google-cloud-spanner-admin-database-v1 0.3.0 → 0.6.1

data/lib/google/cloud/spanner/admin/database/v1/database_admin/operations.rb

@@ -562,7 +562,7 @@ module Google
                   config_attr :scope,         nil, ::String, ::Array, nil
                   config_attr :lib_name,      nil, ::String, nil
                   config_attr :lib_version,   nil, ::String, nil
-                  config_attr(:channel_args,  { "grpc.service_config_disable_resolution"=>1 }, ::Hash, nil)
+                  config_attr(:channel_args,  { "grpc.service_config_disable_resolution" => 1 }, ::Hash, nil)
                   config_attr :interceptors,  nil, ::Array, nil
                   config_attr :timeout,       nil, ::Numeric, nil
                   config_attr :metadata,      nil, ::Hash, nil
@@ -583,7 +583,7 @@ module Google
                   def rpcs
                     @rpcs ||= begin
                       parent_rpcs = nil
-                      parent_rpcs = @parent_config.rpcs if defined?(@parent_config) && @parent_config&.respond_to?(:rpcs)
+                      parent_rpcs = @parent_config.rpcs if defined?(@parent_config) && @parent_config.respond_to?(:rpcs)
                       Rpcs.new parent_rpcs
                     end
                   end
@@ -634,15 +634,15 @@ module Google
 
                     # @private
                     def initialize parent_rpcs = nil
-                      list_operations_config = parent_rpcs&.list_operations if parent_rpcs&.respond_to? :list_operations
+                      list_operations_config = parent_rpcs.list_operations if parent_rpcs.respond_to? :list_operations
                       @list_operations = ::Gapic::Config::Method.new list_operations_config
-                      get_operation_config = parent_rpcs&.get_operation if parent_rpcs&.respond_to? :get_operation
+                      get_operation_config = parent_rpcs.get_operation if parent_rpcs.respond_to? :get_operation
                       @get_operation = ::Gapic::Config::Method.new get_operation_config
-                      delete_operation_config = parent_rpcs&.delete_operation if parent_rpcs&.respond_to? :delete_operation
+                      delete_operation_config = parent_rpcs.delete_operation if parent_rpcs.respond_to? :delete_operation
                       @delete_operation = ::Gapic::Config::Method.new delete_operation_config
-                      cancel_operation_config = parent_rpcs&.cancel_operation if parent_rpcs&.respond_to? :cancel_operation
+                      cancel_operation_config = parent_rpcs.cancel_operation if parent_rpcs.respond_to? :cancel_operation
                       @cancel_operation = ::Gapic::Config::Method.new cancel_operation_config
-                      wait_operation_config = parent_rpcs&.wait_operation if parent_rpcs&.respond_to? :wait_operation
+                      wait_operation_config = parent_rpcs.wait_operation if parent_rpcs.respond_to? :wait_operation
                       @wait_operation = ::Gapic::Config::Method.new wait_operation_config
 
                       yield self if block_given?

data/lib/google/cloud/spanner/admin/database/v1/database_admin/paths.rb

@@ -45,6 +45,50 @@ module Google
                   "projects/#{project}/instances/#{instance}/backups/#{backup}"
                 end
 
