google-api-python-client 2.187.0__py3-none-any.whl → 2.189.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (321) hide show
  1. {google_api_python_client-2.187.0.dist-info → google_api_python_client-2.189.0.dist-info}/METADATA +1 -1
  2. {google_api_python_client-2.187.0.dist-info → google_api_python_client-2.189.0.dist-info}/RECORD +321 -316
  3. {google_api_python_client-2.187.0.dist-info → google_api_python_client-2.189.0.dist-info}/WHEEL +1 -1
  4. googleapiclient/discovery.py +13 -6
  5. googleapiclient/discovery_cache/documents/accessapproval.v1.json +17 -3
  6. googleapiclient/discovery_cache/documents/accesscontextmanager.v1.json +3 -3
  7. googleapiclient/discovery_cache/documents/adexchangebuyer2.v2beta1.json +2 -2
  8. googleapiclient/discovery_cache/documents/admin.directory_v1.json +54 -2
  9. googleapiclient/discovery_cache/documents/admin.directoryv1.json +54 -2
  10. googleapiclient/discovery_cache/documents/admin.reports_v1.json +37 -6
  11. googleapiclient/discovery_cache/documents/admin.reportsv1.json +37 -6
  12. googleapiclient/discovery_cache/documents/aiplatform.v1.json +6014 -2261
  13. googleapiclient/discovery_cache/documents/aiplatform.v1beta1.json +1095 -210
  14. googleapiclient/discovery_cache/documents/alertcenter.v1beta1.json +6 -2
  15. googleapiclient/discovery_cache/documents/alloydb.v1.json +379 -18
  16. googleapiclient/discovery_cache/documents/alloydb.v1alpha.json +405 -32
  17. googleapiclient/discovery_cache/documents/alloydb.v1beta.json +405 -32
  18. googleapiclient/discovery_cache/documents/analyticshub.v1.json +40 -2
  19. googleapiclient/discovery_cache/documents/androidmanagement.v1.json +35 -14
  20. googleapiclient/discovery_cache/documents/androidpublisher.v3.json +454 -7
  21. googleapiclient/discovery_cache/documents/apigateway.v1.json +3 -3
  22. googleapiclient/discovery_cache/documents/apigateway.v1beta.json +3 -3
  23. googleapiclient/discovery_cache/documents/apigee.v1.json +1046 -19
  24. googleapiclient/discovery_cache/documents/apihub.v1.json +681 -15
  25. googleapiclient/discovery_cache/documents/apikeys.v2.json +2 -3
  26. googleapiclient/discovery_cache/documents/apim.v1alpha.json +3 -3
  27. googleapiclient/discovery_cache/documents/appengine.v1.json +143 -12
  28. googleapiclient/discovery_cache/documents/appengine.v1alpha.json +78 -15
  29. googleapiclient/discovery_cache/documents/appengine.v1beta.json +247 -17
  30. googleapiclient/discovery_cache/documents/apphub.v1.json +298 -4
  31. googleapiclient/discovery_cache/documents/apphub.v1alpha.json +298 -4
  32. googleapiclient/discovery_cache/documents/appsmarket.v2.json +283 -0
  33. googleapiclient/discovery_cache/documents/artifactregistry.v1.json +60 -3
  34. googleapiclient/discovery_cache/documents/artifactregistry.v1beta1.json +2 -2
  35. googleapiclient/discovery_cache/documents/artifactregistry.v1beta2.json +2 -2
  36. googleapiclient/discovery_cache/documents/assuredworkloads.v1.json +3 -3
  37. googleapiclient/discovery_cache/documents/assuredworkloads.v1beta1.json +3 -3
  38. googleapiclient/discovery_cache/documents/authorizedbuyersmarketplace.v1.json +25 -2
  39. googleapiclient/discovery_cache/documents/authorizedbuyersmarketplace.v1alpha.json +852 -2
  40. googleapiclient/discovery_cache/documents/authorizedbuyersmarketplace.v1beta.json +914 -3
  41. googleapiclient/discovery_cache/documents/backupdr.v1.json +246 -36
  42. googleapiclient/discovery_cache/documents/baremetalsolution.v2.json +2 -2
  43. googleapiclient/discovery_cache/documents/batch.v1.json +4 -4
  44. googleapiclient/discovery_cache/documents/beyondcorp.v1.json +24 -24
  45. googleapiclient/discovery_cache/documents/beyondcorp.v1alpha.json +24 -225
  46. googleapiclient/discovery_cache/documents/bigquery.v2.json +54 -11
  47. googleapiclient/discovery_cache/documents/bigquerydatapolicy.v1.json +5 -3
  48. googleapiclient/discovery_cache/documents/bigquerydatatransfer.v1.json +17 -2
  49. googleapiclient/discovery_cache/documents/bigqueryreservation.v1.json +18 -2
  50. googleapiclient/discovery_cache/documents/bigtableadmin.v2.json +3 -3
  51. googleapiclient/discovery_cache/documents/calendar.v3.json +21 -5
  52. googleapiclient/discovery_cache/documents/certificatemanager.v1.json +48 -4
  53. googleapiclient/discovery_cache/documents/chat.v1.json +104 -25
  54. googleapiclient/discovery_cache/documents/checks.v1alpha.json +3 -3
  55. googleapiclient/discovery_cache/documents/chromemanagement.v1.json +228 -8
  56. googleapiclient/discovery_cache/documents/classroom.v1.json +344 -7
  57. googleapiclient/discovery_cache/documents/cloudasset.v1.json +11 -4
  58. googleapiclient/discovery_cache/documents/cloudbuild.v1.json +41 -2
  59. googleapiclient/discovery_cache/documents/cloudbuild.v2.json +12 -2
  60. googleapiclient/discovery_cache/documents/cloudchannel.v1.json +4 -4
  61. googleapiclient/discovery_cache/documents/clouddeploy.v1.json +119 -3
  62. googleapiclient/discovery_cache/documents/cloudfunctions.v1.json +3 -3
  63. googleapiclient/discovery_cache/documents/cloudfunctions.v2.json +80 -7
  64. googleapiclient/discovery_cache/documents/cloudfunctions.v2alpha.json +80 -7
  65. googleapiclient/discovery_cache/documents/cloudfunctions.v2beta.json +80 -7
  66. googleapiclient/discovery_cache/documents/cloudidentity.v1.json +5 -4
  67. googleapiclient/discovery_cache/documents/cloudidentity.v1beta1.json +8 -6
  68. googleapiclient/discovery_cache/documents/cloudkms.v1.json +1114 -183
  69. googleapiclient/discovery_cache/documents/cloudresourcemanager.v1.json +5 -3
  70. googleapiclient/discovery_cache/documents/cloudresourcemanager.v1beta1.json +5 -3
  71. googleapiclient/discovery_cache/documents/cloudresourcemanager.v2.json +5 -3
  72. googleapiclient/discovery_cache/documents/cloudresourcemanager.v2beta1.json +5 -3
  73. googleapiclient/discovery_cache/documents/cloudresourcemanager.v3.json +20 -8
  74. googleapiclient/discovery_cache/documents/cloudscheduler.v1.json +3 -3
  75. googleapiclient/discovery_cache/documents/cloudscheduler.v1beta1.json +3 -3
  76. googleapiclient/discovery_cache/documents/cloudsearch.v1.json +40 -58
  77. googleapiclient/discovery_cache/documents/cloudshell.v1.json +51 -3
  78. googleapiclient/discovery_cache/documents/cloudsupport.v2.json +11 -1
  79. googleapiclient/discovery_cache/documents/cloudsupport.v2beta.json +11 -1
  80. googleapiclient/discovery_cache/documents/cloudtasks.v2beta3.json +2 -2
  81. googleapiclient/discovery_cache/documents/composer.v1.json +8 -6
  82. googleapiclient/discovery_cache/documents/composer.v1beta1.json +8 -6
  83. googleapiclient/discovery_cache/documents/compute.alpha.json +6417 -1887
  84. googleapiclient/discovery_cache/documents/compute.beta.json +7108 -1882
  85. googleapiclient/discovery_cache/documents/compute.v1.json +4430 -1397
  86. googleapiclient/discovery_cache/documents/config.v1.json +96 -10
  87. googleapiclient/discovery_cache/documents/connectors.v1.json +62 -6
  88. googleapiclient/discovery_cache/documents/connectors.v2.json +252 -1
  89. googleapiclient/discovery_cache/documents/contactcenteraiplatform.v1alpha1.json +395 -5
  90. googleapiclient/discovery_cache/documents/contactcenterinsights.v1.json +6141 -110
  91. googleapiclient/discovery_cache/documents/container.v1.json +428 -18
  92. googleapiclient/discovery_cache/documents/container.v1beta1.json +510 -17
  93. googleapiclient/discovery_cache/documents/containeranalysis.v1.json +35 -1
  94. googleapiclient/discovery_cache/documents/containeranalysis.v1alpha1.json +39 -3
  95. googleapiclient/discovery_cache/documents/containeranalysis.v1beta1.json +39 -3
  96. googleapiclient/discovery_cache/documents/content.v2.1.json +13 -646
  97. googleapiclient/discovery_cache/documents/datacatalog.v1.json +249 -5
  98. googleapiclient/discovery_cache/documents/datacatalog.v1beta1.json +247 -3
  99. googleapiclient/discovery_cache/documents/dataflow.v1b3.json +51 -1
  100. googleapiclient/discovery_cache/documents/dataform.v1.json +63 -4
  101. googleapiclient/discovery_cache/documents/dataform.v1beta1.json +834 -41
  102. googleapiclient/discovery_cache/documents/datafusion.v1.json +221 -2
  103. googleapiclient/discovery_cache/documents/datafusion.v1beta1.json +221 -2
  104. googleapiclient/discovery_cache/documents/datalineage.v1.json +268 -3
  105. googleapiclient/discovery_cache/documents/datamanager.v1.json +156 -6
  106. googleapiclient/discovery_cache/documents/datamigration.v1.json +383 -33
  107. googleapiclient/discovery_cache/documents/datamigration.v1beta1.json +275 -1
  108. googleapiclient/discovery_cache/documents/dataplex.v1.json +978 -57
  109. googleapiclient/discovery_cache/documents/dataportability.v1.json +55 -1
  110. googleapiclient/discovery_cache/documents/dataportability.v1beta.json +55 -1
  111. googleapiclient/discovery_cache/documents/dataproc.v1.json +157 -6
  112. googleapiclient/discovery_cache/documents/datastore.v1.json +3 -23
  113. googleapiclient/discovery_cache/documents/datastore.v1beta1.json +1 -21
  114. googleapiclient/discovery_cache/documents/datastore.v1beta3.json +1 -21
  115. googleapiclient/discovery_cache/documents/datastream.v1.json +466 -87
  116. googleapiclient/discovery_cache/documents/datastream.v1alpha1.json +3 -3
  117. googleapiclient/discovery_cache/documents/deploymentmanager.alpha.json +31 -9
  118. googleapiclient/discovery_cache/documents/deploymentmanager.v2.json +31 -9
  119. googleapiclient/discovery_cache/documents/deploymentmanager.v2beta.json +31 -9
  120. googleapiclient/discovery_cache/documents/developerconnect.v1.json +498 -25
  121. googleapiclient/discovery_cache/documents/dialogflow.v2.json +1919 -4578
  122. googleapiclient/discovery_cache/documents/dialogflow.v2beta1.json +1913 -4570
  123. googleapiclient/discovery_cache/documents/dialogflow.v3.json +1727 -4139
  124. googleapiclient/discovery_cache/documents/dialogflow.v3beta1.json +1788 -4404
  125. googleapiclient/discovery_cache/documents/discoveryengine.v1.json +2643 -668
  126. googleapiclient/discovery_cache/documents/discoveryengine.v1alpha.json +2509 -983
  127. googleapiclient/discovery_cache/documents/discoveryengine.v1beta.json +1275 -532
  128. googleapiclient/discovery_cache/documents/displayvideo.v2.json +176 -1417
  129. googleapiclient/discovery_cache/documents/displayvideo.v3.json +186 -1433
  130. googleapiclient/discovery_cache/documents/displayvideo.v4.json +61 -41
  131. googleapiclient/discovery_cache/documents/dlp.v2.json +205 -9
  132. googleapiclient/discovery_cache/documents/dns.v1.json +3 -3
  133. googleapiclient/discovery_cache/documents/dns.v1beta2.json +3 -3
  134. googleapiclient/discovery_cache/documents/docs.v1.json +248 -9
  135. googleapiclient/discovery_cache/documents/documentai.v1.json +33 -8
  136. googleapiclient/discovery_cache/documents/documentai.v1beta3.json +37 -8
  137. googleapiclient/discovery_cache/documents/doubleclickbidmanager.v2.json +3 -3
  138. googleapiclient/discovery_cache/documents/drive.v2.json +8 -8
  139. googleapiclient/discovery_cache/documents/drive.v3.json +225 -20
  140. googleapiclient/discovery_cache/documents/eventarc.v1.json +19 -94
  141. googleapiclient/discovery_cache/documents/fcm.v1.json +2 -1
  142. googleapiclient/discovery_cache/documents/file.v1.json +88 -18
  143. googleapiclient/discovery_cache/documents/file.v1beta1.json +21 -19
  144. googleapiclient/discovery_cache/documents/firebaseappcheck.v1beta.json +5 -1
  145. googleapiclient/discovery_cache/documents/firebaseappdistribution.v1.json +22 -12
  146. googleapiclient/discovery_cache/documents/firebaseappdistribution.v1alpha.json +39 -23
  147. googleapiclient/discovery_cache/documents/firebaseapphosting.v1.json +85 -8
  148. googleapiclient/discovery_cache/documents/firebaseapphosting.v1beta.json +87 -10
  149. googleapiclient/discovery_cache/documents/firebasedataconnect.v1.json +23 -3
  150. googleapiclient/discovery_cache/documents/firebasedataconnect.v1beta.json +23 -3
  151. googleapiclient/discovery_cache/documents/firebasehosting.v1.json +3 -3
  152. googleapiclient/discovery_cache/documents/firebasehosting.v1beta1.json +3 -3
  153. googleapiclient/discovery_cache/documents/firebaseml.v1.json +3 -3
  154. googleapiclient/discovery_cache/documents/firebaseml.v2beta.json +178 -29
  155. googleapiclient/discovery_cache/documents/firebasestorage.v1beta.json +2 -2
  156. googleapiclient/discovery_cache/documents/firestore.v1.json +210 -31
  157. googleapiclient/discovery_cache/documents/firestore.v1beta1.json +192 -21
  158. googleapiclient/discovery_cache/documents/firestore.v1beta2.json +1 -21
  159. googleapiclient/discovery_cache/documents/gkebackup.v1.json +394 -4
  160. googleapiclient/discovery_cache/documents/gkehub.v1.json +183 -20
  161. googleapiclient/discovery_cache/documents/gkehub.v1alpha.json +777 -21
  162. googleapiclient/discovery_cache/documents/gkehub.v1beta.json +919 -33
  163. googleapiclient/discovery_cache/documents/gkehub.v1beta1.json +4 -4
  164. googleapiclient/discovery_cache/documents/gkehub.v2.json +69 -21
  165. googleapiclient/discovery_cache/documents/gkehub.v2alpha.json +69 -21
  166. googleapiclient/discovery_cache/documents/gkehub.v2beta.json +69 -21
  167. googleapiclient/discovery_cache/documents/gkeonprem.v1.json +145 -9
  168. googleapiclient/discovery_cache/documents/gmail.v1.json +44 -4
  169. googleapiclient/discovery_cache/documents/healthcare.v1.json +52 -20
