google-api-python-client 2.178.0__py3-none-any.whl → 2.181.0__py3-none-any.whl

googleapiclient/discovery_cache/documents/cloudidentity.v1beta1.json

@@ -1560,6 +1560,151 @@
 }
 }
 },
+"inboundOidcSsoProfiles": {
+"methods": {
+"create": {
+"description": "Creates an InboundOidcSsoProfile for a customer. When the target customer has enabled [Multi-party approval for sensitive actions](https://support.google.com/a/answer/13790448), the `Operation` in the response will have `\"done\": false`, it will not have a response, and the metadata will have `\"state\": \"awaiting-multi-party-approval\"`.",
+"flatPath": "v1beta1/inboundOidcSsoProfiles",
+"httpMethod": "POST",
+"id": "cloudidentity.inboundOidcSsoProfiles.create",
+"parameterOrder": [],
+"parameters": {},
+"path": "v1beta1/inboundOidcSsoProfiles",
+"request": {
+"$ref": "InboundOidcSsoProfile"
+},
+"response": {
+"$ref": "Operation"
+},
+"scopes": [
+"https://www.googleapis.com/auth/cloud-identity.inboundsso",
+"https://www.googleapis.com/auth/cloud-platform"
+]
+},
+"delete": {
+"description": "Deletes an InboundOidcSsoProfile.",
+"flatPath": "v1beta1/inboundOidcSsoProfiles/{inboundOidcSsoProfilesId}",
+"httpMethod": "DELETE",
+"id": "cloudidentity.inboundOidcSsoProfiles.delete",
+"parameterOrder": [
+"name"
+],
+"parameters": {
+"name": {
+"description": "Required. The [resource name](https://cloud.google.com/apis/design/resource_names) of the InboundOidcSsoProfile to delete. Format: `inboundOidcSsoProfiles/{sso_profile_id}`",
+"location": "path",
+"pattern": "^inboundOidcSsoProfiles/[^/]+$",
+"required": true,
+"type": "string"
+}
+},
+"path": "v1beta1/{+name}",
+"response": {
+"$ref": "Operation"
+},
+"scopes": [
+"https://www.googleapis.com/auth/cloud-identity.inboundsso",
+"https://www.googleapis.com/auth/cloud-platform"
+]
+},
+"get": {
+"description": "Gets an InboundOidcSsoProfile.",
+"flatPath": "v1beta1/inboundOidcSsoProfiles/{inboundOidcSsoProfilesId}",
+"httpMethod": "GET",
+"id": "cloudidentity.inboundOidcSsoProfiles.get",
+"parameterOrder": [
+"name"
+],
+"parameters": {
+"name": {
+"description": "Required. The [resource name](https://cloud.google.com/apis/design/resource_names) of the InboundOidcSsoProfile to get. Format: `inboundOidcSsoProfiles/{sso_profile_id}`",
+"location": "path",
+"pattern": "^inboundOidcSsoProfiles/[^/]+$",
+"required": true,
+"type": "string"
+}
+},
+"path": "v1beta1/{+name}",
+"response": {
+"$ref": "InboundOidcSsoProfile"
+},
+"scopes": [
+"https://www.googleapis.com/auth/cloud-identity.inboundsso",
+"https://www.googleapis.com/auth/cloud-identity.inboundsso.readonly",
+"https://www.googleapis.com/auth/cloud-platform"
+]
+},
+"list": {
+"description": "Lists InboundOidcSsoProfile objects for a Google enterprise customer.",
+"flatPath": "v1beta1/inboundOidcSsoProfiles",
+"httpMethod": "GET",
+"id": "cloudidentity.inboundOidcSsoProfiles.list",
+"parameterOrder": [],
+"parameters": {
+"filter": {
+"description": "A [Common Expression Language](https://github.com/google/cel-spec) expression to filter the results. The only supported filter is filtering by customer. For example: `customer==\"customers/C0123abc\"`. Omitting the filter or specifying a filter of `customer==\"customers/my_customer\"` will return the profiles for the customer that the caller (authenticated user) belongs to. Specifying a filter of `customer==\"\"` will return the global shared OIDC profiles.",
+"location": "query",
+"type": "string"
+},
+"pageSize": {
+"description": "The maximum number of InboundOidcSsoProfiles to return. The service may return fewer than this value. If omitted (or defaulted to zero) the server will use a sensible default. This default may change over time. The maximum allowed value is 100. Requests with page_size greater than that will be silently interpreted as having this maximum value.",
+"format": "int32",
+"location": "query",
+"type": "integer"
+},
+"pageToken": {
