google-cloud-kms 1.3.1 → 1.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9c8c0ae476705516a90cb35fae982d898d9e368de60e5b3515b98851b3410286
-  data.tar.gz: 93752a3d1740697bb7f11614d584e691132f2271622e179eeb4ecec80a852a13
+  metadata.gz: 2b78cda1d225442be599632a682fb286a843cd8362f5b1d4f97545fceeb0e980
+  data.tar.gz: 367d3fa44bf24f6908fe4de6ffeead72c303b118af529999a238246df3aadfe8
 SHA512:
-  metadata.gz: 9b3de6d169b0fa6958a4ca7bc9d4d6c3b9c46c0109f4b6cc664e3420e08ae1d51fb0ba227d3bec73a72a3dd9006c99bbd4a04888f9cc0024faa9be1e0960cba2
-  data.tar.gz: 9fb57a81fcf92c50876ae6366c30cad2c7a992684cf303df3da96db46e443cb46961165234fe4ec90c2e5d3a6e71546408344bc66419e39c341995b9f81c9848
+  metadata.gz: acec7c75b8aec9a7e393654fcd906dceadc37dc8a2403c9e634c200196404264200687496327118e393a651c56bc02119c9de43d6a33de98173bc89ef126cd47
+  data.tar.gz: 16acacd42eb291028f928bbccccfefac5aa06a04ae1b117453a0f3ee6bb3f802e27f9f4fd561d75c77385a70399bd91538cfc3e26472e21b96daea58e4f27be2

data/lib/google/cloud/kms.rb

@@ -96,6 +96,7 @@ module Google
       # * {Google::Cloud::Kms::V1::KeyRing KeyRing}
       # * {Google::Cloud::Kms::V1::CryptoKey CryptoKey}
       # * {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}
+      # * {Google::Cloud::Kms::V1::ImportJob ImportJob}
       #
       # If you are using manual gRPC libraries, see
       # [Using gRPC with Cloud KMS](https://cloud.google.com/kms/docs/grpc).

data/lib/google/cloud/kms/v1.rb

@@ -90,6 +90,7 @@ module Google
         # * {Google::Cloud::Kms::V1::KeyRing KeyRing}
         # * {Google::Cloud::Kms::V1::CryptoKey CryptoKey}
         # * {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}
+        # * {Google::Cloud::Kms::V1::ImportJob ImportJob}
         #
         # If you are using manual gRPC libraries, see
         # [Using gRPC with Cloud KMS](https://cloud.google.com/kms/docs/grpc).

data/lib/google/cloud/kms/v1/doc/google/cloud/kms/v1/resources.rb

@@ -45,12 +45,12 @@ module Google
         #     The {Google::Cloud::Kms::V1::CryptoKey CryptoKey}'s primary version can be updated via
         #     {Google::Cloud::Kms::V1::KeyManagementService::UpdateCryptoKeyPrimaryVersion UpdateCryptoKeyPrimaryVersion}.
         #
-        #     All keys with {Google::Cloud::Kms::V1::CryptoKey#purpose purpose}
-        #     {Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose::ENCRYPT_DECRYPT ENCRYPT_DECRYPT} have a
+        #     Keys with {Google::Cloud::Kms::V1::CryptoKey#purpose purpose}
+        #     {Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose::ENCRYPT_DECRYPT ENCRYPT_DECRYPT} may have a
         #     primary. For other keys, this field will be omitted.
         # @!attribute [rw] purpose
         #   @return [Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose]
-        #     The immutable purpose of this {Google::Cloud::Kms::V1::CryptoKey CryptoKey}.
+        #     Immutable. The immutable purpose of this {Google::Cloud::Kms::V1::CryptoKey CryptoKey}.
         # @!attribute [rw] create_time
         #   @return [Google::Protobuf::Timestamp]
         #     Output only. The time at which this {Google::Cloud::Kms::V1::CryptoKey CryptoKey} was created.
@@ -72,7 +72,8 @@ module Google
         # @!attribute [rw] rotation_period
         #   @return [Google::Protobuf::Duration]
         #     {Google::Cloud::Kms::V1::CryptoKey#next_rotation_time next_rotation_time} will be advanced by this period when the service
-        #     automatically rotates a key. Must be at least one day.
+        #     automatically rotates a key. Must be at least 24 hours and at most
+        #     876,000 hours.
         #
         #     If {Google::Cloud::Kms::V1::CryptoKey#rotation_period rotation_period} is set, {Google::Cloud::Kms::V1::CryptoKey#next_rotation_time next_rotation_time} must also be set.
         #
@@ -408,12 +409,10 @@ module Google
         #     `projects/*/locations/*/keyRings/*/importJobs/*`.
         # @!attribute [rw] import_method
         #   @return [Google::Cloud::Kms::V1::ImportJob::ImportMethod]
-        #     Required and immutable. The wrapping method to be used for incoming
-        #     key material.
+        #     Required. Immutable. The wrapping method to be used for incoming key material.
         # @!attribute [rw] protection_level
         #   @return [Google::Cloud::Kms::V1::ProtectionLevel]
-        #     Required and immutable. The protection level of the {Google::Cloud::Kms::V1::ImportJob ImportJob}. This
-        #     must match the
+        #     Required. Immutable. The protection level of the {Google::Cloud::Kms::V1::ImportJob ImportJob}. This must match the
         #     {Google::Cloud::Kms::V1::CryptoKeyVersionTemplate#protection_level protection_level} of the
         #     {Google::Cloud::Kms::V1::CryptoKey#version_template version_template} on the {Google::Cloud::Kms::V1::CryptoKey CryptoKey} you
         #     attempt to import into.
@@ -515,6 +514,9 @@ module Google
 