  170. googleapiclient/discovery_cache/documents/healthcare.v1beta1.json +52 -20
  171. googleapiclient/discovery_cache/documents/hypercomputecluster.v1.json +1886 -0
  172. googleapiclient/discovery_cache/documents/iam.v1.json +88 -91
  173. googleapiclient/discovery_cache/documents/iamcredentials.v1.json +143 -1
  174. googleapiclient/discovery_cache/documents/ids.v1.json +4 -4
  175. googleapiclient/discovery_cache/documents/kmsinventory.v1.json +42 -12
  176. googleapiclient/discovery_cache/documents/licensing.v1.json +2 -2
  177. googleapiclient/discovery_cache/documents/logging.v2.json +28 -18
  178. googleapiclient/discovery_cache/documents/looker.v1.json +95 -3
  179. googleapiclient/discovery_cache/documents/managedkafka.v1.json +286 -6
  180. googleapiclient/discovery_cache/documents/memcache.v1.json +73 -20
  181. googleapiclient/discovery_cache/documents/memcache.v1beta2.json +20 -20
  182. googleapiclient/discovery_cache/documents/merchantapi.accounts_v1.json +173 -1
  183. googleapiclient/discovery_cache/documents/merchantapi.accounts_v1beta.json +173 -1
  184. googleapiclient/discovery_cache/documents/merchantapi.datasources_v1.json +2 -2
  185. googleapiclient/discovery_cache/documents/merchantapi.datasources_v1beta.json +2 -2
  186. googleapiclient/discovery_cache/documents/merchantapi.inventories_v1.json +59 -9
  187. googleapiclient/discovery_cache/documents/merchantapi.inventories_v1beta.json +9 -9
  188. googleapiclient/discovery_cache/documents/merchantapi.issueresolution_v1.json +3 -3
  189. googleapiclient/discovery_cache/documents/merchantapi.issueresolution_v1beta.json +3 -3
  190. googleapiclient/discovery_cache/documents/merchantapi.notifications_v1.json +3 -3
  191. googleapiclient/discovery_cache/documents/merchantapi.notifications_v1beta.json +3 -3
  192. googleapiclient/discovery_cache/documents/merchantapi.products_v1.json +41 -10
  193. googleapiclient/discovery_cache/documents/merchantapi.products_v1beta.json +12 -10
  194. googleapiclient/discovery_cache/documents/merchantapi.quota_v1.json +130 -1
  195. googleapiclient/discovery_cache/documents/merchantapi.reports_v1.json +2 -2
  196. googleapiclient/discovery_cache/documents/merchantapi.reports_v1beta.json +2 -2
  197. googleapiclient/discovery_cache/documents/metastore.v1.json +11 -7
  198. googleapiclient/discovery_cache/documents/metastore.v1alpha.json +24 -15
  199. googleapiclient/discovery_cache/documents/metastore.v1beta.json +24 -15
  200. googleapiclient/discovery_cache/documents/migrationcenter.v1.json +501 -5
  201. googleapiclient/discovery_cache/documents/migrationcenter.v1alpha1.json +302 -4
  202. googleapiclient/discovery_cache/documents/ml.v1.json +13 -1
  203. googleapiclient/discovery_cache/documents/monitoring.v1.json +16 -1
  204. googleapiclient/discovery_cache/documents/netapp.v1.json +517 -22
  205. googleapiclient/discovery_cache/documents/netapp.v1beta1.json +463 -22
  206. googleapiclient/discovery_cache/documents/networkconnectivity.v1.json +372 -15
  207. googleapiclient/discovery_cache/documents/networkconnectivity.v1alpha1.json +16 -14
  208. googleapiclient/discovery_cache/documents/networkmanagement.v1.json +208 -35
  209. googleapiclient/discovery_cache/documents/networkmanagement.v1beta1.json +188 -23
  210. googleapiclient/discovery_cache/documents/networksecurity.v1.json +436 -11
  211. googleapiclient/discovery_cache/documents/networksecurity.v1beta1.json +198 -14
  212. googleapiclient/discovery_cache/documents/networkservices.v1.json +59 -53
  213. googleapiclient/discovery_cache/documents/networkservices.v1beta1.json +68 -53
  214. googleapiclient/discovery_cache/documents/notebooks.v1.json +4 -4
  215. googleapiclient/discovery_cache/documents/notebooks.v2.json +18 -10
  216. googleapiclient/discovery_cache/documents/observability.v1.json +1045 -26
  217. googleapiclient/discovery_cache/documents/ondemandscanning.v1.json +8 -3
  218. googleapiclient/discovery_cache/documents/ondemandscanning.v1beta1.json +8 -3
  219. googleapiclient/discovery_cache/documents/oracledatabase.v1.json +35 -35
  220. googleapiclient/discovery_cache/documents/orgpolicy.v2.json +4 -4
  221. googleapiclient/discovery_cache/documents/osconfig.v1.json +301 -3
  222. googleapiclient/discovery_cache/documents/osconfig.v1alpha.json +286 -1
  223. googleapiclient/discovery_cache/documents/osconfig.v1beta.json +148 -3
  224. googleapiclient/discovery_cache/documents/osconfig.v2.json +137 -5
  225. googleapiclient/discovery_cache/documents/osconfig.v2beta.json +137 -5
  226. googleapiclient/discovery_cache/documents/oslogin.v1.json +44 -1
  227. googleapiclient/discovery_cache/documents/parametermanager.v1.json +24 -4
  228. googleapiclient/discovery_cache/documents/paymentsresellersubscription.v1.json +18 -4
  229. googleapiclient/discovery_cache/documents/people.v1.json +2 -2
  230. googleapiclient/discovery_cache/documents/places.v1.json +3 -3
  231. googleapiclient/discovery_cache/documents/playdeveloperreporting.v1alpha1.json +72 -72
  232. googleapiclient/discovery_cache/documents/playdeveloperreporting.v1beta1.json +72 -72
  233. googleapiclient/discovery_cache/documents/policysimulator.v1.json +8 -8
  234. googleapiclient/discovery_cache/documents/policysimulator.v1alpha.json +8 -8
  235. googleapiclient/discovery_cache/documents/policysimulator.v1beta.json +8 -8
  236. googleapiclient/discovery_cache/documents/policytroubleshooter.v3.json +1189 -0
  237. googleapiclient/discovery_cache/documents/policytroubleshooter.v3beta.json +1722 -0
  238. googleapiclient/discovery_cache/documents/privateca.v1.json +5 -5
  239. googleapiclient/discovery_cache/documents/privateca.v1beta1.json +3 -3
  240. googleapiclient/discovery_cache/documents/pubsub.v1.json +206 -14
  241. googleapiclient/discovery_cache/documents/pubsub.v1beta1a.json +153 -3
  242. googleapiclient/discovery_cache/documents/pubsub.v1beta2.json +153 -3
  243. googleapiclient/discovery_cache/documents/pubsublite.v1.json +3 -3
  244. googleapiclient/discovery_cache/documents/realtimebidding.v1.json +2 -2
  245. googleapiclient/discovery_cache/documents/recaptchaenterprise.v1.json +7 -5
  246. googleapiclient/discovery_cache/documents/recommendationengine.v1beta1.json +4 -4
  247. googleapiclient/discovery_cache/documents/redis.v1.json +38 -14
  248. googleapiclient/discovery_cache/documents/redis.v1beta1.json +38 -14
  249. googleapiclient/discovery_cache/documents/retail.v2.json +11 -11
  250. googleapiclient/discovery_cache/documents/retail.v2alpha.json +18 -17
  251. googleapiclient/discovery_cache/documents/retail.v2beta.json +16 -15
  252. googleapiclient/discovery_cache/documents/run.v1.json +704 -5
  253. googleapiclient/discovery_cache/documents/run.v2.json +1080 -219
  254. googleapiclient/discovery_cache/documents/runtimeconfig.v1.json +13 -1
  255. googleapiclient/discovery_cache/documents/saasservicemgmt.v1beta1.json +23 -398
  256. googleapiclient/discovery_cache/documents/safebrowsing.v5.json +79 -5
  257. googleapiclient/discovery_cache/documents/searchads360.v0.json +228 -21
  258. googleapiclient/discovery_cache/documents/secretmanager.v1.json +47 -2
  259. googleapiclient/discovery_cache/documents/secretmanager.v1beta1.json +47 -2
  260. googleapiclient/discovery_cache/documents/secretmanager.v1beta2.json +47 -2
  261. googleapiclient/discovery_cache/documents/securitycenter.v1.json +698 -7
  262. googleapiclient/discovery_cache/documents/securitycenter.v1beta1.json +682 -7
  263. googleapiclient/discovery_cache/documents/securitycenter.v1beta2.json +680 -5
  264. googleapiclient/discovery_cache/documents/securityposture.v1.json +5 -5
  265. googleapiclient/discovery_cache/documents/serviceconsumermanagement.v1.json +11 -6
  266. googleapiclient/discovery_cache/documents/serviceconsumermanagement.v1beta1.json +4 -4
  267. googleapiclient/discovery_cache/documents/servicecontrol.v1.json +24 -1
  268. googleapiclient/discovery_cache/documents/servicecontrol.v2.json +9 -1
  269. googleapiclient/discovery_cache/documents/servicemanagement.v1.json +3 -3
  270. googleapiclient/discovery_cache/documents/servicenetworking.v1.json +5 -5
  271. googleapiclient/discovery_cache/documents/servicenetworking.v1beta.json +3 -3
  272. googleapiclient/discovery_cache/documents/serviceusage.v1.json +72 -6
  273. googleapiclient/discovery_cache/documents/serviceusage.v1beta1.json +72 -6
  274. googleapiclient/discovery_cache/documents/sheets.v4.json +2 -2
  275. googleapiclient/discovery_cache/documents/smartdevicemanagement.v1.json +16 -1
  276. googleapiclient/discovery_cache/documents/solar.v1.json +3 -3
  277. googleapiclient/discovery_cache/documents/spanner.v1.json +183 -9
  278. googleapiclient/discovery_cache/documents/speech.v1.json +3 -3
  279. googleapiclient/discovery_cache/documents/speech.v1p1beta1.json +3 -3
  280. googleapiclient/discovery_cache/documents/sqladmin.v1.json +368 -17
  281. googleapiclient/discovery_cache/documents/sqladmin.v1beta4.json +320 -18
  282. googleapiclient/discovery_cache/documents/storage.v1.json +10 -2
  283. googleapiclient/discovery_cache/documents/storagebatchoperations.v1.json +211 -3
  284. googleapiclient/discovery_cache/documents/storagetransfer.v1.json +26 -4
  285. googleapiclient/discovery_cache/documents/sts.v1.json +10 -1
  286. googleapiclient/discovery_cache/documents/sts.v1beta.json +10 -1
  287. googleapiclient/discovery_cache/documents/tagmanager.v2.json +55 -1
  288. googleapiclient/discovery_cache/documents/tasks.v1.json +2 -2
  289. googleapiclient/discovery_cache/documents/testing.v1.json +7 -2
  290. googleapiclient/discovery_cache/documents/texttospeech.v1.json +9 -5
  291. googleapiclient/discovery_cache/documents/texttospeech.v1beta1.json +9 -5
  292. googleapiclient/discovery_cache/documents/threatintelligence.v1beta.json +3143 -0
  293. googleapiclient/discovery_cache/documents/toolresults.v1beta3.json +2 -2
  294. googleapiclient/discovery_cache/documents/tpu.v1.json +32 -5
  295. googleapiclient/discovery_cache/documents/tpu.v1alpha1.json +45 -18
  296. googleapiclient/discovery_cache/documents/tpu.v2.json +5 -5
  297. googleapiclient/discovery_cache/documents/tpu.v2alpha1.json +5 -5
  298. googleapiclient/discovery_cache/documents/translate.v3.json +123 -23
  299. googleapiclient/discovery_cache/documents/translate.v3beta1.json +107 -11
  300. googleapiclient/discovery_cache/documents/travelimpactmodel.v1.json +76 -1
  301. googleapiclient/discovery_cache/documents/vault.v1.json +3 -3
  302. googleapiclient/discovery_cache/documents/verifiedaccess.v2.json +9 -5
  303. googleapiclient/discovery_cache/documents/vision.v1.json +3 -3
  304. googleapiclient/discovery_cache/documents/vmmigration.v1.json +12 -4
  305. googleapiclient/discovery_cache/documents/vmmigration.v1alpha1.json +21 -5
  306. googleapiclient/discovery_cache/documents/vmwareengine.v1.json +539 -4
  307. googleapiclient/discovery_cache/documents/vpcaccess.v1.json +3 -3
  308. googleapiclient/discovery_cache/documents/vpcaccess.v1beta1.json +3 -3
  309. googleapiclient/discovery_cache/documents/walletobjects.v1.json +11 -1
  310. googleapiclient/discovery_cache/documents/webrisk.v1.json +3 -3
  311. googleapiclient/discovery_cache/documents/workflows.v1.json +4 -4
  312. googleapiclient/discovery_cache/documents/workflows.v1beta.json +4 -4
  313. googleapiclient/discovery_cache/documents/workloadmanager.v1.json +245 -14
  314. googleapiclient/discovery_cache/documents/workspaceevents.v1.json +706 -1
  315. googleapiclient/discovery_cache/documents/workstations.v1.json +54 -4
  316. googleapiclient/discovery_cache/documents/workstations.v1beta.json +58 -3
  317. googleapiclient/discovery_cache/documents/youtube.v3.json +1 -1
  318. googleapiclient/discovery_cache/documents/youtubereporting.v1.json +11 -1
  319. googleapiclient/version.py +1 -1
  320. {google_api_python_client-2.187.0.dist-info → google_api_python_client-2.189.0.dist-info}/licenses/LICENSE +0 -0
  321. {google_api_python_client-2.187.0.dist-info → google_api_python_client-2.189.0.dist-info}/top_level.txt +0 -0
@@ -203,7 +203,7 @@
203
203
  "folders": {
204
204
  "methods": {
205
205
  "getAutokeyConfig": {
206
- "description": "Returns the AutokeyConfig for a folder.",
206
+ "description": "Returns the AutokeyConfig for a folder or project.",
207
207
  "flatPath": "v1/folders/{foldersId}/autokeyConfig",
208
208
  "httpMethod": "GET",
209
209
  "id": "cloudkms.folders.getAutokeyConfig",
@@ -212,7 +212,7 @@
212
212
  ],
213
213
  "parameters": {
214
214
  "name": {
215
- "description": "Required. Name of the AutokeyConfig resource, e.g. `folders/{FOLDER_NUMBER}/autokeyConfig`.",
215
+ "description": "Required. Name of the AutokeyConfig resource, e.g. `folders/{FOLDER_NUMBER}/autokeyConfig` or `projects/{PROJECT_NUMBER}/autokeyConfig`.",
216
216
  "location": "path",
217
217
  "pattern": "^folders/[^/]+/autokeyConfig$",
218
218
  "required": true,
@@ -255,7 +255,7 @@
255
255
  ]
256
256
  },
257
257
  "updateAutokeyConfig": {
258
- "description": "Updates the AutokeyConfig for a folder. The caller must have both `cloudkms.autokeyConfigs.update` permission on the parent folder and `cloudkms.cryptoKeys.setIamPolicy` permission on the provided key project. A KeyHandle creation in the folder's descendant projects will use this configuration to determine where to create the resulting CryptoKey.",