+"description": "A page token, received from a previous `ListInboundOidcSsoProfiles` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `ListInboundOidcSsoProfiles` must match the call that provided the page token.",
+"location": "query",
+"type": "string"
+}
+},
+"path": "v1beta1/inboundOidcSsoProfiles",
+"response": {
+"$ref": "ListInboundOidcSsoProfilesResponse"
+},
+"scopes": [
+"https://www.googleapis.com/auth/cloud-identity.inboundsso",
+"https://www.googleapis.com/auth/cloud-identity.inboundsso.readonly",
+"https://www.googleapis.com/auth/cloud-platform"
+]
+},
+"patch": {
+"description": "Updates an InboundOidcSsoProfile. When the target customer has enabled [Multi-party approval for sensitive actions](https://support.google.com/a/answer/13790448), the `Operation` in the response will have `\"done\": false`, it will not have a response, and the metadata will have `\"state\": \"awaiting-multi-party-approval\"`.",
+"flatPath": "v1beta1/inboundOidcSsoProfiles/{inboundOidcSsoProfilesId}",
+"httpMethod": "PATCH",
+"id": "cloudidentity.inboundOidcSsoProfiles.patch",
+"parameterOrder": [
+"name"
+],
+"parameters": {
+"name": {
+"description": "Output only. [Resource name](https://cloud.google.com/apis/design/resource_names) of the OIDC SSO profile.",
+"location": "path",
+"pattern": "^inboundOidcSsoProfiles/[^/]+$",
+"required": true,
+"type": "string"
+},
+"updateMask": {
+"description": "Required. The list of fields to be updated.",
+"format": "google-fieldmask",
+"location": "query",
+"type": "string"
+}
+},
+"path": "v1beta1/{+name}",
+"request": {
+"$ref": "InboundOidcSsoProfile"
+},
+"response": {
+"$ref": "Operation"
+},
+"scopes": [
+"https://www.googleapis.com/auth/cloud-identity.inboundsso",
+"https://www.googleapis.com/auth/cloud-platform"
+]
+}
+}
+},
 "inboundSamlSsoProfiles": {
 "methods": {
 "create": {
@@ -2123,7 +2268,7 @@
 }
 }
 },
-"revision": "20250701",
+"revision": "20250805",
 "rootUrl": "https://cloudidentity.googleapis.com/",
 "schemas": {
 "AddIdpCredentialOperationMetadata": {
@@ -2630,6 +2775,17 @@
 },
 "type": "object"
 },
+"CreateInboundOidcSsoProfileOperationMetadata": {
+"description": "LRO response metadata for InboundOidcSsoProfilesService.CreateInboundOidcSsoProfile.",
+"id": "CreateInboundOidcSsoProfileOperationMetadata",
+"properties": {
+"state": {
+"description": "State of this Operation Will be \"awaiting-multi-party-approval\" when the operation is deferred due to the target customer having enabled [Multi-party approval for sensitive actions](https://support.google.com/a/answer/13790448).",
+"type": "string"
+}
+},
+"type": "object"
+},
 "CreateInboundSamlSsoProfileOperationMetadata": {
 "description": "LRO response metadata for InboundSamlSsoProfilesService.CreateInboundSamlSsoProfile.",
 "id": "CreateInboundSamlSsoProfileOperationMetadata",
@@ -2673,6 +2829,12 @@
 "properties": {},
 "type": "object"
 },
+"DeleteInboundOidcSsoProfileOperationMetadata": {
+"description": "LRO response metadata for InboundOidcSsoProfilesService.DeleteInboundOidcSsoProfile.",
+"id": "DeleteInboundOidcSsoProfileOperationMetadata",
+"properties": {},
+"type": "object"
+},
 "DeleteInboundSamlSsoProfileOperationMetadata": {
 "description": "LRO response metadata for InboundSamlSsoProfilesService.DeleteInboundSamlSsoProfile.",
 "id": "DeleteInboundSamlSsoProfileOperationMetadata",
@@ -4233,6 +4395,34 @@
 },
 "type": "object"
 },
+"InboundOidcSsoProfile": {
+"description": "An [OIDC](https://openid.net/developers/how-connect-works/) federation between a Google enterprise customer and an OIDC identity provider.",
+"id": "InboundOidcSsoProfile",
+"properties": {
+"customer": {
+"description": "Immutable. The customer. For example: `customers/C0123abc`.",
+"type": "string"
+},
+"displayName": {
+"description": "Human-readable name of the OIDC SSO profile.",
+"type": "string"
+},
+"idpConfig": {
+"$ref": "OidcIdpConfig",
+"description": "OIDC identity provider configuration."