           # Crypto operations are performed in a Hardware Security Module.
           HSM = 2
+
+          # Crypto operations are performed by an external key manager.
+          EXTERNAL = 3
         end
       end
     end

data/lib/google/cloud/kms/v1/doc/google/cloud/kms/v1/service.rb

@@ -24,21 +24,26 @@ module Google
         #     {Google::Cloud::Kms::V1::KeyRing KeyRings}, in the format `projects/*/locations/*`.
         # @!attribute [rw] page_size
         #   @return [Integer]
-        #     Optional limit on the number of {Google::Cloud::Kms::V1::KeyRing KeyRings} to include in the
+        #     Optional. Optional limit on the number of {Google::Cloud::Kms::V1::KeyRing KeyRings} to include in the
         #     response.  Further {Google::Cloud::Kms::V1::KeyRing KeyRings} can subsequently be obtained by
         #     including the {Google::Cloud::Kms::V1::ListKeyRingsResponse#next_page_token ListKeyRingsResponse#next_page_token} in a subsequent
         #     request.  If unspecified, the server will pick an appropriate default.
         # @!attribute [rw] page_token
         #   @return [String]
-        #     Optional pagination token, returned earlier via
+        #     Optional. Optional pagination token, returned earlier via
         #     {Google::Cloud::Kms::V1::ListKeyRingsResponse#next_page_token ListKeyRingsResponse#next_page_token}.
         # @!attribute [rw] filter
         #   @return [String]
-        #     Optional. Only include resources that match the filter in the response.
+        #     Optional. Only include resources that match the filter in the response. For
+        #     more information, see
+        #     [Sorting and filtering list
+        #     results](https://cloud.google.com/kms/docs/sorting-and-filtering).
         # @!attribute [rw] order_by
         #   @return [String]
         #     Optional. Specify how the results should be sorted. If not specified, the
-        #     results will be sorted in the default order.
+        #     results will be sorted in the default order.  For more information, see
+        #     [Sorting and filtering list
+        #     results](https://cloud.google.com/kms/docs/sorting-and-filtering).
         class ListKeyRingsRequest; end
 
         # Request message for {Google::Cloud::Kms::V1::KeyManagementService::ListCryptoKeys KeyManagementService::ListCryptoKeys}.
@@ -48,24 +53,29 @@ module Google
         #     `projects/*/locations/*/keyRings/*`.
         # @!attribute [rw] page_size
         #   @return [Integer]
-        #     Optional limit on the number of {Google::Cloud::Kms::V1::CryptoKey CryptoKeys} to include in the
+        #     Optional. Optional limit on the number of {Google::Cloud::Kms::V1::CryptoKey CryptoKeys} to include in the
         #     response.  Further {Google::Cloud::Kms::V1::CryptoKey CryptoKeys} can subsequently be obtained by
         #     including the {Google::Cloud::Kms::V1::ListCryptoKeysResponse#next_page_token ListCryptoKeysResponse#next_page_token} in a subsequent
         #     request.  If unspecified, the server will pick an appropriate default.
         # @!attribute [rw] page_token
         #   @return [String]
-        #     Optional pagination token, returned earlier via
+        #     Optional. Optional pagination token, returned earlier via
         #     {Google::Cloud::Kms::V1::ListCryptoKeysResponse#next_page_token ListCryptoKeysResponse#next_page_token}.
         # @!attribute [rw] version_view
         #   @return [Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionView]
         #     The fields of the primary version to include in the response.
         # @!attribute [rw] filter
         #   @return [String]
-        #     Optional. Only include resources that match the filter in the response.
+        #     Optional. Only include resources that match the filter in the response. For
+        #     more information, see
+        #     [Sorting and filtering list
+        #     results](https://cloud.google.com/kms/docs/sorting-and-filtering).
         # @!attribute [rw] order_by
         #   @return [String]
         #     Optional. Specify how the results should be sorted. If not specified, the
-        #     results will be sorted in the default order.
+        #     results will be sorted in the default order. For more information, see
+        #     [Sorting and filtering list
+        #     results](https://cloud.google.com/kms/docs/sorting-and-filtering).
         class ListCryptoKeysRequest; end
 