+                ##
+                # Create a fully-qualified CryptoKey resource string.
+                #
+                # The resource will be in the following format:
+                #
+                # `projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}`
+                #
+                # @param project [String]
+                # @param location [String]
+                # @param key_ring [String]
+                # @param crypto_key [String]
+                #
+                # @return [::String]
+                def crypto_key_path project:, location:, key_ring:, crypto_key:
+                  raise ::ArgumentError, "project cannot contain /" if project.to_s.include? "/"
+                  raise ::ArgumentError, "location cannot contain /" if location.to_s.include? "/"
+                  raise ::ArgumentError, "key_ring cannot contain /" if key_ring.to_s.include? "/"
+
+                  "projects/#{project}/locations/#{location}/keyRings/#{key_ring}/cryptoKeys/#{crypto_key}"
+                end
+
+                ##
+                # Create a fully-qualified CryptoKeyVersion resource string.
+                #
+                # The resource will be in the following format:
+                #
+                # `projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}/cryptoKeyVersions/{crypto_key_version}`
+                #
+                # @param project [String]
+                # @param location [String]
+                # @param key_ring [String]
+                # @param crypto_key [String]
+                # @param crypto_key_version [String]
+                #
+                # @return [::String]
+                def crypto_key_version_path project:, location:, key_ring:, crypto_key:, crypto_key_version:
+                  raise ::ArgumentError, "project cannot contain /" if project.to_s.include? "/"
+                  raise ::ArgumentError, "location cannot contain /" if location.to_s.include? "/"
+                  raise ::ArgumentError, "key_ring cannot contain /" if key_ring.to_s.include? "/"
+                  raise ::ArgumentError, "crypto_key cannot contain /" if crypto_key.to_s.include? "/"
+
+                  "projects/#{project}/locations/#{location}/keyRings/#{key_ring}/cryptoKeys/#{crypto_key}/cryptoKeyVersions/#{crypto_key_version}"
+                end
+
                 ##
                 # Create a fully-qualified Database resource string.
                 #

data/lib/google/cloud/spanner/admin/database/v1/version.rb

@@ -23,7 +23,7 @@ module Google
       module Admin
         module Database
           module V1
-            VERSION = "0.3.0"
+            VERSION = "0.6.1"
           end
         end
       end

data/lib/google/spanner/admin/database/v1/backup_pb.rb

@@ -21,6 +21,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       optional :size_bytes, :int64, 5
       optional :state, :enum, 6, "google.spanner.admin.database.v1.Backup.State"
       repeated :referencing_databases, :string, 7
+      optional :encryption_info, :message, 8, "google.spanner.admin.database.v1.EncryptionInfo"
     end
     add_enum "google.spanner.admin.database.v1.Backup.State" do
       value :STATE_UNSPECIFIED, 0
@@ -31,6 +32,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       optional :parent, :string, 1
       optional :backup_id, :string, 2
       optional :backup, :message, 3, "google.spanner.admin.database.v1.Backup"
+      optional :encryption_config, :message, 4, "google.spanner.admin.database.v1.CreateBackupEncryptionConfig"
     end
     add_message "google.spanner.admin.database.v1.CreateBackupMetadata" do
       optional :name, :string, 1
@@ -74,6 +76,16 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       optional :create_time, :message, 2, "google.protobuf.Timestamp"
       optional :source_database, :string, 3
     end
+    add_message "google.spanner.admin.database.v1.CreateBackupEncryptionConfig" do
+      optional :encryption_type, :enum, 1, "google.spanner.admin.database.v1.CreateBackupEncryptionConfig.EncryptionType"
+      optional :kms_key_name, :string, 2
+    end
+    add_enum "google.spanner.admin.database.v1.CreateBackupEncryptionConfig.EncryptionType" do
+      value :ENCRYPTION_TYPE_UNSPECIFIED, 0
+      value :USE_DATABASE_ENCRYPTION, 1
+      value :GOOGLE_DEFAULT_ENCRYPTION, 2
+      value :CUSTOMER_MANAGED_ENCRYPTION, 3
+    end
   end
 end
 
@@ -95,6 +107,8 @@ module Google
             ListBackupOperationsRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.spanner.admin.database.v1.ListBackupOperationsRequest").msgclass
             ListBackupOperationsResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.spanner.admin.database.v1.ListBackupOperationsResponse").msgclass
             BackupInfo = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.spanner.admin.database.v1.BackupInfo").msgclass
+            CreateBackupEncryptionConfig = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.spanner.admin.database.v1.CreateBackupEncryptionConfig").msgclass
+            CreateBackupEncryptionConfig::EncryptionType = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.spanner.admin.database.v1.CreateBackupEncryptionConfig.EncryptionType").enummodule
           end
         end
       end