258
+ "description": "Updates the AutokeyConfig for a folder or a project. The caller must have both `cloudkms.autokeyConfigs.update` permission on the parent folder and `cloudkms.cryptoKeys.setIamPolicy` permission on the provided key project. A KeyHandle creation in the folder's descendant projects will use this configuration to determine where to create the resulting CryptoKey.",
259
259
  "flatPath": "v1/folders/{foldersId}/autokeyConfig",
260
260
  "httpMethod": "PATCH",
261
261
  "id": "cloudkms.folders.updateAutokeyConfig",
@@ -264,7 +264,7 @@
264
264
  ],
265
265
  "parameters": {
266
266
  "name": {
267
- "description": "Identifier. Name of the AutokeyConfig resource, e.g. `folders/{FOLDER_NUMBER}/autokeyConfig` `projects/{PROJECT_NUMBER}/autokeyConfig`.",
267
+ "description": "Identifier. Name of the AutokeyConfig resource, e.g. `folders/{FOLDER_NUMBER}/autokeyConfig`",
268
268
  "location": "path",
269
269
  "pattern": "^folders/[^/]+/autokeyConfig$",
270
270
  "required": true,
@@ -393,6 +393,32 @@
393
393
  },
394
394
  "projects": {
395
395
  "methods": {
396
+ "getAutokeyConfig": {
397
+ "description": "Returns the AutokeyConfig for a folder or project.",
398
+ "flatPath": "v1/projects/{projectsId}/autokeyConfig",
399
+ "httpMethod": "GET",
400
+ "id": "cloudkms.projects.getAutokeyConfig",
401
+ "parameterOrder": [
402
+ "name"
403
+ ],
404
+ "parameters": {
405
+ "name": {
406
+ "description": "Required. Name of the AutokeyConfig resource, e.g. `folders/{FOLDER_NUMBER}/autokeyConfig` or `projects/{PROJECT_NUMBER}/autokeyConfig`.",
407
+ "location": "path",
408
+ "pattern": "^projects/[^/]+/autokeyConfig$",
409
+ "required": true,
410
+ "type": "string"
411
+ }
412
+ },
413
+ "path": "v1/{+name}",
414
+ "response": {
415
+ "$ref": "AutokeyConfig"
416
+ },
417
+ "scopes": [
418
+ "https://www.googleapis.com/auth/cloud-platform",
419
+ "https://www.googleapis.com/auth/cloudkms"
420
+ ]
421
+ },
396
422
  "getKajPolicyConfig": {
397
423
  "description": "Gets the KeyAccessJustificationsPolicyConfig for a given organization, folder, or project.",
398
424
  "flatPath": "v1/projects/{projectsId}/kajPolicyConfig",
@@ -497,6 +523,41 @@
497
523
  "https://www.googleapis.com/auth/cloudkms"
498
524
  ]
499
525
  },
526
+ "updateAutokeyConfig": {
527
+ "description": "Updates the AutokeyConfig for a folder or a project. The caller must have both `cloudkms.autokeyConfigs.update` permission on the parent folder and `cloudkms.cryptoKeys.setIamPolicy` permission on the provided key project. A KeyHandle creation in the folder's descendant projects will use this configuration to determine where to create the resulting CryptoKey.",
528
+ "flatPath": "v1/projects/{projectsId}/autokeyConfig",
529
+ "httpMethod": "PATCH",
530
+ "id": "cloudkms.projects.updateAutokeyConfig",
531
+ "parameterOrder": [
532
+ "name"
533
+ ],
534
+ "parameters": {
535
+ "name": {
536
+ "description": "Identifier. Name of the AutokeyConfig resource, e.g. `folders/{FOLDER_NUMBER}/autokeyConfig`",
537
+ "location": "path",
538
+ "pattern": "^projects/[^/]+/autokeyConfig$",
539
+ "required": true,
540
+ "type": "string"
541
+ },
542
+ "updateMask": {
543
+ "description": "Required. Masks which fields of the AutokeyConfig to update, e.g. `keyProject`.",
544
+ "format": "google-fieldmask",
545
+ "location": "query",
546
+ "type": "string"
547
+ }
548
+ },
549
+ "path": "v1/{+name}",
550
+ "request": {
551
+ "$ref": "AutokeyConfig"
552
+ },
553
+ "response": {
554
+ "$ref": "AutokeyConfig"
555
+ },
556
+ "scopes": [
557
+ "https://www.googleapis.com/auth/cloud-platform",
558
+ "https://www.googleapis.com/auth/cloudkms"
559
+ ]
560
+ },
500
561
  "updateKajPolicyConfig": {
501
562
  "description": "Updates the KeyAccessJustificationsPolicyConfig for a given organization, folder, or project.",
502
563
  "flatPath": "v1/projects/{projectsId}/kajPolicyConfig",
@@ -2429,172 +2490,526 @@
2429
2490
  ]
2430
2491
  }
2431
2492
  }
2432
- }
2433
- }
2434
- }
2435
- }
2436
- }
2437
2493
  },
2438
- "revision": "20251023",
2439
- "rootUrl": "https://cloudkms.googleapis.com/",
2440
- "schemas": {
2441
- "AsymmetricDecryptRequest": {
2442
- "description": "Request message for KeyManagementService.AsymmetricDecrypt.",
2443
- "id": "AsymmetricDecryptRequest",
2444
- "properties": {
2445
- "ciphertext": {
2446
- "description": "Required. The data encrypted with the named CryptoKeyVersion's public key using OAEP.",
2447
- "format": "byte",
2494
+ "singleTenantHsmInstances": {
2495
+ "methods": {
2496
+ "create": {
2497
+ "description": "Creates a new SingleTenantHsmInstance in a given Project and Location. User must create a RegisterTwoFactorAuthKeys proposal with this single-tenant HSM instance to finish setup of the instance.",
2498
+ "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/singleTenantHsmInstances",
2499
+ "httpMethod": "POST",
2500
+ "id": "cloudkms.projects.locations.singleTenantHsmInstances.create",
2501
+ "parameterOrder": [
2502
+ "parent"
2503
+ ],
2504
+ "parameters": {
2505
+ "parent": {
2506
+ "description": "Required. The resource name of the location associated with the SingleTenantHsmInstance, in the format `projects/*/locations/*`.",
2507
+ "location": "path",
2508
+ "pattern": "^projects/[^/]+/locations/[^/]+$",
2509
+ "required": true,
2448
2510
  "type": "string"
2449
2511
  },
2450
- "ciphertextCrc32c": {
2451
- "description": "Optional. An optional CRC32C checksum of the AsymmetricDecryptRequest.ciphertext. If specified, KeyManagementService will verify the integrity of the received AsymmetricDecryptRequest.ciphertext using this checksum. KeyManagementService will report an error if the checksum verification fails. If you receive a checksum error, your client should verify that CRC32C(AsymmetricDecryptRequest.ciphertext) is equal to AsymmetricDecryptRequest.ciphertext_crc32c, and if so, perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type.",
2452
- "format": "int64",
2512
+ "singleTenantHsmInstanceId": {
2513
+ "description": "Optional. It must be unique within a location and match the regular expression `[a-zA-Z0-9_-]{1,63}`.",
2514
+ "location": "query",
2453
2515
  "type": "string"
2454
2516
  }
2455
2517
  },
2456
- "type": "object"
2518
+ "path": "v1/{+parent}/singleTenantHsmInstances",
2519
+ "request": {
2520
+ "$ref": "SingleTenantHsmInstance"
2457
2521
  },
2458
- "AsymmetricDecryptResponse": {
2459
- "description": "Response message for KeyManagementService.AsymmetricDecrypt.",
2460
- "id": "AsymmetricDecryptResponse",
2461
- "properties": {
2462
- "plaintext": {
2463
- "description": "The decrypted data originally encrypted with the matching public key.",
2464
- "format": "byte",
2465
- "type": "string"
2522
+ "response": {
2523
+ "$ref": "Operation"
2466
2524
  },
2467
- "plaintextCrc32c": {
2468
- "description": "Integrity verification field. A CRC32C checksum of the returned AsymmetricDecryptResponse.plaintext. An integrity check of AsymmetricDecryptResponse.plaintext can be performed by computing the CRC32C checksum of AsymmetricDecryptResponse.plaintext and comparing your results to this field. Discard the response in case of non-matching checksum values, and perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type.",
2469
- "format": "int64",
2470
- "type": "string"
2525
+ "scopes": [
2526
+ "https://www.googleapis.com/auth/cloud-platform",
2527
+ "https://www.googleapis.com/auth/cloudkms"
2528
+ ]
2471
2529
  },
2472
- "protectionLevel": {
2473
- "description": "The ProtectionLevel of the CryptoKeyVersion used in decryption.",
2474
- "enum": [
2475
- "PROTECTION_LEVEL_UNSPECIFIED",
2476
- "SOFTWARE",
2477
- "HSM",
2478
- "EXTERNAL",
2479
- "EXTERNAL_VPC"
2480
- ],
2481
- "enumDescriptions": [
2482
- "Not specified.",
2483
- "Crypto operations are performed in software.",
2484
- "Crypto operations are performed in a Hardware Security Module.",
2485
- "Crypto operations are performed by an external key manager.",
2486
- "Crypto operations are performed in an EKM-over-VPC backend."
2530
+ "get": {
2531
+ "description": "Returns metadata for a given SingleTenantHsmInstance.",
2532
+ "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/singleTenantHsmInstances/{singleTenantHsmInstancesId}",
2533
+ "httpMethod": "GET",
2534
+ "id": "cloudkms.projects.locations.singleTenantHsmInstances.get",
2535
+ "parameterOrder": [
2536
+ "name"
2487
2537
  ],
2538
+ "parameters": {
2539
+ "name": {
2540
+ "description": "Required. The name of the SingleTenantHsmInstance to get.",
2541
+ "location": "path",
2542
+ "pattern": "^projects/[^/]+/locations/[^/]+/singleTenantHsmInstances/[^/]+$",
2543
+ "required": true,
2488
2544
  "type": "string"
2489
- },
2490
- "verifiedCiphertextCrc32c": {
2491
- "description": "Integrity verification field. A flag indicating whether AsymmetricDecryptRequest.ciphertext_crc32c was received by KeyManagementService and used for the integrity verification of the ciphertext. A false value of this field indicates either that AsymmetricDecryptRequest.ciphertext_crc32c was left unset or that it was not delivered to KeyManagementService. If you've set AsymmetricDecryptRequest.ciphertext_crc32c but this field is still false, discard the response and perform a limited number of retries.",
2492
- "type": "boolean"
2493
2545
  }
2494
2546
  },
2495
- "type": "object"
2496
- },
2497
- "AsymmetricSignRequest": {
2498
- "description": "Request message for KeyManagementService.AsymmetricSign.",
2499
- "id": "AsymmetricSignRequest",
2500
- "properties": {
2501
- "data": {
2502
- "description": "Optional. The data to sign. It can't be supplied if AsymmetricSignRequest.digest is supplied.",
2503
- "format": "byte",
2504
- "type": "string"
2505
- },
2506
- "dataCrc32c": {
2507
- "description": "Optional. An optional CRC32C checksum of the AsymmetricSignRequest.data. If specified, KeyManagementService will verify the integrity of the received AsymmetricSignRequest.data using this checksum. KeyManagementService will report an error if the checksum verification fails. If you receive a checksum error, your client should verify that CRC32C(AsymmetricSignRequest.data) is equal to AsymmetricSignRequest.data_crc32c, and if so, perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type.",
2508
- "format": "int64",
2509
- "type": "string"
2547
+ "path": "v1/{+name}",
2548
+ "response": {
2549
+ "$ref": "SingleTenantHsmInstance"
2510
2550
  },
2511
- "digest": {
2512
- "$ref": "Digest",
2513
- "description": "Optional. The digest of the data to sign. The digest must be produced with the same digest algorithm as specified by the key version's algorithm. This field may not be supplied if AsymmetricSignRequest.data is supplied."
2551
+ "scopes": [
2552
+ "https://www.googleapis.com/auth/cloud-platform",
2553
+ "https://www.googleapis.com/auth/cloudkms"
2554
+ ]
2514
2555
  },
2515
- "digestCrc32c": {
2516
- "description": "Optional. An optional CRC32C checksum of the AsymmetricSignRequest.digest. If specified, KeyManagementService will verify the integrity of the received AsymmetricSignRequest.digest using this checksum. KeyManagementService will report an error if the checksum verification fails. If you receive a checksum error, your client should verify that CRC32C(AsymmetricSignRequest.digest) is equal to AsymmetricSignRequest.digest_crc32c, and if so, perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type.",
2517
- "format": "int64",
2556
+ "list": {
2557
+ "description": "Lists SingleTenantHsmInstances.",
2558
+ "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/singleTenantHsmInstances",
2559
+ "httpMethod": "GET",
2560
+ "id": "cloudkms.projects.locations.singleTenantHsmInstances.list",
2561
+ "parameterOrder": [
2562
+ "parent"
2563
+ ],
2564
+ "parameters": {
2565
+ "filter": {
2566
+ "description": "Optional. Only include resources that match the filter in the response. For more information, see [Sorting and filtering list results](https://cloud.google.com/kms/docs/sorting-and-filtering).",
2567
+ "location": "query",
2518
2568
  "type": "string"
2519
- }
2520
- },
2521
- "type": "object"
2522
2569
  },
2523
- "AsymmetricSignResponse": {
2524
- "description": "Response message for KeyManagementService.AsymmetricSign.",
2525
- "id": "AsymmetricSignResponse",
2526
- "properties": {
2527
- "name": {
2528
- "description": "The resource name of the CryptoKeyVersion used for signing. Check this field to verify that the intended resource was used for signing.",
2570
+ "orderBy": {
2571
+ "description": "Optional. Specify how the results should be sorted. If not specified, the results will be sorted in the default order. For more information, see [Sorting and filtering list results](https://cloud.google.com/kms/docs/sorting-and-filtering).",
2572
+ "location": "query",
2529
2573
  "type": "string"
2530
2574
  },
2531
- "protectionLevel": {
2532
- "description": "The ProtectionLevel of the CryptoKeyVersion used for signing.",
2533
- "enum": [
2534
- "PROTECTION_LEVEL_UNSPECIFIED",
2535
- "SOFTWARE",
2536
- "HSM",
2537
- "EXTERNAL",
2538
- "EXTERNAL_VPC"
2539
- ],
2540
- "enumDescriptions": [
2541
- "Not specified.",
2542
- "Crypto operations are performed in software.",
2543
- "Crypto operations are performed in a Hardware Security Module.",
2544
- "Crypto operations are performed by an external key manager.",
2545
- "Crypto operations are performed in an EKM-over-VPC backend."
