From f62a19ca3944a48e981cee17415f5b5456a7054a Mon Sep 17 00:00:00 2001 From: "gcf-owl-bot[bot]" <78513119+gcf-owl-bot[bot]@users.noreply.github.com> Date: Thu, 3 Feb 2022 21:14:32 +0000 Subject: [PATCH] feat: add a new EkmService API (#532) PiperOrigin-RevId: 425982419 Source-Link: https://github.com/googleapis/googleapis/commit/8dff5691cc4d4a0c61af8cdef85b6460ae560f0d Source-Link: https://github.com/googleapis/googleapis-gen/commit/b1538df1643922606d00ec0365c1e0a51bfbcabf Copy-Tag: eyJwIjoiLmdpdGh1Yi8uT3dsQm90LnlhbWwiLCJoIjoiYjE1MzhkZjE2NDM5MjI2MDZkMDBlYzAzNjVjMWUwYTUxYmZiY2FiZiJ9 See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md Co-authored-by: Owl Bot --- protos/google/cloud/kms/v1/ekm_service.proto | 293 + protos/google/cloud/kms/v1/resources.proto | 551 +- protos/google/cloud/kms/v1/service.proto | 1293 +-- protos/protos.d.ts | 1900 ++++- protos/protos.js | 7553 +++++++++++------ protos/protos.json | 621 +- .../v1/ekm_service.create_ekm_connection.js | 67 + .../v1/ekm_service.get_ekm_connection.js | 54 + .../v1/ekm_service.list_ekm_connections.js | 86 + .../v1/ekm_service.update_ekm_connection.js | 59 + ...y_management_service.asymmetric_decrypt.js | 40 +- .../key_management_service.asymmetric_sign.js | 78 +- ...ey_management_service.create_crypto_key.js | 16 +- ...ement_service.create_crypto_key_version.js | 8 +- ...ey_management_service.create_import_job.js | 6 +- .../key_management_service.create_key_ring.js | 6 +- .../v1/key_management_service.decrypt.js | 68 +- ...ment_service.destroy_crypto_key_version.js | 3 +- .../v1/key_management_service.encrypt.js | 100 +- ...anagement_service.generate_random_bytes.js | 6 +- .../key_management_service.get_crypto_key.js | 3 +- ...nagement_service.get_crypto_key_version.js | 3 +- .../key_management_service.get_import_job.js | 3 +- .../v1/key_management_service.get_key_ring.js | 3 +- .../key_management_service.get_public_key.js | 4 +- ...ement_service.import_crypto_key_version.js | 45 +- ...gement_service.list_crypto_key_versions.js | 15 +- ...key_management_service.list_crypto_keys.js | 15 +- ...key_management_service.list_import_jobs.js | 15 +- .../key_management_service.list_key_rings.js | 14 +- .../v1/key_management_service.mac_sign.js | 38 +- .../v1/key_management_service.mac_verify.js | 67 +- ...ment_service.restore_crypto_key_version.js | 3 +- ...rvice.update_crypto_key_primary_version.js | 6 +- ...ement_service.update_crypto_key_version.js | 3 +- src/index.ts | 6 +- src/v1/ekm_service_client.ts | 1475 ++++ src/v1/ekm_service_client_config.json | 46 + src/v1/ekm_service_proto_list.json | 5 + src/v1/gapic_metadata.json | 58 + src/v1/index.ts | 1 + src/v1/key_management_service_client.ts | 874 +- src/v1/key_management_service_proto_list.json | 1 + system-test/fixtures/sample/src/index.js | 1 + system-test/fixtures/sample/src/index.ts | 8 +- test/gapic_ekm_service_v1.ts | 1650 ++++ test/gapic_key_management_service_v1.ts | 65 + webpack.config.js | 4 +- 48 files changed, 13041 insertions(+), 4198 deletions(-) create mode 100644 protos/google/cloud/kms/v1/ekm_service.proto create mode 100644 samples/generated/v1/ekm_service.create_ekm_connection.js create mode 100644 samples/generated/v1/ekm_service.get_ekm_connection.js create mode 100644 samples/generated/v1/ekm_service.list_ekm_connections.js create mode 100644 samples/generated/v1/ekm_service.update_ekm_connection.js create mode 100644 src/v1/ekm_service_client.ts create mode 100644 src/v1/ekm_service_client_config.json create mode 100644 src/v1/ekm_service_proto_list.json create mode 100644 test/gapic_ekm_service_v1.ts diff --git a/protos/google/cloud/kms/v1/ekm_service.proto b/protos/google/cloud/kms/v1/ekm_service.proto new file mode 100644 index 00000000..de8669db --- /dev/null +++ b/protos/google/cloud/kms/v1/ekm_service.proto @@ -0,0 +1,293 @@ +// Copyright 2021 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +package google.cloud.kms.v1; + +import "google/api/annotations.proto"; +import "google/api/client.proto"; +import "google/api/field_behavior.proto"; +import "google/api/resource.proto"; +import "google/protobuf/field_mask.proto"; +import "google/protobuf/timestamp.proto"; + +option cc_enable_arenas = true; +option csharp_namespace = "Google.Cloud.Kms.V1"; +option go_package = "google.golang.org/genproto/googleapis/cloud/kms/v1;kms"; +option java_multiple_files = true; +option java_outer_classname = "EkmServiceProto"; +option java_package = "com.google.cloud.kms.v1"; +option php_namespace = "Google\\Cloud\\Kms\\V1"; +option (google.api.resource_definition) = { + type: "servicedirectory.googleapis.com/Service" + pattern: "projects/{project}/locations/{location}/namespaces/{namespace}/services/{service}" +}; + +// Google Cloud Key Management EKM Service +// +// Manages external cryptographic keys and operations using those keys. +// Implements a REST model with the following objects: +// * [EkmConnection][google.cloud.kms.v1.EkmConnection] +service EkmService { + option (google.api.default_host) = "cloudkms.googleapis.com"; + option (google.api.oauth_scopes) = + "https://www.googleapis.com/auth/cloud-platform," + "https://www.googleapis.com/auth/cloudkms"; + + // Lists [EkmConnections][google.cloud.kms.v1.EkmConnection]. + rpc ListEkmConnections(ListEkmConnectionsRequest) + returns (ListEkmConnectionsResponse) { + option (google.api.http) = { + get: "/v1/{parent=projects/*/locations/*}/ekmConnections" + }; + option (google.api.method_signature) = "parent"; + } + + // Returns metadata for a given + // [EkmConnection][google.cloud.kms.v1.EkmConnection]. + rpc GetEkmConnection(GetEkmConnectionRequest) returns (EkmConnection) { + option (google.api.http) = { + get: "/v1/{name=projects/*/locations/*/ekmConnections/*}" + }; + option (google.api.method_signature) = "name"; + } + + // Creates a new [EkmConnection][google.cloud.kms.v1.EkmConnection] in a given + // Project and Location. + rpc CreateEkmConnection(CreateEkmConnectionRequest) returns (EkmConnection) { + option (google.api.http) = { + post: "/v1/{parent=projects/*/locations/*}/ekmConnections" + body: "ekm_connection" + }; + option (google.api.method_signature) = + "parent,ekm_connection_id,ekm_connection"; + } + + // Updates an [EkmConnection][google.cloud.kms.v1.EkmConnection]'s metadata. + rpc UpdateEkmConnection(UpdateEkmConnectionRequest) returns (EkmConnection) { + option (google.api.http) = { + patch: "/v1/{ekm_connection.name=projects/*/locations/*/ekmConnections/*}" + body: "ekm_connection" + }; + option (google.api.method_signature) = "ekm_connection,update_mask"; + } +} + +// Request message for [KeyManagementService.ListEkmConnections][]. +message ListEkmConnectionsRequest { + // Required. The resource name of the location associated with the + // [EkmConnections][google.cloud.kms.v1.EkmConnection] to list, in the format + // `projects/*/locations/*`. + string parent = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "locations.googleapis.com/Location" + } + ]; + + // Optional. Optional limit on the number of + // [EkmConnections][google.cloud.kms.v1.EkmConnection] to include in the + // response. Further [EkmConnections][google.cloud.kms.v1.EkmConnection] can + // subsequently be obtained by including the + // [ListEkmConnectionsResponse.next_page_token][google.cloud.kms.v1.ListEkmConnectionsResponse.next_page_token] + // in a subsequent request. If unspecified, the server will pick an + // appropriate default. + int32 page_size = 2 [(google.api.field_behavior) = OPTIONAL]; + + // Optional. Optional pagination token, returned earlier via + // [ListEkmConnectionsResponse.next_page_token][google.cloud.kms.v1.ListEkmConnectionsResponse.next_page_token]. + string page_token = 3 [(google.api.field_behavior) = OPTIONAL]; + + // Optional. Only include resources that match the filter in the response. For + // more information, see + // [Sorting and filtering list + // results](https://cloud.google.com/kms/docs/sorting-and-filtering). + string filter = 4 [(google.api.field_behavior) = OPTIONAL]; + + // Optional. Specify how the results should be sorted. If not specified, the + // results will be sorted in the default order. For more information, see + // [Sorting and filtering list + // results](https://cloud.google.com/kms/docs/sorting-and-filtering). + string order_by = 5 [(google.api.field_behavior) = OPTIONAL]; +} + +// Response message for [KeyManagementService.ListEkmConnections][]. +message ListEkmConnectionsResponse { + // The list of [EkmConnections][google.cloud.kms.v1.EkmConnection]. + repeated EkmConnection ekm_connections = 1; + + // A token to retrieve next page of results. Pass this value in + // [ListEkmConnectionsRequest.page_token][google.cloud.kms.v1.ListEkmConnectionsRequest.page_token] + // to retrieve the next page of results. + string next_page_token = 2; + + // The total number of [EkmConnections][google.cloud.kms.v1.EkmConnection] + // that matched the query. + int32 total_size = 3; +} + +// Request message for [KeyManagementService.GetEkmConnection][]. +message GetEkmConnectionRequest { + // Required. The [name][google.cloud.kms.v1.EkmConnection.name] of the + // [EkmConnection][google.cloud.kms.v1.EkmConnection] to get. + string name = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "cloudkms.googleapis.com/EkmConnection" + } + ]; +} + +// Request message for [KeyManagementService.CreateEkmConnection][]. +message CreateEkmConnectionRequest { + // Required. The resource name of the location associated with the + // [EkmConnection][google.cloud.kms.v1.EkmConnection], in the format + // `projects/*/locations/*`. + string parent = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "locations.googleapis.com/Location" + } + ]; + + // Required. It must be unique within a location and match the regular + // expression `[a-zA-Z0-9_-]{1,63}`. + string ekm_connection_id = 2 [(google.api.field_behavior) = REQUIRED]; + + // Required. An [EkmConnection][google.cloud.kms.v1.EkmConnection] with + // initial field values. + EkmConnection ekm_connection = 3 [(google.api.field_behavior) = REQUIRED]; +} + +// Request message for [KeyManagementService.UpdateEkmConnection][]. +message UpdateEkmConnectionRequest { + // Required. [EkmConnection][google.cloud.kms.v1.EkmConnection] with updated + // values. + EkmConnection ekm_connection = 1 [(google.api.field_behavior) = REQUIRED]; + + // Required. List of fields to be updated in this request. + google.protobuf.FieldMask update_mask = 2 + [(google.api.field_behavior) = REQUIRED]; +} + +// A [Certificate][google.cloud.kms.v1.Certificate] represents an X.509 +// certificate used to authenticate HTTPS connections to EKM replicas. +message Certificate { + // Required. The raw certificate bytes in DER format. + bytes raw_der = 1 [(google.api.field_behavior) = REQUIRED]; + + // Output only. True if the certificate was parsed successfully. + bool parsed = 2 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. The issuer distinguished name in RFC 2253 format. Only present + // if [parsed][google.cloud.kms.v1.Certificate.parsed] is true. + string issuer = 3 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. The subject distinguished name in RFC 2253 format. Only + // present if [parsed][google.cloud.kms.v1.Certificate.parsed] is true. + string subject = 4 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. The subject Alternative DNS names. Only present if + // [parsed][google.cloud.kms.v1.Certificate.parsed] is true. + repeated string subject_alternative_dns_names = 5 + [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. The certificate is not valid before this time. Only present if + // [parsed][google.cloud.kms.v1.Certificate.parsed] is true. + google.protobuf.Timestamp not_before_time = 6 + [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. The certificate is not valid after this time. Only present if + // [parsed][google.cloud.kms.v1.Certificate.parsed] is true. + google.protobuf.Timestamp not_after_time = 7 + [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. The certificate serial number as a hex string. Only present if + // [parsed][google.cloud.kms.v1.Certificate.parsed] is true. + string serial_number = 8 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. The SHA-256 certificate fingerprint as a hex string. Only + // present if [parsed][google.cloud.kms.v1.Certificate.parsed] is true. + string sha256_fingerprint = 9 [(google.api.field_behavior) = OUTPUT_ONLY]; +} + +// An [EkmConnection][google.cloud.kms.v1.EkmConnection] represents an +// individual EKM connection. It can be used for creating +// [CryptoKeys][google.cloud.kms.v1.CryptoKey] and +// [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] with a +// [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] of +// [EXTERNAL_VPC][CryptoKeyVersion.ProtectionLevel.EXTERNAL_VPC], as well as +// performing cryptographic operations using keys created within the +// [EkmConnection][google.cloud.kms.v1.EkmConnection]. +message EkmConnection { + option (google.api.resource) = { + type: "cloudkms.googleapis.com/EkmConnection" + pattern: "projects/{project}/locations/{location}/ekmConnections/{ekm_connection}" + }; + + // A [ServiceResolver][google.cloud.kms.v1.EkmConnection.ServiceResolver] + // represents an EKM replica that can be reached within an + // [EkmConnection][google.cloud.kms.v1.EkmConnection]. + message ServiceResolver { + // Required. The resource name of the Service Directory service pointing to + // an EKM replica, in the format + // `projects/*/locations/*/namespaces/*/services/*`. + string service_directory_service = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "servicedirectory.googleapis.com/Service" + } + ]; + + // Optional. The filter applied to the endpoints of the resolved service. If + // no filter is specified, all endpoints will be considered. An endpoint + // will be chosen arbitrarily from the filtered list for each request. + // + // For endpoint filter syntax and examples, see + // https://cloud.google.com/service-directory/docs/reference/rpc/google.cloud.servicedirectory.v1#resolveservicerequest. + string endpoint_filter = 2 [(google.api.field_behavior) = OPTIONAL]; + + // Required. The hostname of the EKM replica used at TLS and HTTP layers. + string hostname = 3 [(google.api.field_behavior) = REQUIRED]; + + // Required. A list of leaf server certificates used to authenticate HTTPS + // connections to the EKM replica. + repeated Certificate server_certificates = 4 + [(google.api.field_behavior) = REQUIRED]; + } + + // Output only. The resource name for the + // [EkmConnection][google.cloud.kms.v1.EkmConnection] in the format + // `projects/*/locations/*/ekmConnections/*`. + string name = 1 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. The time at which the + // [EkmConnection][google.cloud.kms.v1.EkmConnection] was created. + google.protobuf.Timestamp create_time = 2 + [(google.api.field_behavior) = OUTPUT_ONLY]; + + // A list of + // [ServiceResolvers][google.cloud.kms.v1.EkmConnection.ServiceResolver] where + // the EKM can be reached. There should be one ServiceResolver per EKM + // replica. Currently, only a single + // [ServiceResolver][google.cloud.kms.v1.EkmConnection.ServiceResolver] is + // supported. + repeated ServiceResolver service_resolvers = 3; + + // This checksum is computed by the server based on the value of other fields, + // and may be sent on update requests to ensure the client has an up-to-date + // value before proceeding. + string etag = 5; +} diff --git a/protos/google/cloud/kms/v1/resources.proto b/protos/google/cloud/kms/v1/resources.proto index 70c670b0..5029f3e0 100644 --- a/protos/google/cloud/kms/v1/resources.proto +++ b/protos/google/cloud/kms/v1/resources.proto @@ -21,7 +21,6 @@ import "google/api/resource.proto"; import "google/protobuf/duration.proto"; import "google/protobuf/timestamp.proto"; import "google/protobuf/wrappers.proto"; -import "google/api/annotations.proto"; option cc_enable_arenas = true; option csharp_namespace = "Google.Cloud.Kms.V1"; @@ -31,115 +30,140 @@ option java_outer_classname = "KmsResourcesProto"; option java_package = "com.google.cloud.kms.v1"; option php_namespace = "Google\\Cloud\\Kms\\V1"; -// A [KeyRing][google.cloud.kms.v1.KeyRing] is a toplevel logical grouping of [CryptoKeys][google.cloud.kms.v1.CryptoKey]. +// A [KeyRing][google.cloud.kms.v1.KeyRing] is a toplevel logical grouping of +// [CryptoKeys][google.cloud.kms.v1.CryptoKey]. message KeyRing { option (google.api.resource) = { type: "cloudkms.googleapis.com/KeyRing" pattern: "projects/{project}/locations/{location}/keyRings/{key_ring}" }; - // Output only. The resource name for the [KeyRing][google.cloud.kms.v1.KeyRing] in the format + // Output only. The resource name for the + // [KeyRing][google.cloud.kms.v1.KeyRing] in the format // `projects/*/locations/*/keyRings/*`. string name = 1 [(google.api.field_behavior) = OUTPUT_ONLY]; - // Output only. The time at which this [KeyRing][google.cloud.kms.v1.KeyRing] was created. - google.protobuf.Timestamp create_time = 2 [(google.api.field_behavior) = OUTPUT_ONLY]; + // Output only. The time at which this [KeyRing][google.cloud.kms.v1.KeyRing] + // was created. + google.protobuf.Timestamp create_time = 2 + [(google.api.field_behavior) = OUTPUT_ONLY]; } -// A [CryptoKey][google.cloud.kms.v1.CryptoKey] represents a logical key that can be used for cryptographic -// operations. +// A [CryptoKey][google.cloud.kms.v1.CryptoKey] represents a logical key that +// can be used for cryptographic operations. // -// A [CryptoKey][google.cloud.kms.v1.CryptoKey] is made up of zero or more [versions][google.cloud.kms.v1.CryptoKeyVersion], -// which represent the actual key material used in cryptographic operations. +// A [CryptoKey][google.cloud.kms.v1.CryptoKey] is made up of zero or more +// [versions][google.cloud.kms.v1.CryptoKeyVersion], which represent the actual +// key material used in cryptographic operations. message CryptoKey { option (google.api.resource) = { type: "cloudkms.googleapis.com/CryptoKey" pattern: "projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}" }; - // [CryptoKeyPurpose][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose] describes the cryptographic capabilities of a - // [CryptoKey][google.cloud.kms.v1.CryptoKey]. A given key can only be used for the operations allowed by - // its purpose. For more information, see - // [Key purposes](https://cloud.google.com/kms/docs/algorithms#key_purposes). + // [CryptoKeyPurpose][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose] + // describes the cryptographic capabilities of a + // [CryptoKey][google.cloud.kms.v1.CryptoKey]. A given key can only be used + // for the operations allowed by its purpose. For more information, see [Key + // purposes](https://cloud.google.com/kms/docs/algorithms#key_purposes). enum CryptoKeyPurpose { // Not specified. CRYPTO_KEY_PURPOSE_UNSPECIFIED = 0; - // [CryptoKeys][google.cloud.kms.v1.CryptoKey] with this purpose may be used with - // [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt] and + // [CryptoKeys][google.cloud.kms.v1.CryptoKey] with this purpose may be used + // with [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt] and // [Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt]. ENCRYPT_DECRYPT = 1; - // [CryptoKeys][google.cloud.kms.v1.CryptoKey] with this purpose may be used with - // [AsymmetricSign][google.cloud.kms.v1.KeyManagementService.AsymmetricSign] and + // [CryptoKeys][google.cloud.kms.v1.CryptoKey] with this purpose may be used + // with + // [AsymmetricSign][google.cloud.kms.v1.KeyManagementService.AsymmetricSign] + // and // [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey]. ASYMMETRIC_SIGN = 5; - // [CryptoKeys][google.cloud.kms.v1.CryptoKey] with this purpose may be used with - // [AsymmetricDecrypt][google.cloud.kms.v1.KeyManagementService.AsymmetricDecrypt] and + // [CryptoKeys][google.cloud.kms.v1.CryptoKey] with this purpose may be used + // with + // [AsymmetricDecrypt][google.cloud.kms.v1.KeyManagementService.AsymmetricDecrypt] + // and // [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey]. ASYMMETRIC_DECRYPT = 6; - // [CryptoKeys][google.cloud.kms.v1.CryptoKey] with this purpose may be used with - // [MacSign][google.cloud.kms.v1.KeyManagementService.MacSign]. + // [CryptoKeys][google.cloud.kms.v1.CryptoKey] with this purpose may be used + // with [MacSign][google.cloud.kms.v1.KeyManagementService.MacSign]. MAC = 9; } - // Output only. The resource name for this [CryptoKey][google.cloud.kms.v1.CryptoKey] in the format + // Output only. The resource name for this + // [CryptoKey][google.cloud.kms.v1.CryptoKey] in the format // `projects/*/locations/*/keyRings/*/cryptoKeys/*`. string name = 1 [(google.api.field_behavior) = OUTPUT_ONLY]; - // Output only. A copy of the "primary" [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] that will be used - // by [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt] when this [CryptoKey][google.cloud.kms.v1.CryptoKey] is given - // in [EncryptRequest.name][google.cloud.kms.v1.EncryptRequest.name]. + // Output only. A copy of the "primary" + // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] that will be used + // by [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt] when this + // [CryptoKey][google.cloud.kms.v1.CryptoKey] is given in + // [EncryptRequest.name][google.cloud.kms.v1.EncryptRequest.name]. // - // The [CryptoKey][google.cloud.kms.v1.CryptoKey]'s primary version can be updated via + // The [CryptoKey][google.cloud.kms.v1.CryptoKey]'s primary version can be + // updated via // [UpdateCryptoKeyPrimaryVersion][google.cloud.kms.v1.KeyManagementService.UpdateCryptoKeyPrimaryVersion]. // // Keys with [purpose][google.cloud.kms.v1.CryptoKey.purpose] - // [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT] may have a - // primary. For other keys, this field will be omitted. + // [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT] + // may have a primary. For other keys, this field will be omitted. CryptoKeyVersion primary = 2 [(google.api.field_behavior) = OUTPUT_ONLY]; - // Immutable. The immutable purpose of this [CryptoKey][google.cloud.kms.v1.CryptoKey]. + // Immutable. The immutable purpose of this + // [CryptoKey][google.cloud.kms.v1.CryptoKey]. CryptoKeyPurpose purpose = 3 [(google.api.field_behavior) = IMMUTABLE]; - // Output only. The time at which this [CryptoKey][google.cloud.kms.v1.CryptoKey] was created. - google.protobuf.Timestamp create_time = 5 [(google.api.field_behavior) = OUTPUT_ONLY]; + // Output only. The time at which this + // [CryptoKey][google.cloud.kms.v1.CryptoKey] was created. + google.protobuf.Timestamp create_time = 5 + [(google.api.field_behavior) = OUTPUT_ONLY]; - // At [next_rotation_time][google.cloud.kms.v1.CryptoKey.next_rotation_time], the Key Management Service will automatically: + // At [next_rotation_time][google.cloud.kms.v1.CryptoKey.next_rotation_time], + // the Key Management Service will automatically: // // 1. Create a new version of this [CryptoKey][google.cloud.kms.v1.CryptoKey]. // 2. Mark the new version as primary. // // Key rotations performed manually via - // [CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion] and + // [CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion] + // and // [UpdateCryptoKeyPrimaryVersion][google.cloud.kms.v1.KeyManagementService.UpdateCryptoKeyPrimaryVersion] - // do not affect [next_rotation_time][google.cloud.kms.v1.CryptoKey.next_rotation_time]. + // do