data/lib/google/spanner/admin/database/v1/common_pb.rb

@@ -4,7 +4,9 @@
 require 'google/protobuf'
 
 require 'google/api/field_behavior_pb'
+require 'google/api/resource_pb'
 require 'google/protobuf/timestamp_pb'
+require 'google/rpc/status_pb'
 require 'google/api/annotations_pb'
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_file("google/spanner/admin/database/v1/common.proto", :syntax => :proto3) do
@@ -13,6 +15,19 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       optional :start_time, :message, 2, "google.protobuf.Timestamp"
       optional :end_time, :message, 3, "google.protobuf.Timestamp"
     end
+    add_message "google.spanner.admin.database.v1.EncryptionConfig" do
+      optional :kms_key_name, :string, 2
+    end
+    add_message "google.spanner.admin.database.v1.EncryptionInfo" do
+      optional :encryption_type, :enum, 3, "google.spanner.admin.database.v1.EncryptionInfo.Type"
+      optional :encryption_status, :message, 4, "google.rpc.Status"
+      optional :kms_key_version, :string, 2
+    end
+    add_enum "google.spanner.admin.database.v1.EncryptionInfo.Type" do
+      value :TYPE_UNSPECIFIED, 0
+      value :GOOGLE_DEFAULT_ENCRYPTION, 1
+      value :CUSTOMER_MANAGED_ENCRYPTION, 2
+    end
   end
 end
 
@@ -23,6 +38,9 @@ module Google
         module Database
           module V1
             OperationProgress = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.spanner.admin.database.v1.OperationProgress").msgclass
+            EncryptionConfig = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.spanner.admin.database.v1.EncryptionConfig").msgclass
+            EncryptionInfo = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.spanner.admin.database.v1.EncryptionInfo").msgclass
+            EncryptionInfo::Type = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.spanner.admin.database.v1.EncryptionInfo.Type").enummodule
           end
         end
       end

data/lib/google/spanner/admin/database/v1/spanner_database_admin_pb.rb

@@ -27,6 +27,8 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       optional :state, :enum, 2, "google.spanner.admin.database.v1.Database.State"
       optional :create_time, :message, 3, "google.protobuf.Timestamp"
       optional :restore_info, :message, 4, "google.spanner.admin.database.v1.RestoreInfo"
+      optional :encryption_config, :message, 5, "google.spanner.admin.database.v1.EncryptionConfig"
+      repeated :encryption_info, :message, 8, "google.spanner.admin.database.v1.EncryptionInfo"
       optional :version_retention_period, :string, 6
       optional :earliest_version_time, :message, 7, "google.protobuf.Timestamp"
     end
@@ -49,6 +51,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       optional :parent, :string, 1
       optional :create_statement, :string, 2
       repeated :extra_statements, :string, 3
+      optional :encryption_config, :message, 4, "google.spanner.admin.database.v1.EncryptionConfig"
     end
     add_message "google.spanner.admin.database.v1.CreateDatabaseMetadata" do
       optional :database, :string, 1
@@ -66,6 +69,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       repeated :statements, :string, 2
       repeated :commit_timestamps, :message, 3, "google.protobuf.Timestamp"
       optional :throttled, :bool, 4
+      repeated :progress, :message, 5, "google.spanner.admin.database.v1.OperationProgress"
     end
     add_message "google.spanner.admin.database.v1.DropDatabaseRequest" do
       optional :database, :string, 1
@@ -89,10 +93,21 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
     add_message "google.spanner.admin.database.v1.RestoreDatabaseRequest" do
       optional :parent, :string, 1
       optional :database_id, :string, 2
+      optional :encryption_config, :message, 4, "google.spanner.admin.database.v1.RestoreDatabaseEncryptionConfig"
       oneof :source do
         optional :backup, :string, 3
       end
     end
+    add_message "google.spanner.admin.database.v1.RestoreDatabaseEncryptionConfig" do
+      optional :encryption_type, :enum, 1, "google.spanner.admin.database.v1.RestoreDatabaseEncryptionConfig.EncryptionType"
+      optional :kms_key_name, :string, 2
+    end
+    add_enum "google.spanner.admin.database.v1.RestoreDatabaseEncryptionConfig.EncryptionType" do
+      value :ENCRYPTION_TYPE_UNSPECIFIED, 0
+      value :USE_CONFIG_DEFAULT_OR_BACKUP_ENCRYPTION, 1
+      value :GOOGLE_DEFAULT_ENCRYPTION, 2
+      value :CUSTOMER_MANAGED_ENCRYPTION, 3
+    end
     add_message "google.spanner.admin.database.v1.RestoreDatabaseMetadata" do
       optional :name, :string, 1
       optional :source_type, :enum, 2, "google.spanner.admin.database.v1.RestoreSourceType"
@@ -136,6 +151,8 @@ module Google
             ListDatabaseOperationsRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.spanner.admin.database.v1.ListDatabaseOperationsRequest").msgclass
             ListDatabaseOperationsResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.spanner.admin.database.v1.ListDatabaseOperationsResponse").msgclass
             RestoreDatabaseRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.spanner.admin.database.v1.RestoreDatabaseRequest").msgclass
+            RestoreDatabaseEncryptionConfig = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.spanner.admin.database.v1.RestoreDatabaseEncryptionConfig").msgclass
+            RestoreDatabaseEncryptionConfig::EncryptionType = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.spanner.admin.database.v1.RestoreDatabaseEncryptionConfig.EncryptionType").enummodule
             RestoreDatabaseMetadata = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.spanner.admin.database.v1.RestoreDatabaseMetadata").msgclass
             OptimizeRestoredDatabaseMetadata = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.spanner.admin.database.v1.OptimizeRestoredDatabaseMetadata").msgclass
             RestoreSourceType = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.spanner.admin.database.v1.RestoreSourceType").enummodule