2546
- ],
2547
- "type": "string"
2575
+ "pageSize": {
2576
+ "description": "Optional. Optional limit on the number of SingleTenantHsmInstances to include in the response. Further SingleTenantHsmInstances can subsequently be obtained by including the ListSingleTenantHsmInstancesResponse.next_page_token in a subsequent request. If unspecified, the server will pick an appropriate default.",
2577
+ "format": "int32",
2578
+ "location": "query",
2579
+ "type": "integer"
2548
2580
  },
2549
- "signature": {
2550
- "description": "The created signature.",
2551
- "format": "byte",
2581
+ "pageToken": {
2582
+ "description": "Optional. Optional pagination token, returned earlier via ListSingleTenantHsmInstancesResponse.next_page_token.",
2583
+ "location": "query",
2552
2584
  "type": "string"
2553
2585
  },
2554
- "signatureCrc32c": {
2555
- "description": "Integrity verification field. A CRC32C checksum of the returned AsymmetricSignResponse.signature. An integrity check of AsymmetricSignResponse.signature can be performed by computing the CRC32C checksum of AsymmetricSignResponse.signature and comparing your results to this field. Discard the response in case of non-matching checksum values, and perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type.",
2556
- "format": "int64",
2586
+ "parent": {
2587
+ "description": "Required. The resource name of the location associated with the SingleTenantHsmInstances to list, in the format `projects/*/locations/*`.",
2588
+ "location": "path",
2589
+ "pattern": "^projects/[^/]+/locations/[^/]+$",
2590
+ "required": true,
2557
2591
  "type": "string"
2558
2592
  },
2559
- "verifiedDataCrc32c": {
2560
- "description": "Integrity verification field. A flag indicating whether AsymmetricSignRequest.data_crc32c was received by KeyManagementService and used for the integrity verification of the data. A false value of this field indicates either that AsymmetricSignRequest.data_crc32c was left unset or that it was not delivered to KeyManagementService. If you've set AsymmetricSignRequest.data_crc32c but this field is still false, discard the response and perform a limited number of retries.",
2561
- "type": "boolean"
2562
- },
2563
- "verifiedDigestCrc32c": {
2564
- "description": "Integrity verification field. A flag indicating whether AsymmetricSignRequest.digest_crc32c was received by KeyManagementService and used for the integrity verification of the digest. A false value of this field indicates either that AsymmetricSignRequest.digest_crc32c was left unset or that it was not delivered to KeyManagementService. If you've set AsymmetricSignRequest.digest_crc32c but this field is still false, discard the response and perform a limited number of retries.",
2593
+ "showDeleted": {
2594
+ "description": "Optional. If set to true, HsmManagement.ListSingleTenantHsmInstances will also return SingleTenantHsmInstances in DELETED state.",
2595
+ "location": "query",
2565
2596
  "type": "boolean"
2566
2597
  }
2567
2598
  },
2568
- "type": "object"
2569
- },
2570
- "AuditConfig": {
2571
- "description": "Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { \"audit_configs\": [ { \"service\": \"allServices\", \"audit_log_configs\": [ { \"log_type\": \"DATA_READ\", \"exempted_members\": [ \"user:jose@example.com\" ] }, { \"log_type\": \"DATA_WRITE\" }, { \"log_type\": \"ADMIN_READ\" } ] }, { \"service\": \"sampleservice.googleapis.com\", \"audit_log_configs\": [ { \"log_type\": \"DATA_READ\" }, { \"log_type\": \"DATA_WRITE\", \"exempted_members\": [ \"user:aliya@example.com\" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts `jose@example.com` from DATA_READ logging, and `aliya@example.com` from DATA_WRITE logging.",
2572
- "id": "AuditConfig",
2573
- "properties": {
2574
- "auditLogConfigs": {
2575
- "description": "The configuration for logging of each type of permission.",
2576
- "items": {
2577
- "$ref": "AuditLogConfig"
2599
+ "path": "v1/{+parent}/singleTenantHsmInstances",
2600
+ "response": {
2601
+ "$ref": "ListSingleTenantHsmInstancesResponse"
2578
2602
  },
2579
- "type": "array"
2603
+ "scopes": [
2604
+ "https://www.googleapis.com/auth/cloud-platform",
2605
+ "https://www.googleapis.com/auth/cloudkms"
2606
+ ]
2607
+ }
2580
2608
  },
2581
- "service": {
2582
- "description": "Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.",
2609
+ "resources": {
2610
+ "proposals": {
2611
+ "methods": {
2612
+ "approve": {
2613
+ "description": "Approves a SingleTenantHsmInstanceProposal for a given SingleTenantHsmInstance. The proposal must be in the PENDING state.",
2614
+ "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/singleTenantHsmInstances/{singleTenantHsmInstancesId}/proposals/{proposalsId}:approve",
2615
+ "httpMethod": "POST",
2616
+ "id": "cloudkms.projects.locations.singleTenantHsmInstances.proposals.approve",
2617
+ "parameterOrder": [
2618
+ "name"
2619
+ ],
2620
+ "parameters": {
2621
+ "name": {
2622
+ "description": "Required. The name of the SingleTenantHsmInstanceProposal to approve.",
2623
+ "location": "path",
2624
+ "pattern": "^projects/[^/]+/locations/[^/]+/singleTenantHsmInstances/[^/]+/proposals/[^/]+$",
2625
+ "required": true,
2583
2626
  "type": "string"
2584
2627
  }
2585
2628
  },
2586
- "type": "object"
2629
+ "path": "v1/{+name}:approve",
2630
+ "request": {
2631
+ "$ref": "ApproveSingleTenantHsmInstanceProposalRequest"
2587
2632
  },
2588
- "AuditLogConfig": {
2589
- "description": "Provides the configuration for logging a type of permissions. Example: { \"audit_log_configs\": [ { \"log_type\": \"DATA_READ\", \"exempted_members\": [ \"user:jose@example.com\" ] }, { \"log_type\": \"DATA_WRITE\" } ] } This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from DATA_READ logging.",
2590
- "id": "AuditLogConfig",
2591
- "properties": {
2592
- "exemptedMembers": {
2593
- "description": "Specifies the identities that do not cause logging for this type of permission. Follows the same format of Binding.members.",
2594
- "items": {
2595
- "type": "string"
2633
+ "response": {
2634
+ "$ref": "ApproveSingleTenantHsmInstanceProposalResponse"
2596
2635
  },
2597
- "type": "array"
2636
+ "scopes": [
2637
+ "https://www.googleapis.com/auth/cloud-platform",
2638
+ "https://www.googleapis.com/auth/cloudkms"
2639
+ ]
2640
+ },
2641
+ "create": {
2642
+ "description": "Creates a new SingleTenantHsmInstanceProposal for a given SingleTenantHsmInstance.",
2643
+ "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/singleTenantHsmInstances/{singleTenantHsmInstancesId}/proposals",
2644
+ "httpMethod": "POST",
2645
+ "id": "cloudkms.projects.locations.singleTenantHsmInstances.proposals.create",
2646
+ "parameterOrder": [
2647
+ "parent"
2648
+ ],
2649
+ "parameters": {
2650
+ "parent": {
2651
+ "description": "Required. The name of the SingleTenantHsmInstance associated with the SingleTenantHsmInstanceProposals.",
2652
+ "location": "path",
2653
+ "pattern": "^projects/[^/]+/locations/[^/]+/singleTenantHsmInstances/[^/]+$",
2654
+ "required": true,
2655
+ "type": "string"
2656
+ },
2657
+ "singleTenantHsmInstanceProposalId": {
2658
+ "description": "Optional. It must be unique within a location and match the regular expression `[a-zA-Z0-9_-]{1,63}`.",
2659
+ "location": "query",
2660
+ "type": "string"
2661
+ }
2662
+ },
2663
+ "path": "v1/{+parent}/proposals",
2664
+ "request": {
2665
+ "$ref": "SingleTenantHsmInstanceProposal"
2666
+ },
2667
+ "response": {
2668
+ "$ref": "Operation"
2669
+ },
2670
+ "scopes": [
2671
+ "https://www.googleapis.com/auth/cloud-platform",
2672
+ "https://www.googleapis.com/auth/cloudkms"
2673
+ ]
2674
+ },
2675
+ "delete": {
2676
+ "description": "Deletes a SingleTenantHsmInstanceProposal.",
2677
+ "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/singleTenantHsmInstances/{singleTenantHsmInstancesId}/proposals/{proposalsId}",
2678
+ "httpMethod": "DELETE",
2679
+ "id": "cloudkms.projects.locations.singleTenantHsmInstances.proposals.delete",
2680
+ "parameterOrder": [
2681
+ "name"
2682
+ ],
2683
+ "parameters": {
2684
+ "name": {
2685
+ "description": "Required. The name of the SingleTenantHsmInstanceProposal to delete.",
2686
+ "location": "path",
2687
+ "pattern": "^projects/[^/]+/locations/[^/]+/singleTenantHsmInstances/[^/]+/proposals/[^/]+$",
2688
+ "required": true,
2689
+ "type": "string"
2690
+ }
2691
+ },
2692
+ "path": "v1/{+name}",
2693
+ "response": {
2694
+ "$ref": "Empty"
2695
+ },
2696
+ "scopes": [
2697
+ "https://www.googleapis.com/auth/cloud-platform",
2698
+ "https://www.googleapis.com/auth/cloudkms"
2699
+ ]
2700
+ },
2701
+ "execute": {
2702
+ "description": "Executes a SingleTenantHsmInstanceProposal for a given SingleTenantHsmInstance. The proposal must be in the APPROVED state.",
2703
+ "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/singleTenantHsmInstances/{singleTenantHsmInstancesId}/proposals/{proposalsId}:execute",
2704
+ "httpMethod": "POST",
2705
+ "id": "cloudkms.projects.locations.singleTenantHsmInstances.proposals.execute",
2706
+ "parameterOrder": [
2707
+ "name"
2708
+ ],
2709
+ "parameters": {
2710
+ "name": {
2711
+ "description": "Required. The name of the SingleTenantHsmInstanceProposal to execute.",
2712
+ "location": "path",
2713
+ "pattern": "^projects/[^/]+/locations/[^/]+/singleTenantHsmInstances/[^/]+/proposals/[^/]+$",
2714
+ "required": true,
2715
+ "type": "string"
2716
+ }
2717
+ },
2718
+ "path": "v1/{+name}:execute",
2719
+ "request": {
2720
+ "$ref": "ExecuteSingleTenantHsmInstanceProposalRequest"
2721
+ },
2722
+ "response": {
2723
+ "$ref": "Operation"
2724
+ },
2725
+ "scopes": [
2726
+ "https://www.googleapis.com/auth/cloud-platform",
2727
+ "https://www.googleapis.com/auth/cloudkms"
2728
+ ]
2729
+ },
2730
+ "get": {
2731
+ "description": "Returns metadata for a given SingleTenantHsmInstanceProposal.",
2732
+ "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/singleTenantHsmInstances/{singleTenantHsmInstancesId}/proposals/{proposalsId}",
2733
+ "httpMethod": "GET",
2734
+ "id": "cloudkms.projects.locations.singleTenantHsmInstances.proposals.get",
2735
+ "parameterOrder": [
2736
+ "name"
2737
+ ],
2738
+ "parameters": {
2739
+ "name": {
2740
+ "description": "Required. The name of the SingleTenantHsmInstanceProposal to get.",
2741
+ "location": "path",
2742
+ "pattern": "^projects/[^/]+/locations/[^/]+/singleTenantHsmInstances/[^/]+/proposals/[^/]+$",
2743
+ "required": true,
2744
+ "type": "string"
2745
+ }
2746
+ },
2747
+ "path": "v1/{+name}",
2748
+ "response": {
2749
+ "$ref": "SingleTenantHsmInstanceProposal"
2750
+ },
2751
+ "scopes": [
2752
+ "https://www.googleapis.com/auth/cloud-platform",
2753
+ "https://www.googleapis.com/auth/cloudkms"
2754
+ ]
2755
+ },
2756
+ "list": {
2757
+ "description": "Lists SingleTenantHsmInstanceProposals.",
2758
+ "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/singleTenantHsmInstances/{singleTenantHsmInstancesId}/proposals",
2759
+ "httpMethod": "GET",
2760
+ "id": "cloudkms.projects.locations.singleTenantHsmInstances.proposals.list",
2761
+ "parameterOrder": [
2762
+ "parent"
2763
+ ],
2764
+ "parameters": {
2765
+ "filter": {
2766
+ "description": "Optional. Only include resources that match the filter in the response. For more information, see [Sorting and filtering list results](https://cloud.google.com/kms/docs/sorting-and-filtering).",
2767
+ "location": "query",
2768
+ "type": "string"
2769
+ },
2770
+ "orderBy": {
2771
+ "description": "Optional. Specify how the results should be sorted. If not specified, the results will be sorted in the default order. For more information, see [Sorting and filtering list results](https://cloud.google.com/kms/docs/sorting-and-filtering).",
2772
+ "location": "query",
2773
+ "type": "string"
2774
+ },
2775
+ "pageSize": {
2776
+ "description": "Optional. Optional limit on the number of SingleTenantHsmInstanceProposals to include in the response. Further SingleTenantHsmInstanceProposals can subsequently be obtained by including the ListSingleTenantHsmInstanceProposalsResponse.next_page_token in a subsequent request. If unspecified, the server will pick an appropriate default.",
2777
+ "format": "int32",
2778
+ "location": "query",
2779
+ "type": "integer"
2780
+ },
2781
+ "pageToken": {
2782
+ "description": "Optional. Optional pagination token, returned earlier via ListSingleTenantHsmInstanceProposalsResponse.next_page_token.",
2783
+ "location": "query",
2784
+ "type": "string"
2785
+ },
2786
+ "parent": {
2787
+ "description": "Required. The resource name of the single tenant HSM instance associated with the SingleTenantHsmInstanceProposals to list, in the format `projects/*/locations/*/singleTenantHsmInstances/*`.",
2788
+ "location": "path",
2789
+ "pattern": "^projects/[^/]+/locations/[^/]+/singleTenantHsmInstances/[^/]+$",
2790
+ "required": true,
2791
+ "type": "string"
2792
+ },
2793
+ "showDeleted": {
2794
+ "description": "Optional. If set to true, HsmManagement.ListSingleTenantHsmInstanceProposals will also return SingleTenantHsmInstanceProposals in DELETED state.",
2795
+ "location": "query",
2796
+ "type": "boolean"
2797
+ }
2798
+ },
2799
+ "path": "v1/{+parent}/proposals",
2800
+ "response": {
2801
+ "$ref": "ListSingleTenantHsmInstanceProposalsResponse"
2802
+ },
2803
+ "scopes": [
2804
+ "https://www.googleapis.com/auth/cloud-platform",
2805
+ "https://www.googleapis.com/auth/cloudkms"
2806
+ ]
2807
+ }
2808
+ }
2809
+ }
2810
+ }
2811
+ }
2812
+ }
2813
+ }
2814
+ }
2815
+ }
2816
+ },
2817
+ "revision": "20260116",
2818
+ "rootUrl": "https://cloudkms.googleapis.com/",
2819
+ "schemas": {
2820
+ "AddQuorumMember": {
2821
+ "description": "Add a quorum member to the SingleTenantHsmInstance. This will increase the total_approver_count by 1. The SingleTenantHsmInstance must be in the ACTIVE state to perform this operation.",
2822
+ "id": "AddQuorumMember",
2823
+ "properties": {
2824
+ "twoFactorPublicKeyPem": {
2825
+ "description": "Required. The public key associated with the 2FA key for the new quorum member to add. Public keys must be associated with RSA 2048 keys.",
2826
+ "type": "string"
2827
+ }
2828
+ },
2829
+ "type": "object"
2830
+ },
2831
+ "ApproveSingleTenantHsmInstanceProposalRequest": {
2832
+ "description": "Request message for HsmManagement.ApproveSingleTenantHsmInstanceProposal.",
2833
+ "id": "ApproveSingleTenantHsmInstanceProposalRequest",
2834
+ "properties": {
2835
+ "quorumReply": {
2836
+ "$ref": "QuorumReply",
2837
+ "description": "Required. The reply to QuorumParameters for approving the proposal."
2838
+ },
2839
+ "requiredActionQuorumReply": {
2840
+ "$ref": "RequiredActionQuorumReply",
2841
+ "description": "Required. The reply to RequiredActionQuorumParameters for approving the proposal."