not affect + // [next_rotation_time][google.cloud.kms.v1.CryptoKey.next_rotation_time]. // // Keys with [purpose][google.cloud.kms.v1.CryptoKey.purpose] - // [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT] support - // automatic rotation. For other keys, this field must be omitted. + // [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT] + // support automatic rotation. For other keys, this field must be omitted. google.protobuf.Timestamp next_rotation_time = 7; // Controls the rate of automatic rotation. oneof rotation_schedule { - // [next_rotation_time][google.cloud.kms.v1.CryptoKey.next_rotation_time] will be advanced by this period when the service - // automatically rotates a key. Must be at least 24 hours and at most - // 876,000 hours. + // [next_rotation_time][google.cloud.kms.v1.CryptoKey.next_rotation_time] + // will be advanced by this period when the service automatically rotates a + // key. Must be at least 24 hours and at most 876,000 hours. // - // If [rotation_period][google.cloud.kms.v1.CryptoKey.rotation_period] is set, [next_rotation_time][google.cloud.kms.v1.CryptoKey.next_rotation_time] must also be set. + // If [rotation_period][google.cloud.kms.v1.CryptoKey.rotation_period] is + // set, + // [next_rotation_time][google.cloud.kms.v1.CryptoKey.next_rotation_time] + // must also be set. // // Keys with [purpose][google.cloud.kms.v1.CryptoKey.purpose] - // [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT] support - // automatic rotation. For other keys, this field must be omitted. + // [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT] + // support automatic rotation. For other keys, this field must be omitted. google.protobuf.Duration rotation_period = 8; } - // A template describing settings for new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] instances. - // The properties of new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] instances created by either - // [CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion] or - // auto-rotation are controlled by this template. + // A template describing settings for new + // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] instances. The + // properties of new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] + // instances created by either + // [CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion] + // or auto-rotation are controlled by this template. CryptoKeyVersionTemplate version_template = 11; // Labels with user-defined metadata. For more information, see @@ -152,27 +176,52 @@ message CryptoKey { // Immutable. The period of time that versions of this key spend in the // [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED] // state before transitioning to - // [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED]. If not - // specified at creation time, the default duration is 24 hours. - google.protobuf.Duration destroy_scheduled_duration = 14 [(google.api.field_behavior) = IMMUTABLE]; + // [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED]. + // If not specified at creation time, the default duration is 24 hours. + google.protobuf.Duration destroy_scheduled_duration = 14 + [(google.api.field_behavior) = IMMUTABLE]; + + // Immutable. The resource name of the backend environment where the key + // material for all [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] + // associated with this [CryptoKey][google.cloud.kms.v1.CryptoKey] reside and + // where all related cryptographic operations are performed. Only applicable + // if [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] have a + // [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] of + // [EXTERNAL_VPC][CryptoKeyVersion.ProtectionLevel.EXTERNAL_VPC], with the + // resource name in the format `projects/*/locations/*/ekmConnections/*`. + // Note, this list is non-exhaustive and may apply to additional + // [ProtectionLevels][google.cloud.kms.v1.ProtectionLevel] in the future. + string crypto_key_backend = 15 [ + (google.api.field_behavior) = IMMUTABLE, + (google.api.resource_reference) = { type: "*" } + ]; } -// A [CryptoKeyVersionTemplate][google.cloud.kms.v1.CryptoKeyVersionTemplate] specifies the properties to use when creating -// a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion], either manually with -// [CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion] or -// automatically as a result of auto-rotation. +// A [CryptoKeyVersionTemplate][google.cloud.kms.v1.CryptoKeyVersionTemplate] +// specifies the properties to use when creating a new +// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion], either manually +// with +// [CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion] +// or automatically as a result of auto-rotation. message CryptoKeyVersionTemplate { - // [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] to use when creating a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] based on - // this template. Immutable. Defaults to [SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE]. + // [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] to use when creating + // a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] based on this + // template. Immutable. Defaults to + // [SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE]. ProtectionLevel protection_level = 1; - // Required. [Algorithm][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm] to use - // when creating a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] based on this template. + // Required. + // [Algorithm][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm] + // to use when creating a + // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] based on this + // template. // // For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both - // this field is omitted and [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] is + // this field is omitted and + // [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] is // [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT]. - CryptoKeyVersion.CryptoKeyVersionAlgorithm algorithm = 3 [(google.api.field_behavior) = REQUIRED]; + CryptoKeyVersion.CryptoKeyVersionAlgorithm algorithm = 3 + [(google.api.field_behavior) = REQUIRED]; } // Contains an HSM-generated attestation about a key operation. For more @@ -193,39 +242,60 @@ message KeyOperationAttestation { CAVIUM_V2_COMPRESSED = 4; } + // Certificate chains needed to verify the attestation. + // Certificates in chains are PEM-encoded and are ordered based on + // https://tools.ietf.org/html/rfc5246#section-7.4.2. + message CertificateChains { + // Cavium certificate chain corresponding to the attestation. + repeated string cavium_certs = 1; + + // Google card certificate chain corresponding to the attestation. + repeated string google_card_certs = 2; + + // Google partition certificate chain corresponding to the attestation. + repeated string google_partition_certs = 3; + } + // Output only. The format of the attestation data. AttestationFormat format = 4 [(google.api.field_behavior) = OUTPUT_ONLY]; // Output only. The attestation data provided by the HSM when the key // operation was performed. bytes content = 5 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. The certificate chains needed to validate the attestation + CertificateChains cert_chains = 6 [(google.api.field_behavior) = OUTPUT_ONLY]; } -// A [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] represents an individual cryptographic key, and the -// associated key material. +// A [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] represents an +// individual cryptographic key, and the associated key material. // -// An [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED] version can be -// used for cryptographic operations. +// An +// [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED] +// version can be used for cryptographic operations. // // For security reasons, the raw cryptographic key material represented by a -// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] can never be viewed or exported. It can only be used to -// encrypt, decrypt, or sign data when an authorized user or application invokes -// Cloud KMS. +// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] can never be viewed +// or exported. It can only be used to encrypt, decrypt, or sign data when an +// authorized user or application invokes Cloud KMS. message CryptoKeyVersion { option (google.api.resource) = { type: "cloudkms.googleapis.com/CryptoKeyVersion" pattern: "projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}/cryptoKeyVersions/{crypto_key_version}" }; - // The algorithm of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion], indicating what + // The algorithm of the + // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion], indicating what // parameters must be used for each cryptographic operation. // // The // [GOOGLE_SYMMETRIC_ENCRYPTION][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION] - // algorithm is usable with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] + // algorithm is usable with + // [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] // [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT]. // - // Algorithms beginning with "RSA_SIGN_" are usable with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] + // Algorithms beginning with "RSA_SIGN_" are usable with + // [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] // [ASYMMETRIC_SIGN][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN]. // // The fields in the name after "RSA_SIGN_" correspond to the following @@ -243,13 +313,15 @@ message CryptoKeyVersion { // The fields in the name after "RSA_DECRYPT_" correspond to the following // parameters: padding algorithm, modulus bit length, and digest algorithm. // - // Algorithms beginning with "EC_SIGN_" are usable with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] + // Algorithms beginning with "EC_SIGN_" are usable with + // [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] // [ASYMMETRIC_SIGN][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN]. // // The fields in the name after "EC_SIGN_" correspond to the following // parameters: elliptic curve, digest algorithm. // - // Algorithms beginning with "HMAC_" are usable with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] + // Algorithms beginning with "HMAC_" are usable with + // [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] // [MAC][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.MAC]. // // The suffix following "HMAC_" corresponds to the hash algorithm being used @@ -335,39 +407,50 @@ message CryptoKeyVersion { EXTERNAL_SYMMETRIC_ENCRYPTION = 18; } - // The state of a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion], indicating if it can be used. + // The state of a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion], + // indicating if it can be used. enum CryptoKeyVersionState { // Not specified. CRYPTO_KEY_VERSION_STATE_UNSPECIFIED = 0; // This version is still being generated. It may not be used, enabled, // disabled, or destroyed yet. Cloud KMS will automatically mark this - // version [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED] as soon as the version is ready. + // version + // [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED] + // as soon as the version is ready. PENDING_GENERATION = 5; // This version may be used for cryptographic operations. ENABLED = 1; // This version may not be used, but the key material is still available, - // and the version can be placed back into the [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED] state. + // and the version can be placed back into the + // [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED] + // state. DISABLED = 2; // This version is destroyed, and the key material is no longer stored. - // This version may only become [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED] again if this version is - // [reimport_eligible][google.cloud.kms.v1.CryptoKeyVersion.reimport_eligible] and the original - // key material is reimported with a call to + // This version may only become + // [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED] + // again if this version is + // [reimport_eligible][google.cloud.kms.v1.CryptoKeyVersion.reimport_eligible] + // and the original key material is reimported with a call to // [KeyManagementService.ImportCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.ImportCryptoKeyVersion]. DESTROYED = 3; // This version is scheduled for destruction, and will be destroyed soon. // Call // [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion] - // to put it back into the [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED] state. + // to put it back into the + // [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED] + // state. DESTROY_SCHEDULED = 4; // This version is still being imported. It may not be used, enabled, // disabled, or destroyed yet. Cloud KMS will automatically mark this - // version [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED] as soon as the version is ready. + // version + // [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED] + // as soon as the version is ready. PENDING_IMPORT = 6; // This version was not imported successfully. It may not be used, enabled, @@ -377,84 +460,114 @@ message CryptoKeyVersion { IMPORT_FAILED = 7; } - // A view for [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]s. Controls the level of detail returned - // for [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] in - // [KeyManagementService.ListCryptoKeyVersions][google.cloud.kms.v1.KeyManagementService.ListCryptoKeyVersions] and + // A view for [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]s. + // Controls the level of detail returned for + // [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] in + // [KeyManagementService.ListCryptoKeyVersions][google.cloud.kms.v1.KeyManagementService.ListCryptoKeyVersions] + // and // [KeyManagementService.ListCryptoKeys][google.cloud.kms.v1.KeyManagementService.ListCryptoKeys]. enum CryptoKeyVersionView { - // Default view for each [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. Does not include - // the [attestation][google.cloud.kms.v1.CryptoKeyVersion.attestation] field. + // Default view for each + // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. Does not + // include the + // [attestation][google.cloud.kms.v1.CryptoKeyVersion.attestation] field. CRYPTO_KEY_VERSION_VIEW_UNSPECIFIED = 0; - // Provides all fields in each [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion], including the + // Provides all fields in each + // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion], including the // [attestation][google.cloud.kms.v1.CryptoKeyVersion.attestation]. FULL = 1; } - // Output only. The resource name for this [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in the format + // Output only. The resource name for this + // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in the format // `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`. string name = 1 [(google.api.field_behavior) = OUTPUT_ONLY]; - // The current state of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. + // The current state of the + // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. CryptoKeyVersionState state = 3; - // Output only. The [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] describing how crypto operations are - // performed with this [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. - ProtectionLevel protection_level = 7 [(google.api.field_behavior) = OUTPUT_ONLY]; + // Output only. The [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] + // describing how crypto operations are performed with this + // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. + ProtectionLevel protection_level = 7 + [(google.api.field_behavior) = OUTPUT_ONLY]; - // Output only. The [CryptoKeyVersionAlgorithm][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm] that this - // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] supports. - CryptoKeyVersionAlgorithm algorithm = 10 [(google.api.field_behavior) = OUTPUT_ONLY]; + // Output only. The + // [CryptoKeyVersionAlgorithm][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm] + // that this [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] + // supports. + CryptoKeyVersionAlgorithm algorithm = 10 + [(google.api.field_behavior) = OUTPUT_ONLY]; // Output only. Statement that was generated and signed by the HSM at key // creation time. Use this statement to verify attributes of the key as stored // on the HSM, independently of Google. Only provided for key versions with - // [protection_level][google.cloud.kms.v1.CryptoKeyVersion.protection_level] [HSM][google.cloud.kms.v1.ProtectionLevel.HSM]. - KeyOperationAttestation attestation = 8 [(google.api.field_behavior) = OUTPUT_ONLY]; - - // Output only. The time at which this [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] was created. - google.protobuf.Timestamp create_time = 4 [(google.api.field_behavior) = OUTPUT_ONLY]; - - // Output only. The time this [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s key material was + // [protection_level][google.cloud.kms.v1.CryptoKeyVersion.protection_level] + // [HSM][google.cloud.kms.v1.ProtectionLevel.HSM]. + KeyOperationAttestation attestation = 8 + [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. The time at which this + // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] was created. + google.protobuf.Timestamp create_time = 4 + [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. The time this + // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s key material was // generated. - google.protobuf.Timestamp generate_time = 11 [(google.api.field_behavior) = OUTPUT_ONLY]; + google.protobuf.Timestamp generate_time = 11 + [(google.api.field_behavior) = OUTPUT_ONLY]; - // Output only. The time this [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s key material is scheduled - // for destruction. Only present if [state][google.cloud.kms.v1.CryptoKeyVersion.state] is + // Output only. The time this + // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s key material is + // scheduled for destruction. Only present if + // [state][google.cloud.kms.v1.CryptoKeyVersion.state] is // [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED]. - google.protobuf.Timestamp destroy_time = 5 [(google.api.field_behavior) = OUTPUT_ONLY]; + google.protobuf.Timestamp destroy_time = 5 + [(google.api.field_behavior) = OUTPUT_ONLY]; // Output only. The time this CryptoKeyVersion's key material was - // destroyed. Only present if [state][google.cloud.kms.v1.CryptoKeyVersion.state] is + // destroyed. Only present if + // [state][google.cloud.kms.v1.CryptoKeyVersion.state] is // [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED]. - google.protobuf.Timestamp destroy_event_time = 6 [(google.api.field_behavior) = OUTPUT_ONLY]; + google.protobuf.Timestamp destroy_event_time = 6 + [(google.api.field_behavior) = OUTPUT_ONLY]; - // Output only. The name of the [ImportJob][google.cloud.kms.v1.ImportJob] used in the most recent import of this - // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. Only present if the underlying key material was - // imported. + // Output only. The name of the [ImportJob][google.cloud.kms.v1.ImportJob] + // used in the most recent import of this + // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. Only present if + // the underlying key material was imported. string import_job = 14 [(google.api.field_behavior) = OUTPUT_ONLY]; - // Output only. The time at which this [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s key material - // was most recently imported. - google.protobuf.Timestamp import_time = 15 [(google.api.field_behavior) = OUTPUT_ONLY]; + // Output only. The time at which this + // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s key material was + // most recently imported. + google.protobuf.Timestamp import_time = 15 + [(google.api.field_behavior) = OUTPUT_ONLY]; - // Output only. The root cause of the most recent import failure. Only present if - // [state][google.cloud.kms.v1.CryptoKeyVersion.state] is + // Output only. The root cause of the most recent import failure. Only present + // if [state][google.cloud.kms.v1.CryptoKeyVersion.state] is // [IMPORT_FAILED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.IMPORT_FAILED]. string import_failure_reason = 16 [(google.api.field_behavior) = OUTPUT_ONLY]; // ExternalProtectionLevelOptions stores a group of additional fields for - // configuring a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] that are specific to the - // [EXTERNAL][google.cloud.kms.v1.ProtectionLevel.EXTERNAL] protection level. + // configuring a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] that + // are specific to the + // [EXTERNAL][google.cloud.kms.v1.ProtectionLevel.EXTERNAL] protection level + // and [EXTERNAL_VPC][google.cloud.kms.v1.ProtectionLevel.EXTERNAL_VPC] + // protection levels. ExternalProtectionLevelOptions external_protection_level_options = 17; - // Output only. Whether or not this key version is eligible for reimport, by being - // specified as a target in + // Output only. Whether or not this key version is eligible for reimport, by + // being specified as a target in // [ImportCryptoKeyVersionRequest.crypto_key_version][google.cloud.kms.v1.ImportCryptoKeyVersionRequest.crypto_key_version]. bool reimport_eligible = 18 [(google.api.field_behavior) = OUTPUT_ONLY]; } -// The public key for a given [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. Obtained via +// The public key for a given +// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. Obtained via // [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey]. message PublicKey { option (google.api.resource) = { @@ -469,17 +582,19 @@ message PublicKey { // (https://tools.ietf.org/html/rfc7468#section-13). string pem = 1; - // The [Algorithm][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm] associated - // with this key. + // The + // [Algorithm][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm] + // associated with this key. CryptoKeyVersion.CryptoKeyVersionAlgorithm algorithm = 2; // Integrity verification field. A CRC32C checksum of the returned - // [PublicKey.pem][google.cloud.kms.v1.PublicKey.pem]. An integrity check of [PublicKey.pem][google.cloud.kms.v1.PublicKey.pem] can be performed - // by computing the CRC32C checksum of [PublicKey.pem][google.cloud.kms.v1.PublicKey.pem] and - // comparing your results to this field. Discard the response in case of - // non-matching checksum values, and perform a limited number of retries. A - // persistent mismatch may indicate an issue in your computation of the CRC32C - // checksum. + // [PublicKey.pem][google.cloud.kms.v1.PublicKey.pem]. An integrity check of + // [PublicKey.pem][google.cloud.kms.v1.PublicKey.pem] can be performed by + // computing the CRC32C checksum of + // [PublicKey.pem][google.cloud.kms.v1.PublicKey.pem] and comparing your + // results to this field. Discard the response in case of non-matching + // checksum values, and perform a limited number of retries. A persistent + // mismatch may indicate an issue in your computation of the CRC32C checksum. // Note: This field is defined as int64 for reasons of compatibility across // different