+},
+"name": {
+"description": "Output only. [Resource name](https://cloud.google.com/apis/design/resource_names) of the OIDC SSO profile.",
+"readOnly": true,
+"type": "string"
+},
+"rpConfig": {
+"$ref": "OidcRpConfig",
+"description": "OIDC relying party (RP) configuration for this OIDC SSO profile. These are the RP details provided by Google that should be configured on the corresponding identity provider."
+}
+},
+"type": "object"
+},
 "InboundSamlSsoProfile": {
 "description": "A [SAML 2.0](https://www.oasis-open.org/standards#samlv2.0) federation between a Google enterprise customer and a SAML identity provider.",
 "id": "InboundSamlSsoProfile",
@@ -4274,6 +4464,10 @@
 "readOnly": true,
 "type": "string"
 },
+"oidcSsoInfo": {
+"$ref": "OidcSsoInfo",
+"description": "OpenID Connect SSO details. Must be set if and only if `sso_mode` is set to `OIDC_SSO`."
+},
 "rank": {
 "description": "Must be zero (which is the default value so it can be omitted) for assignments with `target_org_unit` set and must be greater-than-or-equal-to one for assignments with `target_group` set.",
 "format": "int32",
@@ -4293,12 +4487,14 @@
 "SSO_MODE_UNSPECIFIED",
 "SSO_OFF",
 "SAML_SSO",
+"OIDC_SSO",
 "DOMAIN_WIDE_SAML_IF_ENABLED"
 ],
 "enumDescriptions": [
 "Not allowed.",
 "Disable SSO for the targeted users.",
 "Use an external SAML Identity Provider for SSO for the targeted users.",
+"Use an external OIDC Identity Provider for SSO for the targeted users.",
 "Use the domain-wide SAML Identity Provider for the targeted users if one is configured; otherwise, this is equivalent to `SSO_OFF`. Note that this will also be equivalent to `SSO_OFF` if/when support for domain-wide SAML is removed. Google may disallow this mode at that point and existing assignments with this mode may be automatically changed to `SSO_OFF`."
 ],
 "type": "string"
@@ -4415,6 +4611,24 @@
 },
 "type": "object"
 },
+"ListInboundOidcSsoProfilesResponse": {
+"description": "Response of the InboundOidcSsoProfilesService.ListInboundOidcSsoProfiles method.",
+"id": "ListInboundOidcSsoProfilesResponse",
+"properties": {
+"inboundOidcSsoProfiles": {
+"description": "List of InboundOidcSsoProfiles.",
+"items": {
+"$ref": "InboundOidcSsoProfile"
+},
+"type": "array"
+},
+"nextPageToken": {
+"description": "A token, which can be sent as `page_token` to retrieve the next page. If this field is omitted, there are no subsequent pages.",
+"type": "string"
+}
+},
+"type": "object"
+},
 "ListInboundSamlSsoProfilesResponse": {
 "description": "Response of the InboundSamlSsoProfilesService.ListInboundSamlSsoProfiles method.",
 "id": "ListInboundSamlSsoProfilesResponse",
@@ -4865,6 +5079,55 @@
 },
 "type": "object"
 },
+"OidcIdpConfig": {
+"description": "OIDC IDP (identity provider) configuration.",
+"id": "OidcIdpConfig",
+"properties": {
+"changePasswordUri": {
+"description": "The **Change Password URL** of the identity provider. Users will be sent to this URL when changing their passwords at `myaccount.google.com`. This takes precedence over the change password URL configured at customer-level. Must use `HTTPS`.",
+"type": "string"
+},
+"issuerUri": {
+"description": "Required. The Issuer identifier for the IdP. Must be a URL. The discovery URL will be derived from this as described in Section 4 of [the OIDC specification](https://openid.net/specs/openid-connect-discovery-1_0.html).",
+"type": "string"
+}
+},
+"type": "object"
+},
+"OidcRpConfig": {
+"description": "OIDC RP (relying party) configuration.",
+"id": "OidcRpConfig",
+"properties": {