         # Request message for {Google::Cloud::Kms::V1::KeyManagementService::ListCryptoKeyVersions KeyManagementService::ListCryptoKeyVersions}.
@@ -75,25 +85,30 @@ module Google
         #     `projects/*/locations/*/keyRings/*/cryptoKeys/*`.
         # @!attribute [rw] page_size
         #   @return [Integer]
-        #     Optional limit on the number of {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersions} to
+        #     Optional. Optional limit on the number of {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersions} to
         #     include in the response. Further {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersions} can
         #     subsequently be obtained by including the
         #     {Google::Cloud::Kms::V1::ListCryptoKeyVersionsResponse#next_page_token ListCryptoKeyVersionsResponse#next_page_token} in a subsequent request.
         #     If unspecified, the server will pick an appropriate default.
         # @!attribute [rw] page_token
         #   @return [String]
-        #     Optional pagination token, returned earlier via
+        #     Optional. Optional pagination token, returned earlier via
         #     {Google::Cloud::Kms::V1::ListCryptoKeyVersionsResponse#next_page_token ListCryptoKeyVersionsResponse#next_page_token}.
         # @!attribute [rw] view
         #   @return [Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionView]
         #     The fields to include in the response.
         # @!attribute [rw] filter
         #   @return [String]
-        #     Optional. Only include resources that match the filter in the response.
+        #     Optional. Only include resources that match the filter in the response. For
+        #     more information, see
+        #     [Sorting and filtering list
+        #     results](https://cloud.google.com/kms/docs/sorting-and-filtering).
         # @!attribute [rw] order_by
         #   @return [String]
         #     Optional. Specify how the results should be sorted. If not specified, the
-        #     results will be sorted in the default order.
+        #     results will be sorted in the default order. For more information, see
+        #     [Sorting and filtering list
+        #     results](https://cloud.google.com/kms/docs/sorting-and-filtering).
         class ListCryptoKeyVersionsRequest; end
 
         # Request message for {Google::Cloud::Kms::V1::KeyManagementService::ListImportJobs KeyManagementService::ListImportJobs}.
@@ -103,21 +118,26 @@ module Google
         #     `projects/*/locations/*/keyRings/*`.
         # @!attribute [rw] page_size
         #   @return [Integer]
-        #     Optional limit on the number of {Google::Cloud::Kms::V1::ImportJob ImportJobs} to include in the
+        #     Optional. Optional limit on the number of {Google::Cloud::Kms::V1::ImportJob ImportJobs} to include in the
         #     response. Further {Google::Cloud::Kms::V1::ImportJob ImportJobs} can subsequently be obtained by
         #     including the {Google::Cloud::Kms::V1::ListImportJobsResponse#next_page_token ListImportJobsResponse#next_page_token} in a subsequent
         #     request. If unspecified, the server will pick an appropriate default.
         # @!attribute [rw] page_token
         #   @return [String]
-        #     Optional pagination token, returned earlier via
+        #     Optional. Optional pagination token, returned earlier via
         #     {Google::Cloud::Kms::V1::ListImportJobsResponse#next_page_token ListImportJobsResponse#next_page_token}.
         # @!attribute [rw] filter
         #   @return [String]
-        #     Optional. Only include resources that match the filter in the response.
+        #     Optional. Only include resources that match the filter in the response. For
+        #     more information, see
+        #     [Sorting and filtering list
+        #     results](https://cloud.google.com/kms/docs/sorting-and-filtering).
         # @!attribute [rw] order_by
         #   @return [String]
         #     Optional. Specify how the results should be sorted. If not specified, the
-        #     results will be sorted in the default order.
+        #     results will be sorted in the default order. For more information, see
+        #     [Sorting and filtering list
+        #     results](https://cloud.google.com/kms/docs/sorting-and-filtering).
         class ListImportJobsRequest; end
 
         # Response message for {Google::Cloud::Kms::V1::KeyManagementService::ListKeyRings KeyManagementService::ListKeyRings}.
@@ -177,32 +197,32 @@ module Google
         # Request message for {Google::Cloud::Kms::V1::KeyManagementService::GetKeyRing KeyManagementService::GetKeyRing}.
         # @!attribute [rw] name
         #   @return [String]
-        #     The {Google::Cloud::Kms::V1::KeyRing#name name} of the {Google::Cloud::Kms::V1::KeyRing KeyRing} to get.
+        #     Required. The {Google::Cloud::Kms::V1::KeyRing#name name} of the {Google::Cloud::Kms::V1::KeyRing KeyRing} to get.
         class GetKeyRingRequest; end
 
         # Request message for {Google::Cloud::Kms::V1::KeyManagementService::GetCryptoKey KeyManagementService::GetCryptoKey}.
         # @!attribute [rw] name
         #   @return [String]
-        #     The {Google::Cloud::Kms::V1::CryptoKey#name name} of the {Google::Cloud::Kms::V1::CryptoKey CryptoKey} to get.
+        #     Required. The {Google::Cloud::Kms::V1::CryptoKey#name name} of the {Google::Cloud::Kms::V1::CryptoKey CryptoKey} to get.
         class GetCryptoKeyRequest; end
 