2842
+ }
2843
+ },
2844
+ "type": "object"
2845
+ },
2846
+ "ApproveSingleTenantHsmInstanceProposalResponse": {
2847
+ "description": "Response message for HsmManagement.ApproveSingleTenantHsmInstanceProposal.",
2848
+ "id": "ApproveSingleTenantHsmInstanceProposalResponse",
2849
+ "properties": {},
2850
+ "type": "object"
2851
+ },
2852
+ "AsymmetricDecryptRequest": {
2853
+ "description": "Request message for KeyManagementService.AsymmetricDecrypt.",
2854
+ "id": "AsymmetricDecryptRequest",
2855
+ "properties": {
2856
+ "ciphertext": {
2857
+ "description": "Required. The data encrypted with the named CryptoKeyVersion's public key using OAEP.",
2858
+ "format": "byte",
2859
+ "type": "string"
2860
+ },
2861
+ "ciphertextCrc32c": {
2862
+ "description": "Optional. An optional CRC32C checksum of the AsymmetricDecryptRequest.ciphertext. If specified, KeyManagementService will verify the integrity of the received AsymmetricDecryptRequest.ciphertext using this checksum. KeyManagementService will report an error if the checksum verification fails. If you receive a checksum error, your client should verify that CRC32C(AsymmetricDecryptRequest.ciphertext) is equal to AsymmetricDecryptRequest.ciphertext_crc32c, and if so, perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type.",
2863
+ "format": "int64",
2864
+ "type": "string"
2865
+ }
2866
+ },
2867
+ "type": "object"
2868
+ },
2869
+ "AsymmetricDecryptResponse": {
2870
+ "description": "Response message for KeyManagementService.AsymmetricDecrypt.",
2871
+ "id": "AsymmetricDecryptResponse",
2872
+ "properties": {
2873
+ "plaintext": {
2874
+ "description": "The decrypted data originally encrypted with the matching public key.",
2875
+ "format": "byte",
2876
+ "type": "string"
2877
+ },
2878
+ "plaintextCrc32c": {
2879
+ "description": "Integrity verification field. A CRC32C checksum of the returned AsymmetricDecryptResponse.plaintext. An integrity check of AsymmetricDecryptResponse.plaintext can be performed by computing the CRC32C checksum of AsymmetricDecryptResponse.plaintext and comparing your results to this field. Discard the response in case of non-matching checksum values, and perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type.",
2880
+ "format": "int64",
2881
+ "type": "string"
2882
+ },
2883
+ "protectionLevel": {
2884
+ "description": "The ProtectionLevel of the CryptoKeyVersion used in decryption.",
2885
+ "enum": [
2886
+ "PROTECTION_LEVEL_UNSPECIFIED",
2887
+ "SOFTWARE",
2888
+ "HSM",
2889
+ "EXTERNAL",
2890
+ "EXTERNAL_VPC",
2891
+ "HSM_SINGLE_TENANT"
2892
+ ],
2893
+ "enumDescriptions": [
2894
+ "Not specified.",
2895
+ "Crypto operations are performed in software.",
2896
+ "Crypto operations are performed in a Hardware Security Module.",
2897
+ "Crypto operations are performed by an external key manager.",
2898
+ "Crypto operations are performed in an EKM-over-VPC backend.",
2899
+ "Crypto operations are performed in a single-tenant HSM."
2900
+ ],
2901
+ "type": "string"
2902
+ },
2903
+ "verifiedCiphertextCrc32c": {
2904
+ "description": "Integrity verification field. A flag indicating whether AsymmetricDecryptRequest.ciphertext_crc32c was received by KeyManagementService and used for the integrity verification of the ciphertext. A false value of this field indicates either that AsymmetricDecryptRequest.ciphertext_crc32c was left unset or that it was not delivered to KeyManagementService. If you've set AsymmetricDecryptRequest.ciphertext_crc32c but this field is still false, discard the response and perform a limited number of retries.",
2905
+ "type": "boolean"
2906
+ }
2907
+ },
2908
+ "type": "object"
2909
+ },
2910
+ "AsymmetricSignRequest": {
2911
+ "description": "Request message for KeyManagementService.AsymmetricSign.",
2912
+ "id": "AsymmetricSignRequest",
2913
+ "properties": {
2914
+ "data": {
2915
+ "description": "Optional. The data to sign. It can't be supplied if AsymmetricSignRequest.digest is supplied.",
2916
+ "format": "byte",
2917
+ "type": "string"
2918
+ },
2919
+ "dataCrc32c": {
2920
+ "description": "Optional. An optional CRC32C checksum of the AsymmetricSignRequest.data. If specified, KeyManagementService will verify the integrity of the received AsymmetricSignRequest.data using this checksum. KeyManagementService will report an error if the checksum verification fails. If you receive a checksum error, your client should verify that CRC32C(AsymmetricSignRequest.data) is equal to AsymmetricSignRequest.data_crc32c, and if so, perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type.",
2921
+ "format": "int64",
2922
+ "type": "string"
2923
+ },
2924
+ "digest": {
2925
+ "$ref": "Digest",
2926
+ "description": "Optional. The digest of the data to sign. The digest must be produced with the same digest algorithm as specified by the key version's algorithm. This field may not be supplied if AsymmetricSignRequest.data is supplied."
2927
+ },
2928
+ "digestCrc32c": {
2929
+ "description": "Optional. An optional CRC32C checksum of the AsymmetricSignRequest.digest. If specified, KeyManagementService will verify the integrity of the received AsymmetricSignRequest.digest using this checksum. KeyManagementService will report an error if the checksum verification fails. If you receive a checksum error, your client should verify that CRC32C(AsymmetricSignRequest.digest) is equal to AsymmetricSignRequest.digest_crc32c, and if so, perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type.",
2930
+ "format": "int64",
2931
+ "type": "string"
2932
+ }
2933
+ },
2934
+ "type": "object"
2935
+ },
2936
+ "AsymmetricSignResponse": {
2937
+ "description": "Response message for KeyManagementService.AsymmetricSign.",
2938
+ "id": "AsymmetricSignResponse",
2939
+ "properties": {
2940
+ "name": {
2941
+ "description": "The resource name of the CryptoKeyVersion used for signing. Check this field to verify that the intended resource was used for signing.",
2942
+ "type": "string"
2943
+ },
2944
+ "protectionLevel": {
2945
+ "description": "The ProtectionLevel of the CryptoKeyVersion used for signing.",
2946
+ "enum": [
2947
+ "PROTECTION_LEVEL_UNSPECIFIED",
2948
+ "SOFTWARE",
2949
+ "HSM",
2950
+ "EXTERNAL",
2951
+ "EXTERNAL_VPC",
2952
+ "HSM_SINGLE_TENANT"
2953
+ ],
2954
+ "enumDescriptions": [
2955
+ "Not specified.",
2956
+ "Crypto operations are performed in software.",
2957
+ "Crypto operations are performed in a Hardware Security Module.",
2958
+ "Crypto operations are performed by an external key manager.",
2959
+ "Crypto operations are performed in an EKM-over-VPC backend.",
2960
+ "Crypto operations are performed in a single-tenant HSM."
2961
+ ],
2962
+ "type": "string"
2963
+ },
2964
+ "signature": {
2965
+ "description": "The created signature.",
2966
+ "format": "byte",
2967
+ "type": "string"
2968
+ },
2969
+ "signatureCrc32c": {
2970
+ "description": "Integrity verification field. A CRC32C checksum of the returned AsymmetricSignResponse.signature. An integrity check of AsymmetricSignResponse.signature can be performed by computing the CRC32C checksum of AsymmetricSignResponse.signature and comparing your results to this field. Discard the response in case of non-matching checksum values, and perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type.",
2971
+ "format": "int64",
2972
+ "type": "string"
2973
+ },
2974
+ "verifiedDataCrc32c": {
2975
+ "description": "Integrity verification field. A flag indicating whether AsymmetricSignRequest.data_crc32c was received by KeyManagementService and used for the integrity verification of the data. A false value of this field indicates either that AsymmetricSignRequest.data_crc32c was left unset or that it was not delivered to KeyManagementService. If you've set AsymmetricSignRequest.data_crc32c but this field is still false, discard the response and perform a limited number of retries.",
2976
+ "type": "boolean"
2977
+ },
2978
+ "verifiedDigestCrc32c": {
2979
+ "description": "Integrity verification field. A flag indicating whether AsymmetricSignRequest.digest_crc32c was received by KeyManagementService and used for the integrity verification of the digest. A false value of this field indicates either that AsymmetricSignRequest.digest_crc32c was left unset or that it was not delivered to KeyManagementService. If you've set AsymmetricSignRequest.digest_crc32c but this field is still false, discard the response and perform a limited number of retries.",
2980
+ "type": "boolean"
2981
+ }
2982
+ },
2983
+ "type": "object"
2984
+ },
2985
+ "AuditConfig": {
2986
+ "description": "Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { \"audit_configs\": [ { \"service\": \"allServices\", \"audit_log_configs\": [ { \"log_type\": \"DATA_READ\", \"exempted_members\": [ \"user:jose@example.com\" ] }, { \"log_type\": \"DATA_WRITE\" }, { \"log_type\": \"ADMIN_READ\" } ] }, { \"service\": \"sampleservice.googleapis.com\", \"audit_log_configs\": [ { \"log_type\": \"DATA_READ\" }, { \"log_type\": \"DATA_WRITE\", \"exempted_members\": [ \"user:aliya@example.com\" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts `jose@example.com` from DATA_READ logging, and `aliya@example.com` from DATA_WRITE logging.",
2987
+ "id": "AuditConfig",
2988
+ "properties": {
2989
+ "auditLogConfigs": {
2990
+ "description": "The configuration for logging of each type of permission.",
2991
+ "items": {
2992
+ "$ref": "AuditLogConfig"
2993
+ },
2994
+ "type": "array"
2995
+ },
2996
+ "service": {
2997
+ "description": "Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.",
2998
+ "type": "string"
2999
+ }
3000
+ },
3001
+ "type": "object"
3002
+ },
3003
+ "AuditLogConfig": {
3004
+ "description": "Provides the configuration for logging a type of permissions. Example: { \"audit_log_configs\": [ { \"log_type\": \"DATA_READ\", \"exempted_members\": [ \"user:jose@example.com\" ] }, { \"log_type\": \"DATA_WRITE\" } ] } This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from DATA_READ logging.",
3005
+ "id": "AuditLogConfig",
3006
+ "properties": {
3007
+ "exemptedMembers": {
3008
+ "description": "Specifies the identities that do not cause logging for this type of permission. Follows the same format of Binding.members.",
3009
+ "items": {
3010
+ "type": "string"
3011
+ },
3012
+ "type": "array"
2598
3013
  },
2599
3014
  "logType": {
2600
3015
  "description": "The log type that this config enables.",
@@ -2616,7 +3031,7 @@
2616
3031
  "type": "object"
2617
3032
  },
2618
3033
  "AutokeyConfig": {
2619
- "description": "Cloud KMS Autokey configuration for a folder or project.",
3034
+ "description": "Cloud KMS Autokey configuration for a folder.",
2620
3035
  "id": "AutokeyConfig",
2621
3036
  "properties": {
2622
3037
  "etag": {
@@ -2628,7 +3043,7 @@
2628
3043
  "type": "string"
2629
3044
  },
2630
3045
  "name": {
2631
- "description": "Identifier. Name of the AutokeyConfig resource, e.g. `folders/{FOLDER_NUMBER}/autokeyConfig` `projects/{PROJECT_NUMBER}/autokeyConfig`.",
3046
+ "description": "Identifier. Name of the AutokeyConfig resource, e.g. `folders/{FOLDER_NUMBER}/autokeyConfig`",
2632
3047
  "type": "string"
2633
3048
  },
2634
3049
  "state": {
@@ -2739,21 +3154,55 @@
2739
3154
  "items": {
2740
3155
  "type": "string"
2741
3156
  },
2742
- "type": "array"
2743
- },
2744
- "googleCardCerts": {
2745
- "description": "Google card certificate chain corresponding to the attestation.",
2746
- "items": {
3157
+ "type": "array"
3158
+ },
3159
+ "googleCardCerts": {
3160
+ "description": "Google card certificate chain corresponding to the attestation.",
3161
+ "items": {
3162
+ "type": "string"
3163
+ },
3164
+ "type": "array"
3165
+ },
3166
+ "googlePartitionCerts": {
3167
+ "description": "Google partition certificate chain corresponding to the attestation.",
3168
+ "items": {
3169
+ "type": "string"
3170
+ },
3171
+ "type": "array"
3172
+ }
3173
+ },
3174
+ "type": "object"
3175
+ },
3176
+ "Challenge": {
3177
+ "description": "A challenge to be signed by a 2FA key.",
3178
+ "id": "Challenge",
3179
+ "properties": {
3180
+ "challenge": {
3181
+ "description": "Output only. The challenge to be signed by the 2FA key indicated by the public key.",
3182
+ "format": "byte",
3183
+ "readOnly": true,
3184
+ "type": "string"
3185
+ },
3186
+ "publicKeyPem": {
3187
+ "description": "Output only. The public key associated with the 2FA key that should sign the challenge.",
3188
+ "readOnly": true,
2747
3189
  "type": "string"
3190
+ }
2748
3191
  },
2749
- "type": "array"
3192
+ "type": "object"
2750
3193
  },
2751
- "googlePartitionCerts": {
2752
- "description": "Google partition certificate chain corresponding to the attestation.",
2753
- "items": {
3194
+ "ChallengeReply": {
3195
+ "description": "A reply to a challenge signed by a 2FA key.",
3196
+ "id": "ChallengeReply",
3197
+ "properties": {
3198
+ "publicKeyPem": {
3199
+ "description": "Required. The public key associated with the 2FA key.",
2754
3200
  "type": "string"
2755
3201
  },
2756
- "type": "array"
3202
+ "signedChallenge": {
3203
+ "description": "Required. The signed challenge associated with the 2FA key. The signature must be RSASSA-PKCS1 v1.5 with a SHA256 digest.",
3204
+ "format": "byte",
3205
+ "type": "string"
2757
3206
  }
2758
3207
  },
2759
3208
  "type": "object"
@@ -2786,7 +3235,7 @@
2786
3235
  "type": "string"
2787
3236
  },
2788
3237
  "cryptoKeyBackend": {
2789
- "description": "Immutable. The resource name of the backend environment where the key material for all CryptoKeyVersions associated with this CryptoKey reside and where all related cryptographic operations are performed. Only applicable if CryptoKeyVersions have a ProtectionLevel of EXTERNAL_VPC, with the resource name in the format `projects/*/locations/*/ekmConnections/*`. Note, this list is non-exhaustive and may apply to additional ProtectionLevels in the future.",
3238
+ "description": "Immutable. The resource name of the backend environment where the key material for all CryptoKeyVersions associated with this CryptoKey reside and where all related cryptographic operations are performed. Only applicable if CryptoKeyVersions have a ProtectionLevel of EXTERNAL_VPC, with the resource name in the format `projects/*/locations/*/ekmConnections/*`. Only applicable if CryptoKeyVersions have a ProtectionLevel of HSM_SINGLE_TENANT, with the resource name in the format `projects/*/locations/*/singleTenantHsmInstances/*`. Note, this list is non-exhaustive and may apply to additional ProtectionLevels in the future.",
2790
3239
  "type": "string"
2791
3240
  },
2792
3241
  "destroyScheduledDuration": {
@@ -2908,7 +3357,10 @@
2908
3357
  "PQ_SIGN_ML_DSA_65",
2909
3358
  "PQ_SIGN_ML_DSA_87",
2910
3359
  "PQ_SIGN_SLH_DSA_SHA2_128S",
2911
- "PQ_SIGN_HASH_SLH_DSA_SHA2_128S_SHA256"
3360
+ "PQ_SIGN_HASH_SLH_DSA_SHA2_128S_SHA256",
3361
+ "PQ_SIGN_ML_DSA_44_EXTERNAL_MU",
3362
+ "PQ_SIGN_ML_DSA_65_EXTERNAL_MU",
3363
+ "PQ_SIGN_ML_DSA_87_EXTERNAL_MU"
2912
3364
  ],
2913
3365
  "enumDescriptions": [
2914
3366
  "Not specified.",
@@ -2954,7 +3406,10 @@
2954
3406
  "The post-quantum Module-Lattice-Based Digital Signature Algorithm, at security level 3. Randomized version.",
2955
3407
  "The post-quantum Module-Lattice-Based Digital Signature Algorithm, at security level 5. Randomized version.",
2956
3408
  "The post-quantum stateless hash-based digital signature algorithm, at security level 1. Randomized version.",
2957
- "The post-quantum stateless hash-based digital signature algorithm, at security level 1. Randomized pre-hash version supporting SHA256 digests."
