V1::EkmConnection]
100
+ # Required. An {::Google::Cloud::Kms::V1::EkmConnection EkmConnection} with
101
+ # initial field values.
102
+ class CreateEkmConnectionRequest
103
+ include ::Google::Protobuf::MessageExts
104
+ extend ::Google::Protobuf::MessageExts::ClassMethods
105
+ end
106
+
107
+ # Request message for [KeyManagementService.UpdateEkmConnection][].
108
+ # @!attribute [rw] ekm_connection
109
+ # @return [::Google::Cloud::Kms::V1::EkmConnection]
110
+ # Required. {::Google::Cloud::Kms::V1::EkmConnection EkmConnection} with updated
111
+ # values.
112
+ # @!attribute [rw] update_mask
113
+ # @return [::Google::Protobuf::FieldMask]
114
+ # Required. List of fields to be updated in this request.
115
+ class UpdateEkmConnectionRequest
116
+ include ::Google::Protobuf::MessageExts
117
+ extend ::Google::Protobuf::MessageExts::ClassMethods
118
+ end
119
+
120
+ # A {::Google::Cloud::Kms::V1::Certificate Certificate} represents an X.509
121
+ # certificate used to authenticate HTTPS connections to EKM replicas.
122
+ # @!attribute [rw] raw_der
123
+ # @return [::String]
124
+ # Required. The raw certificate bytes in DER format.
125
+ # @!attribute [r] parsed
126
+ # @return [::Boolean]
127
+ # Output only. True if the certificate was parsed successfully.
128
+ # @!attribute [r] issuer
129
+ # @return [::String]
130
+ # Output only. The issuer distinguished name in RFC 2253 format. Only present
131
+ # if {::Google::Cloud::Kms::V1::Certificate#parsed parsed} is true.
132
+ # @!attribute [r] subject
133
+ # @return [::String]
134
+ # Output only. The subject distinguished name in RFC 2253 format. Only
135
+ # present if {::Google::Cloud::Kms::V1::Certificate#parsed parsed} is true.
136
+ # @!attribute [r] subject_alternative_dns_names
137
+ # @return [::Array<::String>]
138
+ # Output only. The subject Alternative DNS names. Only present if
139
+ # {::Google::Cloud::Kms::V1::Certificate#parsed parsed} is true.
140
+ # @!attribute [r] not_before_time
141
+ # @return [::Google::Protobuf::Timestamp]
142
+ # Output only. The certificate is not valid before this time. Only present if
143
+ # {::Google::Cloud::Kms::V1::Certificate#parsed parsed} is true.
144
+ # @!attribute [r] not_after_time
145
+ # @return [::Google::Protobuf::Timestamp]
146
+ # Output only. The certificate is not valid after this time. Only present if
147
+ # {::Google::Cloud::Kms::V1::Certificate#parsed parsed} is true.
148
+ # @!attribute [r] serial_number
149
+ # @return [::String]
150
+ # Output only. The certificate serial number as a hex string. Only present if
151
+ # {::Google::Cloud::Kms::V1::Certificate#parsed parsed} is true.
152
+ # @!attribute [r] sha256_fingerprint
153
+ # @return [::String]
154
+ # Output only. The SHA-256 certificate fingerprint as a hex string. Only
155
+ # present if {::Google::Cloud::Kms::V1::Certificate#parsed parsed} is true.
156
+ class Certificate
157
+ include ::Google::Protobuf::MessageExts
158
+ extend ::Google::Protobuf::MessageExts::ClassMethods
159
+ end
160
+
161
+ # An {::Google::Cloud::Kms::V1::EkmConnection EkmConnection} represents an
162
+ # individual EKM connection. It can be used for creating
163
+ # {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} and
164
+ # {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersions} with a
165
+ # {::Google::Cloud::Kms::V1::ProtectionLevel ProtectionLevel} of
166
+ # [EXTERNAL_VPC][CryptoKeyVersion.ProtectionLevel.EXTERNAL_VPC], as well as
167
+ # performing cryptographic operations using keys created within the
168
+ # {::Google::Cloud::Kms::V1::EkmConnection EkmConnection}.
169
+ # @!attribute [r] name
170
+ # @return [::String]
171
+ # Output only. The resource name for the
172
+ # {::Google::Cloud::Kms::V1::EkmConnection EkmConnection} in the format
173
+ # `projects/*/locations/*/ekmConnections/*`.
174
+ # @!attribute [r] create_time
175
+ # @return [::Google::Protobuf::Timestamp]
176
+ # Output only. The time at which the
177
+ # {::Google::Cloud::Kms::V1::EkmConnection EkmConnection} was created.
178
+ # @!attribute [rw] service_resolvers
179
+ # @return [::Array<::Google::Cloud::Kms::V1::EkmConnection::ServiceResolver>]
180
+ # A list of
181
+ # {::Google::Cloud::Kms::V1::EkmConnection::ServiceResolver ServiceResolvers} where
182
+ # the EKM can be reached. There should be one ServiceResolver per EKM
183
+ # replica. Currently, only a single
184
+ # {::Google::Cloud::Kms::V1::EkmConnection::ServiceResolver ServiceResolver} is
185
+ # supported.
186
+ # @!attribute [rw] etag
187
+ # @return [::String]
188
+ # This checksum is computed by the server based on the value of other fields,
189
+ # and may be sent on update requests to ensure the client has an up-to-date
190
+ # value before proceeding.
191
+ class EkmConnection
192
+ include ::Google::Protobuf::MessageExts
193
+ extend ::Google::Protobuf::MessageExts::ClassMethods
194
+
195
+ # A {::Google::Cloud::Kms::V1::EkmConnection::ServiceResolver ServiceResolver}
196
+ # represents an EKM replica that can be reached within an
197
+ # {::Google::Cloud::Kms::V1::EkmConnection EkmConnection}.
198
+ # @!attribute [rw] service_directory_service
199
+ # @return [::String]
200
+ # Required. The resource name of the Service Directory service pointing to
201
+ # an EKM replica, in the format
202
+ # `projects/*/locations/*/namespaces/*/services/*`.
203
+ # @!attribute [rw] endpoint_filter
204
+ # @return [::String]
205
+ # Optional. The filter applied to the endpoints of the resolved service. If
206
+ # no filter is specified, all endpoints will be considered. An endpoint
207
+ # will be chosen arbitrarily from the filtered list for each request.
208
+ #
209
+ # For endpoint filter syntax and examples, see
210
+ # https://cloud.google.com/service-directory/docs/reference/rpc/google.cloud.servicedirectory.v1#resolveservicerequest.
211
+ # @!attribute [rw] hostname
212
+ # @return [::String]
213
+ # Required. The hostname of the EKM replica used at TLS and HTTP layers.
214
+ # @!attribute [rw] server_certificates
215
+ # @return [::Array<::Google::Cloud::Kms::V1::Certificate>]
216
+ # Required. A list of leaf server certificates used to authenticate HTTPS
217
+ # connections to the EKM replica.
218
+ class ServiceResolver
219
+ include ::Google::Protobuf::MessageExts
220
+ extend ::Google::Protobuf::MessageExts::ClassMethods
221
+ end
222
+ end
223
+ end
224
+ end
225
+ end
226
+ end