         # Request message for {Google::Cloud::Kms::V1::KeyManagementService::GetCryptoKeyVersion KeyManagementService::GetCryptoKeyVersion}.
         # @!attribute [rw] name
         #   @return [String]
-        #     The {Google::Cloud::Kms::V1::CryptoKeyVersion#name name} of the {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to get.
+        #     Required. The {Google::Cloud::Kms::V1::CryptoKeyVersion#name name} of the {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to get.
         class GetCryptoKeyVersionRequest; end
 
         # Request message for {Google::Cloud::Kms::V1::KeyManagementService::GetPublicKey KeyManagementService::GetPublicKey}.
         # @!attribute [rw] name
         #   @return [String]
-        #     The {Google::Cloud::Kms::V1::CryptoKeyVersion#name name} of the {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} public key to
+        #     Required. The {Google::Cloud::Kms::V1::CryptoKeyVersion#name name} of the {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} public key to
         #     get.
         class GetPublicKeyRequest; end
 
         # Request message for {Google::Cloud::Kms::V1::KeyManagementService::GetImportJob KeyManagementService::GetImportJob}.
         # @!attribute [rw] name
         #   @return [String]
-        #     The {Google::Cloud::Kms::V1::ImportJob#name name} of the {Google::Cloud::Kms::V1::ImportJob ImportJob} to get.
+        #     Required. The {Google::Cloud::Kms::V1::ImportJob#name name} of the {Google::Cloud::Kms::V1::ImportJob ImportJob} to get.
         class GetImportJobRequest; end
 
         # Request message for {Google::Cloud::Kms::V1::KeyManagementService::CreateKeyRing KeyManagementService::CreateKeyRing}.
@@ -216,7 +236,7 @@ module Google
         #     expression `[a-zA-Z0-9_-]{1,63}`
         # @!attribute [rw] key_ring
         #   @return [Google::Cloud::Kms::V1::KeyRing]
-        #     A {Google::Cloud::Kms::V1::KeyRing KeyRing} with initial field values.
+        #     Required. A {Google::Cloud::Kms::V1::KeyRing KeyRing} with initial field values.
         class CreateKeyRingRequest; end
 
         # Request message for {Google::Cloud::Kms::V1::KeyManagementService::CreateCryptoKey KeyManagementService::CreateCryptoKey}.
@@ -230,7 +250,7 @@ module Google
         #     expression `[a-zA-Z0-9_-]{1,63}`
         # @!attribute [rw] crypto_key
         #   @return [Google::Cloud::Kms::V1::CryptoKey]
-        #     A {Google::Cloud::Kms::V1::CryptoKey CryptoKey} with initial field values.
+        #     Required. A {Google::Cloud::Kms::V1::CryptoKey CryptoKey} with initial field values.
         # @!attribute [rw] skip_initial_version_creation
         #   @return [true, false]
         #     If set to true, the request will create a {Google::Cloud::Kms::V1::CryptoKey CryptoKey} without any
@@ -247,7 +267,7 @@ module Google
         #     the {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersions}.
         # @!attribute [rw] crypto_key_version
         #   @return [Google::Cloud::Kms::V1::CryptoKeyVersion]
-        #     A {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} with initial field values.
+        #     Required. A {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} with initial field values.
         class CreateCryptoKeyVersionRequest; end
 
         # Request message for {Google::Cloud::Kms::V1::KeyManagementService::ImportCryptoKeyVersion KeyManagementService::ImportCryptoKeyVersion}.
@@ -283,6 +303,11 @@ module Google
         #       </li>
         #     </ol>
         #
+        #     If importing symmetric key material, it is expected that the unwrapped
+        #     key contains plain bytes. If importing asymmetric key material, it is
+        #     expected that the unwrapped key is in PKCS#8-encoded DER format (the
+        #     PrivateKeyInfo structure from RFC 5208).
+        #
         #     This format is the same as the format produced by PKCS#11 mechanism
         #     CKM_RSA_AES_KEY_WRAP.
         class ImportCryptoKeyVersionRequest; end
@@ -304,19 +329,19 @@ module Google
         # Request message for {Google::Cloud::Kms::V1::KeyManagementService::UpdateCryptoKey KeyManagementService::UpdateCryptoKey}.
         # @!attribute [rw] crypto_key
         #   @return [Google::Cloud::Kms::V1::CryptoKey]
-        #     {Google::Cloud::Kms::V1::CryptoKey CryptoKey} with updated values.
+        #     Required. {Google::Cloud::Kms::V1::CryptoKey CryptoKey} with updated values.
         # @!attribute [rw] update_mask
         #   @return [Google::Protobuf::FieldMask]
-        #     Required list of fields to be updated in this request.
+        #     Required. List of fields to be updated in this request.
         class UpdateCryptoKeyRequest; end
 