+"clientId": {
+"description": "OAuth2 client ID for OIDC.",
+"type": "string"
+},
+"clientSecret": {
+"description": "Input only. OAuth2 client secret for OIDC.",
+"type": "string"
+},
+"redirectUris": {
+"description": "Output only. The URL(s) that this client may use in authentication requests.",
+"items": {
+"type": "string"
+},
+"readOnly": true,
+"type": "array"
+}
+},
+"type": "object"
+},
+"OidcSsoInfo": {
+"description": "Details that are applicable when `sso_mode` is set to `OIDC_SSO`.",
+"id": "OidcSsoInfo",
+"properties": {
+"inboundOidcSsoProfile": {
+"description": "Required. Name of the `InboundOidcSsoProfile` to use. Must be of the form `inboundOidcSsoProfiles/{inbound_oidc_sso_profile}`. ",
+"type": "string"
+}
+},
+"type": "object"
+},
 "Operation": {
 "description": "This resource represents a long-running operation that is the result of a network API call.",
 "id": "Operation",
@@ -5285,6 +5548,17 @@
 },
 "type": "object"
 },
+"UpdateInboundOidcSsoProfileOperationMetadata": {
+"description": "LRO response metadata for InboundOidcSsoProfilesService.UpdateInboundOidcSsoProfile.",
+"id": "UpdateInboundOidcSsoProfileOperationMetadata",
+"properties": {
+"state": {
+"description": "State of this Operation Will be \"awaiting-multi-party-approval\" when the operation is deferred due to the target customer having enabled [Multi-party approval for sensitive actions](https://support.google.com/a/answer/13790448).",
+"type": "string"
+}
+},
+"type": "object"
+},
 "UpdateInboundSamlSsoProfileOperationMetadata": {
 "description": "LRO response metadata for InboundSamlSsoProfilesService.UpdateInboundSamlSsoProfile.",
 "id": "UpdateInboundSamlSsoProfileOperationMetadata",

googleapiclient/discovery_cache/documents/cloudkms.v1.json

@@ -264,7 +264,7 @@
 ],
 "parameters": {
 "name": {
-"description": "Identifier. Name of the AutokeyConfig resource, e.g. `folders/{FOLDER_NUMBER}/autokeyConfig`.",
+"description": "Identifier. Name of the AutokeyConfig resource, e.g. `folders/{FOLDER_NUMBER}/autokeyConfig` `projects/{PROJECT_NUMBER}/autokeyConfig`.",
 "location": "path",
 "pattern": "^folders/[^/]+/autokeyConfig$",
 "required": true,
@@ -627,7 +627,7 @@
 ],
 "parameters": {
 "extraLocationTypes": {
-"description": "Optional. A list of extra location types that should be used as conditions for controlling the visibility of the locations.",
+"description": "Optional. Do not use this field. It is unsupported and is ignored unless explicitly documented otherwise. This is primarily for internal usage.",
 "location": "query",
 "repeated": true,
 "type": "string"
@@ -1795,6 +1795,35 @@
 "https://www.googleapis.com/auth/cloudkms"
 ]
 },
+"decapsulate": {
+"description": "Decapsulates data that was encapsulated with a public key retrieved from GetPublicKey corresponding to a CryptoKeyVersion with CryptoKey.purpose KEY_ENCAPSULATION.",
+"flatPath": "v1/projects/{projectsId}/locations/{locationsId}/keyRings/{keyRingsId}/cryptoKeys/{cryptoKeysId}/cryptoKeyVersions/{cryptoKeyVersionsId}:decapsulate",
+"httpMethod": "POST",
+"id": "cloudkms.projects.locations.keyRings.cryptoKeys.cryptoKeyVersions.decapsulate",
+"parameterOrder": [
+"name"
+],
+"parameters": {
+"name": {
+"description": "Required. The resource name of the CryptoKeyVersion to use for decapsulation.",
+"location": "path",
+"pattern": "^projects/[^/]+/locations/[^/]+/keyRings/[^/]+/cryptoKeys/[^/]+/cryptoKeyVersions/[^/]+$",
+"required": true,
+"type": "string"
+}
+},
+"path": "v1/{+name}:decapsulate",
+"request": {
+"$ref": "DecapsulateRequest"