data/lib/google/spanner/admin/database/v1/spanner_database_admin_services_pb.rb

@@ -34,7 +34,7 @@ module Google
               # database and to restore from an existing backup.
               class Service
 
-                include GRPC::GenericService
+                include ::GRPC::GenericService
 
                 self.marshal_class_method = :encode
                 self.unmarshal_class_method = :decode

data/proto_docs/google/spanner/admin/database/v1/backup.rb

@@ -80,6 +80,9 @@ module Google
             #     any referencing database prevents the backup from being deleted. When a
             #     restored database from the backup enters the `READY` state, the reference
             #     to the backup is removed.
+            # @!attribute [r] encryption_info
+            #   @return [::Google::Cloud::Spanner::Admin::Database::V1::EncryptionInfo]
+            #     Output only. The encryption information for the backup.
             class Backup
               include ::Google::Protobuf::MessageExts
               extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -115,6 +118,13 @@ module Google
             # @!attribute [rw] backup
             #   @return [::Google::Cloud::Spanner::Admin::Database::V1::Backup]
             #     Required. The backup to create.
+            # @!attribute [rw] encryption_config
+            #   @return [::Google::Cloud::Spanner::Admin::Database::V1::CreateBackupEncryptionConfig]
+            #     Optional. The encryption configuration used to encrypt the backup. If this field is
+            #     not specified, the backup will use the same
+            #     encryption configuration as the database by default, namely
+            #     {::Google::Cloud::Spanner::Admin::Database::V1::CreateBackupEncryptionConfig#encryption_type encryption_type} =
+            #     `USE_DATABASE_ENCRYPTION`.
             class CreateBackupRequest
               include ::Google::Protobuf::MessageExts
               extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -143,7 +153,8 @@ module Google
             #     other methods to check whether the cancellation succeeded or whether the
             #     operation completed despite cancellation. On successful cancellation,
             #     the operation is not deleted; instead, it becomes an operation with
-            #     an [Operation.error][] value with a {::Google::Rpc::Status#code google.rpc.Status.code} of 1,
+            #     an {::Google::Longrunning::Operation#error Operation.error} value with a
+            #     {::Google::Rpc::Status#code google.rpc.Status.code} of 1,
             #     corresponding to `Code.CANCELLED`.
             class CreateBackupMetadata
               include ::Google::Protobuf::MessageExts
@@ -211,8 +222,9 @@ module Google
             #       * `name`
             #       * `database`
             #       * `state`
-            #       * `create_time` (and values are of the format YYYY-MM-DDTHH:MM:SSZ)
-            #       * `expire_time` (and values are of the format YYYY-MM-DDTHH:MM:SSZ)
+            #       * `create_time`  (and values are of the format YYYY-MM-DDTHH:MM:SSZ)
+            #       * `expire_time`  (and values are of the format YYYY-MM-DDTHH:MM:SSZ)
+            #       * `version_time` (and values are of the format YYYY-MM-DDTHH:MM:SSZ)
             #       * `size_bytes`
             #
             #     You can combine multiple expressions by enclosing each expression in
@@ -368,6 +380,42 @@ module Google
               include ::Google::Protobuf::MessageExts
               extend ::Google::Protobuf::MessageExts::ClassMethods
             end
+
+            # Encryption configuration for the backup to create.
+            # @!attribute [rw] encryption_type
+            #   @return [::Google::Cloud::Spanner::Admin::Database::V1::CreateBackupEncryptionConfig::EncryptionType]
+            #     Required. The encryption type of the backup.
+            # @!attribute [rw] kms_key_name
+            #   @return [::String]
+            #     Optional. The Cloud KMS key that will be used to protect the backup.
+            #     This field should be set only when
+            #     {::Google::Cloud::Spanner::Admin::Database::V1::CreateBackupEncryptionConfig#encryption_type encryption_type} is
+            #     `CUSTOMER_MANAGED_ENCRYPTION`. Values are of the form
+            #     `projects/<project>/locations/<location>/keyRings/<key_ring>/cryptoKeys/<kms_key_name>`.
+            class CreateBackupEncryptionConfig
+              include ::Google::Protobuf::MessageExts
+              extend ::Google::Protobuf::MessageExts::ClassMethods
+
+              # Encryption types for the backup.
+              module EncryptionType
+                # Unspecified. Do not use.
+                ENCRYPTION_TYPE_UNSPECIFIED = 0
+
+                # Use the same encryption configuration as the database. This is the
+                # default option when
+                # {::Google::Cloud::Spanner::Admin::Database::V1::CreateBackupEncryptionConfig encryption_config} is empty.
+                # For example, if the database is using `Customer_Managed_Encryption`, the
+                # backup will be using the same Cloud KMS key as the database.
+                USE_DATABASE_ENCRYPTION = 1
+
+                # Use Google default encryption.
+                GOOGLE_DEFAULT_ENCRYPTION = 2
+
+                # Use customer managed encryption. If specified, `kms_key_name`
+                # must contain a valid Cloud KMS key.
+                CUSTOMER_MANAGED_ENCRYPTION = 3
+              end
+            end
           end
         end
       end