         # Request message for {Google::Cloud::Kms::V1::KeyManagementService::UpdateCryptoKeyVersion KeyManagementService::UpdateCryptoKeyVersion}.
         # @!attribute [rw] crypto_key_version
         #   @return [Google::Cloud::Kms::V1::CryptoKeyVersion]
-        #     {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} with updated values.
+        #     Required. {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} with updated values.
         # @!attribute [rw] update_mask
         #   @return [Google::Protobuf::FieldMask]
-        #     Required list of fields to be updated in this request.
+        #     Required. List of fields to be updated in this request.
         class UpdateCryptoKeyVersionRequest; end
 
         # Request message for {Google::Cloud::Kms::V1::KeyManagementService::Encrypt KeyManagementService::Encrypt}.
@@ -339,7 +364,7 @@ module Google
         #     8KiB.
         # @!attribute [rw] additional_authenticated_data
         #   @return [String]
-        #     Optional data that, if specified, must also be provided during decryption
+        #     Optional. Optional data that, if specified, must also be provided during decryption
         #     through {Google::Cloud::Kms::V1::DecryptRequest#additional_authenticated_data DecryptRequest#additional_authenticated_data}.
         #
         #     The maximum size depends on the key version's
@@ -361,7 +386,7 @@ module Google
         #     {Google::Cloud::Kms::V1::EncryptResponse#ciphertext EncryptResponse#ciphertext}.
         # @!attribute [rw] additional_authenticated_data
         #   @return [String]
-        #     Optional data that must match the data originally supplied in
+        #     Optional. Optional data that must match the data originally supplied in
         #     {Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data EncryptRequest#additional_authenticated_data}.
         class DecryptRequest; end
 
@@ -396,7 +421,8 @@ module Google
         # Response message for {Google::Cloud::Kms::V1::KeyManagementService::Encrypt KeyManagementService::Encrypt}.
         # @!attribute [rw] name
         #   @return [String]
-        #     The resource name of the {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} used in encryption.
+        #     The resource name of the {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} used in encryption. Check
+        #     this field to verify that the intended resource was used for encryption.
         # @!attribute [rw] ciphertext
         #   @return [String]
         #     The encrypted data.
@@ -417,22 +443,22 @@ module Google
         # Request message for {Google::Cloud::Kms::V1::KeyManagementService::UpdateCryptoKeyPrimaryVersion KeyManagementService::UpdateCryptoKeyPrimaryVersion}.
         # @!attribute [rw] name
         #   @return [String]
-        #     The resource name of the {Google::Cloud::Kms::V1::CryptoKey CryptoKey} to update.
+        #     Required. The resource name of the {Google::Cloud::Kms::V1::CryptoKey CryptoKey} to update.
         # @!attribute [rw] crypto_key_version_id
         #   @return [String]
-        #     The id of the child {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use as primary.
+        #     Required. The id of the child {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use as primary.
         class UpdateCryptoKeyPrimaryVersionRequest; end
 
         # Request message for {Google::Cloud::Kms::V1::KeyManagementService::DestroyCryptoKeyVersion KeyManagementService::DestroyCryptoKeyVersion}.
         # @!attribute [rw] name
         #   @return [String]
-        #     The resource name of the {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to destroy.
+        #     Required. The resource name of the {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to destroy.
         class DestroyCryptoKeyVersionRequest; end
 
         # Request message for {Google::Cloud::Kms::V1::KeyManagementService::RestoreCryptoKeyVersion KeyManagementService::RestoreCryptoKeyVersion}.
         # @!attribute [rw] name
         #   @return [String]
-        #     The resource name of the {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to restore.
+        #     Required. The resource name of the {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to restore.
         class RestoreCryptoKeyVersionRequest; end
 