3409
+ "The post-quantum stateless hash-based digital signature algorithm, at security level 1. Randomized pre-hash version supporting SHA256 digests.",
3410
+ "The post-quantum Module-Lattice-Based Digital Signature Algorithm, at security level 1. Randomized version supporting externally-computed message representatives.",
3411
+ "The post-quantum Module-Lattice-Based Digital Signature Algorithm, at security level 3. Randomized version supporting externally-computed message representatives.",
3412
+ "The post-quantum Module-Lattice-Based Digital Signature Algorithm, at security level 5. Randomized version supporting externally-computed message representatives."
2958
3413
  ],
2959
3414
  "readOnly": true,
2960
3415
  "type": "string"
@@ -3030,14 +3485,16 @@
3030
3485
  "SOFTWARE",
3031
3486
  "HSM",
3032
3487
  "EXTERNAL",
3033
- "EXTERNAL_VPC"
3488
+ "EXTERNAL_VPC",
3489
+ "HSM_SINGLE_TENANT"
3034
3490
  ],
3035
3491
  "enumDescriptions": [
3036
3492
  "Not specified.",
3037
3493
  "Crypto operations are performed in software.",
3038
3494
  "Crypto operations are performed in a Hardware Security Module.",
3039
3495
  "Crypto operations are performed by an external key manager.",
3040
- "Crypto operations are performed in an EKM-over-VPC backend."
3496
+ "Crypto operations are performed in an EKM-over-VPC backend.",
3497
+ "Crypto operations are performed in a single-tenant HSM."
3041
3498
  ],
3042
3499
  "readOnly": true,
3043
3500
  "type": "string"
@@ -3130,7 +3587,10 @@
3130
3587
  "PQ_SIGN_ML_DSA_65",
3131
3588
  "PQ_SIGN_ML_DSA_87",
3132
3589
  "PQ_SIGN_SLH_DSA_SHA2_128S",
3133
- "PQ_SIGN_HASH_SLH_DSA_SHA2_128S_SHA256"
3590
+ "PQ_SIGN_HASH_SLH_DSA_SHA2_128S_SHA256",
3591
+ "PQ_SIGN_ML_DSA_44_EXTERNAL_MU",
3592
+ "PQ_SIGN_ML_DSA_65_EXTERNAL_MU",
3593
+ "PQ_SIGN_ML_DSA_87_EXTERNAL_MU"
3134
3594
  ],
3135
3595
  "enumDescriptions": [
3136
3596
  "Not specified.",
@@ -3176,7 +3636,10 @@
3176
3636
  "The post-quantum Module-Lattice-Based Digital Signature Algorithm, at security level 3. Randomized version.",
3177
3637
  "The post-quantum Module-Lattice-Based Digital Signature Algorithm, at security level 5. Randomized version.",
3178
3638
  "The post-quantum stateless hash-based digital signature algorithm, at security level 1. Randomized version.",
3179
- "The post-quantum stateless hash-based digital signature algorithm, at security level 1. Randomized pre-hash version supporting SHA256 digests."
3639
+ "The post-quantum stateless hash-based digital signature algorithm, at security level 1. Randomized pre-hash version supporting SHA256 digests.",
3640
+ "The post-quantum Module-Lattice-Based Digital Signature Algorithm, at security level 1. Randomized version supporting externally-computed message representatives.",
3641
+ "The post-quantum Module-Lattice-Based Digital Signature Algorithm, at security level 3. Randomized version supporting externally-computed message representatives.",
3642
+ "The post-quantum Module-Lattice-Based Digital Signature Algorithm, at security level 5. Randomized version supporting externally-computed message representatives."
3180
3643
  ],
3181
3644
  "type": "string"
3182
3645
  },
@@ -3187,14 +3650,16 @@
3187
3650
  "SOFTWARE",
3188
3651
  "HSM",
3189
3652
  "EXTERNAL",
3190
- "EXTERNAL_VPC"
3653
+ "EXTERNAL_VPC",
3654
+ "HSM_SINGLE_TENANT"
3191
3655
  ],
3192
3656
  "enumDescriptions": [
3193
3657
  "Not specified.",
3194
3658
  "Crypto operations are performed in software.",
3195
3659
  "Crypto operations are performed in a Hardware Security Module.",
3196
3660
  "Crypto operations are performed by an external key manager.",
3197
- "Crypto operations are performed in an EKM-over-VPC backend."
3661
+ "Crypto operations are performed in an EKM-over-VPC backend.",
3662
+ "Crypto operations are performed in a single-tenant HSM."
3198
3663
  ],
3199
3664
  "type": "string"
3200
3665
  }
@@ -3233,14 +3698,16 @@
3233
3698
  "SOFTWARE",
3234
3699
  "HSM",
3235
3700
  "EXTERNAL",
3236
- "EXTERNAL_VPC"
3701
+ "EXTERNAL_VPC",
3702
+ "HSM_SINGLE_TENANT"
3237
3703
  ],
3238
3704
  "enumDescriptions": [
3239
3705
  "Not specified.",
3240
3706
  "Crypto operations are performed in software.",
3241
3707
  "Crypto operations are performed in a Hardware Security Module.",
3242
3708
  "Crypto operations are performed by an external key manager.",
3243
- "Crypto operations are performed in an EKM-over-VPC backend."
3709
+ "Crypto operations are performed in an EKM-over-VPC backend.",
3710
+ "Crypto operations are performed in a single-tenant HSM."
3244
3711
  ],
3245
3712
  "type": "string"
3246
3713
  },
@@ -3309,14 +3776,16 @@
3309
3776
  "SOFTWARE",
3310
3777
  "HSM",
3311
3778
  "EXTERNAL",
3312
- "EXTERNAL_VPC"
3779
+ "EXTERNAL_VPC",
3780
+ "HSM_SINGLE_TENANT"
3313
3781
  ],
3314
3782
  "enumDescriptions": [
3315
3783
  "Not specified.",
3316
3784
  "Crypto operations are performed in software.",
3317
3785
  "Crypto operations are performed in a Hardware Security Module.",
3318
3786
  "Crypto operations are performed by an external key manager.",
3319
- "Crypto operations are performed in an EKM-over-VPC backend."
3787
+ "Crypto operations are performed in an EKM-over-VPC backend.",
3788
+ "Crypto operations are performed in a single-tenant HSM."
3320
3789
  ],
3321
3790
  "type": "string"
3322
3791
  },
@@ -3327,6 +3796,12 @@
3327
3796
  },
3328
3797
  "type": "object"
3329
3798
  },
3799
+ "DeleteSingleTenantHsmInstance": {
3800
+ "description": "Delete the SingleTenantHsmInstance. Deleting a SingleTenantHsmInstance will make all CryptoKeys attached to the SingleTenantHsmInstance unusable. The SingleTenantHsmInstance must not be in the DELETING or DELETED state to perform this operation.",
3801
+ "id": "DeleteSingleTenantHsmInstance",
3802
+ "properties": {},
3803
+ "type": "object"
3804
+ },
3330
3805
  "DestroyCryptoKeyVersionRequest": {
3331
3806
  "description": "Request message for KeyManagementService.DestroyCryptoKeyVersion.",
3332
3807
  "id": "DestroyCryptoKeyVersionRequest",
@@ -3355,6 +3830,12 @@
3355
3830
  },
3356
3831
  "type": "object"
3357
3832
  },
3833
+ "DisableSingleTenantHsmInstance": {
3834
+ "description": "Disable the SingleTenantHsmInstance. The SingleTenantHsmInstance must be in the ACTIVE state to perform this operation.",
3835
+ "id": "DisableSingleTenantHsmInstance",
3836
+ "properties": {},
3837
+ "type": "object"
3838
+ },
3358
3839
  "EkmConfig": {
3359
3840
  "description": "An EkmConfig is a singleton resource that represents configuration parameters that apply to all CryptoKeys and CryptoKeyVersions with a ProtectionLevel of EXTERNAL_VPC in a given project and location.",
3360
3841
  "id": "EkmConfig",
@@ -3418,6 +3899,18 @@
3418
3899
  },
3419
3900
  "type": "object"
3420
3901
  },
3902
+ "Empty": {
3903
+ "description": "A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); }",
3904
+ "id": "Empty",
3905
+ "properties": {},
3906
+ "type": "object"
3907
+ },
3908
+ "EnableSingleTenantHsmInstance": {
3909
+ "description": "Enable the SingleTenantHsmInstance. The SingleTenantHsmInstance must be in the DISABLED state to perform this operation.",
3910
+ "id": "EnableSingleTenantHsmInstance",
3911
+ "properties": {},
3912
+ "type": "object"
3913
+ },
3421
3914
  "EncryptRequest": {
3422
3915
  "description": "Request message for KeyManagementService.Encrypt.",
3423
3916
  "id": "EncryptRequest",
@@ -3470,14 +3963,16 @@
3470
3963
  "SOFTWARE",
3471
3964
  "HSM",
3472
3965
  "EXTERNAL",
3473
- "EXTERNAL_VPC"
3966
+ "EXTERNAL_VPC",
3967
+ "HSM_SINGLE_TENANT"
3474
3968
  ],
3475
3969
  "enumDescriptions": [
3476
3970
  "Not specified.",
3477
3971
  "Crypto operations are performed in software.",
3478
3972
  "Crypto operations are performed in a Hardware Security Module.",
3479
3973
  "Crypto operations are performed by an external key manager.",
3480
- "Crypto operations are performed in an EKM-over-VPC backend."
3974
+ "Crypto operations are performed in an EKM-over-VPC backend.",
3975
+ "Crypto operations are performed in a single-tenant HSM."
3481
3976
  ],
3482
3977
  "type": "string"
3483
3978
  },
@@ -3492,6 +3987,12 @@
3492
3987
  },
3493
3988
  "type": "object"
3494
3989
  },
3990
+ "ExecuteSingleTenantHsmInstanceProposalRequest": {
3991
+ "description": "Request message for HsmManagement.ExecuteSingleTenantHsmInstanceProposal.",
3992
+ "id": "ExecuteSingleTenantHsmInstanceProposalRequest",
3993
+ "properties": {},
3994
+ "type": "object"
3995
+ },
3495
3996
  "Expr": {
3496
3997
  "description": "Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: \"Summary size limit\" description: \"Determines if a summary is less than 100 chars\" expression: \"document.summary.size() < 100\" Example (Equality): title: \"Requestor is owner\" description: \"Determines if requestor is the document owner\" expression: \"document.owner == request.auth.claims.email\" Example (Logic): title: \"Public documents\" description: \"Determine whether the document should be publicly visible\" expression: \"document.type != 'private' && document.type != 'internal'\" Example (Data Manipulation): title: \"Notification string\" description: \"Create a notification string with a timestamp.\" expression: \"'New message received at ' + string(document.create_time)\" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.",
3497
3998
  "id": "Expr",
@@ -3546,14 +4047,16 @@
3546
4047
  "SOFTWARE",
3547
4048
  "HSM",
3548
4049
  "EXTERNAL",
3549
- "EXTERNAL_VPC"
4050
+ "EXTERNAL_VPC",
4051
+ "HSM_SINGLE_TENANT"
3550
4052
  ],
3551
4053
  "enumDescriptions": [
3552
4054
  "Not specified.",
3553
4055
  "Crypto operations are performed in software.",
3554
4056
  "Crypto operations are performed in a Hardware Security Module.",
3555
4057
  "Crypto operations are performed by an external key manager.",
3556
- "Crypto operations are performed in an EKM-over-VPC backend."
4058
+ "Crypto operations are performed in an EKM-over-VPC backend.",
4059
+ "Crypto operations are performed in a single-tenant HSM."
3557
4060
  ],
3558
4061
  "type": "string"
3559
4062
  }
@@ -3627,7 +4130,10 @@
3627
4130
  "PQ_SIGN_ML_DSA_65",
3628
4131
  "PQ_SIGN_ML_DSA_87",
3629
4132
  "PQ_SIGN_SLH_DSA_SHA2_128S",
3630
- "PQ_SIGN_HASH_SLH_DSA_SHA2_128S_SHA256"
4133
+ "PQ_SIGN_HASH_SLH_DSA_SHA2_128S_SHA256",
4134
+ "PQ_SIGN_ML_DSA_44_EXTERNAL_MU",
4135
+ "PQ_SIGN_ML_DSA_65_EXTERNAL_MU",
4136
+ "PQ_SIGN_ML_DSA_87_EXTERNAL_MU"
3631
4137
  ],
3632
4138
  "enumDescriptions": [
3633
4139
  "Not specified.",
@@ -3673,7 +4179,10 @@
3673
4179
  "The post-quantum Module-Lattice-Based Digital Signature Algorithm, at security level 3. Randomized version.",
3674
4180
  "The post-quantum Module-Lattice-Based Digital Signature Algorithm, at security level 5. Randomized version.",
3675
4181
  "The post-quantum stateless hash-based digital signature algorithm, at security level 1. Randomized version.",
3676
- "The post-quantum stateless hash-based digital signature algorithm, at security level 1. Randomized pre-hash version supporting SHA256 digests."
4182
+ "The post-quantum stateless hash-based digital signature algorithm, at security level 1. Randomized pre-hash version supporting SHA256 digests.",
4183
+ "The post-quantum Module-Lattice-Based Digital Signature Algorithm, at security level 1. Randomized version supporting externally-computed message representatives.",
4184
+ "The post-quantum Module-Lattice-Based Digital Signature Algorithm, at security level 3. Randomized version supporting externally-computed message representatives.",
4185
+ "The post-quantum Module-Lattice-Based Digital Signature Algorithm, at security level 5. Randomized version supporting externally-computed message representatives."
3677
4186
  ],
3678
4187
  "type": "string"
3679
4188
  },
@@ -3713,6 +4222,10 @@
3713
4222
  "readOnly": true,
3714
4223
  "type": "string"
3715
4224
  },
4225
+ "cryptoKeyBackend": {
4226
+ "description": "Immutable. The resource name of the backend environment where the key material for the wrapping key resides and where all related cryptographic operations are performed. Currently, this field is only populated for keys stored in HSM_SINGLE_TENANT. Note, this list is non-exhaustive and may apply to additional ProtectionLevels in the future.",
4227
+ "type": "string"
4228
+ },
3716
4229
  "expireEventTime": {
3717
4230
  "description": "Output only. The time this ImportJob expired. Only present if state is EXPIRED.",
3718
4231
  "format": "google-datetime",
@@ -3765,14 +4278,16 @@
3765
4278
  "SOFTWARE",
3766
4279
  "HSM",
3767
4280
  "EXTERNAL",
3768
- "EXTERNAL_VPC"
4281
+ "EXTERNAL_VPC",
4282
+ "HSM_SINGLE_TENANT"
3769
4283
  ],
3770
4284
  "enumDescriptions": [
3771
4285
  "Not specified.",
3772
4286
  "Crypto operations are performed in software.",
3773
4287
  "Crypto operations are performed in a Hardware Security Module.",
3774
4288
  "Crypto operations are performed by an external key manager.",
3775
- "Crypto operations are performed in an EKM-over-VPC backend."
4289
+ "Crypto operations are performed in an EKM-over-VPC backend.",
4290
+ "Crypto operations are performed in a single-tenant HSM."