data/proto_docs/google/spanner/admin/database/v1/common.rb

@@ -40,6 +40,51 @@ module Google
               include ::Google::Protobuf::MessageExts
               extend ::Google::Protobuf::MessageExts::ClassMethods
             end
+
+            # Encryption configuration for a Cloud Spanner database.
+            # @!attribute [rw] kms_key_name
+            #   @return [::String]
+            #     The Cloud KMS key to be used for encrypting and decrypting
+            #     the database. Values are of the form
+            #     `projects/<project>/locations/<location>/keyRings/<key_ring>/cryptoKeys/<kms_key_name>`.
+            class EncryptionConfig
+              include ::Google::Protobuf::MessageExts
+              extend ::Google::Protobuf::MessageExts::ClassMethods
+            end
+
+            # Encryption information for a Cloud Spanner database or backup.
+            # @!attribute [r] encryption_type
+            #   @return [::Google::Cloud::Spanner::Admin::Database::V1::EncryptionInfo::Type]
+            #     Output only. The type of encryption.
+            # @!attribute [r] encryption_status
+            #   @return [::Google::Rpc::Status]
+            #     Output only. If present, the status of a recent encrypt/decrypt call on underlying data
+            #     for this database or backup. Regardless of status, data is always encrypted
+            #     at rest.
+            # @!attribute [r] kms_key_version
+            #   @return [::String]
+            #     Output only. A Cloud KMS key version that is being used to protect the database or
+            #     backup.
+            class EncryptionInfo
+              include ::Google::Protobuf::MessageExts
+              extend ::Google::Protobuf::MessageExts::ClassMethods
+
+              # Possible encryption types.
+              module Type
+                # Encryption type was not specified, though data at rest remains encrypted.
+                TYPE_UNSPECIFIED = 0
+
+                # The data is encrypted at rest with a key that is
+                # fully managed by Google. No key version or status will be populated.
+                # This is the default state.
+                GOOGLE_DEFAULT_ENCRYPTION = 1
+
+                # The data is encrypted at rest with a key that is
+                # managed by the customer. The active version of the key. `kms_key_version`
+                # will be populated, and `encryption_status` may be populated.
+                CUSTOMER_MANAGED_ENCRYPTION = 2
+              end
+            end
           end
         end
       end

data/proto_docs/google/spanner/admin/database/v1/spanner_database_admin.rb

@@ -54,6 +54,23 @@ module Google
             #   @return [::Google::Cloud::Spanner::Admin::Database::V1::RestoreInfo]
             #     Output only. Applicable only for restored databases. Contains information
             #     about the restore source.
+            # @!attribute [r] encryption_config
+            #   @return [::Google::Cloud::Spanner::Admin::Database::V1::EncryptionConfig]
+            #     Output only. For databases that are using customer managed encryption, this
+            #     field contains the encryption configuration for the database.
+            #     For databases that are using Google default or other types of encryption,
+            #     this field is empty.
+            # @!attribute [r] encryption_info
+            #   @return [::Array<::Google::Cloud::Spanner::Admin::Database::V1::EncryptionInfo>]
+            #     Output only. For databases that are using customer managed encryption, this
+            #     field contains the encryption information for the database, such as
+            #     encryption state and the Cloud KMS key versions that are in use.
+            #
+            #     For databases that are using Google default or other types of encryption,
+            #     this field is empty.
+            #
+            #     This field is propagated lazily from the backend. There might be a delay
+            #     from when a key version is being used and when it appears in this field.