         # A {Google::Cloud::Kms::V1::Digest Digest} holds a cryptographic message digest.

data/lib/google/cloud/kms/v1/key_management_service_client.rb

@@ -42,6 +42,7 @@ module Google
         # * {Google::Cloud::Kms::V1::KeyRing KeyRing}
         # * {Google::Cloud::Kms::V1::CryptoKey CryptoKey}
         # * {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}
+        # * {Google::Cloud::Kms::V1::ImportJob ImportJob}
         #
         # If you are using manual gRPC libraries, see
         # [Using gRPC with Cloud KMS](https://cloud.google.com/kms/docs/grpc).
@@ -560,10 +561,15 @@ module Google
           #   performed per-page, this determines the maximum number of
           #   resources in a page.
           # @param filter [String]
-          #   Optional. Only include resources that match the filter in the response.
+          #   Optional. Only include resources that match the filter in the response. For
+          #   more information, see
+          #   [Sorting and filtering list
+          #   results](https://cloud.google.com/kms/docs/sorting-and-filtering).
           # @param order_by [String]
           #   Optional. Specify how the results should be sorted. If not specified, the
-          #   results will be sorted in the default order.
+          #   results will be sorted in the default order.  For more information, see
+          #   [Sorting and filtering list
+          #   results](https://cloud.google.com/kms/docs/sorting-and-filtering).
           # @param options [Google::Gax::CallOptions]
           #   Overrides the default settings for this call, e.g, timeout,
           #   retries, etc.
@@ -624,10 +630,15 @@ module Google
           #   performed per-page, this determines the maximum number of
           #   resources in a page.
           # @param filter [String]
-          #   Optional. Only include resources that match the filter in the response.
+          #   Optional. Only include resources that match the filter in the response. For
+          #   more information, see
+          #   [Sorting and filtering list
+          #   results](https://cloud.google.com/kms/docs/sorting-and-filtering).
           # @param order_by [String]
           #   Optional. Specify how the results should be sorted. If not specified, the
-          #   results will be sorted in the default order.
+          #   results will be sorted in the default order. For more information, see
+          #   [Sorting and filtering list
+          #   results](https://cloud.google.com/kms/docs/sorting-and-filtering).
           # @param options [Google::Gax::CallOptions]
           #   Overrides the default settings for this call, e.g, timeout,
           #   retries, etc.
@@ -690,10 +701,15 @@ module Google
           # @param version_view [Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionView]
           #   The fields of the primary version to include in the response.
           # @param filter [String]
-          #   Optional. Only include resources that match the filter in the response.
+          #   Optional. Only include resources that match the filter in the response. For
+          #   more information, see
+          #   [Sorting and filtering list
+          #   results](https://cloud.google.com/kms/docs/sorting-and-filtering).
           # @param order_by [String]
           #   Optional. Specify how the results should be sorted. If not specified, the
-          #   results will be sorted in the default order.
+          #   results will be sorted in the default order. For more information, see
+          #   [Sorting and filtering list
+          #   results](https://cloud.google.com/kms/docs/sorting-and-filtering).
           # @param options [Google::Gax::CallOptions]
           #   Overrides the default settings for this call, e.g, timeout,
           #   retries, etc.
@@ -758,10 +774,15 @@ module Google
           # @param view [Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionView]
           #   The fields to include in the response.
           # @param filter [String]
-          #   Optional. Only include resources that match the filter in the response.
+          #   Optional. Only include resources that match the filter in the response. For
+          #   more information, see
+          #   [Sorting and filtering list
+          #   results](https://cloud.google.com/kms/docs/sorting-and-filtering).
           # @param order_by [String]
           #   Optional. Specify how the results should be sorted. If not specified, the
-          #   results will be sorted in the default order.
+          #   results will be sorted in the default order. For more information, see
+          #   [Sorting and filtering list
+          #   results](https://cloud.google.com/kms/docs/sorting-and-filtering).
           # @param options [Google::Gax::CallOptions]
           #   Overrides the default settings for this call, e.g, timeout,
           #   retries, etc.
@@ -815,7 +836,7 @@ module Google
           # Returns metadata for a given {Google::Cloud::Kms::V1::KeyRing KeyRing}.
           #
           # @param name [String]
-          #   The {Google::Cloud::Kms::V1::KeyRing#name name} of the {Google::Cloud::Kms::V1::KeyRing KeyRing} to get.
+          #   Required. The {Google::Cloud::Kms::V1::KeyRing#name name} of the {Google::Cloud::Kms::V1::KeyRing KeyRing} to get.
           # @param options [Google::Gax::CallOptions]
           #   Overrides the default settings for this call, e.g, timeout,
           #   retries, etc.
@@ -845,7 +866,7 @@ module Google
           # Returns metadata for a given {Google::Cloud::Kms::V1::ImportJob ImportJob}.
           #
           # @param name [String]
-          #   The {Google::Cloud::Kms::V1::ImportJob#name name} of the {Google::Cloud::Kms::V1::ImportJob ImportJob} to get.
+          #   Required. The {Google::Cloud::Kms::V1::ImportJob#name name} of the {Google::Cloud::Kms::V1::ImportJob ImportJob} to get.
           # @param options [Google::Gax::CallOptions]
           #   Overrides the default settings for this call, e.g, timeout,
           #   retries, etc.
@@ -876,7 +897,7 @@ module Google
           # {Google::Cloud::Kms::V1::CryptoKey#primary primary} {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}.
           #
           # @param name [String]
-          #   The {Google::Cloud::Kms::V1::CryptoKey#name name} of the {Google::Cloud::Kms::V1::CryptoKey CryptoKey} to get.
+          #   Required. The {Google::Cloud::Kms::V1::CryptoKey#name name} of the {Google::Cloud::Kms::V1::CryptoKey CryptoKey} to get.
           # @param options [Google::Gax::CallOptions]
           #   Overrides the default settings for this call, e.g, timeout,
           #   retries, etc.
@@ -906,7 +927,7 @@ module Google
           # Returns metadata for a given {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}.
           #
           # @param name [String]
-          #   The {Google::Cloud::Kms::V1::CryptoKeyVersion#name name} of the {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to get.
+          #   Required. The {Google::Cloud::Kms::V1::CryptoKeyVersion#name name} of the {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to get.
           # @param options [Google::Gax::CallOptions]
           #   Overrides the default settings for this call, e.g, timeout,
           #   retries, etc.
@@ -942,7 +963,7 @@ module Google
           #   Required. It must be unique within a location and match the regular
           #   expression `[a-zA-Z0-9_-]{1,63}`
           # @param key_ring [Google::Cloud::Kms::V1::KeyRing | Hash]
-          #   A {Google::Cloud::Kms::V1::KeyRing KeyRing} with initial field values.
+          #   Required. A {Google::Cloud::Kms::V1::KeyRing KeyRing} with initial field values.
           #   A hash of the same form as `Google::Cloud::Kms::V1::KeyRing`
           #   can also be provided.
           # @param options [Google::Gax::CallOptions]
@@ -1042,7 +1063,7 @@ module Google