+},
+"response": {
+"$ref": "DecapsulateResponse"
+},
+"scopes": [
+"https://www.googleapis.com/auth/cloud-platform",
+"https://www.googleapis.com/auth/cloudkms"
+]
+},
 "destroy": {
 "description": "Schedule a CryptoKeyVersion for destruction. Upon calling this method, CryptoKeyVersion.state will be set to DESTROY_SCHEDULED, and destroy_time will be set to the time destroy_scheduled_duration in the future. At that time, the state will automatically change to DESTROYED, and the key material will be irrevocably destroyed. Before the destroy_time is reached, RestoreCryptoKeyVersion may be called to reverse the process.",
 "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/keyRings/{keyRingsId}/cryptoKeys/{cryptoKeysId}/cryptoKeyVersions/{cryptoKeyVersionsId}:destroy",
@@ -1871,12 +1900,16 @@
 "enum": [
 "PUBLIC_KEY_FORMAT_UNSPECIFIED",
 "PEM",
-"NIST_PQC"
+"DER",
+"NIST_PQC",
+"XWING_RAW_BYTES"
 ],
 "enumDescriptions": [
 "If the public_key_format field is not specified: - For PQC algorithms, an error will be returned. - For non-PQC algorithms, the default format is PEM, and the field pem will be populated. Otherwise, the public key will be exported through the public_key field in the requested format.",
 "The returned public key will be encoded in PEM format. See the [RFC7468](https://tools.ietf.org/html/rfc7468) sections for [General Considerations](https://tools.ietf.org/html/rfc7468#section-2) and [Textual Encoding of Subject Public Key Info] (https://tools.ietf.org/html/rfc7468#section-13) for more information.",
-"This is supported only for PQC algorithms. The key material is returned in the format defined by NIST PQC standards (FIPS 203, FIPS 204, and FIPS 205)."
+"The returned public key will be encoded in DER format (the PrivateKeyInfo structure from RFC 5208).",
+"This is supported only for PQC algorithms. The key material is returned in the format defined by NIST PQC standards (FIPS 203, FIPS 204, and FIPS 205).",
+"The returned public key is in raw bytes format defined in its standard https://datatracker.ietf.org/doc/draft-connolly-cfrg-xwing-kem."
 ],
 "location": "query",
 "type": "string"
@@ -2402,7 +2435,7 @@
 }
 }
 },
-"revision": "20250523",
+"revision": "20250818",
 "rootUrl": "https://cloudkms.googleapis.com/",
 "schemas": {
 "AsymmetricDecryptRequest": {
@@ -2583,7 +2616,7 @@
 "type": "object"
 },
 "AutokeyConfig": {
-"description": "Cloud KMS Autokey configuration for a folder.",
+"description": "Cloud KMS Autokey configuration for a folder or project.",
 "id": "AutokeyConfig",
 "properties": {
 "etag": {
@@ -2595,7 +2628,7 @@
 "type": "string"
 },
 "name": {
-"description": "Identifier. Name of the AutokeyConfig resource, e.g. `folders/{FOLDER_NUMBER}/autokeyConfig`.",
+"description": "Identifier. Name of the AutokeyConfig resource, e.g. `folders/{FOLDER_NUMBER}/autokeyConfig` `projects/{PROJECT_NUMBER}/autokeyConfig`.",
 "type": "string"
 },
 "state": {
@@ -2799,7 +2832,8 @@
 "ASYMMETRIC_SIGN",
 "ASYMMETRIC_DECRYPT",
 "RAW_ENCRYPT_DECRYPT",
-"MAC"
+"MAC",
+"KEY_ENCAPSULATION"
 ],
 "enumDescriptions": [
 "Not specified.",
@@ -2807,7 +2841,8 @@
 "CryptoKeys with this purpose may be used with AsymmetricSign and GetPublicKey.",
 "CryptoKeys with this purpose may be used with AsymmetricDecrypt and GetPublicKey.",
 "CryptoKeys with this purpose may be used with RawEncrypt and RawDecrypt. This purpose is meant to be used for interoperable symmetric encryption and does not support automatic CryptoKey rotation.",
-"CryptoKeys with this purpose may be used with MacSign."