3776
4291
  ],
3777
4292
  "type": "string"
3778
4293
  },
@@ -3837,6 +4352,20 @@
3837
4352
  "GOOGLE_RESPONSE_TO_PRODUCTION_ALERT",
3838
4353
  "CUSTOMER_AUTHORIZED_WORKFLOW_SERVICING"
3839
4354
  ],
4355
+ "enumDeprecated": [
4356
+ false,
4357
+ false,
4358
+ false,
4359
+ false,
4360
+ false,
4361
+ false,
4362
+ false,
4363
+ false,
4364
+ true,
4365
+ true,
4366
+ false,
4367
+ false
4368
+ ],
3840
4369
  "enumDescriptions": [
3841
4370
  "Unspecified access reason.",
3842
4371
  "Customer-initiated support.",
@@ -3846,8 +4375,8 @@
3846
4375
  "Customer uses their account to perform any access to their own data which their IAM policy authorizes.",
3847
4376
  "Google systems access customer data to help optimize the structure of the data or quality for future uses by the customer.",
3848
4377
  "No reason is expected for this key request.",
3849
- "Customer uses their account to perform any access to their own data which their IAM policy authorizes, and one of the following is true: * A Google administrator has reset the root-access account associated with the user's organization within the past 7 days. * A Google-initiated emergency access operation has interacted with a resource in the same project or folder as the currently accessed resource within the past 7 days.",
3850
- "Google systems access customer data to help optimize the structure of the data or quality for future uses by the customer, and one of the following is true: * A Google administrator has reset the root-access account associated with the user's organization within the past 7 days. * A Google-initiated emergency access operation has interacted with a resource in the same project or folder as the currently accessed resource within the past 7 days.",
4378
+ "Deprecated: This code is no longer generated by Google Cloud. The GOOGLE_RESPONSE_TO_PRODUCTION_ALERT justification codes available in both Key Access Justifications and Access Transparency logs provide customer-visible signals of emergency access in more precise contexts. Customer uses their account to perform any access to their own data which their IAM policy authorizes, and one of the following is true: * A Google administrator has reset the root-access account associated with the user's organization within the past 7 days. * A Google-initiated emergency access operation has interacted with a resource in the same project or folder as the currently accessed resource within the past 7 days.",
4379
+ "Deprecated: This code is no longer generated by Google Cloud. The GOOGLE_RESPONSE_TO_PRODUCTION_ALERT justification codes available in both Key Access Justifications and Access Transparency logs provide customer-visible signals of emergency access in more precise contexts. Google systems access customer data to help optimize the structure of the data or quality for future uses by the customer, and one of the following is true: * A Google administrator has reset the root-access account associated with the user's organization within the past 7 days. * A Google-initiated emergency access operation has interacted with a resource in the same project or folder as the currently accessed resource within the past 7 days.",
3851
4380
  "Google-initiated access to maintain system reliability.",
3852
4381
  "One of the following operations is being executed while simultaneously encountering an internal technical issue which prevented a more precise justification code from being generated: * Your account has been used to perform any access to your own data which your IAM policy authorizes. * An automated Google system operates on encrypted customer data which your IAM policy authorizes. * Customer-initiated Google support access. * Google-initiated support access to protect system reliability."
3853
4382
  ],
@@ -4095,6 +4624,52 @@
4095
4624
  },
4096
4625
  "type": "object"
4097
4626
  },
4627
+ "ListSingleTenantHsmInstanceProposalsResponse": {
4628
+ "description": "Response message for HsmManagement.ListSingleTenantHsmInstanceProposals.",
4629
+ "id": "ListSingleTenantHsmInstanceProposalsResponse",
4630
+ "properties": {
4631
+ "nextPageToken": {
4632
+ "description": "A token to retrieve next page of results. Pass this value in ListSingleTenantHsmInstanceProposalsRequest.page_token to retrieve the next page of results.",
4633
+ "type": "string"
4634
+ },
4635
+ "singleTenantHsmInstanceProposals": {
4636
+ "description": "The list of SingleTenantHsmInstanceProposals.",
4637
+ "items": {
4638
+ "$ref": "SingleTenantHsmInstanceProposal"
4639
+ },
4640
+ "type": "array"
4641
+ },
4642
+ "totalSize": {
4643
+ "description": "The total number of SingleTenantHsmInstanceProposals that matched the query. This field is not populated if ListSingleTenantHsmInstanceProposalsRequest.filter is applied.",
4644
+ "format": "int32",
4645
+ "type": "integer"
4646
+ }
4647
+ },
4648
+ "type": "object"
4649
+ },
4650
+ "ListSingleTenantHsmInstancesResponse": {
4651
+ "description": "Response message for HsmManagement.ListSingleTenantHsmInstances.",
4652
+ "id": "ListSingleTenantHsmInstancesResponse",
4653
+ "properties": {
4654
+ "nextPageToken": {
4655
+ "description": "A token to retrieve next page of results. Pass this value in ListSingleTenantHsmInstancesRequest.page_token to retrieve the next page of results.",
4656
+ "type": "string"
4657
+ },
4658
+ "singleTenantHsmInstances": {
4659
+ "description": "The list of SingleTenantHsmInstances.",
4660
+ "items": {
4661
+ "$ref": "SingleTenantHsmInstance"
4662
+ },
4663
+ "type": "array"
4664
+ },
4665
+ "totalSize": {
4666
+ "description": "The total number of SingleTenantHsmInstances that matched the query. This field is not populated if ListSingleTenantHsmInstancesRequest.filter is applied.",
4667
+ "format": "int32",
4668
+ "type": "integer"
4669
+ }
4670
+ },
4671
+ "type": "object"
4672
+ },
4098
4673
  "Location": {
4099
4674
  "description": "A resource that represents a Google Cloud location.",
4100
4675
  "id": "Location",
@@ -4140,6 +4715,10 @@
4140
4715
  "hsmAvailable": {
4141
4716
  "description": "Indicates whether CryptoKeys with protection_level HSM can be created in this location.",
4142
4717
  "type": "boolean"
4718
+ },
4719
+ "hsmSingleTenantAvailable": {
4720
+ "description": "Indicates whether CryptoKeys with protection_level HSM_SINGLE_TENANT can be created in this location.",
4721
+ "type": "boolean"
4143
4722
  }
4144
4723
  },
4145
4724
  "type": "object"
@@ -4186,14 +4765,16 @@
4186
4765
  "SOFTWARE",
4187
4766
  "HSM",
4188
4767
  "EXTERNAL",
4189
- "EXTERNAL_VPC"
4768
+ "EXTERNAL_VPC",
4769
+ "HSM_SINGLE_TENANT"
4190
4770
  ],
4191
4771
  "enumDescriptions": [
4192
4772
  "Not specified.",
4193
4773
  "Crypto operations are performed in software.",
4194
4774
  "Crypto operations are performed in a Hardware Security Module.",
4195
4775
  "Crypto operations are performed by an external key manager.",
4196
- "Crypto operations are performed in an EKM-over-VPC backend."
4776
+ "Crypto operations are performed in an EKM-over-VPC backend.",
4777
+ "Crypto operations are performed in a single-tenant HSM."
4197
4778
  ],
4198
4779
  "type": "string"
4199
4780
  },
@@ -4246,14 +4827,16 @@
4246
4827
  "SOFTWARE",
4247
4828
  "HSM",
4248
4829
  "EXTERNAL",
4249
- "EXTERNAL_VPC"
4830
+ "EXTERNAL_VPC",
4831
+ "HSM_SINGLE_TENANT"
4250
4832
  ],
4251
4833
  "enumDescriptions": [
4252
4834
  "Not specified.",
4253
4835
  "Crypto operations are performed in software.",
4254
4836
  "Crypto operations are performed in a Hardware Security Module.",
4255
4837
  "Crypto operations are performed by an external key manager.",
4256
- "Crypto operations are performed in an EKM-over-VPC backend."
4838
+ "Crypto operations are performed in an EKM-over-VPC backend.",
4839
+ "Crypto operations are performed in a single-tenant HSM."
4257
4840
  ],
4258
4841
  "type": "string"
4259
4842
  },
@@ -4392,7 +4975,10 @@
4392
4975
  "PQ_SIGN_ML_DSA_65",
4393
4976
  "PQ_SIGN_ML_DSA_87",
4394
4977
  "PQ_SIGN_SLH_DSA_SHA2_128S",
4395
- "PQ_SIGN_HASH_SLH_DSA_SHA2_128S_SHA256"
4978
+ "PQ_SIGN_HASH_SLH_DSA_SHA2_128S_SHA256",
4979
+ "PQ_SIGN_ML_DSA_44_EXTERNAL_MU",
4980
+ "PQ_SIGN_ML_DSA_65_EXTERNAL_MU",
4981
+ "PQ_SIGN_ML_DSA_87_EXTERNAL_MU"
4396
4982
  ],
4397
4983
  "enumDescriptions": [
4398
4984
  "Not specified.",
@@ -4438,7 +5024,10 @@
4438
5024
  "The post-quantum Module-Lattice-Based Digital Signature Algorithm, at security level 3. Randomized version.",
4439
5025
  "The post-quantum Module-Lattice-Based Digital Signature Algorithm, at security level 5. Randomized version.",
4440
5026
  "The post-quantum stateless hash-based digital signature algorithm, at security level 1. Randomized version.",
4441
- "The post-quantum stateless hash-based digital signature algorithm, at security level 1. Randomized pre-hash version supporting SHA256 digests."
5027
+ "The post-quantum stateless hash-based digital signature algorithm, at security level 1. Randomized pre-hash version supporting SHA256 digests.",
5028
+ "The post-quantum Module-Lattice-Based Digital Signature Algorithm, at security level 1. Randomized version supporting externally-computed message representatives.",
5029
+ "The post-quantum Module-Lattice-Based Digital Signature Algorithm, at security level 3. Randomized version supporting externally-computed message representatives.",
5030
+ "The post-quantum Module-Lattice-Based Digital Signature Algorithm, at security level 5. Randomized version supporting externally-computed message representatives."
4442
5031
  ],
4443
5032
  "type": "string"
4444
5033
  },
@@ -4462,14 +5051,16 @@
4462
5051
  "SOFTWARE",
4463
5052
  "HSM",
4464
5053
  "EXTERNAL",
4465
- "EXTERNAL_VPC"
5054
+ "EXTERNAL_VPC",
5055
+ "HSM_SINGLE_TENANT"
4466
5056
  ],
4467
5057
  "enumDescriptions": [
4468
5058
  "Not specified.",
4469
5059
  "Crypto operations are performed in software.",
4470
5060
  "Crypto operations are performed in a Hardware Security Module.",
4471
5061
  "Crypto operations are performed by an external key manager.",
4472
- "Crypto operations are performed in an EKM-over-VPC backend."
5062
+ "Crypto operations are performed in an EKM-over-VPC backend.",
5063
+ "Crypto operations are performed in a single-tenant HSM."
4473
5064
  ],
4474
5065
  "type": "string"
4475
5066
  },
@@ -4498,6 +5089,75 @@
4498
5089
  },
4499
5090
  "type": "object"
4500
5091
  },
5092
+ "QuorumAuth": {
5093
+ "description": "Configuration for M of N quorum auth.",
5094
+ "id": "QuorumAuth",
5095
+ "properties": {
5096
+ "requiredApproverCount": {
5097
+ "description": "Output only. The required numbers of approvers. The M value used for M of N quorum auth. Must be greater than or equal to 2 and less than or equal to total_approver_count - 1.",
5098
+ "format": "int32",
5099
+ "readOnly": true,
5100
+ "type": "integer"
5101
+ },
5102
+ "totalApproverCount": {
5103
+ "description": "Required. The total number of approvers. This is the N value used for M of N quorum auth. Must be greater than or equal to 3 and less than or equal to 16.",
5104
+ "format": "int32",
5105
+ "type": "integer"
5106
+ },
5107
+ "twoFactorPublicKeyPems": {
5108
+ "description": "Output only. The public keys associated with the 2FA keys for M of N quorum auth.",
5109
+ "items": {
5110
+ "type": "string"
5111
+ },
5112
+ "readOnly": true,
5113
+ "type": "array"
5114
+ }
5115
+ },
5116
+ "type": "object"
5117
+ },
5118
+ "QuorumParameters": {
5119
+ "description": "Parameters of quorum approval for the SingleTenantHsmInstanceProposal.",
5120
+ "id": "QuorumParameters",
5121
+ "properties": {
5122
+ "approvedTwoFactorPublicKeyPems": {
5123
+ "description": "Output only. The public keys associated with the 2FA keys that have already approved the SingleTenantHsmInstanceProposal by signing the challenge.",
5124
+ "items": {
5125
+ "type": "string"
5126
+ },
5127
+ "readOnly": true,
5128
+ "type": "array"
5129
+ },
5130
+ "challenges": {
5131
+ "description": "Output only. The challenges to be signed by 2FA keys for quorum auth. M of N of these challenges are required to be signed to approve the operation.",
5132
+ "items": {
5133
+ "$ref": "Challenge"
5134
+ },
5135
+ "readOnly": true,
5136
+ "type": "array"
5137
+ },
5138
+ "requiredApproverCount": {
5139
+ "description": "Output only. The required numbers of approvers. This is the M value used for M of N quorum auth. It is less than the number of public keys.",
5140
+ "format": "int32",
5141
+ "readOnly": true,
5142
+ "type": "integer"
5143
+ }
5144
+ },
5145
+ "type": "object"
5146
+ },
5147
+ "QuorumReply": {
5148
+ "description": "The reply to QuorumParameters for approving the proposal.",
5149
+ "id": "QuorumReply",
5150
+ "properties": {
5151
+ "challengeReplies": {
5152
+ "description": "Required. The challenge replies to approve the proposal. Challenge replies can be sent across multiple requests. The proposal will be approved when required_approver_count challenge replies are provided.",
5153
+ "items": {
5154
+ "$ref": "ChallengeReply"
5155
+ },
5156
+ "type": "array"
5157
+ }
5158
+ },
5159
+ "type": "object"
5160
+ },
4501
5161
  "RawDecryptRequest": {
4502
5162
  "description": "Request message for KeyManagementService.RawDecrypt.",
4503
5163
  "id": "RawDecryptRequest",
@@ -4561,14 +5221,16 @@
4561
5221
  "SOFTWARE",
4562
5222
  "HSM",
4563
5223
  "EXTERNAL",
4564
- "EXTERNAL_VPC"
5224
+ "EXTERNAL_VPC",
5225
+ "HSM_SINGLE_TENANT"
4565
5226
  ],
4566
5227
  "enumDescriptions": [
4567
5228
  "Not specified.",
4568
5229
  "Crypto operations are performed in software.",
4569
5230
  "Crypto operations are performed in a Hardware Security Module.",
4570
5231
  "Crypto operations are performed by an external key manager.",
4571
- "Crypto operations are performed in an EKM-over-VPC backend."
5232
+ "Crypto operations are performed in an EKM-over-VPC backend.",
5233
+ "Crypto operations are performed in a single-tenant HSM."
4572
5234
  ],
4573
5235
  "type": "string"
4574
5236
  },
@@ -4659,14 +5321,16 @@
4659
5321
  "SOFTWARE",
4660
5322
  "HSM",
4661
5323
  "EXTERNAL",
4662
- "EXTERNAL_VPC"
5324
+ "EXTERNAL_VPC",
5325
+ "HSM_SINGLE_TENANT"
4663
5326
  ],
4664
5327
  "enumDescriptions": [
4665
5328
  "Not specified.",
4666
5329
  "Crypto operations are performed in software.",
4667
5330
  "Crypto operations are performed in a Hardware Security Module.",
4668
5331
  "Crypto operations are performed by an external key manager.",
4669
- "Crypto operations are performed in an EKM-over-VPC backend."