           #   Required. It must be unique within a KeyRing and match the regular
           #   expression `[a-zA-Z0-9_-]{1,63}`
           # @param crypto_key [Google::Cloud::Kms::V1::CryptoKey | Hash]
-          #   A {Google::Cloud::Kms::V1::CryptoKey CryptoKey} with initial field values.
+          #   Required. A {Google::Cloud::Kms::V1::CryptoKey CryptoKey} with initial field values.
           #   A hash of the same form as `Google::Cloud::Kms::V1::CryptoKey`
           #   can also be provided.
           # @param skip_initial_version_creation [true, false]
@@ -1104,7 +1125,7 @@ module Google
           #   Required. The {Google::Cloud::Kms::V1::CryptoKey#name name} of the {Google::Cloud::Kms::V1::CryptoKey CryptoKey} associated with
           #   the {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersions}.
           # @param crypto_key_version [Google::Cloud::Kms::V1::CryptoKeyVersion | Hash]
-          #   A {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} with initial field values.
+          #   Required. A {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} with initial field values.
           #   A hash of the same form as `Google::Cloud::Kms::V1::CryptoKeyVersion`
           #   can also be provided.
           # @param options [Google::Gax::CallOptions]
@@ -1172,6 +1193,11 @@ module Google
           #     </li>
           #   </ol>
           #
+          #   If importing symmetric key material, it is expected that the unwrapped
+          #   key contains plain bytes. If importing asymmetric key material, it is
+          #   expected that the unwrapped key is in PKCS#8-encoded DER format (the
+          #   PrivateKeyInfo structure from RFC 5208).
+          #
           #   This format is the same as the format produced by PKCS#11 mechanism
           #   CKM_RSA_AES_KEY_WRAP.
           # @param options [Google::Gax::CallOptions]
@@ -1215,11 +1241,11 @@ module Google
           # Update a {Google::Cloud::Kms::V1::CryptoKey CryptoKey}.
           #
           # @param crypto_key [Google::Cloud::Kms::V1::CryptoKey | Hash]
-          #   {Google::Cloud::Kms::V1::CryptoKey CryptoKey} with updated values.
+          #   Required. {Google::Cloud::Kms::V1::CryptoKey CryptoKey} with updated values.
           #   A hash of the same form as `Google::Cloud::Kms::V1::CryptoKey`
           #   can also be provided.
           # @param update_mask [Google::Protobuf::FieldMask | Hash]
-          #   Required list of fields to be updated in this request.
+          #   Required. List of fields to be updated in this request.
           #   A hash of the same form as `Google::Protobuf::FieldMask`
           #   can also be provided.
           # @param options [Google::Gax::CallOptions]
@@ -1264,11 +1290,11 @@ module Google
           # move between other states.
           #
           # @param crypto_key_version [Google::Cloud::Kms::V1::CryptoKeyVersion | Hash]
-          #   {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} with updated values.
+          #   Required. {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} with updated values.
           #   A hash of the same form as `Google::Cloud::Kms::V1::CryptoKeyVersion`
           #   can also be provided.
           # @param update_mask [Google::Protobuf::FieldMask | Hash]
-          #   Required list of fields to be updated in this request.
+          #   Required. List of fields to be updated in this request.
           #   A hash of the same form as `Google::Protobuf::FieldMask`
           #   can also be provided.
           # @param options [Google::Gax::CallOptions]
@@ -1324,7 +1350,7 @@ module Google
           #   plaintext and additional_authenticated_data fields must be no larger than
           #   8KiB.
           # @param additional_authenticated_data [String]
-          #   Optional data that, if specified, must also be provided during decryption
+          #   Optional. Optional data that, if specified, must also be provided during decryption
           #   through {Google::Cloud::Kms::V1::DecryptRequest#additional_authenticated_data DecryptRequest#additional_authenticated_data}.
           #
           #   The maximum size depends on the key version's
@@ -1376,7 +1402,7 @@ module Google
           #   Required. The encrypted data originally returned in
           #   {Google::Cloud::Kms::V1::EncryptResponse#ciphertext EncryptResponse#ciphertext}.
           # @param additional_authenticated_data [String]
-          #   Optional data that must match the data originally supplied in
+          #   Optional. Optional data that must match the data originally supplied in
           #   {Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data EncryptRequest#additional_authenticated_data}.
           # @param options [Google::Gax::CallOptions]
           #   Overrides the default settings for this call, e.g, timeout,
@@ -1416,9 +1442,9 @@ module Google
           # Returns an error if called on an asymmetric key.
           #
           # @param name [String]
-          #   The resource name of the {Google::Cloud::Kms::V1::CryptoKey CryptoKey} to update.
+          #   Required. The resource name of the {Google::Cloud::Kms::V1::CryptoKey CryptoKey} to update.
           # @param crypto_key_version_id [String]
-          #   The id of the child {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use as primary.
+          #   Required. The id of the child {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use as primary.
           # @param options [Google::Gax::CallOptions]
           #   Overrides the default settings for this call, e.g, timeout,
           #   retries, etc.
@@ -1464,7 +1490,7 @@ module Google
           # {Google::Cloud::Kms::V1::KeyManagementService::RestoreCryptoKeyVersion RestoreCryptoKeyVersion} may be called to reverse the process.
           #
           # @param name [String]
-          #   The resource name of the {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to destroy.
+          #   Required. The resource name of the {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to destroy.
           # @param options [Google::Gax::CallOptions]
           #   Overrides the default settings for this call, e.g, timeout,
           #   retries, etc.
@@ -1500,7 +1526,7 @@ module Google
           # and {Google::Cloud::Kms::V1::CryptoKeyVersion#destroy_time destroy_time} will be cleared.
           #
           # @param name [String]
-          #   The resource name of the {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to restore.
+          #   Required. The resource name of the {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to restore.
           # @param options [Google::Gax::CallOptions]
           #   Overrides the default settings for this call, e.g, timeout,
           #   retries, etc.
@@ -1533,7 +1559,7 @@ module Google
           # {Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose::ASYMMETRIC_DECRYPT ASYMMETRIC_DECRYPT}.
           #
           # @param name [String]
-          #   The {Google::Cloud::Kms::V1::CryptoKeyVersion#name name} of the {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} public key to
+          #   Required. The {Google::Cloud::Kms::V1::CryptoKeyVersion#name name} of the {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} public key to
           #   get.
           # @param options [Google::Gax::CallOptions]
           #   Overrides the default settings for this call, e.g, timeout,
@@ -1648,6 +1674,9 @@ module Google
           # Sets the access control policy on the specified resource. Replaces
           # any existing policy.
           #
+          # Can return Public Errors: NOT_FOUND, INVALID_ARGUMENT and
+          # PERMISSION_DENIED
+          #
           # @param resource [String]
           #   REQUIRED: The resource for which the policy is being specified.
           #   See the operation documentation for the appropriate value for this field.