+"CryptoKeys with this purpose may be used with MacSign.",
+"CryptoKeys with this purpose may be used with GetPublicKey and Decapsulate."
 ],
 "type": "string"
 },
@@ -2866,6 +2901,9 @@
 "HMAC_SHA512",
 "HMAC_SHA224",
 "EXTERNAL_SYMMETRIC_ENCRYPTION",
+"ML_KEM_768",
+"ML_KEM_1024",
+"KEM_XWING",
 "PQ_SIGN_ML_DSA_65",
 "PQ_SIGN_SLH_DSA_SHA2_128S",
 "PQ_SIGN_HASH_SLH_DSA_SHA2_128S_SHA256"
@@ -2907,6 +2945,9 @@
 "HMAC-SHA512 signing with a 512 bit key.",
 "HMAC-SHA224 signing with a 224 bit key.",
 "Algorithm representing symmetric encryption by an external key manager.",
+"ML-KEM-768 (FIPS 203)",
+"ML-KEM-1024 (FIPS 203)",
+"X-Wing hybrid KEM combining ML-KEM-768 with X25519 following datatracker.ietf.org/doc/draft-connolly-cfrg-xwing-kem/.",
 "The post-quantum Module-Lattice-Based Digital Signature Algorithm, at security level 3. Randomized version.",
 "The post-quantum stateless hash-based digital signature algorithm, at security level 1. Randomized version.",
 "The post-quantum stateless hash-based digital signature algorithm, at security level 1. Randomized pre-hash version supporting SHA256 digests."
@@ -3078,6 +3119,9 @@
 "HMAC_SHA512",
 "HMAC_SHA224",
 "EXTERNAL_SYMMETRIC_ENCRYPTION",
+"ML_KEM_768",
+"ML_KEM_1024",
+"KEM_XWING",
 "PQ_SIGN_ML_DSA_65",
 "PQ_SIGN_SLH_DSA_SHA2_128S",
 "PQ_SIGN_HASH_SLH_DSA_SHA2_128S_SHA256"
@@ -3119,6 +3163,9 @@
 "HMAC-SHA512 signing with a 512 bit key.",
 "HMAC-SHA224 signing with a 224 bit key.",
 "Algorithm representing symmetric encryption by an external key manager.",
+"ML-KEM-768 (FIPS 203)",
+"ML-KEM-1024 (FIPS 203)",
+"X-Wing hybrid KEM combining ML-KEM-768 with X25519 following datatracker.ietf.org/doc/draft-connolly-cfrg-xwing-kem/.",
 "The post-quantum Module-Lattice-Based Digital Signature Algorithm, at security level 3. Randomized version.",
 "The post-quantum stateless hash-based digital signature algorithm, at security level 1. Randomized version.",
 "The post-quantum stateless hash-based digital signature algorithm, at security level 1. Randomized pre-hash version supporting SHA256 digests."