             # @!attribute [r] version_retention_period
             #   @return [::String]
             #     Output only. The period in which Cloud Spanner retains all versions of data
@@ -64,7 +81,10 @@ module Google
             # @!attribute [r] earliest_version_time
             #   @return [::Google::Protobuf::Timestamp]
             #     Output only. Earliest timestamp at which older versions of the data can be
-            #     read.
+            #     read. This value is continuously updated by Cloud Spanner and becomes stale
+            #     the moment it is queried. If you are using this value to recover data, make
+            #     sure to account for the time from the moment when the value is queried to
+            #     the moment when you initiate the recovery.
             class Database
               include ::Google::Protobuf::MessageExts
               extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -144,6 +164,11 @@ module Google
             #     database. Statements can create tables, indexes, etc. These
             #     statements execute atomically with the creation of the database:
             #     if there is an error in any statement, the database is not created.
+            # @!attribute [rw] encryption_config
+            #   @return [::Google::Cloud::Spanner::Admin::Database::V1::EncryptionConfig]
+            #     Optional. The encryption configuration for the database. If this field is not
+            #     specified, Cloud Spanner will encrypt/decrypt all data at rest using
+            #     Google default encryption.
             class CreateDatabaseRequest
               include ::Google::Protobuf::MessageExts
               extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -236,6 +261,16 @@ module Google
             #     Output only. When true, indicates that the operation is throttled e.g
             #     due to resource constraints. When resources become available the operation
             #     will resume and this field will be false again.
+            # @!attribute [rw] progress
+            #   @return [::Array<::Google::Cloud::Spanner::Admin::Database::V1::OperationProgress>]
+            #     The progress of the
+            #     {::Google::Cloud::Spanner::Admin::Database::V1::DatabaseAdmin::Client#update_database_ddl UpdateDatabaseDdl} operations.
+            #     Currently, only index creation statements will have a continuously
+            #     updating progress.
+            #     For non-index creation statements, `progress[i]` will have start time
+            #     and end time populated with commit timestamp of operation,
+            #     as well as a progress of 100% once the operation has completed.
+            #     `progress[i]` is the operation progress for `statements[i]`.
             class UpdateDatabaseDdlMetadata
               include ::Google::Protobuf::MessageExts
               extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -372,11 +407,52 @@ module Google
             #   @return [::String]
             #     Name of the backup from which to restore.  Values are of the form
             #     `projects/<project>/instances/<instance>/backups/<backup>`.
+            # @!attribute [rw] encryption_config
+            #   @return [::Google::Cloud::Spanner::Admin::Database::V1::RestoreDatabaseEncryptionConfig]
+            #     Optional. An encryption configuration describing the encryption type and key
+            #     resources in Cloud KMS used to encrypt/decrypt the database to restore to.
+            #     If this field is not specified, the restored database will use
+            #     the same encryption configuration as the backup by default, namely
+            #     {::Google::Cloud::Spanner::Admin::Database::V1::RestoreDatabaseEncryptionConfig#encryption_type encryption_type} =
+            #     `USE_CONFIG_DEFAULT_OR_BACKUP_ENCRYPTION`.
             class RestoreDatabaseRequest
               include ::Google::Protobuf::MessageExts
               extend ::Google::Protobuf::MessageExts::ClassMethods
             end
 