data/lib/google/cloud/kms/v1/resources_pb.rb

@@ -5,6 +5,8 @@
 require 'google/protobuf'
 
 require 'google/api/annotations_pb'
+require 'google/api/field_behavior_pb'
+require 'google/api/resource_pb'
 require 'google/protobuf/duration_pb'
 require 'google/protobuf/timestamp_pb'
 Google::Protobuf::DescriptorPool.generated_pool.build do
@@ -123,6 +125,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
     value :PROTECTION_LEVEL_UNSPECIFIED, 0
     value :SOFTWARE, 1
     value :HSM, 2
+    value :EXTERNAL, 3
   end
 end
 

data/lib/google/cloud/kms/v1/service_pb.rb

@@ -5,9 +5,11 @@
 require 'google/protobuf'
 
 require 'google/api/annotations_pb'
+require 'google/api/client_pb'
+require 'google/api/field_behavior_pb'
+require 'google/api/resource_pb'
 require 'google/cloud/kms/v1/resources_pb'
 require 'google/protobuf/field_mask_pb'
-require 'google/api/client_pb'
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_message "google.cloud.kms.v1.ListKeyRingsRequest" do
     optional :parent, :string, 1

data/lib/google/cloud/kms/v1/service_services_pb.rb

@@ -15,7 +15,6 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
-#
 
 
 require 'grpc'
@@ -34,6 +33,7 @@ module Google
           # * [KeyRing][google.cloud.kms.v1.KeyRing]
           # * [CryptoKey][google.cloud.kms.v1.CryptoKey]
           # * [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
+          # * [ImportJob][google.cloud.kms.v1.ImportJob]
           #
           # If you are using manual gRPC libraries, see
           # [Using gRPC with Cloud KMS](https://cloud.google.com/kms/docs/grpc).

data/lib/google/cloud/kms/version.rb

@@ -16,7 +16,7 @@
 module Google
   module Cloud
     module Kms
-      VERSION = "1.3.1".freeze
+      VERSION = "1.4.0".freeze
     end
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: google-cloud-kms
 version: !ruby/object:Gem::Version
-  version: 1.3.1
+  version: 1.4.0
 platform: ruby
 authors:
 - Google LLC
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-11-07 00:00:00.000000000 Z
+date: 2020-01-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: google-gax