5332
+ "Crypto operations are performed in an EKM-over-VPC backend.",
5333
+ "Crypto operations are performed in a single-tenant HSM."
4670
5334
  ],
4671
5335
  "type": "string"
4672
5336
  },
@@ -4690,6 +5354,100 @@
4690
5354
  },
4691
5355
  "type": "object"
4692
5356
  },
5357
+ "RefreshSingleTenantHsmInstance": {
5358
+ "description": "Refreshes the SingleTenantHsmInstance. This operation must be performed periodically to keep the SingleTenantHsmInstance active. This operation must be performed before unrefreshed_duration_until_disable has passed. The SingleTenantHsmInstance must be in the ACTIVE state to perform this operation.",
5359
+ "id": "RefreshSingleTenantHsmInstance",
5360
+ "properties": {},
5361
+ "type": "object"
5362
+ },
5363
+ "RegisterTwoFactorAuthKeys": {
5364
+ "description": "Register 2FA keys for the SingleTenantHsmInstance. This operation requires all Challenges to be signed by 2FA keys. The SingleTenantHsmInstance must be in the PENDING_TWO_FACTOR_AUTH_REGISTRATION state to perform this operation.",
5365
+ "id": "RegisterTwoFactorAuthKeys",
5366
+ "properties": {
5367
+ "requiredApproverCount": {
5368
+ "description": "Required. The required numbers of approvers to set for the SingleTenantHsmInstance. This is the M value used for M of N quorum auth. Must be greater than or equal to 2 and less than or equal to total_approver_count - 1.",
5369
+ "format": "int32",
5370
+ "type": "integer"
5371
+ },
5372
+ "twoFactorPublicKeyPems": {
5373
+ "description": "Required. The public keys associated with the 2FA keys for M of N quorum auth. Public keys must be associated with RSA 2048 keys.",
5374
+ "items": {
5375
+ "type": "string"
5376
+ },
5377
+ "type": "array"
5378
+ }
5379
+ },
5380
+ "type": "object"
5381
+ },
5382
+ "RemoveQuorumMember": {
5383
+ "description": "Remove a quorum member from the SingleTenantHsmInstance. This will reduce total_approver_count by 1. The SingleTenantHsmInstance must be in the ACTIVE state to perform this operation.",
5384
+ "id": "RemoveQuorumMember",
5385
+ "properties": {
5386
+ "twoFactorPublicKeyPem": {
5387
+ "description": "Required. The public key associated with the 2FA key for the quorum member to remove. Public keys must be associated with RSA 2048 keys.",
5388
+ "type": "string"
5389
+ }
5390
+ },
5391
+ "type": "object"
5392
+ },
5393
+ "RequiredActionQuorumParameters": {
5394
+ "description": "Parameters for an approval that has both required challenges and a quorum.",
5395
+ "id": "RequiredActionQuorumParameters",
5396
+ "properties": {
5397
+ "approvedTwoFactorPublicKeyPems": {
5398
+ "description": "Output only. The public keys associated with the 2FA keys that have already approved the SingleTenantHsmInstanceProposal by signing the challenge.",
5399
+ "items": {
5400
+ "type": "string"
5401
+ },
5402
+ "readOnly": true,
5403
+ "type": "array"
5404
+ },
5405
+ "quorumChallenges": {
5406
+ "description": "Output only. The challenges to be signed by 2FA keys for quorum auth. M of N of these challenges are required to be signed to approve the operation.",
5407
+ "items": {
5408
+ "$ref": "Challenge"
5409
+ },
5410
+ "readOnly": true,
5411
+ "type": "array"
5412
+ },
5413
+ "requiredApproverCount": {
5414
+ "description": "Output only. The required number of quorum approvers. This is the M value used for M of N quorum auth. It is less than the number of public keys.",
5415
+ "format": "int32",
5416
+ "readOnly": true,
5417
+ "type": "integer"
5418
+ },
5419
+ "requiredChallenges": {
5420
+ "description": "Output only. A list of specific challenges that must be signed. For some operations, this will contain a single challenge.",
5421
+ "items": {
5422
+ "$ref": "Challenge"
5423
+ },
5424
+ "readOnly": true,
5425
+ "type": "array"
5426
+ }
5427
+ },
5428
+ "type": "object"
5429
+ },
5430
+ "RequiredActionQuorumReply": {
5431
+ "description": "The reply to RequiredActionQuorumParameters for approving the proposal.",
5432
+ "id": "RequiredActionQuorumReply",
5433
+ "properties": {
5434
+ "quorumChallengeReplies": {
5435
+ "description": "Required. Quorum members' signed challenge replies. These can be provided across multiple requests. The proposal will be approved when required_approver_count quorum_challenge_replies are provided and when all required_challenge_replies are provided.",
5436
+ "items": {
5437
+ "$ref": "ChallengeReply"
5438
+ },
5439
+ "type": "array"
5440
+ },
5441
+ "requiredChallengeReplies": {
5442
+ "description": "Required. All required challenges must be signed for the proposal to be approved. These can be sent across multiple requests.",
5443
+ "items": {
5444
+ "$ref": "ChallengeReply"
5445
+ },
5446
+ "type": "array"
5447
+ }
5448
+ },
5449
+ "type": "object"
5450
+ },
4693
5451
  "RestoreCryptoKeyVersionRequest": {
4694
5452
  "description": "Request message for KeyManagementService.RestoreCryptoKeyVersion.",
4695
5453
  "id": "RestoreCryptoKeyVersionRequest",
@@ -4779,6 +5537,179 @@
4779
5537
  },
4780
5538
  "type": "object"
4781
5539
  },
5540
+ "SingleTenantHsmInstance": {
5541
+ "description": "A SingleTenantHsmInstance represents a single-tenant HSM instance. It can be used for creating CryptoKeys with a ProtectionLevel of HSM_SINGLE_TENANT, as well as performing cryptographic operations using keys created within the SingleTenantHsmInstance.",
5542
+ "id": "SingleTenantHsmInstance",
5543
+ "properties": {
5544
+ "createTime": {
5545
+ "description": "Output only. The time at which the SingleTenantHsmInstance was created.",
5546
+ "format": "google-datetime",
5547
+ "readOnly": true,
5548
+ "type": "string"
5549
+ },
5550
+ "deleteTime": {
5551
+ "description": "Output only. The time at which the SingleTenantHsmInstance was deleted.",
5552
+ "format": "google-datetime",
5553
+ "readOnly": true,
5554
+ "type": "string"
5555
+ },
5556
+ "disableTime": {
5557
+ "description": "Output only. The time at which the instance will be automatically disabled if not refreshed. This field is updated upon creation and after each successful refresh operation and enable. A RefreshSingleTenantHsmInstance operation must be made via a SingleTenantHsmInstanceProposal before this time otherwise the SingleTenantHsmInstance will become disabled.",
5558
+ "format": "google-datetime",
5559
+ "readOnly": true,
5560
+ "type": "string"
5561
+ },
5562
+ "name": {
5563
+ "description": "Identifier. The resource name for this SingleTenantHsmInstance in the format `projects/*/locations/*/singleTenantHsmInstances/*`.",
5564
+ "type": "string"
5565
+ },
5566
+ "quorumAuth": {
5567
+ "$ref": "QuorumAuth",
5568
+ "description": "Required. The quorum auth configuration for the SingleTenantHsmInstance."
5569
+ },
5570
+ "state": {
5571
+ "description": "Output only. The state of the SingleTenantHsmInstance.",
5572
+ "enum": [
5573
+ "STATE_UNSPECIFIED",
5574
+ "CREATING",
5575
+ "PENDING_TWO_FACTOR_AUTH_REGISTRATION",
5576
+ "ACTIVE",
5577
+ "DISABLING",
5578
+ "DISABLED",
5579
+ "DELETING",
5580
+ "DELETED",
5581
+ "FAILED"
5582
+ ],
5583
+ "enumDescriptions": [
5584
+ "Not specified.",
5585
+ "The SingleTenantHsmInstance is being created.",
5586
+ "The SingleTenantHsmInstance is waiting for 2FA keys to be registered. This can be done by calling CreateSingleTenantHsmInstanceProposal with the RegisterTwoFactorAuthKeys operation.",
5587
+ "The SingleTenantHsmInstance is ready to use. A SingleTenantHsmInstance must be in the ACTIVE state for all CryptoKeys created within the SingleTenantHsmInstance to be usable.",
5588
+ "The SingleTenantHsmInstance is being disabled.",
5589
+ "The SingleTenantHsmInstance is disabled.",
5590
+ "The SingleTenantHsmInstance is being deleted. Requests to the instance will be rejected in this state.",
5591
+ "The SingleTenantHsmInstance has been deleted.",
5592
+ "The SingleTenantHsmInstance has failed and can not be recovered or used."
5593
+ ],
5594
+ "readOnly": true,
5595
+ "type": "string"
5596
+ },
5597
+ "unrefreshedDurationUntilDisable": {
5598
+ "description": "Output only. The system-defined duration that an instance can remain unrefreshed until it is automatically disabled. This will have a value of 120 days.",
5599
+ "format": "google-duration",
5600
+ "readOnly": true,
5601
+ "type": "string"
5602
+ }
5603
+ },
5604
+ "type": "object"
5605
+ },
5606
+ "SingleTenantHsmInstanceProposal": {
5607
+ "description": "A SingleTenantHsmInstanceProposal represents a proposal to perform an operation on a SingleTenantHsmInstance.",
5608
+ "id": "SingleTenantHsmInstanceProposal",
5609
+ "properties": {
5610
+ "addQuorumMember": {
5611
+ "$ref": "AddQuorumMember",
5612
+ "description": "Add a quorum member to the SingleTenantHsmInstance. This will increase the total_approver_count by 1. The SingleTenantHsmInstance must be in the ACTIVE state to perform this operation."
5613
+ },
5614
+ "createTime": {
5615
+ "description": "Output only. The time at which the SingleTenantHsmInstanceProposal was created.",
5616
+ "format": "google-datetime",
5617
+ "readOnly": true,
5618
+ "type": "string"
5619
+ },
5620
+ "deleteSingleTenantHsmInstance": {
5621
+ "$ref": "DeleteSingleTenantHsmInstance",
5622
+ "description": "Delete the SingleTenantHsmInstance. Deleting a SingleTenantHsmInstance will make all CryptoKeys attached to the SingleTenantHsmInstance unusable. The SingleTenantHsmInstance must be in the DISABLED or PENDING_TWO_FACTOR_AUTH_REGISTRATION state to perform this operation."
5623
+ },
5624
+ "deleteTime": {
5625
+ "description": "Output only. The time at which the SingleTenantHsmInstanceProposal was deleted.",
5626
+ "format": "google-datetime",
5627
+ "readOnly": true,
5628
+ "type": "string"
5629
+ },
5630
+ "disableSingleTenantHsmInstance": {
5631
+ "$ref": "DisableSingleTenantHsmInstance",
5632
+ "description": "Disable the SingleTenantHsmInstance. The SingleTenantHsmInstance must be in the ACTIVE state to perform this operation."
5633
+ },
5634
+ "enableSingleTenantHsmInstance": {
5635
+ "$ref": "EnableSingleTenantHsmInstance",
5636
+ "description": "Enable the SingleTenantHsmInstance. The SingleTenantHsmInstance must be in the DISABLED state to perform this operation."
5637
+ },
5638
+ "expireTime": {
5639
+ "description": "The time at which the SingleTenantHsmInstanceProposal will expire if not approved and executed.",
5640
+ "format": "google-datetime",
5641
+ "type": "string"
5642
+ },
5643
+ "failureReason": {
5644
+ "description": "Output only. The root cause of the most recent failure. Only present if state is FAILED.",
5645
+ "readOnly": true,
5646
+ "type": "string"
5647
+ },
5648
+ "name": {
5649
+ "description": "Identifier. The resource name for this SingleTenantHsmInstance in the format `projects/*/locations/*/singleTenantHsmInstances/*/proposals/*`.",
5650
+ "type": "string"
5651
+ },
5652
+ "purgeTime": {
5653
+ "description": "Output only. The time at which the soft-deleted SingleTenantHsmInstanceProposal will be permanently purged. This field is only populated when the state is DELETED and will be set a time after expiration of the proposal, i.e. >= expire_time or (create_time + ttl).",
5654
+ "format": "google-datetime",
5655
+ "readOnly": true,
5656
+ "type": "string"
5657
+ },
5658
+ "quorumParameters": {
5659
+ "$ref": "QuorumParameters",
5660
+ "description": "Output only. The quorum approval parameters for the SingleTenantHsmInstanceProposal.",
5661
+ "readOnly": true
5662
+ },
5663
+ "refreshSingleTenantHsmInstance": {
5664
+ "$ref": "RefreshSingleTenantHsmInstance",
5665
+ "description": "Refreshes the SingleTenantHsmInstance. This operation must be performed periodically to keep the SingleTenantHsmInstance active. This operation must be performed before unrefreshed_duration_until_disable has passed. The SingleTenantHsmInstance must be in the ACTIVE state to perform this operation."
5666
+ },
5667
+ "registerTwoFactorAuthKeys": {
5668
+ "$ref": "RegisterTwoFactorAuthKeys",
5669
+ "description": "Register 2FA keys for the SingleTenantHsmInstance. This operation requires all N Challenges to be signed by 2FA keys. The SingleTenantHsmInstance must be in the PENDING_TWO_FACTOR_AUTH_REGISTRATION state to perform this operation."
5670
+ },
5671
+ "removeQuorumMember": {
5672
+ "$ref": "RemoveQuorumMember",
5673
+ "description": "Remove a quorum member from the SingleTenantHsmInstance. This will reduce total_approver_count by 1. The SingleTenantHsmInstance must be in the ACTIVE state to perform this operation."
5674
+ },
5675
+ "requiredActionQuorumParameters": {
5676
+ "$ref": "RequiredActionQuorumParameters",
5677
+ "description": "Output only. Parameters for an approval of a SingleTenantHsmInstanceProposal that has both required challenges and a quorum.",
5678
+ "readOnly": true
5679
+ },
5680
+ "state": {
5681
+ "description": "Output only. The state of the SingleTenantHsmInstanceProposal.",
5682
+ "enum": [
5683
+ "STATE_UNSPECIFIED",
5684
+ "CREATING",
5685
+ "PENDING",
5686
+ "APPROVED",
5687
+ "RUNNING",
5688
+ "SUCCEEDED",
5689
+ "FAILED",
5690
+ "DELETED"
5691
+ ],
5692
+ "enumDescriptions": [
5693
+ "Not specified.",
5694
+ "The SingleTenantHsmInstanceProposal is being created.",
5695
+ "The SingleTenantHsmInstanceProposal is pending approval.",
5696
+ "The SingleTenantHsmInstanceProposal has been approved.",
5697
+ "The SingleTenantHsmInstanceProposal is being executed.",
5698
+ "The SingleTenantHsmInstanceProposal has been executed successfully.",
5699
+ "The SingleTenantHsmInstanceProposal has failed.",
5700
+ "The SingleTenantHsmInstanceProposal has been deleted and will be purged after the purge_time."
5701
+ ],
5702
+ "readOnly": true,
5703
+ "type": "string"
5704
+ },
5705
+ "ttl": {
5706
+ "description": "Input only. The TTL for the SingleTenantHsmInstanceProposal. Proposals will expire after this duration.",
5707
+ "format": "google-duration",
5708
+ "type": "string"
5709
+ }
5710
+ },
5711
+ "type": "object"
5712
+ },
4782
5713
  "Status": {
4783
5714
  "description": "The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors).",
4784
5715
  "id": "Status",