+            # Encryption configuration for the restored database.
+            # @!attribute [rw] encryption_type
+            #   @return [::Google::Cloud::Spanner::Admin::Database::V1::RestoreDatabaseEncryptionConfig::EncryptionType]
+            #     Required. The encryption type of the restored database.
+            # @!attribute [rw] kms_key_name
+            #   @return [::String]
+            #     Optional. The Cloud KMS key that will be used to encrypt/decrypt the restored
+            #     database. This field should be set only when
+            #     {::Google::Cloud::Spanner::Admin::Database::V1::RestoreDatabaseEncryptionConfig#encryption_type encryption_type} is
+            #     `CUSTOMER_MANAGED_ENCRYPTION`. Values are of the form
+            #     `projects/<project>/locations/<location>/keyRings/<key_ring>/cryptoKeys/<kms_key_name>`.
+            class RestoreDatabaseEncryptionConfig
+              include ::Google::Protobuf::MessageExts
+              extend ::Google::Protobuf::MessageExts::ClassMethods
+
+              # Encryption types for the database to be restored.
+              module EncryptionType
+                # Unspecified. Do not use.
+                ENCRYPTION_TYPE_UNSPECIFIED = 0
+
+                # This is the default option when
+                # {::Google::Cloud::Spanner::Admin::Database::V1::RestoreDatabaseEncryptionConfig encryption_config} is not specified.
+                USE_CONFIG_DEFAULT_OR_BACKUP_ENCRYPTION = 1
+
+                # Use Google default encryption.
+                GOOGLE_DEFAULT_ENCRYPTION = 2
+
+                # Use customer managed encryption. If specified, `kms_key_name` must
+                # must contain a valid Cloud KMS key.
+                CUSTOMER_MANAGED_ENCRYPTION = 3
+              end
+            end
+
             # Metadata type for the long-running operation returned by
             # {::Google::Cloud::Spanner::Admin::Database::V1::DatabaseAdmin::Client#restore_database RestoreDatabase}.
             # @!attribute [rw] name