languages. However, it is a non-negative integer, which will // never exceed 2^32-1, and can be safely downconverted to uint32 in languages @@ -488,40 +603,48 @@ message PublicKey { // NOTE: This field is in Beta. google.protobuf.Int64Value pem_crc32c = 3; - // The [name][google.cloud.kms.v1.CryptoKeyVersion.name] of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] public key. + // The [name][google.cloud.kms.v1.CryptoKeyVersion.name] of the + // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] public key. // Provided here for verification. // // NOTE: This field is in Beta. string name = 4; - // The [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] public key. + // The [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] of the + // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] public key. ProtectionLevel protection_level = 5; } -// An [ImportJob][google.cloud.kms.v1.ImportJob] can be used to create [CryptoKeys][google.cloud.kms.v1.CryptoKey] and -// [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] using pre-existing key material, -// generated outside of Cloud KMS. +// An [ImportJob][google.cloud.kms.v1.ImportJob] can be used to create +// [CryptoKeys][google.cloud.kms.v1.CryptoKey] and +// [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] using pre-existing +// key material, generated outside of Cloud KMS. // -// When an [ImportJob][google.cloud.kms.v1.ImportJob] is created, Cloud KMS will generate a "wrapping key", -// which is a public/private key pair. You use the wrapping key to encrypt (also -// known as wrap) the pre-existing key material to protect it during the import -// process. The nature of the wrapping key depends on the choice of -// [import_method][google.cloud.kms.v1.ImportJob.import_method]. When the wrapping key generation -// is complete, the [state][google.cloud.kms.v1.ImportJob.state] will be set to -// [ACTIVE][google.cloud.kms.v1.ImportJob.ImportJobState.ACTIVE] and the [public_key][google.cloud.kms.v1.ImportJob.public_key] -// can be fetched. The fetched public key can then be used to wrap your -// pre-existing key material. +// When an [ImportJob][google.cloud.kms.v1.ImportJob] is created, Cloud KMS will +// generate a "wrapping key", which is a public/private key pair. You use the +// wrapping key to encrypt (also known as wrap) the pre-existing key material to +// protect it during the import process. The nature of the wrapping key depends +// on the choice of +// [import_method][google.cloud.kms.v1.ImportJob.import_method]. When the +// wrapping key generation is complete, the +// [state][google.cloud.kms.v1.ImportJob.state] will be set to +// [ACTIVE][google.cloud.kms.v1.ImportJob.ImportJobState.ACTIVE] and the +// [public_key][google.cloud.kms.v1.ImportJob.public_key] can be fetched. The +// fetched public key can then be used to wrap your pre-existing key material. // // Once the key material is wrapped, it can be imported into a new -// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in an existing [CryptoKey][google.cloud.kms.v1.CryptoKey] by calling +// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in an existing +// [CryptoKey][google.cloud.kms.v1.CryptoKey] by calling // [ImportCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.ImportCryptoKeyVersion]. -// Multiple [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] can be imported with a single -// [ImportJob][google.cloud.kms.v1.ImportJob]. Cloud KMS uses the private key portion of the wrapping key to -// unwrap the key material. Only Cloud KMS has access to the private key. +// Multiple [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] can be +// imported with a single [ImportJob][google.cloud.kms.v1.ImportJob]. Cloud KMS +// uses the private key portion of the wrapping key to unwrap the key material. +// Only Cloud KMS has access to the private key. // -// An [ImportJob][google.cloud.kms.v1.ImportJob] expires 3 days after it is created. Once expired, Cloud KMS -// will no longer be able to import or unwrap any key material that was wrapped -// with the [ImportJob][google.cloud.kms.v1.ImportJob]'s public key. +// An [ImportJob][google.cloud.kms.v1.ImportJob] expires 3 days after it is +// created. Once expired, Cloud KMS will no longer be able to import or unwrap +// any key material that was wrapped with the +// [ImportJob][google.cloud.kms.v1.ImportJob]'s public key. // // For more information, see // [Importing a key](https://cloud.google.com/kms/docs/importing-a-key). @@ -531,18 +654,8 @@ message ImportJob { pattern: "projects/{project}/locations/{location}/keyRings/{key_ring}/importJobs/{import_job}" }; - // The public key component of the wrapping key. For details of the type of - // key this public key corresponds to, see the [ImportMethod][google.cloud.kms.v1.ImportJob.ImportMethod]. - message WrappingPublicKey { - // The public key, encoded in PEM format. For more information, see the [RFC - // 7468](https://tools.ietf.org/html/rfc7468) sections for [General - // Considerations](https://tools.ietf.org/html/rfc7468#section-2) and - // [Textual Encoding of Subject Public Key Info] - // (https://tools.ietf.org/html/rfc7468#section-13). - string pem = 1; - } - - // [ImportMethod][google.cloud.kms.v1.ImportJob.ImportMethod] describes the key wrapping method chosen for this + // [ImportMethod][google.cloud.kms.v1.ImportJob.ImportMethod] describes the + // key wrapping method chosen for this // [ImportJob][google.cloud.kms.v1.ImportJob]. enum ImportMethod { // Not specified. @@ -565,18 +678,21 @@ message ImportJob { RSA_OAEP_4096_SHA1_AES_256 = 2; } - // The state of the [ImportJob][google.cloud.kms.v1.ImportJob], indicating if it can be used. + // The state of the [ImportJob][google.cloud.kms.v1.ImportJob], indicating if + // it can be used. enum ImportJobState { // Not specified. IMPORT_JOB_STATE_UNSPECIFIED = 0; // The wrapping key for this job is still being generated. It may not be // used. Cloud KMS will automatically mark this job as - // [ACTIVE][google.cloud.kms.v1.ImportJob.ImportJobState.ACTIVE] as soon as the wrapping key is generated. + // [ACTIVE][google.cloud.kms.v1.ImportJob.ImportJobState.ACTIVE] as soon as + // the wrapping key is generated. PENDING_GENERATION = 1; // This job may be used in - // [CreateCryptoKey][google.cloud.kms.v1.KeyManagementService.CreateCryptoKey] and + // [CreateCryptoKey][google.cloud.kms.v1.KeyManagementService.CreateCryptoKey] + // and // [CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion] // requests. ACTIVE = 2; @@ -585,41 +701,65 @@ message ImportJob { EXPIRED = 3; } - // Output only. The resource name for this [ImportJob][google.cloud.kms.v1.ImportJob] in the format + // The public key component of the wrapping key. For details of the type of + // key this public key corresponds to, see the + // [ImportMethod][google.cloud.kms.v1.ImportJob.ImportMethod]. + message WrappingPublicKey { + // The public key, encoded in PEM format. For more information, see the [RFC + // 7468](https://tools.ietf.org/html/rfc7468) sections for [General + // Considerations](https://tools.ietf.org/html/rfc7468#section-2) and + // [Textual Encoding of Subject Public Key Info] + // (https://tools.ietf.org/html/rfc7468#section-13). + string pem = 1; + } + + // Output only. The resource name for this + // [ImportJob][google.cloud.kms.v1.ImportJob] in the format // `projects/*/locations/*/keyRings/*/importJobs/*`. string name = 1 [(google.api.field_behavior) = OUTPUT_ONLY]; - // Required. Immutable. The wrapping method to be used for incoming key material. + // Required. Immutable. The wrapping method to be used for incoming key + // material. ImportMethod import_method = 2 [ (google.api.field_behavior) = REQUIRED, (google.api.field_behavior) = IMMUTABLE ]; - // Required. Immutable. The protection level of the [ImportJob][google.cloud.kms.v1.ImportJob]. This must match the - // [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level] of the - // [version_template][google.cloud.kms.v1.CryptoKey.version_template] on the [CryptoKey][google.cloud.kms.v1.CryptoKey] you - // attempt to import into. + // Required. Immutable. The protection level of the + // [ImportJob][google.cloud.kms.v1.ImportJob]. This must match the + // [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level] + // of the [version_template][google.cloud.kms.v1.CryptoKey.version_template] + // on the [CryptoKey][google.cloud.kms.v1.CryptoKey] you attempt to import + // into. ProtectionLevel protection_level = 9 [ (google.api.field_behavior) = REQUIRED, (google.api.field_behavior) = IMMUTABLE ]; - // Output only. The time at which this [ImportJob][google.cloud.kms.v1.ImportJob] was created. - google.protobuf.Timestamp create_time = 3 [(google.api.field_behavior) = OUTPUT_ONLY]; - - // Output only. The time this [ImportJob][google.cloud.kms.v1.ImportJob]'s key material was generated. - google.protobuf.Timestamp generate_time = 4 [(google.api.field_behavior) = OUTPUT_ONLY]; - - // Output only. The time at which this [ImportJob][google.cloud.kms.v1.ImportJob] is scheduled for - // expiration and can no longer be used to import key material. - google.protobuf.Timestamp expire_time = 5 [(google.api.field_behavior) = OUTPUT_ONLY]; - - // Output only. The time this [ImportJob][google.cloud.kms.v1.ImportJob] expired. Only present if - // [state][google.cloud.kms.v1.ImportJob.state] is [EXPIRED][google.cloud.kms.v1.ImportJob.ImportJobState.EXPIRED]. - google.protobuf.Timestamp expire_event_time = 10 [(google.api.field_behavior) = OUTPUT_ONLY]; - - // Output only. The current state of the [ImportJob][google.cloud.kms.v1.ImportJob], indicating if it can - // be used. + // Output only. The time at which this + // [ImportJob][google.cloud.kms.v1.ImportJob] was created. + google.protobuf.Timestamp create_time = 3 + [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. The time this [ImportJob][google.cloud.kms.v1.ImportJob]'s key + // material was generated. + google.protobuf.Timestamp generate_time = 4 + [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. The time at which this + // [ImportJob][google.cloud.kms.v1.ImportJob] is scheduled for expiration and + // can no longer be used to import key material. + google.protobuf.Timestamp expire_time = 5 + [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. The time this [ImportJob][google.cloud.kms.v1.ImportJob] + // expired. Only present if [state][google.cloud.kms.v1.ImportJob.state] is + // [EXPIRED][google.cloud.kms.v1.ImportJob.ImportJobState.EXPIRED]. + google.protobuf.Timestamp expire_event_time = 10 + [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. The current state of the + // [ImportJob][google.cloud.kms.v1.ImportJob], indicating if it can be used. ImportJobState state = 6 [(google.api.field_behavior) = OUTPUT_ONLY]; // Output only. The public key with which to wrap key material prior to @@ -630,14 +770,34 @@ message ImportJob { // Output only. Statement that was generated and signed by the key creator // (for example, an HSM) at key creation time. Use this statement to verify // attributes of the key as stored on the HSM, independently of Google. - // Only present if the chosen [ImportMethod][google.cloud.kms.v1.ImportJob.ImportMethod] is one with a protection - // level of [HSM][google.cloud.kms.v1.ProtectionLevel.HSM]. - KeyOperationAttestation attestation = 8 [(google.api.field_behavior) = OUTPUT_ONLY]; + // Only present if the chosen + // [ImportMethod][google.cloud.kms.v1.ImportJob.ImportMethod] is one with a + // protection level of [HSM][google.cloud.kms.v1.ProtectionLevel.HSM]. + KeyOperationAttestation attestation = 8 + [(google.api.field_behavior) = OUTPUT_ONLY]; +} + +// ExternalProtectionLevelOptions stores a group of additional fields for +// configuring a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] that +// are specific to the [EXTERNAL][google.cloud.kms.v1.ProtectionLevel.EXTERNAL] +// protection level and +// [EXTERNAL_VPC][google.cloud.kms.v1.ProtectionLevel.EXTERNAL_VPC] protection +// levels. +message ExternalProtectionLevelOptions { + // The URI for an external resource that this + // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] represents. + string external_key_uri = 1; + + // The path to the external key material on the EKM when using + // [EkmConnection][google.cloud.kms.v1.EkmConnection] e.g., "v0/my/key". Set + // this field instead of external_key_uri when using an + // [EkmConnection][google.cloud.kms.v1.EkmConnection]. + string ekm_connection_key_path = 2; } -// [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] specifies how cryptographic operations are performed. -// For more information, see [Protection levels] -// (https://cloud.google.com/kms/docs/algorithms#protection_levels). +// [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] specifies how +// cryptographic operations are performed. For more information, see [Protection +// levels] (https://cloud.google.com/kms/docs/algorithms#protection_levels). enum ProtectionLevel { // Not specified. PROTECTION_LEVEL_UNSPECIFIED = 0; @@ -650,12 +810,7 @@ enum ProtectionLevel { // Crypto operations are performed by an external key manager. EXTERNAL = 3; -} -// ExternalProtectionLevelOptions stores a group of additional fields for -// configuring a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] that are specific to the -// [EXTERNAL][google.cloud.kms.v1.ProtectionLevel.EXTERNAL] protection level. -message ExternalProtectionLevelOptions { - // The URI for an external resource that this [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] represents. - string external_key_uri = 1; + // Crypto operations are performed in an EKM-over-VPC backend. + EXTERNAL_VPC = 4; } diff --git a/protos/google/cloud/kms/v1/service.proto b/protos/google/cloud/kms/v1/service.proto index 497fb921..565678da 100644 --- a/protos/google/cloud/kms/v1/service.proto +++ b/protos/google/cloud/kms/v1/service.proto @@ -67,7 +67,8 @@ service KeyManagementService { } // Lists [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion]. - rpc ListCryptoKeyVersions(ListCryptoKeyVersionsRequest) returns (ListCryptoKeyVersionsResponse) { + rpc ListCryptoKeyVersions(ListCryptoKeyVersionsRequest) + returns (ListCryptoKeyVersionsResponse) { option (google.api.http) = { get: "/v1/{parent=projects/*/locations/*/keyRings/*/cryptoKeys/*}/cryptoKeyVersions" }; @@ -90,8 +91,9 @@ service KeyManagementService { option (google.api.method_signature) = "name"; } - // Returns metadata for a given [CryptoKey][google.cloud.kms.v1.CryptoKey], as well as its - // [primary][google.cloud.kms.v1.CryptoKey.primary] [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. + // Returns metadata for a given [CryptoKey][google.cloud.kms.v1.CryptoKey], as + // well as its [primary][google.cloud.kms.v1.CryptoKey.primary] + // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. rpc GetCryptoKey(GetCryptoKeyRequest) returns (CryptoKey) { option (google.api.http) = { get: "/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*}" @@ -99,17 +101,21 @@ service KeyManagementService { option (google.api.method_signature) = "name"; } - // Returns metadata for a given [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. - rpc GetCryptoKeyVersion(GetCryptoKeyVersionRequest) returns (CryptoKeyVersion) { + // Returns metadata for a given + // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. + rpc GetCryptoKeyVersion(GetCryptoKeyVersionRequest) + returns (CryptoKeyVersion) { option (google.api.http) = { get: "/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}" }; option (google.api.method_signature) = "name"; } - // Returns the public key for the given [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. The + // Returns the public key for the given + // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. The // [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be - // [ASYMMETRIC_SIGN][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN] or + // [ASYMMETRIC_SIGN][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN] + // or // [ASYMMETRIC_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_DECRYPT]. rpc GetPublicKey(GetPublicKeyRequest) returns (PublicKey) { option (google.api.http) = { @@ -126,7 +132,8 @@ service KeyManagementService { option (google.api.method_signature) = "name"; } - // Create a new [KeyRing][google.cloud.kms.v1.KeyRing] in a given Project and Location. + // Create a new [KeyRing][google.cloud.kms.v1.KeyRing] in a given Project and + // Location. rpc CreateKeyRing(CreateKeyRingRequest) returns (KeyRing) { option (google.api.http) = { post: "/v1/{parent=projects/*/locations/*}/keyRings" @@ -135,7 +142,8 @@ service KeyManagementService { option (google.api.method_signature) = "parent,key_ring_id,key_ring"; } - // Create a new [CryptoKey][google.cloud.kms.v1.CryptoKey] within a [KeyRing][google.cloud.kms.v1.KeyRing]. + // Create a new [CryptoKey][google.cloud.kms.v1.CryptoKey] within a + // [KeyRing][google.cloud.kms.v1.KeyRing]. // // [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] and // [CryptoKey.version_template.algorithm][google.cloud.kms.v1.CryptoKeyVersionTemplate.algorithm] @@ -148,12 +156,14 @@ service KeyManagementService { option (google.api.method_signature) = "parent,crypto_key_id,crypto_key"; } - // Create a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in a [CryptoKey][google.cloud.kms.v1.CryptoKey]. + // Create a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in a + // [CryptoKey][google.cloud.kms.v1.CryptoKey]. // // The server will assign the next sequential id. If unset, // [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to // [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED]. - rpc CreateCryptoKeyVersion(CreateCryptoKeyVersionRequest) returns (CryptoKeyVersion) { + rpc CreateCryptoKeyVersion(CreateCryptoKeyVersionRequest) + returns (CryptoKeyVersion) { option (google.api.http) = { post: "/v1/{parent=projects/*/locations/*/keyRings/*/cryptoKeys/*}/cryptoKeyVersions" body: "crypto_key_version" @@ -161,22 +171,27 @@ service KeyManagementService { option (google.api.method_signature) = "parent,crypto_key_version"; } - // Import wrapped key material into a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. + // Import wrapped key material into a + // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. // - // All requests must specify a [CryptoKey][google.cloud.kms.v1.CryptoKey]. If a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] is - // additionally specified in the request, key material will be reimported into - // that version. Otherwise, a new version will be created, and will be - // assigned the next sequential id within the [CryptoKey][google.cloud.kms.v1.CryptoKey]. - rpc ImportCryptoKeyVersion(ImportCryptoKeyVersionRequest) returns (CryptoKeyVersion) { + // All requests must specify a [CryptoKey][google.cloud.kms.v1.CryptoKey]. If + // a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] is additionally + // specified in the request, key material will be reimported into that + // version. Otherwise, a new version will be created, and will be assigned the + // next sequential id within the [CryptoKey][google.cloud.kms.v1.CryptoKey]. + rpc ImportCryptoKeyVersion(ImportCryptoKeyVersionRequest) + returns (CryptoKeyVersion) { option (google.api.http) = { post: "/v1/{parent=projects/*/locations/*/keyRings/*/cryptoKeys/*}/cryptoKeyVersions:import" body: "*" }; } - // Create a new [ImportJob][google.cloud.kms.v1.ImportJob] within a [KeyRing][google.cloud.kms.v1.KeyRing]. + // Create a new [ImportJob][google.cloud.kms.v1.ImportJob] within a + // [KeyRing][google.cloud.kms.v1.KeyRing]. // - // [ImportJob.import_method][google.cloud.kms.v1.ImportJob.import_method] is required. + // [ImportJob.import_method][google.cloud.kms.v1.ImportJob.import_method] is + // required. rpc CreateImportJob(CreateImportJobRequest) returns (ImportJob) { option (google.api.http) = { post: "/v1/{parent=projects/*/locations/*/keyRings/*}/importJobs" @@ -194,14 +209,20 @@ service KeyManagementService { option (google.api.method_signature) = "crypto_key,update_mask"; } - // Update a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s metadata. + // Update a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s + // metadata. // // [state][google.cloud.kms.v1.CryptoKeyVersion.state] may be changed between - // [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED] and - // [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED] using this - // method. See [DestroyCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion] and [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion] to - // move between other states. - rpc UpdateCryptoKeyVersion(UpdateCryptoKeyVersionRequest) returns (CryptoKeyVersion) { + // [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED] + // and + // [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED] + // using this method. See + // [DestroyCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion] + // and + // [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion] + // to move between other states. + rpc UpdateCryptoKeyVersion(UpdateCryptoKeyVersionRequest) + returns (CryptoKeyVersion) { option (google.api.http) = { patch: "/v1/{crypto_key_version.name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}" body: "crypto_key_version" @@ -209,11 +230,14 @@ service KeyManagementService { option (google.api.method_signature) = "crypto_key_version,update_mask"; } - // Update the version of a [CryptoKey][google.cloud.kms.v1.CryptoKey] that will be used in [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. + // Update the version of a [CryptoKey][google.cloud.kms.v1.CryptoKey] that + // will be used in + // [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. // // Returns an error if called on a key whose purpose is not // [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT]. - rpc UpdateCryptoKeyPrimaryVersion(UpdateCryptoKeyPrimaryVersionRequest) returns (CryptoKey) { + rpc UpdateCryptoKeyPrimaryVersion(UpdateCryptoKeyPrimaryVersionRequest) + returns (CryptoKey) { option (google.api.http) = { post: "/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*}:updatePrimaryVersion" body: "*" @@ -221,20 +245,29 @@ service KeyManagementService { option (google.api.method_signature) = "name,crypto_key_version_id"; } - // Schedule a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] for destruction. + // Schedule a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] for + // destruction. // - // Upon calling this method, [CryptoKeyVersion.state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to + // Upon calling this method, + // [CryptoKeyVersion.state][google.cloud.kms.v1.CryptoKeyVersion.state] will + // be set to // [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED], - // and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will be set to the time - // [destroy_scheduled_duration][google.cloud.kms.v1.CryptoKey.destroy_scheduled_duration] in the - // future. At that time, the [state][google.cloud.kms.v1.CryptoKeyVersion.state] will - // automatically change to - // [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED], and the key - // material will be irrevocably destroyed. + // and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will + // be set to the time + // [destroy_scheduled_duration][google.cloud.kms.v1.CryptoKey.destroy_scheduled_duration] + // in the future. At that time, the + // [state][google.cloud.kms.v1.CryptoKeyVersion.state] will