@@ -3146,6 +3193,66 @@
 },
 "type": "object"
 },
+"DecapsulateRequest": {
+"description": "Request message for KeyManagementService.Decapsulate.",
+"id": "DecapsulateRequest",
+"properties": {
+"ciphertext": {
+"description": "Required. The ciphertext produced from encapsulation with the named CryptoKeyVersion public key(s).",
+"format": "byte",
+"type": "string"
+},
+"ciphertextCrc32c": {
+"description": "Optional. A CRC32C checksum of the DecapsulateRequest.ciphertext. If specified, KeyManagementService will verify the integrity of the received DecapsulateRequest.ciphertext using this checksum. KeyManagementService will report an error if the checksum verification fails. If you receive a checksum error, your client should verify that CRC32C(DecapsulateRequest.ciphertext) is equal to DecapsulateRequest.ciphertext_crc32c, and if so, perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type.",
+"format": "int64",
+"type": "string"
+}
+},
+"type": "object"
+},
+"DecapsulateResponse": {
+"description": "Response message for KeyManagementService.Decapsulate.",
+"id": "DecapsulateResponse",
+"properties": {
+"name": {
+"description": "The resource name of the CryptoKeyVersion used for decapsulation. Check this field to verify that the intended resource was used for decapsulation.",
+"type": "string"
+},
+"protectionLevel": {
+"description": "The ProtectionLevel of the CryptoKeyVersion used in decapsulation.",
+"enum": [
+"PROTECTION_LEVEL_UNSPECIFIED",
+"SOFTWARE",
+"HSM",
+"EXTERNAL",
+"EXTERNAL_VPC"
+],
+"enumDescriptions": [
+"Not specified.",
+"Crypto operations are performed in software.",
+"Crypto operations are performed in a Hardware Security Module.",
+"Crypto operations are performed by an external key manager.",
+"Crypto operations are performed in an EKM-over-VPC backend."
+],
+"type": "string"
+},
+"sharedSecret": {
+"description": "The decapsulated shared_secret originally encapsulated with the matching public key.",
+"format": "byte",
+"type": "string"
+},
+"sharedSecretCrc32c": {
+"description": "Integrity verification field. A CRC32C checksum of the returned DecapsulateResponse.shared_secret. An integrity check of DecapsulateResponse.shared_secret can be performed by computing the CRC32C checksum of DecapsulateResponse.shared_secret and comparing your results to this field. Discard the response in case of non-matching checksum values, and perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: receiving this response message indicates that KeyManagementService is able to successfully decrypt the ciphertext. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type.",
+"format": "int64",
+"type": "string"
+},
+"verifiedCiphertextCrc32c": {
+"description": "Integrity verification field. A flag indicating whether DecapsulateRequest.ciphertext_crc32c was received by KeyManagementService and used for the integrity verification of the ciphertext. A false value of this field indicates either that DecapsulateRequest.ciphertext_crc32c was left unset or that it was not delivered to KeyManagementService. If you've set DecapsulateRequest.ciphertext_crc32c but this field is still false, discard the response and perform a limited number of retries.",
+"type": "boolean"
+}
+},
+"type": "object"
+},
 "DecryptRequest": {
 "description": "Request message for KeyManagementService.Decrypt.",
 "id": "DecryptRequest",
@@ -3505,6 +3612,9 @@
 "HMAC_SHA512",
 "HMAC_SHA224",
 "EXTERNAL_SYMMETRIC_ENCRYPTION",
+"ML_KEM_768",
+"ML_KEM_1024",
+"KEM_XWING",
 "PQ_SIGN_ML_DSA_65",
 "PQ_SIGN_SLH_DSA_SHA2_128S",
 "PQ_SIGN_HASH_SLH_DSA_SHA2_128S_SHA256"
@@ -3546,6 +3656,9 @@
 "HMAC-SHA512 signing with a 512 bit key.",
 "HMAC-SHA224 signing with a 224 bit key.",
 "Algorithm representing symmetric encryption by an external key manager.",
+"ML-KEM-768 (FIPS 203)",
+"ML-KEM-1024 (FIPS 203)",
+"X-Wing hybrid KEM combining ML-KEM-768 with X25519 following datatracker.ietf.org/doc/draft-connolly-cfrg-xwing-kem/.",
 "The post-quantum Module-Lattice-Based Digital Signature Algorithm, at security level 3. Randomized version.",
 "The post-quantum stateless hash-based digital signature algorithm, at security level 1. Randomized version.",
 "The post-quantum stateless hash-based digital signature algorithm, at security level 1. Randomized pre-hash version supporting SHA256 digests."
@@ -4260,6 +4373,9 @@
 "HMAC_SHA512",
 "HMAC_SHA224",
 "EXTERNAL_SYMMETRIC_ENCRYPTION",
+"ML_KEM_768",
+"ML_KEM_1024",
+"KEM_XWING",
 "PQ_SIGN_ML_DSA_65",
 "PQ_SIGN_SLH_DSA_SHA2_128S",
 "PQ_SIGN_HASH_SLH_DSA_SHA2_128S_SHA256"
@@ -4301,6 +4417,9 @@
 "HMAC-SHA512 signing with a 512 bit key.",
 "HMAC-SHA224 signing with a 224 bit key.",
 "Algorithm representing symmetric encryption by an external key manager.",
+"ML-KEM-768 (FIPS 203)",
+"ML-KEM-1024 (FIPS 203)",
+"X-Wing hybrid KEM combining ML-KEM-768 with X25519 following datatracker.ietf.org/doc/draft-connolly-cfrg-xwing-kem/.",
 "The post-quantum Module-Lattice-Based Digital Signature Algorithm, at security level 3. Randomized version.",
 "The post-quantum stateless hash-based digital signature algorithm, at security level 1. Randomized version.",
 "The post-quantum stateless hash-based digital signature algorithm, at security level 1. Randomized pre-hash version supporting SHA256 digests."
@@ -4347,12 +4466,16 @@
 "enum": [
 "PUBLIC_KEY_FORMAT_UNSPECIFIED",
 "PEM",
-"NIST_PQC"
+"DER",
+"NIST_PQC",
+"XWING_RAW_BYTES"
 ],
 "enumDescriptions": [
 "If the public_key_format field is not specified: - For PQC algorithms, an error will be returned. - For non-PQC algorithms, the default format is PEM, and the field pem will be populated. Otherwise, the public key will be exported through the public_key field in the requested format.",
 "The returned public key will be encoded in PEM format. See the [RFC7468](https://tools.ietf.org/html/rfc7468) sections for [General Considerations](https://tools.ietf.org/html/rfc7468#section-2) and [Textual Encoding of Subject Public Key Info] (https://tools.ietf.org/html/rfc7468#section-13) for more information.",
-"This is supported only for PQC algorithms. The key material is returned in the format defined by NIST PQC standards (FIPS 203, FIPS 204, and FIPS 205)."
+"The returned public key will be encoded in DER format (the PrivateKeyInfo structure from RFC 5208).",
+"This is supported only for PQC algorithms. The key material is returned in the format defined by NIST PQC standards (FIPS 203, FIPS 204, and FIPS 205).",
+"The returned public key is in raw bytes format defined in its standard https://datatracker.ietf.org/doc/draft-connolly-cfrg-xwing-kem."
 ],
 "type": "string"
 }

googleapiclient/discovery_cache/documents/cloudlocationfinder.v1alpha.json

@@ -144,7 +144,7 @@
 ],
 "parameters": {
 "extraLocationTypes": {
-"description": "Optional. A list of extra location types that should be used as conditions for controlling the visibility of the locations.",
+"description": "Optional. Do not use this field. It is unsupported and is ignored unless explicitly documented otherwise. This is primarily for internal usage.",
 "location": "query",
 "repeated": true,
 "type": "string"
@@ -304,7 +304,7 @@
 }
 }
 },
-"revision": "20250619",
+"revision": "20250814",
 "rootUrl": "https://cloudlocationfinder.googleapis.com/",
 "schemas": {
 "CloudLocation": {
@@ -322,13 +322,15 @@
 "CLOUD_LOCATION_TYPE_UNSPECIFIED",
 "CLOUD_LOCATION_TYPE_REGION",
 "CLOUD_LOCATION_TYPE_ZONE",
-"CLOUD_LOCATION_TYPE_REGION_EXTENSION"
+"CLOUD_LOCATION_TYPE_REGION_EXTENSION",
+"CLOUD_LOCATION_TYPE_GDCC_ZONE"
 ],
 "enumDescriptions": [
 "Unspecified type.",
 "CloudLocation type for region.",
 "CloudLocation type for zone.",
-"CloudLocation type for region extension."
+"CloudLocation type for region extension.",
+"CloudLocation type for Google Distributed Cloud Connected Zone."
 ],
 "type": "string"
 },