automatically + // change to + // [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED], + // and the key material will be irrevocably destroyed. // - // Before the [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] is reached, - // [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion] may be called to reverse the process. - rpc DestroyCryptoKeyVersion(DestroyCryptoKeyVersionRequest) returns (CryptoKeyVersion) { + // Before the + // [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] is + // reached, + // [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion] + // may be called to reverse the process. + rpc DestroyCryptoKeyVersion(DestroyCryptoKeyVersionRequest) + returns (CryptoKeyVersion) { option (google.api.http) = { post: "/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}:destroy" body: "*" @@ -246,10 +279,13 @@ service KeyManagementService { // [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED] // state. // - // Upon restoration of the CryptoKeyVersion, [state][google.cloud.kms.v1.CryptoKeyVersion.state] - // will be set to [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED], - // and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will be cleared. - rpc RestoreCryptoKeyVersion(RestoreCryptoKeyVersionRequest) returns (CryptoKeyVersion) { + // Upon restoration of the CryptoKeyVersion, + // [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to + // [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED], + // and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will + // be cleared. + rpc RestoreCryptoKeyVersion(RestoreCryptoKeyVersionRequest) + returns (CryptoKeyVersion) { option (google.api.http) = { post: "/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}:restore" body: "*" @@ -257,8 +293,9 @@ service KeyManagementService { option (google.api.method_signature) = "name"; } - // Encrypts data, so that it can only be recovered by a call to [Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt]. - // The [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be + // Encrypts data, so that it can only be recovered by a call to + // [Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt]. The + // [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be // [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT]. rpc Encrypt(EncryptRequest) returns (EncryptResponse) { option (google.api.http) = { @@ -268,8 +305,10 @@ service KeyManagementService { option (google.api.method_signature) = "name,plaintext"; } - // Decrypts data that was protected by [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. The [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] - // must be [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT]. + // Decrypts data that was protected by + // [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. The + // [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be + // [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT]. rpc Decrypt(DecryptRequest) returns (DecryptResponse) { option (google.api.http) = { post: "/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*}:decrypt" @@ -278,9 +317,11 @@ service KeyManagementService { option (google.api.method_signature) = "name,ciphertext"; } - // Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] + // Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] + // with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] // ASYMMETRIC_SIGN, producing a signature that can be verified with the public - // key retrieved from [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey]. + // key retrieved from + // [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey]. rpc AsymmetricSign(AsymmetricSignRequest) returns (AsymmetricSignResponse) { option (google.api.http) = { post: "/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}:asymmetricSign" @@ -290,9 +331,12 @@ service KeyManagementService { } // Decrypts data that was encrypted with a public key retrieved from - // [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey] corresponding to a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with - // [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] ASYMMETRIC_DECRYPT. - rpc AsymmetricDecrypt(AsymmetricDecryptRequest) returns (AsymmetricDecryptResponse) { + // [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey] + // corresponding to a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] + // with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] + // ASYMMETRIC_DECRYPT. + rpc AsymmetricDecrypt(AsymmetricDecryptRequest) + returns (AsymmetricDecryptResponse) { option (google.api.http) = { post: "/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}:asymmetricDecrypt" body: "*" @@ -300,9 +344,9 @@ service KeyManagementService { option (google.api.method_signature) = "name,ciphertext"; } - // Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] - // MAC, producing a tag that can be verified by another source with the - // same key. + // Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] + // with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] MAC, + // producing a tag that can be verified by another source with the same key. rpc MacSign(MacSignRequest) returns (MacSignResponse) { option (google.api.http) = { post: "/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}:macSign" @@ -311,9 +355,10 @@ service KeyManagementService { option (google.api.method_signature) = "name,data"; } - // Verifies MAC tag using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] - // MAC, and returns a response that indicates whether or not the verification - // was successful. + // Verifies MAC tag using a + // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with + // [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] MAC, and returns + // a response that indicates whether or not the verification was successful. rpc MacVerify(MacVerifyRequest) returns (MacVerifyResponse) { option (google.api.http) = { post: "/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}:macVerify" @@ -324,19 +369,23 @@ service KeyManagementService { // Generate random bytes using the Cloud KMS randomness source in the provided // location. - rpc GenerateRandomBytes(GenerateRandomBytesRequest) returns (GenerateRandomBytesResponse) { + rpc GenerateRandomBytes(GenerateRandomBytesRequest) + returns (GenerateRandomBytesResponse) { option (google.api.http) = { post: "/v1/{location=projects/*/locations/*}:generateRandomBytes" body: "*" }; - option (google.api.method_signature) = "location,length_bytes,protection_level"; + option (google.api.method_signature) = + "location,length_bytes,protection_level"; } } -// Request message for [KeyManagementService.ListKeyRings][google.cloud.kms.v1.KeyManagementService.ListKeyRings]. +// Request message for +// [KeyManagementService.ListKeyRings][google.cloud.kms.v1.KeyManagementService.ListKeyRings]. message ListKeyRingsRequest { // Required. The resource name of the location associated with the - // [KeyRings][google.cloud.kms.v1.KeyRing], in the format `projects/*/locations/*`. + // [KeyRings][google.cloud.kms.v1.KeyRing], in the format + // `projects/*/locations/*`. string parent = 1 [ (google.api.field_behavior) = REQUIRED, (google.api.resource_reference) = { @@ -344,10 +393,13 @@ message ListKeyRingsRequest { } ]; - // Optional. Optional limit on the number of [KeyRings][google.cloud.kms.v1.KeyRing] to include in the - // response. Further [KeyRings][google.cloud.kms.v1.KeyRing] can subsequently be obtained by - // including the [ListKeyRingsResponse.next_page_token][google.cloud.kms.v1.ListKeyRingsResponse.next_page_token] in a subsequent - // request. If unspecified, the server will pick an appropriate default. + // Optional. Optional limit on the number of + // [KeyRings][google.cloud.kms.v1.KeyRing] to include in the response. Further + // [KeyRings][google.cloud.kms.v1.KeyRing] can subsequently be obtained by + // including the + // [ListKeyRingsResponse.next_page_token][google.cloud.kms.v1.ListKeyRingsResponse.next_page_token] + // in a subsequent request. If unspecified, the server will pick an + // appropriate default. int32 page_size = 2 [(google.api.field_behavior) = OPTIONAL]; // Optional. Optional pagination token, returned earlier via @@ -367,10 +419,11 @@ message ListKeyRingsRequest { string order_by = 5 [(google.api.field_behavior) = OPTIONAL]; } -// Request message for [KeyManagementService.ListCryptoKeys][google.cloud.kms.v1.KeyManagementService.ListCryptoKeys]. +// Request message for +// [KeyManagementService.ListCryptoKeys][google.cloud.kms.v1.KeyManagementService.ListCryptoKeys]. message ListCryptoKeysRequest { - // Required. The resource name of the [KeyRing][google.cloud.kms.v1.KeyRing] to list, in the format - // `projects/*/locations/*/keyRings/*`. + // Required. The resource name of the [KeyRing][google.cloud.kms.v1.KeyRing] + // to list, in the format `projects/*/locations/*/keyRings/*`. string parent = 1 [ (google.api.field_behavior) = REQUIRED, (google.api.resource_reference) = { @@ -378,10 +431,13 @@ message ListCryptoKeysRequest { } ]; - // Optional. Optional limit on the number of [CryptoKeys][google.cloud.kms.v1.CryptoKey] to include in the - // response. Further [CryptoKeys][google.cloud.kms.v1.CryptoKey] can subsequently be obtained by - // including the [ListCryptoKeysResponse.next_page_token][google.cloud.kms.v1.ListCryptoKeysResponse.next_page_token] in a subsequent - // request. If unspecified, the server will pick an appropriate default. + // Optional. Optional limit on the number of + // [CryptoKeys][google.cloud.kms.v1.CryptoKey] to include in the response. + // Further [CryptoKeys][google.cloud.kms.v1.CryptoKey] can subsequently be + // obtained by including the + // [ListCryptoKeysResponse.next_page_token][google.cloud.kms.v1.ListCryptoKeysResponse.next_page_token] + // in a subsequent request. If unspecified, the server will pick an + // appropriate default. int32 page_size = 2 [(google.api.field_behavior) = OPTIONAL]; // Optional. Optional pagination token, returned earlier via @@ -404,9 +460,11 @@ message ListCryptoKeysRequest { string order_by = 6 [(google.api.field_behavior) = OPTIONAL]; } -// Request message for [KeyManagementService.ListCryptoKeyVersions][google.cloud.kms.v1.KeyManagementService.ListCryptoKeyVersions]. +// Request message for +// [KeyManagementService.ListCryptoKeyVersions][google.cloud.kms.v1.KeyManagementService.ListCryptoKeyVersions]. message ListCryptoKeyVersionsRequest { - // Required. The resource name of the [CryptoKey][google.cloud.kms.v1.CryptoKey] to list, in the format + // Required. The resource name of the + // [CryptoKey][google.cloud.kms.v1.CryptoKey] to list, in the format // `projects/*/locations/*/keyRings/*/cryptoKeys/*`. string parent = 1 [ (google.api.field_behavior) = REQUIRED, @@ -415,11 +473,13 @@ message ListCryptoKeyVersionsRequest { } ]; - // Optional. Optional limit on the number of [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] to - // include in the response. Further [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] can - // subsequently be obtained by including the - // [ListCryptoKeyVersionsResponse.next_page_token][google.cloud.kms.v1.ListCryptoKeyVersionsResponse.next_page_token] in a subsequent request. - // If unspecified, the server will pick an appropriate default. + // Optional. Optional limit on the number of + // [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] to include in the + // response. Further [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] + // can subsequently be obtained by including the + // [ListCryptoKeyVersionsResponse.next_page_token][google.cloud.kms.v1.ListCryptoKeyVersionsResponse.next_page_token] + // in a subsequent request. If unspecified, the server will pick an + // appropriate default. int32 page_size = 2 [(google.api.field_behavior) = OPTIONAL]; // Optional. Optional pagination token, returned earlier via @@ -442,10 +502,11 @@ message ListCryptoKeyVersionsRequest { string order_by = 6 [(google.api.field_behavior) = OPTIONAL]; } -// Request message for [KeyManagementService.ListImportJobs][google.cloud.kms.v1.KeyManagementService.ListImportJobs]. +// Request message for +// [KeyManagementService.ListImportJobs][google.cloud.kms.v1.KeyManagementService.ListImportJobs]. message ListImportJobsRequest { - // Required. The resource name of the [KeyRing][google.cloud.kms.v1.KeyRing] to list, in the format - // `projects/*/locations/*/keyRings/*`. + // Required. The resource name of the [KeyRing][google.cloud.kms.v1.KeyRing] + // to list, in the format `projects/*/locations/*/keyRings/*`. string parent = 1 [ (google.api.field_behavior) = REQUIRED, (google.api.resource_reference) = { @@ -453,10 +514,13 @@ message ListImportJobsRequest { } ]; - // Optional. Optional limit on the number of [ImportJobs][google.cloud.kms.v1.ImportJob] to include in the - // response. Further [ImportJobs][google.cloud.kms.v1.ImportJob] can subsequently be obtained by - // including the [ListImportJobsResponse.next_page_token][google.cloud.kms.v1.ListImportJobsResponse.next_page_token] in a subsequent - // request. If unspecified, the server will pick an appropriate default. + // Optional. Optional limit on the number of + // [ImportJobs][google.cloud.kms.v1.ImportJob] to include in the response. + // Further [ImportJobs][google.cloud.kms.v1.ImportJob] can subsequently be + // obtained by including the + // [ListImportJobsResponse.next_page_token][google.cloud.kms.v1.ListImportJobsResponse.next_page_token] + // in a subsequent request. If unspecified, the server will pick an + // appropriate default. int32 page_size = 2 [(google.api.field_behavior) = OPTIONAL]; // Optional. Optional pagination token, returned earlier via @@ -476,63 +540,76 @@ message ListImportJobsRequest { string order_by = 5 [(google.api.field_behavior) = OPTIONAL]; } -// Response message for [KeyManagementService.ListKeyRings][google.cloud.kms.v1.KeyManagementService.ListKeyRings]. +// Response message for +// [KeyManagementService.ListKeyRings][google.cloud.kms.v1.KeyManagementService.ListKeyRings]. message ListKeyRingsResponse { // The list of [KeyRings][google.cloud.kms.v1.KeyRing]. repeated KeyRing key_rings = 1; // A token to retrieve next page of results. Pass this value in - // [ListKeyRingsRequest.page_token][google.cloud.kms.v1.ListKeyRingsRequest.page_token] to retrieve the next page of results. + // [ListKeyRingsRequest.page_token][google.cloud.kms.v1.ListKeyRingsRequest.page_token] + // to retrieve the next page of results. string next_page_token = 2; - // The total number of [KeyRings][google.cloud.kms.v1.KeyRing] that matched the query. + // The total number of [KeyRings][google.cloud.kms.v1.KeyRing] that matched + // the query. int32 total_size = 3; } -// Response message for [KeyManagementService.ListCryptoKeys][google.cloud.kms.v1.KeyManagementService.ListCryptoKeys]. +// Response message for +// [KeyManagementService.ListCryptoKeys][google.cloud.kms.v1.KeyManagementService.ListCryptoKeys]. message ListCryptoKeysResponse { // The list of [CryptoKeys][google.cloud.kms.v1.CryptoKey]. repeated CryptoKey crypto_keys = 1; // A token to retrieve next page of results. Pass this value in - // [ListCryptoKeysRequest.page_token][google.cloud.kms.v1.ListCryptoKeysRequest.page_token] to retrieve the next page of results. + // [ListCryptoKeysRequest.page_token][google.cloud.kms.v1.ListCryptoKeysRequest.page_token] + // to retrieve the next page of results. string next_page_token = 2; - // The total number of [CryptoKeys][google.cloud.kms.v1.CryptoKey] that matched the query. + // The total number of [CryptoKeys][google.cloud.kms.v1.CryptoKey] that + // matched the query. int32 total_size = 3; } -// Response message for [KeyManagementService.ListCryptoKeyVersions][google.cloud.kms.v1.KeyManagementService.ListCryptoKeyVersions]. +// Response message for +// [KeyManagementService.ListCryptoKeyVersions][google.cloud.kms.v1.KeyManagementService.ListCryptoKeyVersions]. message ListCryptoKeyVersionsResponse { // The list of [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion]. repeated CryptoKeyVersion crypto_key_versions = 1; // A token to retrieve next page of results. Pass this value in - // [ListCryptoKeyVersionsRequest.page_token][google.cloud.kms.v1.ListCryptoKeyVersionsRequest.page_token] to retrieve the next page of - // results. + // [ListCryptoKeyVersionsRequest.page_token][google.cloud.kms.v1.ListCryptoKeyVersionsRequest.page_token] + // to retrieve the next page of results. string next_page_token = 2; - // The total number of [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] that matched the + // The total number of + // [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] that matched the // query. int32 total_size = 3; } -// Response message for [KeyManagementService.ListImportJobs][google.cloud.kms.v1.KeyManagementService.ListImportJobs]. +// Response message for +// [KeyManagementService.ListImportJobs][google.cloud.kms.v1.KeyManagementService.ListImportJobs]. message ListImportJobsResponse { // The list of [ImportJobs][google.cloud.kms.v1.ImportJob]. repeated ImportJob import_jobs = 1; // A token to retrieve next page of results. Pass this value in - // [ListImportJobsRequest.page_token][google.cloud.kms.v1.ListImportJobsRequest.page_token] to retrieve the next page of results. + // [ListImportJobsRequest.page_token][google.cloud.kms.v1.ListImportJobsRequest.page_token] + // to retrieve the next page of results. string next_page_token = 2; - // The total number of [ImportJobs][google.cloud.kms.v1.ImportJob] that matched the query. + // The total number of [ImportJobs][google.cloud.kms.v1.ImportJob] that + // matched the query. int32 total_size = 3; } -// Request message for [KeyManagementService.GetKeyRing][google.cloud.kms.v1.KeyManagementService.GetKeyRing]. +// Request message for +// [KeyManagementService.GetKeyRing][google.cloud.kms.v1.KeyManagementService.GetKeyRing]. message GetKeyRingRequest { - // Required. The [name][google.cloud.kms.v1.KeyRing.name] of the [KeyRing][google.cloud.kms.v1.KeyRing] to get. + // Required. The [name][google.cloud.kms.v1.KeyRing.name] of the + // [KeyRing][google.cloud.kms.v1.KeyRing] to get. string name = 1 [ (google.api.field_behavior) = REQUIRED, (google.api.resource_reference) = { @@ -541,9 +618,11 @@ message GetKeyRingRequest { ]; } -// Request message for [KeyManagementService.GetCryptoKey][google.cloud.kms.v1.KeyManagementService.GetCryptoKey]. +// Request message for +// [KeyManagementService.GetCryptoKey][google.cloud.kms.v1.KeyManagementService.GetCryptoKey]. message GetCryptoKeyRequest { - // Required. The [name][google.cloud.kms.v1.CryptoKey.name] of the [CryptoKey][google.cloud.kms.v1.CryptoKey] to get. + // Required. The [name][google.cloud.kms.v1.CryptoKey.name] of the + // [CryptoKey][google.cloud.kms.v1.CryptoKey] to get. string name = 1 [ (google.api.field_behavior) = REQUIRED, (google.api.resource_reference) = { @@ -552,9 +631,11 @@ message GetCryptoKeyRequest { ]; } -// Request message for [KeyManagementService.GetCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.GetCryptoKeyVersion]. +// Request message for +// [KeyManagementService.GetCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.GetCryptoKeyVersion]. message GetCryptoKeyVersionRequest { - // Required. The [name][google.cloud.kms.v1.CryptoKeyVersion.name] of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to get. + // Required. The [name][google.cloud.kms.v1.CryptoKeyVersion.name] of the + // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to get. string name = 1 [ (google.api.field_behavior) = REQUIRED, (google.api.resource_reference) = { @@ -563,10 +644,11 @@ message GetCryptoKeyVersionRequest { ]; } -// Request message for [KeyManagementService.GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey]. +// Request message for +// [KeyManagementService.GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey]. message GetPublicKeyRequest { - // Required. The [name][google.cloud.kms.v1.CryptoKeyVersion.name] of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] public key to - // get. + // Required. The [name][google.cloud.kms.v1.CryptoKeyVersion.name] of the + // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] public key to get. string name = 1 [ (google.api.field_behavior) = REQUIRED, (google.api.resource_reference) = { @@ -575,9 +657,11 @@ message GetPublicKeyRequest { ]; } -// Request message for [KeyManagementService.GetImportJob][google.cloud.kms.v1.KeyManagementService.GetImportJob]. +// Request message for +// [KeyManagementService.GetImportJob][google.cloud.kms.v1.KeyManagementService.GetImportJob]. message GetImportJobRequest { - // Required. The [name][google.cloud.kms.v1.ImportJob.name] of the [ImportJob][google.cloud.kms.v1.ImportJob] to get. + // Required. The [name][google.cloud.kms.v1.ImportJob.name] of the + // [ImportJob][google.cloud.kms.v1.ImportJob] to get. string name = 1 [ (google.api.field_behavior) = REQUIRED, (google.api.resource_reference) = { @@ -586,10 +670,12 @@ message GetImportJobRequest { ]; } -// Request message for [KeyManagementService.CreateKeyRing][google.cloud.kms.v1.KeyManagementService.CreateKeyRing]. +// Request message for +// [KeyManagementService.CreateKeyRing][google.cloud.kms.v1.KeyManagementService.CreateKeyRing]. message CreateKeyRingRequest { // Required. The resource name of the location associated with the - // [KeyRings][google.cloud.kms.v1.KeyRing], in the format `projects/*/locations/*`. + // [KeyRings][google.cloud.kms.v1.KeyRing], in the format + // `projects/*/locations/*`. string parent = 1 [ (google.api.field_behavior) = REQUIRED, (google.api.resource_reference) = { @@ -601,14 +687,16 @@ message CreateKeyRingRequest { // expression `[a-zA-Z0-9_-]{1,63}` string key_ring_id = 2 [(google.api.field_behavior) = REQUIRED]; - // Required. A [KeyRing][google.cloud.kms.v1.KeyRing] with initial field values. + // Required. A [KeyRing][google.cloud.kms.v1.KeyRing] with initial field + // values. KeyRing key_ring = 3 [(google.api.field_behavior) = REQUIRED]; } -// Request message for [KeyManagementService.CreateCryptoKey][google.cloud.kms.v1.KeyManagementService.CreateCryptoKey]. +// Request message for +// [KeyManagementService.CreateCryptoKey][google.cloud.kms.v1.KeyManagementService.CreateCryptoKey]. message CreateCryptoKeyRequest { - // Required. The [name][google.cloud.kms.v1.KeyRing.name] of the KeyRing associated with the - // [CryptoKeys][google.cloud.kms.v1.CryptoKey]. + // Required. The [name][google.cloud.kms.v1.KeyRing.name] of the KeyRing + // associated with the [CryptoKeys][google.cloud.kms.v1.CryptoKey]. string parent = 1 [ (google.api.field_behavior) = REQUIRED, (google.api.resource_reference) = { @@ -620,21 +708,27 @@ message CreateCryptoKeyRequest { // expression `[a-zA-Z0-9_-]{1,63}` string crypto_key_id = 2 [(google.api.field_behavior) = REQUIRED]; - // Required. A [CryptoKey][google.cloud.kms.v1.CryptoKey] with initial field values. + // Required. A [CryptoKey][google.cloud.kms.v1.CryptoKey] with initial field + // values. CryptoKey crypto_key = 3 [(google.api.field_behavior) = REQUIRED]; - // If set to true, the request will create a [CryptoKey][google.cloud.kms.v1.CryptoKey] without any - // [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion]. You must manually call - // [CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion] or + // If set to true, the request will create a + // [CryptoKey][google.cloud.kms.v1.CryptoKey] without any + // [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion]. You must + // manually call + // [CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion] + // or // [ImportCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.ImportCryptoKeyVersion] // before you can use this [CryptoKey][google.cloud.kms.v1.CryptoKey]. bool skip_initial_version_creation = 5; } -// Request message for [KeyManagementService.CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion]. +// Request message for +// [KeyManagementService.CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion]. message CreateCryptoKeyVersionRequest { - // Required. The [name][google.cloud.kms.v1.CryptoKey.name] of the [CryptoKey][google.cloud.kms.v1.CryptoKey] associated with - // the [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion]. + // Required. The [name][google.cloud.kms.v1.CryptoKey.name] of the + // [CryptoKey][google.cloud.kms.v1.CryptoKey] associated with the + // [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion]. string parent = 1 [ (google.api.field_behavior) = REQUIRED, (google.api.resource_reference) = { @@ -642,13 +736,17 @@ message CreateCryptoKeyVersionRequest { } ]; - // Required. A [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with initial field values. - CryptoKeyVersion crypto_key_version = 2 [(google.api.field_behavior) = REQUIRED]; + // Required. A [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with + // initial field values. + CryptoKeyVersion crypto_key_version = 2 + [(google.api.field_behavior) = REQUIRED]; } -// Request message for [KeyManagementService.ImportCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.ImportCryptoKeyVersion]. +// Request message for +// [KeyManagementService.ImportCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.ImportCryptoKeyVersion]. message ImportCryptoKeyVersionRequest { - // Required. The [name][google.cloud.kms.v1.CryptoKey.name] of the [CryptoKey][google.cloud.kms.v1.CryptoKey] to be imported into. + // Required. The [name][google.cloud.kms.v1.CryptoKey.name] of the + // [CryptoKey][google.cloud.kms.v1.CryptoKey] to be imported into. // // The create permission is only required on this key when creating a new // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. @@ -659,20 +757,25 @@ message ImportCryptoKeyVersionRequest { } ]; - // Optional. The optional [name][google.cloud.kms.v1.CryptoKeyVersion.name] of an existing - // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to target for an import operation. - // If this field is not present, a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] containing the + // Optional. The optional [name][google.cloud.kms.v1.CryptoKeyVersion.name] of + // an existing [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to + // target for an import operation. If this field is not present, a new + // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] containing the // supplied key material is created. // // If this field is present, the supplied key material is imported into - // the existing [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. To import into an existing - // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion], the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] must be a child of - // [ImportCryptoKeyVersionRequest.parent][google.cloud.kms.v1.ImportCryptoKeyVersionRequest.parent], have been previously created via - // [ImportCryptoKeyVersion][], and be in - // [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED] or + // the existing [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. To + // import into an existing + // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion], the + // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] must be a child of + // [ImportCryptoKeyVersionRequest.parent][google.cloud.kms.v1.ImportCryptoKeyVersionRequest.parent], + // have been previously created via [ImportCryptoKeyVersion][], and be in + // [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED] + // or // [IMPORT_FAILED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.IMPORT_FAILED] // state. The key material and algorithm must match the previous - // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] exactly if the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] has ever contained + // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] exactly if the + // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] has ever contained // key material. string crypto_key_version = 6 [ (google.api.field_behavior) = OPTIONAL, @@ -681,14 +784,17 @@ message ImportCryptoKeyVersionRequest { } ]; - // Required. The [algorithm][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm] of - // the key being imported. This does not need to match the - // [version_template][google.cloud.kms.v1.CryptoKey.version_template] of the [CryptoKey][google.cloud.kms.v1.CryptoKey] this - // version imports into. - CryptoKeyVersion.CryptoKeyVersionAlgorithm algorithm = 2 [(google.api.field_behavior) = REQUIRED]; - - // Required. The [name][google.cloud.kms.v1.ImportJob.name] of the [ImportJob][google.cloud.kms.v1.ImportJob] that was used to - // wrap this key material. + // Required. The + // [algorithm][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm] + // of the key being imported. This does not need to match the + // [version_template][google.cloud.kms.v1.CryptoKey.version_template] of the + // [CryptoKey][google.cloud.kms.v1.CryptoKey] this version imports into. + CryptoKeyVersion.CryptoKeyVersionAlgorithm algorithm = 2 + [(google.api.field_behavior) = REQUIRED]; + + // Required. The [name][google.cloud.kms.v1.ImportJob.name] of the + // [ImportJob][google.cloud.kms.v1.ImportJob] that was used to wrap this key + // material. string import_job = 4 [(google.api.field_behavior) = REQUIRED]; // Required. The incoming wrapped key material that is to be imported. @@ -701,8 +807,9 @@ message ImportCryptoKeyVersionRequest { // This field contains the concatenation of two wrapped keys: //
    //
  1. An ephemeral AES-256 wrapping key wrapped with the - // [public_key][google.cloud.kms.v1.ImportJob.public_key] using RSAES-OAEP with SHA-1, - // MGF1 with SHA-1, and an empty label. + // [public_key][google.cloud.kms.v1.ImportJob.public_key] using + // RSAES-OAEP with SHA-1/SHA-256, MGF1 with SHA-1/SHA-256, and an + // empty label. //
  2. //
  3. The key to be imported, wrapped with the ephemeral AES-256 key // using AES-KWP (RFC 5649). @@ -720,9 +827,11 @@ message ImportCryptoKeyVersionRequest { } } -// Request message for [KeyManagementService.CreateImportJob][google.cloud.kms.v1.KeyManagementService.CreateImportJob]. +// Request message for +// [KeyManagementService.CreateImportJob][google.cloud.kms.v1.KeyManagementService.CreateImportJob]. message CreateImportJobRequest { - // Required. The [name][google.cloud.kms.v1.KeyRing.name] of the [KeyRing][google.cloud.kms.v1.KeyRing] associated with the + // Required. The [name][google.cloud.kms.v1.KeyRing.name] of the + // [KeyRing][google.cloud.kms.v1.KeyRing] associated with the // [ImportJobs][google.cloud.kms.v1.ImportJob]. string parent = 1 [ (google.api.field_behavior) = REQUIRED, @@ -735,31 +844,40 @@ message CreateImportJobRequest { // expression `[a-zA-Z0-9_-]{1,63}` string import_job_id = 2 [(google.api.field_behavior) = REQUIRED]; - // Required. An [ImportJob][google.cloud.kms.v1.ImportJob] with initial field values. + // Required. An [ImportJob][google.cloud.kms.v1.ImportJob] with initial field + // values. ImportJob import_job = 3 [(google.api.field_behavior) = REQUIRED]; } -// Request message for [KeyManagementService.UpdateCryptoKey][google.cloud.kms.v1.KeyManagementService.UpdateCryptoKey]. +// Request message for +// [KeyManagementService.UpdateCryptoKey][google.cloud.kms.v1.KeyManagementService.UpdateCryptoKey]. message UpdateCryptoKeyRequest { // Required. [CryptoKey][google.cloud.kms.v1.CryptoKey] with updated values. CryptoKey crypto_key = 1 [(google.api.field_behavior) = REQUIRED]; // Required. List of fields to be updated in this request. - google.protobuf.FieldMask update_mask = 2 [(google.api.field_behavior) = REQUIRED]; + google.protobuf.FieldMask update_mask = 2 + [(google.api.field_behavior) = REQUIRED]; } -// Request message for [KeyManagementService.UpdateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.UpdateCryptoKeyVersion]. +// Request message for +// [KeyManagementService.UpdateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.UpdateCryptoKeyVersion]. message UpdateCryptoKeyVersionRequest { - // Required. [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with updated values. - CryptoKeyVersion crypto_key_version = 1 [(google.api.field_behavior) = REQUIRED]; + // Required. [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with + // updated values. + CryptoKeyVersion crypto_key_version = 1 + [(google.api.field_behavior) = REQUIRED]; // Required. List of fields to be updated in this request. - google.protobuf.FieldMask update_mask = 2 [(google.api.field_behavior) = REQUIRED]; + google.protobuf.FieldMask update_mask = 2 + [(google.api.field_behavior) = REQUIRED]; } -// Request message for [KeyManagementService.UpdateCryptoKeyPrimaryVersion][google.cloud.kms.v1.KeyManagementService.UpdateCryptoKeyPrimaryVersion]. +// Request message for +// [KeyManagementService.UpdateCryptoKeyPrimaryVersion][google.cloud.kms.v1.KeyManagementService.UpdateCryptoKeyPrimaryVersion]. message UpdateCryptoKeyPrimaryVersionRequest { - // Required. The resource name of the [CryptoKey][google.cloud.kms.v1.CryptoKey] to update. + // Required. The resource name of the + // [CryptoKey][google.cloud.kms.v1.CryptoKey] to update. string name = 1 [ (google.api.field_behavior) = REQUIRED, (google.api.resource_reference) = { @@ -767,13 +885,16 @@ message UpdateCryptoKeyPrimaryVersionRequest { } ]; - // Required. The id of the child [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to use as primary. + // Required. The id of the child + // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to use as primary. string crypto_key_version_id = 2 [(google.api.field_behavior) = REQUIRED]; } -// Request message for [KeyManagementService.DestroyCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion]. +// Request message for +// [KeyManagementService.DestroyCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion]. message DestroyCryptoKeyVersionRequest { - // Required. The resource name of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to destroy. + // Required. The resource name of the + // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to destroy. string name = 1 [ (google.api.field_behavior) = REQUIRED, (google.api.resource_reference) = { @@ -782,9 +903,11 @@ message DestroyCryptoKeyVersionRequest { ]; } -// Request message for [KeyManagementService.RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion]. +// Request message for +// [KeyManagementService.RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion]. message RestoreCryptoKeyVersionRequest { - // Required. The resource name of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to restore. + // Required. The resource name of the + // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to restore. string name = 1 [ (google.api.field_behavior) = REQUIRED, (google.api.resource_reference) = { @@ -793,77 +916,97 @@ message RestoreCryptoKeyVersionRequest { ]; } -// Request message for [KeyManagementService.Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. +// Request message for +// [KeyManagementService.Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. message EncryptRequest { - // Required. The resource name of the [CryptoKey][google.cloud.kms.v1.CryptoKey] or [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] - // to use for encryption. + // Required. The resource name of the + // [CryptoKey][google.cloud.kms.v1.CryptoKey] or + // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to use for + // encryption. // - // If a [CryptoKey][google.cloud.kms.v1.CryptoKey] is specified, the server will use its - // [primary version][google.cloud.kms.v1.CryptoKey.primary]. + // If a [CryptoKey][google.cloud.kms.v1.CryptoKey] is specified, the server + // will use its [primary version][google.cloud.kms.v1.CryptoKey.primary]. string name = 1 [ (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { - type: "*" - } + (google.api.resource_reference) = { type: "*" } ]; // Required. The data to encrypt. Must be no larger than 64KiB. // // The maximum size depends on the key version's - // [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level]. For - // [SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE] keys, the plaintext must be no larger - // than 64KiB. For [HSM][google.cloud.kms.v1.ProtectionLevel.HSM] keys, the combined length of the - // plaintext and additional_authenticated_data fields must be no larger than - // 8KiB. + // [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level]. + // For [SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE] keys, the + // plaintext must be no larger than 64KiB. For + // [HSM][google.cloud.kms.v1.ProtectionLevel.HSM] keys, the combined length of + // the plaintext and additional_authenticated_data fields must be no larger + // than 8KiB. bytes plaintext = 2 [(google.api.field_behavior) = REQUIRED]; - // Optional. Optional data that, if specified, must also be provided during decryption - // through [DecryptRequest.additional_authenticated_data][google.cloud.kms.v1.DecryptRequest.additional_authenticated_data]. + // Optional. Optional data that, if specified, must also be provided during + // decryption through + // [DecryptRequest.additional_authenticated_data][google.cloud.kms.v1.DecryptRequest.additional_authenticated_data]. // // The maximum size depends on the key version's - // [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level]. For - // [SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE] keys, the AAD must be no larger than - // 64KiB. For [HSM][google.cloud.kms.v1.ProtectionLevel.HSM] keys, the combined length of the - // plaintext and additional_authenticated_data fields must be no larger than - // 8KiB. - bytes additional_authenticated_data = 3 [(google.api.field_behavior) = OPTIONAL]; - - // Optional. An optional CRC32C checksum of the [EncryptRequest.plaintext][google.cloud.kms.v1.EncryptRequest.plaintext]. If - // specified, [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will verify the integrity of the - // received [EncryptRequest.plaintext][google.cloud.kms.v1.EncryptRequest.plaintext] using this checksum. - // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will report an error if the checksum verification - // fails. If you receive a checksum error, your client should verify that - // CRC32C([EncryptRequest.plaintext][google.cloud.kms.v1.EncryptRequest.plaintext]) is equal to - // [EncryptRequest.plaintext_crc32c][google.cloud.kms.v1.EncryptRequest.plaintext_crc32c], and if so, perform a limited number of - // retries. A persistent mismatch may indicate an issue in your computation of - // the CRC32C checksum. - // Note: This field is defined as int64 for reasons of compatibility across - // different languages. However, it is a non-negative integer, which will - // never exceed 2^32-1, and can be safely downconverted to uint32 in languages - // that support this type. - google.protobuf.Int64Value plaintext_crc32c = 7 [(google.api.field_behavior) = OPTIONAL]; + // [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level]. + // For [SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE] keys, the AAD + // must be no larger than 64KiB. For + // [HSM][google.cloud.kms.v1.ProtectionLevel.HSM] keys, the combined length of + // the plaintext and additional_authenticated_data fields must be no larger + // than 8KiB. + bytes additional_authenticated_data = 3 + [(google.api.field_behavior) = OPTIONAL]; + + // Optional. An optional CRC32C checksum of the + // [EncryptRequest.plaintext][google.cloud.kms.v1.EncryptRequest.plaintext]. + // If specified, + // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will + // verify the integrity of the received + // [EncryptRequest.plaintext][google.cloud.kms.v1.EncryptRequest.plaintext] + // using this checksum. + // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will + // report an error if the checksum verification fails. If you receive a + // checksum error, your client should verify that + // CRC32C([EncryptRequest.plaintext][google.cloud.kms.v1.EncryptRequest.plaintext]) + // is equal to + // [EncryptRequest.plaintext_crc32c][google.cloud.kms.v1.EncryptRequest.plaintext_crc32c], + // and if so, perform a limited number of retries. A persistent mismatch may + // indicate an issue in your computation of the CRC32C checksum. Note: This + // field is defined as int64 for reasons of compatibility across different + // languages. However, it is a non-negative integer, which will never exceed + // 2^32-1, and can be safely downconverted to uint32 in languages that support + // this type. + google.protobuf.Int64Value plaintext_crc32c = 7 + [(google.api.field_behavior) = OPTIONAL]; // Optional. An optional CRC32C checksum of the - // [EncryptRequest.additional_authenticated_data][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data]. If specified, - // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will verify the integrity of the received - // [EncryptRequest.additional_authenticated_data][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data] using this checksum. - // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will report an error if the checksum verification - // fails. If you receive a checksum error, your client should verify that - // CRC32C([EncryptRequest.additional_authenticated_data][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data]) is equal to - // [EncryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data_crc32c], and if so, perform - // a limited number of retries. A persistent mismatch may indicate an issue in - // your computation of the CRC32C checksum. - // Note: This field is defined as int64 for reasons of compatibility across - // different languages. However, it is a non-negative integer, which will - // never exceed 2^32-1, and can be safely downconverted to uint32 in languages - // that support this type. - google.protobuf.Int64Value additional_authenticated_data_crc32c = 8 [(google.api.field_behavior) = OPTIONAL]; + // [EncryptRequest.additional_authenticated_data][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data]. + // If specified, + // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will + // verify the integrity of the received + // [EncryptRequest.additional_authenticated_data][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data] + // using this checksum. + // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will + // report an error if the checksum verification fails. If you receive a + // checksum error, your client should verify that + // CRC32C([EncryptRequest.additional_authenticated_data][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data]) + // is equal to + // [EncryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data_crc32c], + // and if so, perform a limited number of retries. A persistent mismatch may + // indicate an issue in your computation of the CRC32C checksum. Note: This + // field is defined as int64 for reasons of compatibility across different + // languages. However, it is a non-negative integer, which will never exceed + // 2^32-1, and can be safely downconverted to uint32 in languages that support + // this type. + google.protobuf.Int64Value additional_authenticated_data_crc32c = 8 + [(google.api.field_behavior) = OPTIONAL]; } -// Request message for [KeyManagementService.Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt]. +// Request message for +// [KeyManagementService.Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt]. message DecryptRequest { - // Required. The resource name of the [CryptoKey][google.cloud.kms.v1.CryptoKey] to use for decryption. - // The server will choose the appropriate version. + // Required. The resource name of the + // [CryptoKey][google.cloud.kms.v1.CryptoKey] to use for decryption. The + // server will choose the appropriate version. string name = 1 [ (google.api.field_behavior) = REQUIRED, (google.api.resource_reference) = { @@ -877,43 +1020,60 @@ message DecryptRequest { // Optional. Optional data that must match the data originally supplied in // [EncryptRequest.additional_authenticated_data][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data]. - bytes additional_authenticated_data = 3 [(google.api.field_behavior) = OPTIONAL]; - - // Optional. An optional CRC32C checksum of the [DecryptRequest.ciphertext][google.cloud.kms.v1.DecryptRequest.ciphertext]. If - // specified, [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will verify the integrity of the - // received [DecryptRequest.ciphertext][google.cloud.kms.v1.DecryptRequest.ciphertext] using this checksum. - // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will report an error if the checksum verification - // fails. If you receive a checksum error, your client should verify that - // CRC32C([DecryptRequest.ciphertext][google.cloud.kms.v1.DecryptRequest.ciphertext]) is equal to - // [DecryptRequest.ciphertext_crc32c][google.cloud.kms.v1.DecryptRequest.ciphertext_crc32c], and if so, perform a limited number - // of retries. A persistent mismatch may indicate an issue in your computation - // of the CRC32C checksum. - // Note: This field is defined as int64 for reasons of compatibility across - // different languages. However, it is a non-negative integer, which will - // never exceed 2^32-1, and can be safely downconverted to uint32 in languages - // that support this type. - google.protobuf.Int64Value ciphertext_crc32c = 5 [(google.api.field_behavior) = OPTIONAL]; + bytes additional_authenticated_data = 3 + [(google.api.field_behavior) = OPTIONAL]; // Optional. An optional CRC32C checksum of the - // [DecryptRequest.additional_authenticated_data][google.cloud.kms.v1.DecryptRequest.additional_authenticated_data]. If specified, - // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will verify the integrity of the received - // [DecryptRequest.additional_authenticated_data][google.cloud.kms.v1.DecryptRequest.additional_authenticated_data] using this checksum. - // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will report an error if the checksum verification - // fails. If you receive a checksum error, your client should verify that - // CRC32C([DecryptRequest.additional_authenticated_data][google.cloud.kms.v1.DecryptRequest.additional_authenticated_data]) is equal to - // [DecryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.DecryptRequest.additional_authenticated_data_crc32c], and if so, perform - // a limited number of retries. A persistent mismatch may indicate an issue in - // your computation of the CRC32C checksum. - // Note: This field is defined as int64 for reasons of compatibility across - // different languages. However, it is a non-negative integer, which will - // never exceed 2^32-1, and can be safely downconverted to uint32 in languages - // that support this type. - google.protobuf.Int64Value additional_authenticated_data_crc32c = 6 [(google.api.field_behavior) = OPTIONAL]; + // [DecryptRequest.ciphertext][google.cloud.kms.v1.DecryptRequest.ciphertext]. + // If specified, + // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will + // verify the integrity of the received + // [DecryptRequest.ciphertext][google.cloud.kms.v1.DecryptRequest.ciphertext] + // using this checksum. + // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will + // report an error if the checksum verification fails. If you receive a + // checksum error, your client should verify that + // CRC32C([DecryptRequest.ciphertext][google.cloud.kms.v1.DecryptRequest.ciphertext]) + // is equal to + // [DecryptRequest.ciphertext_crc32c][google.cloud.kms.v1.DecryptRequest.ciphertext_crc32c], + // and if so, perform a limited number of retries. A persistent mismatch may + // indicate an issue in your computation of the CRC32C checksum. Note: This + // field is defined as int64 for reasons of compatibility across different + // languages. However, it is a non-negative integer, which will never exceed + // 2^32-1, and can be safely downconverted to uint32 in languages that support + // this type. + google.protobuf.Int64Value ciphertext_crc32c = 5 + [(google.api.field_behavior) = OPTIONAL]; + + // Optional. An optional CRC32C checksum of the + // [DecryptRequest.additional_authenticated_data][google.cloud.kms.v1.DecryptRequest.additional_authenticated_data]. + // If specified, + // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will + // verify the integrity of the received + // [DecryptRequest.additional_authenticated_data][google.cloud.kms.v1.DecryptRequest.additional_authenticated_data] + // using this checksum. + // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will + // report an error if the checksum verification fails. If you receive a + // checksum error, your client should verify that + // CRC32C([DecryptRequest.additional_authenticated_data][google.cloud.kms.v1.DecryptRequest.additional_authenticated_data]) + // is equal to + // [DecryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.DecryptRequest.additional_authenticated_data_crc32c], + // and if so, perform a limited number of retries. A persistent mismatch may + // indicate an issue in your computation of the CRC32C checksum. Note: This + // field is defined as int64 for reasons of compatibility across different + // languages. However, it is a non-negative integer, which will never exceed + // 2^32-1, and can be safely downconverted to uint32 in languages that support + // this type. + google.protobuf.Int64Value additional_authenticated_data_crc32c = 6 + [(google.api.field_behavior) = OPTIONAL]; } -// Request message for [KeyManagementService.AsymmetricSign][google.cloud.kms.v1.KeyManagementService.AsymmetricSign]. +// Request message for +// [KeyManagementService.AsymmetricSign][google.cloud.kms.v1.KeyManagementService.AsymmetricSign]. message AsymmetricSignRequest { - // Required. The resource name of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to use for signing. + // Required. The resource name of the + // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to use for + // signing. string name = 1 [ (google.api.field_behavior) = REQUIRED, (google.api.resource_reference) = { @@ -924,47 +1084,68 @@ message AsymmetricSignRequest { // Optional. The digest of the data to sign. The digest must be produced with // the same digest algorithm as specified by the key version's // [algorithm][google.cloud.kms.v1.CryptoKeyVersion.algorithm]. + // + // This field may not be supplied if + // [AsymmetricSignRequest.data][google.cloud.kms.v1.AsymmetricSignRequest.data] + // is supplied. Digest digest = 3 [(google.api.field_behavior) = OPTIONAL]; - // Optional. An optional CRC32C checksum of the [AsymmetricSignRequest.digest][google.cloud.kms.v1.AsymmetricSignRequest.digest]. If - // specified, [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will verify the integrity of the - // received [AsymmetricSignRequest.digest][google.cloud.kms.v1.AsymmetricSignRequest.digest] using this checksum. - // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will report an error if the checksum verification - // fails. If you receive a checksum error, your client should verify that - // CRC32C([AsymmetricSignRequest.digest][google.cloud.kms.v1.AsymmetricSignRequest.digest]) is equal to - // [AsymmetricSignRequest.digest_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.digest_crc32c], and if so, perform a limited - // number of retries. A persistent mismatch may indicate an issue in your - // computation of the CRC32C checksum. - // Note: This field is defined as int64 for reasons of compatibility across - // different languages. However, it is a non-negative integer, which will - // never exceed 2^32-1, and can be safely downconverted to uint32 in languages - // that support this type. - google.protobuf.Int64Value digest_crc32c = 4 [(google.api.field_behavior) = OPTIONAL]; - - // Optional. This field will only be honored for RAW_PKCS1 keys. - // The data to sign. A digest is computed over the data that will be signed, - // PKCS #1 padding is applied to the digest directly and then encrypted. + // Optional. An optional CRC32C checksum of the + // [AsymmetricSignRequest.digest][google.cloud.kms.v1.AsymmetricSignRequest.digest]. + // If specified, + // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will + // verify the integrity of the received + // [AsymmetricSignRequest.digest][google.cloud.kms.v1.AsymmetricSignRequest.digest] + // using this checksum. + // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will + // report an error if the checksum verification fails. If you receive a + // checksum error, your client should verify that + // CRC32C([AsymmetricSignRequest.digest][google.cloud.kms.v1.AsymmetricSignRequest.digest]) + // is equal to + // [AsymmetricSignRequest.digest_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.digest_crc32c], + // and if so, perform a limited number of retries. A persistent mismatch may + // indicate an issue in your computation of the CRC32C checksum. Note: This + // field is defined as int64 for reasons of compatibility across different + // languages. However, it is a non-negative integer, which will never exceed + // 2^32-1, and can be safely downconverted to uint32 in languages that support + // this type. + google.protobuf.Int64Value digest_crc32c = 4 + [(google.api.field_behavior) = OPTIONAL]; + + // Optional. The data to sign. + // It can't be supplied if + // [AsymmetricSignRequest.digest][google.cloud.kms.v1.AsymmetricSignRequest.digest] + // is supplied. bytes data = 6 [(google.api.field_behavior) = OPTIONAL]; - // Optional. An optional CRC32C checksum of the [AsymmetricSignRequest.data][google.cloud.kms.v1.AsymmetricSignRequest.data]. If - // specified, [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will verify the integrity of the - // received [AsymmetricSignRequest.data][google.cloud.kms.v1.AsymmetricSignRequest.data] using this checksum. - // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will report an error if the checksum verification - // fails. If you receive a checksum error, your client should verify that - // CRC32C([AsymmetricSignRequest.data][google.cloud.kms.v1.AsymmetricSignRequest.data]) is equal to - // [AsymmetricSignRequest.data_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.data_crc32c], and if so, perform a limited - // number of retries. A persistent mismatch may indicate an issue in your - // computation of the CRC32C checksum. - // Note: This field is defined as int64 for reasons of compatibility across - // different languages. However, it is a non-negative integer, which will - // never exceed 2^32-1, and can be safely downconverted to uint32 in languages - // that support this type. - google.protobuf.Int64Value data_crc32c = 7 [(google.api.field_behavior) = OPTIONAL]; + // Optional. An optional CRC32C checksum of the + // [AsymmetricSignRequest.data][google.cloud.kms.v1.AsymmetricSignRequest.data]. + // If specified, + // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will + // verify the integrity of the received + // [AsymmetricSignRequest.data][google.cloud.kms.v1.AsymmetricSignRequest.data] + // using this checksum. + // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will + // report an error if the checksum verification fails. If you receive a + // checksum error, your client should verify that + // CRC32C([AsymmetricSignRequest.data][google.cloud.kms.v1.AsymmetricSignRequest.data]) + // is equal to + // [AsymmetricSignRequest.data_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.data_crc32c], + // and if so, perform a limited number of retries. A persistent mismatch may + // indicate an issue in your computation of the CRC32C checksum. Note: This + // field is defined as int64 for reasons of compatibility across different + // languages. However, it is a non-negative integer, which will never exceed + // 2^32-1, and can be safely downconverted to uint32 in languages that support + // this type. + google.protobuf.Int64Value data_crc32c = 7 + [(google.api.field_behavior) = OPTIONAL]; } -// Request message for [KeyManagementService.AsymmetricDecrypt][google.cloud.kms.v1.KeyManagementService.AsymmetricDecrypt]. +// Request message for +// [KeyManagementService.AsymmetricDecrypt][google.cloud.kms.v1.KeyManagementService.AsymmetricDecrypt]. message AsymmetricDecryptRequest { - // Required. The resource name of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to use for + // Required. The resource name of the + // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to use for // decryption. string name = 1 [ (google.api.field_behavior) = REQUIRED, @@ -973,29 +1154,40 @@ message AsymmetricDecryptRequest { } ]; - // Required. The data encrypted with the named [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s public - // key using OAEP. + // Required. The data encrypted with the named + // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s public key using + // OAEP. bytes ciphertext = 3 [(google.api.field_behavior) = REQUIRED]; - // Optional. An optional CRC32C checksum of the [AsymmetricDecryptRequest.ciphertext][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext]. - // If specified, [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will verify the integrity of the - // received [AsymmetricDecryptRequest.ciphertext][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext] using this checksum. - // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will report an error if the checksum verification - // fails. If you receive a checksum error, your client should verify that - // CRC32C([AsymmetricDecryptRequest.ciphertext][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext]) is equal to - // [AsymmetricDecryptRequest.ciphertext_crc32c][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext_crc32c], and if so, perform a - // limited number of retries. A persistent mismatch may indicate an issue in - // your computation of the CRC32C checksum. - // Note: This field is defined as int64 for reasons of compatibility across - // different languages. However, it is a non-negative integer, which will - // never exceed 2^32-1, and can be safely downconverted to uint32 in languages - // that support this type. - google.protobuf.Int64Value ciphertext_crc32c = 4 [(google.api.field_behavior) = OPTIONAL]; + // Optional. An optional CRC32C checksum of the + // [AsymmetricDecryptRequest.ciphertext][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext]. + // If specified, + // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will + // verify the integrity of the received + // [AsymmetricDecryptRequest.ciphertext][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext] + // using this checksum. + // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will + // report an error if the checksum verification fails. If you receive a + // checksum error, your client should verify that + // CRC32C([AsymmetricDecryptRequest.ciphertext][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext]) + // is equal to + // [AsymmetricDecryptRequest.ciphertext_crc32c][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext_crc32c], + // and if so, perform a limited number of retries. A persistent mismatch may + // indicate an issue in your computation of the CRC32C checksum. Note: This + // field is defined as int64 for reasons of compatibility across different + // languages. However, it is a non-negative integer, which will never exceed + // 2^32-1, and can be safely downconverted to uint32 in languages that support + // this type. + google.protobuf.Int64Value ciphertext_crc32c = 4 + [(google.api.field_behavior) = OPTIONAL]; } -// Request message for [KeyManagementService.MacSign][google.cloud.kms.v1.KeyManagementService.MacSign]. +// Request message for +// [KeyManagementService.MacSign][google.cloud.kms.v1.KeyManagementService.MacSign]. message MacSignRequest { - // Required. The resource name of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to use for signing. + // Required. The resource name of the + // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to use for + // signing. string name = 1 [ (google.api.field_behavior) = REQUIRED, (google.api.resource_reference) = { @@ -1003,29 +1195,37 @@ message MacSignRequest { } ]; - // Required. The data to sign. The MAC tag is computed over this data field based on - // the specific algorithm. + // Required. The data to sign. The MAC tag is computed over this data field + // based on the specific algorithm. bytes data = 2 [(google.api.field_behavior) = REQUIRED]; - // Optional. An optional CRC32C checksum of the [MacSignRequest.data][google.cloud.kms.v1.MacSignRequest.data]. If - // specified, [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will verify the integrity of the - // received [MacSignRequest.data][google.cloud.kms.v1.MacSignRequest.data] using this checksum. - // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will report an error if the checksum verification - // fails. If you receive a checksum error, your client should verify that - // CRC32C([MacSignRequest.data][google.cloud.kms.v1.MacSignRequest.data]) is equal to - // [MacSignRequest.data_crc32c][google.cloud.kms.v1.MacSignRequest.data_crc32c], and if so, perform a limited - // number of retries. A persistent mismatch may indicate an issue in your - // computation of the CRC32C checksum. - // Note: This field is defined as int64 for reasons of compatibility across - // different languages. However, it is a non-negative integer, which will - // never exceed 2^32-1, and can be safely downconverted to uint32 in languages - // that support this type. - google.protobuf.Int64Value data_crc32c = 3 [(google.api.field_behavior) = OPTIONAL]; + // Optional. An optional CRC32C checksum of the + // [MacSignRequest.data][google.cloud.kms.v1.MacSignRequest.data]. If + // specified, [KeyManagementService][google.cloud.kms.v1.KeyManagementService] + // will verify the integrity of the received + // [MacSignRequest.data][google.cloud.kms.v1.MacSignRequest.data] using this + // checksum. [KeyManagementService][google.cloud.kms.v1.KeyManagementService] + // will report an error if the checksum verification fails. If you receive a + // checksum error, your client should verify that + // CRC32C([MacSignRequest.data][google.cloud.kms.v1.MacSignRequest.data]) is + // equal to + // [MacSignRequest.data_crc32c][google.cloud.kms.v1.MacSignRequest.data_crc32c], + // and if so, perform a limited number of retries. A persistent mismatch may + // indicate an issue in your computation of the CRC32C checksum. Note: This + // field is defined as int64 for reasons of compatibility across different + // languages. However, it is a non-negative integer, which will never exceed + // 2^32-1, and can be safely downconverted to uint32 in languages that support + // this type. + google.protobuf.Int64Value data_crc32c = 3 + [(google.api.field_behavior) = OPTIONAL]; } -// Request message for [KeyManagementService.MacVerify][google.cloud.kms.v1.KeyManagementService.MacVerify]. +// Request message for +// [KeyManagementService.MacVerify][google.cloud.kms.v1.KeyManagementService.MacVerify]. message MacVerifyRequest { - // Required. The resource name of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to use for verification. + // Required. The resource name of the + // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to use for + // verification. string name = 1 [ (google.api.field_behavior) = REQUIRED, (google.api.resource_reference) = { @@ -1033,45 +1233,57 @@ message MacVerifyRequest { } ]; - // Required. The data used previously as a [MacSignRequest.data][google.cloud.kms.v1.MacSignRequest.data] to generate the MAC - // tag. + // Required. The data used previously as a + // [MacSignRequest.data][google.cloud.kms.v1.MacSignRequest.data] to generate + // the MAC tag. bytes data = 2 [(google.api.field_behavior) = REQUIRED]; - // Optional. An optional CRC32C checksum of the [MacVerifyRequest.data][google.cloud.kms.v1.MacVerifyRequest.data]. If - // specified, [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will verify the integrity of the - // received [MacVerifyRequest.data][google.cloud.kms.v1.MacVerifyRequest.data] using this checksum. - // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will report an error if the checksum verification - // fails. If you receive a checksum error, your client should verify that - // CRC32C([MacVerifyRequest.data][google.cloud.kms.v1.MacVerifyRequest.data]) is equal to - // [MacVerifyRequest.data_crc32c][google.cloud.kms.v1.MacVerifyRequest.data_crc32c], and if so, perform a limited - // number of retries. A persistent mismatch may indicate an issue in your - // computation of the CRC32C checksum. - // Note: This field is defined as int64 for reasons of compatibility across - // different languages. However, it is a non-negative integer, which will - // never exceed 2^32-1, and can be safely downconverted to uint32 in languages - // that support this type. - google.protobuf.Int64Value data_crc32c = 3 [(google.api.field_behavior) = OPTIONAL]; + // Optional. An optional CRC32C checksum of the + // [MacVerifyRequest.data][google.cloud.kms.v1.MacVerifyRequest.data]. If + // specified, [KeyManagementService][google.cloud.kms.v1.KeyManagementService] + // will verify the integrity of the received + // [MacVerifyRequest.data][google.cloud.kms.v1.MacVerifyRequest.data] using + // this checksum. + // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will + // report an error if the checksum verification fails. If you receive a + // checksum error, your client should verify that + // CRC32C([MacVerifyRequest.data][google.cloud.kms.v1.MacVerifyRequest.data]) + // is equal to + // [MacVerifyRequest.data_crc32c][google.cloud.kms.v1.MacVerifyRequest.data_crc32c], + // and if so, perform a limited number of retries. A persistent mismatch may + // indicate an issue in your computation of the CRC32C checksum. Note: This + // field is defined as int64 for reasons of compatibility across different + // languages. However, it is a non-negative integer, which will never exceed + // 2^32-1, and can be safely downconverted to uint32 in languages that support + // this type. + google.protobuf.Int64Value data_crc32c = 3 + [(google.api.field_behavior) = OPTIONAL]; // Required. The signature to verify. bytes mac = 4 [(google.api.field_behavior) = REQUIRED]; - // Optional. An optional CRC32C checksum of the [MacVerifyRequest.mac][google.cloud.kms.v1.MacVerifyRequest.mac]. If - // specified, [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will verify the integrity of the - // received [MacVerifyRequest.mac][google.cloud.kms.v1.MacVerifyRequest.mac] using this checksum. - // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will report an error if the checksum verification - // fails. If you receive a checksum error, your client should verify that + // Optional. An optional CRC32C checksum of the + // [MacVerifyRequest.mac][google.cloud.kms.v1.MacVerifyRequest.mac]. If + // specified, [KeyManagementService][google.cloud.kms.v1.KeyManagementService] + // will verify the integrity of the received + // [MacVerifyRequest.mac][google.cloud.kms.v1.MacVerifyRequest.mac] using this + // checksum. [KeyManagementService][google.cloud.kms.v1.KeyManagementService] + // will report an error if the checksum verification fails. If you receive a + // checksum error, your client should verify that // CRC32C([MacVerifyRequest.tag][]) is equal to - // [MacVerifyRequest.mac_crc32c][google.cloud.kms.v1.MacVerifyRequest.mac_crc32c], and if so, perform a limited - // number of retries. A persistent mismatch may indicate an issue in your - // computation of the CRC32C checksum. - // Note: This field is defined as int64 for reasons of compatibility across - // different languages. However, it is a non-negative integer, which will - // never exceed 2^32-1, and can be safely downconverted to uint32 in languages - // that support this type. - google.protobuf.Int64Value mac_crc32c = 5 [(google.api.field_behavior) = OPTIONAL]; + // [MacVerifyRequest.mac_crc32c][google.cloud.kms.v1.MacVerifyRequest.mac_crc32c], + // and if so, perform a limited number of retries. A persistent mismatch may + // indicate an issue in your computation of the CRC32C checksum. Note: This + // field is defined as int64 for reasons of compatibility across different + // languages. However, it is a non-negative integer, which will never exceed + // 2^32-1, and can be safely downconverted to uint32 in languages that support + // this type. + google.protobuf.Int64Value mac_crc32c = 5 + [(google.api.field_behavior) = OPTIONAL]; } -// Request message for [KeyManagementService.GenerateRandomBytes][google.cloud.kms.v1.KeyManagementService.GenerateRandomBytes]. +// Request message for +// [KeyManagementService.GenerateRandomBytes][google.cloud.kms.v1.KeyManagementService.GenerateRandomBytes]. message GenerateRandomBytesRequest { // The project-specific location in which to generate random bytes. // For example, "projects/my-project/locations/us-central1". @@ -1081,228 +1293,311 @@ message GenerateRandomBytesRequest { // bytes, maximum 1024 bytes. int32 length_bytes = 2; - // The [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] to use when generating the random data. Defaults to - // [SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE]. + // The [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] to use when + // generating the random data. Currently, only + // [HSM][google.cloud.kms.v1.ProtectionLevel.HSM] protection level is + // supported. ProtectionLevel protection_level = 3; } -// Response message for [KeyManagementService.Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. +// Response message for +// [KeyManagementService.Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. message EncryptResponse { - // The resource name of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used in encryption. Check - // this field to verify that the intended resource was used for encryption. + // The resource name of the + // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used in + // encryption. Check this field to verify that the intended resource was used + // for encryption. string name = 1; // The encrypted data. bytes ciphertext = 2; // Integrity verification field. A CRC32C checksum of the returned - // [EncryptResponse.ciphertext][google.cloud.kms.v1.EncryptResponse.ciphertext]. An integrity check of - // [EncryptResponse.ciphertext][google.cloud.kms.v1.EncryptResponse.ciphertext] can be performed by computing the CRC32C - // checksum of [EncryptResponse.ciphertext][google.cloud.kms.v1.EncryptResponse.ciphertext] and comparing your results to - // this field. Discard the response in case of non-matching checksum values, - // and perform a limited number of retries. A persistent mismatch may indicate - // an issue in your computation of the CRC32C checksum. - // Note: This field is defined as int64 for reasons of compatibility across - // different languages. However, it is a non-negative integer, which will - // never exceed 2^32-1, and can be safely downconverted to uint32 in languages - // that support this type. + // [EncryptResponse.ciphertext][google.cloud.kms.v1.EncryptResponse.ciphertext]. + // An integrity check of + // [EncryptResponse.ciphertext][google.cloud.kms.v1.EncryptResponse.ciphertext] + // can be performed by computing the CRC32C checksum of + // [EncryptResponse.ciphertext][google.cloud.kms.v1.EncryptResponse.ciphertext] + // and comparing your results to this field. Discard the response in case of + // non-matching checksum values, and perform a limited number of retries. A + // persistent mismatch may indicate an issue in your computation of the CRC32C + // checksum. Note: This field is defined as int64 for reasons of compatibility + // across different languages. However, it is a non-negative integer, which + // will never exceed 2^32-1, and can be safely downconverted to uint32 in + // languages that support this type. google.protobuf.Int64Value ciphertext_crc32c = 4; // Integrity verification field. A flag indicating whether - // [EncryptRequest.plaintext_crc32c][google.cloud.kms.v1.EncryptRequest.plaintext_crc32c] was received by - // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used for the integrity verification of the - // [plaintext][google.cloud.kms.v1.EncryptRequest.plaintext]. A false value of this field - // indicates either that [EncryptRequest.plaintext_crc32c][google.cloud.kms.v1.EncryptRequest.plaintext_crc32c] was left unset or - // that it was not delivered to [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've set - // [EncryptRequest.plaintext_crc32c][google.cloud.kms.v1.EncryptRequest.plaintext_crc32c] but this field is still false, discard - // the response and perform a limited number of retries. + // [EncryptRequest.plaintext_crc32c][google.cloud.kms.v1.EncryptRequest.plaintext_crc32c] + // was received by + // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used + // for the integrity verification of the + // [plaintext][google.cloud.kms.v1.EncryptRequest.plaintext]. A false value of + // this field indicates either that + // [EncryptRequest.plaintext_crc32c][google.cloud.kms.v1.EncryptRequest.plaintext_crc32c] + // was left unset or that it was not delivered to + // [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've + // set + // [EncryptRequest.plaintext_crc32c][google.cloud.kms.v1.EncryptRequest.plaintext_crc32c] + // but this field is still false, discard the response and perform a limited + // number of retries. bool verified_plaintext_crc32c = 5; // Integrity verification field. A flag indicating whether - // [EncryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data_crc32c] was received by - // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used for the integrity verification of the - // [AAD][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data]. A false value of this - // field indicates either that - // [EncryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data_crc32c] was left unset or - // that it was not delivered to [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've set - // [EncryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data_crc32c] but this field is - // still false, discard the response and perform a limited number of retries. + // [EncryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data_crc32c] + // was received by + // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used + // for the integrity verification of the + // [AAD][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data]. A + // false value of this field indicates either that + // [EncryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data_crc32c] + // was left unset or that it was not delivered to + // [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've + // set + // [EncryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data_crc32c] + // but this field is still false, discard the response and perform a limited + // number of retries. bool verified_additional_authenticated_data_crc32c = 6; - // The [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used in encryption. + // The [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] of the + // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used in + // encryption. ProtectionLevel protection_level = 7; } -// Response message for [KeyManagementService.Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt]. +// Response message for +// [KeyManagementService.Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt]. message DecryptResponse { - // The decrypted data originally supplied in [EncryptRequest.plaintext][google.cloud.kms.v1.EncryptRequest.plaintext]. + // The decrypted data originally supplied in + // [EncryptRequest.plaintext][google.cloud.kms.v1.EncryptRequest.plaintext]. bytes plaintext = 1; // Integrity verification field. A CRC32C checksum of the returned - // [DecryptResponse.plaintext][google.cloud.kms.v1.DecryptResponse.plaintext]. An integrity check of - // [DecryptResponse.plaintext][google.cloud.kms.v1.DecryptResponse.plaintext] can be performed by computing the CRC32C - // checksum of [DecryptResponse.plaintext][google.cloud.kms.v1.DecryptResponse.plaintext] and comparing your results to - // this field. Discard the response in case of non-matching checksum values, - // and perform a limited number of retries. A persistent mismatch may indicate - // an issue in your computation of the CRC32C checksum. Note: receiving this - // response message indicates that [KeyManagementService][google.cloud.kms.v1.KeyManagementService] is able to - // successfully decrypt the [ciphertext][google.cloud.kms.v1.DecryptRequest.ciphertext]. - // Note: This field is defined as int64 for reasons of compatibility across - // different languages. However, it is a non-negative integer, which will - // never exceed 2^32-1, and can be safely downconverted to uint32 in languages - // that support this type. + // [DecryptResponse.plaintext][google.cloud.kms.v1.DecryptResponse.plaintext]. + // An integrity check of + // [DecryptResponse.plaintext][google.cloud.kms.v1.DecryptResponse.plaintext] + // can be performed by computing the CRC32C checksum of + // [DecryptResponse.plaintext][google.cloud.kms.v1.DecryptResponse.plaintext] + // and comparing your results to this field. Discard the response in case of + // non-matching checksum values, and perform a limited number of retries. A + // persistent mismatch may indicate an issue in your computation of the CRC32C + // checksum. Note: receiving this response message indicates that + // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] is able to + // successfully decrypt the + // [ciphertext][google.cloud.kms.v1.DecryptRequest.ciphertext]. Note: This + // field is defined as int64 for reasons of compatibility across different + // languages. However, it is a non-negative integer, which will never exceed + // 2^32-1, and can be safely downconverted to uint32 in languages that support + // this type. google.protobuf.Int64Value plaintext_crc32c = 2; // Whether the Decryption was performed using the primary key version. bool used_primary = 3; - // The [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used in decryption. + // The [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] of the + // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used in + // decryption. ProtectionLevel protection_level = 4; } -// Response message for [KeyManagementService.AsymmetricSign][google.cloud.kms.v1.KeyManagementService.AsymmetricSign]. +// Response message for +// [KeyManagementService.AsymmetricSign][google.cloud.kms.v1.KeyManagementService.AsymmetricSign]. message AsymmetricSignResponse { // The created signature. bytes signature = 1; // Integrity verification field. A CRC32C checksum of the returned - // [AsymmetricSignResponse.signature][google.cloud.kms.v1.AsymmetricSignResponse.signature]. An integrity check of - // [AsymmetricSignResponse.signature][google.cloud.kms.v1.AsymmetricSignResponse.signature] can be performed by computing the - // CRC32C checksum of [AsymmetricSignResponse.signature][google.cloud.kms.v1.AsymmetricSignResponse.signature] and comparing your - // results to this field. Discard the response in case of non-matching - // checksum values, and perform a limited number of retries. A persistent - // mismatch may indicate an issue in your computation of the CRC32C checksum. - // Note: This field is defined as int64 for reasons of compatibility across - // different languages. However, it is a non-negative integer, which will - // never exceed 2^32-1, and can be safely downconverted to uint32 in languages - // that support this type. + // [AsymmetricSignResponse.signature][google.cloud.kms.v1.AsymmetricSignResponse.signature]. + // An integrity check of + // [AsymmetricSignResponse.signature][google.cloud.kms.v1.AsymmetricSignResponse.signature] + // can be performed by computing the CRC32C checksum of + // [AsymmetricSignResponse.signature][google.cloud.kms.v1.AsymmetricSignResponse.signature] + // and comparing your results to this field. Discard the response in case of + // non-matching checksum values, and perform a limited number of retries. A + // persistent mismatch may indicate an issue in your computation of the CRC32C + // checksum. Note: This field is defined as int64 for reasons of compatibility + // across different languages. However, it is a non-negative integer, which + // will never exceed 2^32-1, and can be safely downconverted to uint32 in + // languages that support this type. google.protobuf.Int64Value signature_crc32c = 2; // Integrity verification field. A flag indicating whether - // [AsymmetricSignRequest.digest_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.digest_crc32c] was received by - // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used for the integrity verification of the - // [digest][google.cloud.kms.v1.AsymmetricSignRequest.digest]. A false value of this field - // indicates either that [AsymmetricSignRequest.digest_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.digest_crc32c] was left - // unset or that it was not delivered to [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've - // set [AsymmetricSignRequest.digest_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.digest_crc32c] but this field is still false, - // discard the response and perform a limited number of retries. + // [AsymmetricSignRequest.digest_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.digest_crc32c] + // was received by + // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used + // for the integrity verification of the + // [digest][google.cloud.kms.v1.AsymmetricSignRequest.digest]. A false value + // of this field indicates either that + // [AsymmetricSignRequest.digest_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.digest_crc32c] + // was left unset or that it was not delivered to + // [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've + // set + // [AsymmetricSignRequest.digest_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.digest_crc32c] + // but this field is still false, discard the response and perform a limited + // number of retries. bool verified_digest_crc32c = 3; - // The resource name of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used for signing. Check - // this field to verify that the intended resource was used for signing. + // The resource name of the + // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used for signing. + // Check this field to verify that the intended resource was used for signing. string name = 4; // Integrity verification field. A flag indicating whether - // [AsymmetricSignRequest.data_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.data_crc32c] was received by - // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used for the integrity verification of the - // [data][google.cloud.kms.v1.AsymmetricSignRequest.data]. A false value of this field - // indicates either that [AsymmetricSignRequest.data_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.data_crc32c] was left - // unset or that it was not delivered to [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've - // set [AsymmetricSignRequest.data_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.data_crc32c] but this field is still false, - // discard the response and perform a limited number of retries. + // [AsymmetricSignRequest.data_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.data_crc32c] + // was received by + // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used + // for the integrity verification of the + // [data][google.cloud.kms.v1.AsymmetricSignRequest.data]. A false value of + // this field indicates either that + // [AsymmetricSignRequest.data_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.data_crc32c] + // was left unset or that it was not delivered to + // [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've + // set + // [AsymmetricSignRequest.data_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.data_crc32c] + // but this field is still false, discard the response and perform a limited + // number of retries. bool verified_data_crc32c = 5; - // The [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used for signing. + // The [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] of the + // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used for signing. ProtectionLevel protection_level = 6; } -// Response message for [KeyManagementService.AsymmetricDecrypt][google.cloud.kms.v1.KeyManagementService.AsymmetricDecrypt]. +// Response message for +// [KeyManagementService.AsymmetricDecrypt][google.cloud.kms.v1.KeyManagementService.AsymmetricDecrypt]. message AsymmetricDecryptResponse { // The decrypted data originally encrypted with the matching public key. bytes plaintext = 1; // Integrity verification field. A CRC32C checksum of the returned - // [AsymmetricDecryptResponse.plaintext][google.cloud.kms.v1.AsymmetricDecryptResponse.plaintext]. An integrity check of - // [AsymmetricDecryptResponse.plaintext][google.cloud.kms.v1.AsymmetricDecryptResponse.plaintext] can be performed by computing the - // CRC32C checksum of [AsymmetricDecryptResponse.plaintext][google.cloud.kms.v1.AsymmetricDecryptResponse.plaintext] and comparing - // your results to this field. Discard the response in case of non-matching - // checksum values, and perform a limited number of retries. A persistent - // mismatch may indicate an issue in your computation of the CRC32C checksum. - // Note: This field is defined as int64 for reasons of compatibility across - // different languages. However, it is a non-negative integer, which will - // never exceed 2^32-1, and can be safely downconverted to uint32 in languages - // that support this type. + // [AsymmetricDecryptResponse.plaintext][google.cloud.kms.v1.AsymmetricDecryptResponse.plaintext]. + // An integrity check of + // [AsymmetricDecryptResponse.plaintext][google.cloud.kms.v1.AsymmetricDecryptResponse.plaintext] + // can be performed by computing the CRC32C checksum of + // [AsymmetricDecryptResponse.plaintext][google.cloud.kms.v1.AsymmetricDecryptResponse.plaintext] + // and comparing your results to this field. Discard the response in case of + // non-matching checksum values, and perform a limited number of retries. A + // persistent mismatch may indicate an issue in your computation of the CRC32C + // checksum. Note: This field is defined as int64 for reasons of compatibility + // across different languages. However, it is a non-negative integer, which + // will never exceed 2^32-1, and can be safely downconverted to uint32 in + // languages that support this type. google.protobuf.Int64Value plaintext_crc32c = 2; // Integrity verification field. A flag indicating whether - // [AsymmetricDecryptRequest.ciphertext_crc32c][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext_crc32c] was received by - // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used for the integrity verification of the - // [ciphertext][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext]. A false value of this - // field indicates either that [AsymmetricDecryptRequest.ciphertext_crc32c][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext_crc32c] - // was left unset or that it was not delivered to [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If - // you've set [AsymmetricDecryptRequest.ciphertext_crc32c][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext_crc32c] but this field is - // still false, discard the response and perform a limited number of retries. + // [AsymmetricDecryptRequest.ciphertext_crc32c][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext_crc32c] + // was received by + // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used + // for the integrity verification of the + // [ciphertext][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext]. A + // false value of this field indicates either that + // [AsymmetricDecryptRequest.ciphertext_crc32c][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext_crc32c] + // was left unset or that it was not delivered to + // [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've + // set + // [AsymmetricDecryptRequest.ciphertext_crc32c][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext_crc32c] + // but this field is still false, discard the response and perform a limited + // number of retries. bool verified_ciphertext_crc32c = 3; - // The [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used in decryption. + // The [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] of the + // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used in + // decryption. ProtectionLevel protection_level = 4; } -// Response message for [KeyManagementService.MacSign][google.cloud.kms.v1.KeyManagementService.MacSign]. +// Response message for +// [KeyManagementService.MacSign][google.cloud.kms.v1.KeyManagementService.MacSign]. message MacSignResponse { - // The resource name of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used for signing. Check - // this field to verify that the intended resource was used for signing. + // The resource name of the + // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used for signing. + // Check this field to verify that the intended resource was used for signing. string name = 1; // The created signature. bytes mac = 2; // Integrity verification field. A CRC32C checksum of the returned - // [MacSignResponse.mac][google.cloud.kms.v1.MacSignResponse.mac]. An integrity check of - // [MacSignResponse.mac][google.cloud.kms.v1.MacSignResponse.mac] can be performed by computing the - // CRC32C checksum of [MacSignResponse.mac][google.cloud.kms.v1.MacSignResponse.mac] and comparing your - // results to this field. Discard the response in case of non-matching - // checksum values, and perform a limited number of retries. A persistent - // mismatch may indicate an issue in your computation of the CRC32C checksum. - // Note: This field is defined as int64 for reasons of compatibility across - // different languages. However, it is a non-negative integer, which will - // never exceed 2^32-1, and can be safely downconverted to uint32 in languages - // that support this type. + // [MacSignResponse.mac][google.cloud.kms.v1.MacSignResponse.mac]. An + // integrity check of + // [MacSignResponse.mac][google.cloud.kms.v1.MacSignResponse.mac] can be + // performed by computing the CRC32C checksum of + // [MacSignResponse.mac][google.cloud.kms.v1.MacSignResponse.mac] and + // comparing your results to this field. Discard the response in case of + // non-matching checksum values, and perform a limited number of retries. A + // persistent mismatch may indicate an issue in your computation of the CRC32C + // checksum. Note: This field is defined as int64 for reasons of compatibility + // across different languages. However, it is a non-negative integer, which + // will never exceed 2^32-1, and can be safely downconverted to uint32 in + // languages that support this type. google.protobuf.Int64Value mac_crc32c = 3; // Integrity verification field. A flag indicating whether - // [MacSignRequest.data_crc32c][google.cloud.kms.v1.MacSignRequest.data_crc32c] was received by - // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used for the integrity verification of the - // [data][google.cloud.kms.v1.MacSignRequest.data]. A false value of this field - // indicates either that [MacSignRequest.data_crc32c][google.cloud.kms.v1.MacSignRequest.data_crc32c] was left - // unset or that it was not delivered to [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've - // set [MacSignRequest.data_crc32c][google.cloud.kms.v1.MacSignRequest.data_crc32c] but this field is still false, - // discard the response and perform a limited number of retries. + // [MacSignRequest.data_crc32c][google.cloud.kms.v1.MacSignRequest.data_crc32c] + // was received by + // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used + // for the integrity verification of the + // [data][google.cloud.kms.v1.MacSignRequest.data]. A false value of this + // field indicates either that + // [MacSignRequest.data_crc32c][google.cloud.kms.v1.MacSignRequest.data_crc32c] + // was left unset or that it was not delivered to + // [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've + // set + // [MacSignRequest.data_crc32c][google.cloud.kms.v1.MacSignRequest.data_crc32c] + // but this field is still false, discard the response and perform a limited + // number of retries. bool verified_data_crc32c = 4; - // The [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used for signing. + // The [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] of the + // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used for signing. ProtectionLevel protection_level = 5; } -// Response message for [KeyManagementService.MacVerify][google.cloud.kms.v1.KeyManagementService.MacVerify]. +// Response message for +// [KeyManagementService.MacVerify][google.cloud.kms.v1.KeyManagementService.MacVerify]. message MacVerifyResponse { - // The resource name of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used for verification. - // Check this field to verify that the intended resource was used for - // verification. + // The resource name of the + // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used for + // verification. Check this field to verify that the intended resource was + // used for verification. string name = 1; // This field indicates whether or not the verification operation for - // [MacVerifyRequest.mac][google.cloud.kms.v1.MacVerifyRequest.mac] over [MacVerifyRequest.data][google.cloud.kms.v1.MacVerifyRequest.data] was successful. + // [MacVerifyRequest.mac][google.cloud.kms.v1.MacVerifyRequest.mac] over + // [MacVerifyRequest.data][google.cloud.kms.v1.MacVerifyRequest.data] was + // successful. bool success = 2; // Integrity verification field. A flag indicating whether - // [MacVerifyRequest.data_crc32c][google.cloud.kms.v1.MacVerifyRequest.data_crc32c] was received by - // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used for the integrity verification of the - // [data][google.cloud.kms.v1.MacVerifyRequest.data]. A false value of this field - // indicates either that [MacVerifyRequest.data_crc32c][google.cloud.kms.v1.MacVerifyRequest.data_crc32c] was left - // unset or that it was not delivered to [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've - // set [MacVerifyRequest.data_crc32c][google.cloud.kms.v1.MacVerifyRequest.data_crc32c] but this field is still false, - // discard the response and perform a limited number of retries. + // [MacVerifyRequest.data_crc32c][google.cloud.kms.v1.MacVerifyRequest.data_crc32c] + // was received by + // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used + // for the integrity verification of the + // [data][google.cloud.kms.v1.MacVerifyRequest.data]. A false value of this + // field indicates either that + // [MacVerifyRequest.data_crc32c][google.cloud.kms.v1.MacVerifyRequest.data_crc32c] + // was left unset or that it was not delivered to + // [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've + // set + // [MacVerifyRequest.data_crc32c][google.cloud.kms.v1.MacVerifyRequest.data_crc32c] + // but this field is still false, discard the response and perform a limited + // number of retries. bool verified_data_crc32c = 3; // Integrity verification field. A flag indicating whether - // [MacVerifyRequest.mac_crc32c][google.cloud.kms.v1.MacVerifyRequest.mac_crc32c] was received by - // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used for the integrity verification of the - // [data][google.cloud.kms.v1.MacVerifyRequest.mac]. A false value of this field - // indicates either that [MacVerifyRequest.mac_crc32c][google.cloud.kms.v1.MacVerifyRequest.mac_crc32c] was left - // unset or that it was not delivered to [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've - // set [MacVerifyRequest.mac_crc32c][google.cloud.kms.v1.MacVerifyRequest.mac_crc32c] but this field is still false, - // discard the response and perform a limited number of retries. + // [MacVerifyRequest.mac_crc32c][google.cloud.kms.v1.MacVerifyRequest.mac_crc32c] + // was received by + // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used + // for the integrity verification of the + // [data][google.cloud.kms.v1.MacVerifyRequest.mac]. A false value of this + // field indicates either that + // [MacVerifyRequest.mac_crc32c][google.cloud.kms.v1.MacVerifyRequest.mac_crc32c] + // was left unset or that it was not delivered to + // [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've + // set + // [MacVerifyRequest.mac_crc32c][google.cloud.kms.v1.MacVerifyRequest.mac_crc32c] + // but this field is still false, discard the response and perform a limited + // number of retries. bool verified_mac_crc32c = 4; // Integrity verification field. This value is used for the integrity @@ -1311,26 +1606,31 @@ message MacVerifyResponse { // and perform a limited number of retries. bool verified_success_integrity = 5; - // The [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used for verification. + // The [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] of the + // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used for + // verification. ProtectionLevel protection_level = 6; } -// Response message for [KeyManagementService.GenerateRandomBytes][google.cloud.kms.v1.KeyManagementService.GenerateRandomBytes]. +// Response message for +// [KeyManagementService.GenerateRandomBytes][google.cloud.kms.v1.KeyManagementService.GenerateRandomBytes]. message GenerateRandomBytesResponse { // The generated data. bytes data = 1; // Integrity verification field. A CRC32C checksum of the returned - // [GenerateRandomBytesResponse.data][google.cloud.kms.v1.GenerateRandomBytesResponse.data]. An integrity check of - // [GenerateRandomBytesResponse.data][google.cloud.kms.v1.GenerateRandomBytesResponse.data] can be performed by computing the - // CRC32C checksum of [GenerateRandomBytesResponse.data][google.cloud.kms.v1.GenerateRandomBytesResponse.data] and comparing your - // results to this field. Discard the response in case of non-matching - // checksum values, and perform a limited number of retries. A persistent - // mismatch may indicate an issue in your computation of the CRC32C checksum. - // Note: This field is defined as int64 for reasons of compatibility across - // different languages. However, it is a non-negative integer, which will - // never exceed 2^32-1, and can be safely downconverted to uint32 in languages - // that support this type. + // [GenerateRandomBytesResponse.data][google.cloud.kms.v1.GenerateRandomBytesResponse.data]. + // An integrity check of + // [GenerateRandomBytesResponse.data][google.cloud.kms.v1.GenerateRandomBytesResponse.data] + // can be performed by computing the CRC32C checksum of + // [GenerateRandomBytesResponse.data][google.cloud.kms.v1.GenerateRandomBytesResponse.data] + // and comparing your results to this field. Discard the response in case of + // non-matching checksum values, and perform a limited number of retries. A + // persistent mismatch may indicate an issue in your computation of the CRC32C + // checksum. Note: This field is defined as int64 for reasons of compatibility + // across different languages. However, it is a non-negative integer, which + // will never exceed 2^32-1, and can be safely downconverted to uint32 in + // languages that support this type. google.protobuf.Int64Value data_crc32c = 3; } @@ -1349,15 +1649,18 @@ message Digest { } } -// Cloud KMS metadata for the given [google.cloud.location.Location][google.cloud.location.Location]. +// Cloud KMS metadata for the given +// [google.cloud.location.Location][google.cloud.location.Location]. message LocationMetadata { // Indicates whether [CryptoKeys][google.cloud.kms.v1.CryptoKey] with // [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level] - // [HSM][google.cloud.kms.v1.ProtectionLevel.HSM] can be created in this location. + // [HSM][google.cloud.kms.v1.ProtectionLevel.HSM] can be created in this + // location. bool hsm_available = 1; // Indicates whether [CryptoKeys][google.cloud.kms.v1.CryptoKey] with // [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level] - // [EXTERNAL][google.cloud.kms.v1.ProtectionLevel.EXTERNAL] can be created in this location. + // [EXTERNAL][google.cloud.kms.v1.ProtectionLevel.EXTERNAL] can be created in + // this location. bool ekm_available = 2; } diff --git a/protos/protos.d.ts b/protos/protos.d.ts index dcab367b..8dbd6c25 100644 --- a/protos/protos.d.ts +++ b/protos/protos.d.ts @@ -26,6 +26,975 @@ export namespace google { /** Namespace v1. */ namespace v1 { + /** Represents an EkmService */ + class EkmService extends $protobuf.rpc.Service { + + /** + * Constructs a new EkmService service. + * @param rpcImpl RPC implementation + * @param [requestDelimited=false] Whether requests are length-delimited + * @param [responseDelimited=false] Whether responses are length-delimited + */ + constructor(rpcImpl: $protobuf.RPCImpl, requestDelimited?: boolean, responseDelimited?: boolean); + + /** + * Creates new EkmService service using the specified rpc implementation. + * @param rpcImpl RPC implementation + * @param [requestDelimited=false] Whether requests are length-delimited + * @param [responseDelimited=false] Whether responses are length-delimited + * @returns RPC service. Useful where requests and/or responses are streamed. + */ + public static create(rpcImpl: $protobuf.RPCImpl, requestDelimited?: boolean, responseDelimited?: boolean): EkmService; + + /** + * Calls ListEkmConnections. + * @param request ListEkmConnectionsRequest message or plain object + * @param callback Node-style callback called with the error, if any, and ListEkmConnectionsResponse + */ + public listEkmConnections(request: google.cloud.kms.v1.IListEkmConnectionsRequest, callback: google.cloud.kms.v1.EkmService.ListEkmConnectionsCallback): void; + + /** + * Calls ListEkmConnections. + * @param request ListEkmConnectionsRequest message or plain object + * @returns Promise + */ + public listEkmConnections(request: google.cloud.kms.v1.IListEkmConnectionsRequest): Promise; + + /** + * Calls GetEkmConnection. + * @param request GetEkmConnectionRequest message or plain object + * @param callback Node-style callback called with the error, if any, and EkmConnection + */ + public getEkmConnection(request: google.cloud.kms.v1.IGetEkmConnectionRequest, callback: google.cloud.kms.v1.EkmService.GetEkmConnectionCallback): void; + + /** + * Calls GetEkmConnection. + * @param request GetEkmConnectionRequest message or plain object + * @returns Promise + */ + public getEkmConnection(request: google.cloud.kms.v1.IGetEkmConnectionRequest): Promise; + + /** + * Calls CreateEkmConnection. + * @param request CreateEkmConnectionRequest message or plain object + * @param callback Node-style callback called with the error, if any, and EkmConnection + */ + public createEkmConnection(request: google.cloud.kms.v1.ICreateEkmConnectionRequest, callback: google.cloud.kms.v1.EkmService.CreateEkmConnectionCallback): void; + + /** + * Calls CreateEkmConnection. + * @param request CreateEkmConnectionRequest message or plain object + * @returns Promise + */ + public createEkmConnection(request: google.cloud.kms.v1.ICreateEkmConnectionRequest): Promise; + + /** + * Calls UpdateEkmConnection. + * @param request UpdateEkmConnectionRequest message or plain object + * @param callback Node-style callback called with the error, if any, and EkmConnection + */ + public updateEkmConnection(request: google.cloud.kms.v1.IUpdateEkmConnectionRequest, callback: google.cloud.kms.v1.EkmService.UpdateEkmConnectionCallback): void; + + /** + * Calls UpdateEkmConnection. + * @param request UpdateEkmConnectionRequest message or plain object + * @returns Promise + */ + public updateEkmConnection(request: google.cloud.kms.v1.IUpdateEkmConnectionRequest): Promise; + } + + namespace EkmService { + + /** + * Callback as used by {@link google.cloud.kms.v1.EkmService#listEkmConnections}. + * @param error Error, if any + * @param [response] ListEkmConnectionsResponse + */ + type ListEkmConnectionsCallback = (error: (Error|null), response?: google.cloud.kms.v1.ListEkmConnectionsResponse) => void; + + /** + * Callback as used by {@link google.cloud.kms.v1.EkmService#getEkmConnection}. + * @param error Error, if any + * @param [response] EkmConnection + */ + type GetEkmConnectionCallback = (error: (Error|null), response?: google.cloud.kms.v1.EkmConnection) => void; + + /** + * Callback as used by {@link google.cloud.kms.v1.EkmService#createEkmConnection}. + * @param error Error, if any + * @param [response] EkmConnection + */ + type CreateEkmConnectionCallback = (error: (Error|null), response?: google.cloud.kms.v1.EkmConnection) => void; + + /** + * Callback as used by {@link google.cloud.kms.v1.EkmService#updateEkmConnection}. + * @param error Error, if any + * @param [response] EkmConnection + */ + type UpdateEkmConnectionCallback = (error: (Error|null), response?: google.cloud.kms.v1.EkmConnection) => void; + } + + /** Properties of a ListEkmConnectionsRequest. */ + interface IListEkmConnectionsRequest { + + /** ListEkmConnectionsRequest parent */ + parent?: (string|null); + + /** ListEkmConnectionsRequest pageSize */ + pageSize?: (number|null); + + /** ListEkmConnectionsRequest pageToken */ + pageToken?: (string|null); + + /** ListEkmConnectionsRequest filter */ + filter?: (string|null); + + /** ListEkmConnectionsRequest orderBy */ + orderBy?: (string|null); + } + + /** Represents a ListEkmConnectionsRequest. */ + class ListEkmConnectionsRequest implements IListEkmConnectionsRequest { + + /** + * Constructs a new ListEkmConnectionsRequest. + * @param [properties] Properties to set + */ + constructor(properties?: google.cloud.kms.v1.IListEkmConnectionsRequest); + + /** ListEkmConnectionsRequest parent. */ + public parent: string; + + /** ListEkmConnectionsRequest pageSize. */ + public pageSize: number; + + /** ListEkmConnectionsRequest pageToken. */ + public pageToken: string; + + /** ListEkmConnectionsRequest filter. */ + public filter: string; + + /** ListEkmConnectionsRequest orderBy. */ + public orderBy: string; + + /** + * Creates a new ListEkmConnectionsRequest instance using the specified properties. + * @param [properties] Properties to set + * @returns ListEkmConnectionsRequest instance + */ + public static create(properties?: google.cloud.kms.v1.IListEkmConnectionsRequest): google.cloud.kms.v1.ListEkmConnectionsRequest; + + /** + * Encodes the specified ListEkmConnectionsRequest message. Does not implicitly {@link google.cloud.kms.v1.ListEkmConnectionsRequest.verify|verify} messages. + * @param message ListEkmConnectionsRequest message or plain object to encode + * @param [writer] Writer to encode to + * @returns Writer + */ + public static encode(message: google.cloud.kms.v1.IListEkmConnectionsRequest, writer?: $protobuf.Writer): $protobuf.Writer; + + /** + * Encodes the specified ListEkmConnectionsRequest message, length delimited. Does not implicitly {@link google.cloud.kms.v1.ListEkmConnectionsRequest.verify|verify} messages. + * @param message ListEkmConnectionsRequest message or plain object to encode + * @param [writer] Writer to encode to + * @returns Writer + */ + public static encodeDelimited(message: google.cloud.kms.v1.IListEkmConnectionsRequest, writer?: $protobuf.Writer): $protobuf.Writer; + + /** + * Decodes a ListEkmConnectionsRequest message from the specified reader or buffer. + * @param reader Reader or buffer to decode from + * @param [length] Message length if known beforehand + * @returns ListEkmConnectionsRequest + * @throws {Error} If the payload is not a reader or valid buffer + * @throws {$protobuf.util.ProtocolError} If required fields are missing + */ + public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.cloud.kms.v1.ListEkmConnectionsRequest; + + /** + * Decodes a ListEkmConnectionsRequest message from the specified reader or buffer, length delimited. + * @param reader Reader or buffer to decode from + * @returns ListEkmConnectionsRequest + * @throws {Error} If the payload is not a reader or valid buffer + * @throws {$protobuf.util.ProtocolError} If required fields are missing + */ + public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.cloud.kms.v1.ListEkmConnectionsRequest; + + /** + * Verifies a ListEkmConnectionsRequest message. + * @param message Plain object to verify + * @returns `null` if valid, otherwise the reason why it is not + */ + public static verify(message: { [k: string]: any }): (string|null); + + /** + * Creates a ListEkmConnectionsRequest message from a plain object. Also converts values to their respective internal types. + * @param object Plain object + * @returns ListEkmConnectionsRequest + */ + public static fromObject(object: { [k: string]: any }): google.cloud.kms.v1.ListEkmConnectionsRequest; + + /** + * Creates a plain object from a ListEkmConnectionsRequest message. Also converts values to other types if specified. + * @param message ListEkmConnectionsRequest + * @param [options] Conversion options + * @returns Plain object + */ + public static toObject(message: google.cloud.kms.v1.ListEkmConnectionsRequest, options?: $protobuf.IConversionOptions): { [k: string]: any }; + + /** + * Converts this ListEkmConnectionsRequest to JSON. + * @returns JSON object + */ + public toJSON(): { [k: string]: any }; + } + + /** Properties of a ListEkmConnectionsResponse. */ + interface IListEkmConnectionsResponse { + + /** ListEkmConnectionsResponse ekmConnections */ + ekmConnections?: (google.cloud.kms.v1.IEkmConnection[]|null); + + /** ListEkmConnectionsResponse nextPageToken */ + nextPageToken?: (string|null); + + /** ListEkmConnectionsResponse totalSize */ + totalSize?: (number|null); + } + + /** Represents a ListEkmConnectionsResponse. */ + class ListEkmConnectionsResponse implements IListEkmConnectionsResponse { + + /** + * Constructs a new ListEkmConnectionsResponse. + * @param [properties] Properties to set + */ + constructor(properties?: google.cloud.kms.v1.IListEkmConnectionsResponse); + + /** ListEkmConnectionsResponse ekmConnections. */ + public ekmConnections: google.cloud.kms.v1.IEkmConnection[]; + + /** ListEkmConnectionsResponse nextPageToken. */ + public nextPageToken: string; + + /** ListEkmConnectionsResponse totalSize. */ + public totalSize: number; + + /** + * Creates a new ListEkmConnectionsResponse instance using the specified properties. + * @param [properties] Properties to set + * @returns ListEkmConnectionsResponse instance + */ + public static create(properties?: google.cloud.kms.v1.IListEkmConnectionsResponse): google.cloud.kms.v1.ListEkmConnectionsResponse; + + /** + * Encodes the specified ListEkmConnectionsResponse message. Does not implicitly {@link google.cloud.kms.v1.ListEkmConnectionsResponse.verify|verify} messages. + * @param message ListEkmConnectionsResponse message or plain object to encode + * @param [writer] Writer to encode to + * @returns Writer + */ + public static encode(message: google.cloud.kms.v1.IListEkmConnectionsResponse, writer?: $protobuf.Writer): $protobuf.Writer; + + /** + * Encodes the specified ListEkmConnectionsResponse message, length delimited. Does not implicitly {@link google.cloud.kms.v1.ListEkmConnectionsResponse.verify|verify} messages. + * @param message ListEkmConnectionsResponse message or plain object to encode + * @param [writer] Writer to encode to + * @returns Writer + */ + public static encodeDelimited(message: google.cloud.kms.v1.IListEkmConnectionsResponse, writer?: $protobuf.Writer): $protobuf.Writer; + + /** + * Decodes a ListEkmConnectionsResponse message from the specified reader or buffer. + * @param reader Reader or buffer to decode from + * @param [length] Message length if known beforehand + * @returns ListEkmConnectionsResponse + * @throws {Error} If the payload is not a reader or valid buffer + * @throws {$protobuf.util.ProtocolError} If required fields are missing + */ + public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.cloud.kms.v1.ListEkmConnectionsResponse; + + /** + * Decodes a ListEkmConnectionsResponse message from the specified reader or buffer, length delimited. + * @param reader Reader or buffer to decode from + * @returns ListEkmConnectionsResponse + * @throws {Error} If the payload is not a reader or valid buffer + * @throws {$protobuf.util.ProtocolError} If required fields are missing + */ + public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.cloud.kms.v1.ListEkmConnectionsResponse; + + /** + * Verifies a ListEkmConnectionsResponse message. + * @param message Plain object to verify + * @returns `null` if valid, otherwise the reason why it is not + */ + public static verify(message: { [k: string]: any }): (string|null); + + /** + * Creates a ListEkmConnectionsResponse message from a plain object. Also converts values to their respective internal types. + * @param object Plain object + * @returns ListEkmConnectionsResponse + */ + public static fromObject(object: { [k: string]: any }): google.cloud.kms.v1.ListEkmConnectionsResponse; + + /** + * Creates a plain object from a ListEkmConnectionsResponse message. Also converts values to other types if specified. + * @param message ListEkmConnectionsResponse + * @param [options] Conversion options + * @returns Plain object + */ + public static toObject(message: google.cloud.kms.v1.ListEkmConnectionsResponse, options?: $protobuf.IConversionOptions): { [k: string]: any }; + + /** + * Converts this ListEkmConnectionsResponse to JSON. + * @returns JSON object + */ + public toJSON(): { [k: string]: any }; + } + + /** Properties of a GetEkmConnectionRequest. */ + interface IGetEkmConnectionRequest { + + /** GetEkmConnectionRequest name */ + name?: (string|null); + } + + /** Represents a GetEkmConnectionRequest. */ + class GetEkmConnectionRequest implements IGetEkmConnectionRequest { + + /** + * Constructs a new GetEkmConnectionRequest. + * @param [properties] Properties to set + */ + constructor(properties?: google.cloud.kms.v1.IGetEkmConnectionRequest); + + /** GetEkmConnectionRequest name. */ + public name: string; + + /** + * Creates a new GetEkmConnectionRequest instance using the specified properties. + * @param [properties] Properties to set + * @returns GetEkmConnectionRequest instance + */ + public static create(properties?: google.cloud.kms.v1.IGetEkmConnectionRequest): google.cloud.kms.v1.GetEkmConnectionRequest; + + /** + * Encodes the specified GetEkmConnectionRequest message. Does not implicitly {@link google.cloud.kms.v1.GetEkmConnectionRequest.verify|verify} messages. + * @param message GetEkmConnectionRequest message or plain object to encode + * @param [writer] Writer to encode to + * @returns Writer + */ + public static encode(message: google.cloud.kms.v1.IGetEkmConnectionRequest, writer?: $protobuf.Writer): $protobuf.Writer; + + /** + * Encodes the specified GetEkmConnectionRequest message, length delimited. Does not implicitly {@link google.cloud.kms.v1.GetEkmConnectionRequest.verify|verify} messages. + * @param message GetEkmConnectionRequest message or plain object to encode + * @param [writer] Writer to encode to + * @returns Writer + */ + public static encodeDelimited(message: google.cloud.kms.v1.IGetEkmConnectionRequest, writer?: $protobuf.Writer): $protobuf.Writer; + + /** + * Decodes a GetEkmConnectionRequest message from the specified reader or buffer. + * @param reader Reader or buffer to decode from + * @param [length] Message length if known beforehand + * @returns GetEkmConnectionRequest + * @throws {Error} If the payload is not a reader or valid buffer + * @throws {$protobuf.util.ProtocolError} If required fields are missing + */ + public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.cloud.kms.v1.GetEkmConnectionRequest; + + /** + * Decodes a GetEkmConnectionRequest message from the specified reader or buffer, length delimited. + * @param reader Reader or buffer to decode from + * @returns GetEkmConnectionRequest + * @throws {Error} If the payload is not a reader or valid buffer + * @throws {$protobuf.util.ProtocolError} If required fields are missing + */ + public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.cloud.kms.v1.GetEkmConnectionRequest; + + /** + * Verifies a GetEkmConnectionRequest message. + * @param message Plain object to verify + * @returns `null` if valid, otherwise the reason why it is not + */ + public static verify(message: { [k: string]: any }): (string|null); + + /** + * Creates a GetEkmConnectionRequest message from a plain object. Also converts values to their respective internal types. + * @param object Plain object + * @returns GetEkmConnectionRequest + */ + public static fromObject(object: { [k: string]: any }): google.cloud.kms.v1.GetEkmConnectionRequest; + + /** + * Creates a plain object from a GetEkmConnectionRequest message. Also converts values to other types if specified. + * @param message GetEkmConnectionRequest + * @param [options] Conversion options + * @returns Plain object + */ + public static toObject(message: google.cloud.kms.v1.GetEkmConnectionRequest, options?: $protobuf.IConversionOptions): { [k: string]: any }; + + /** + * Converts this GetEkmConnectionRequest to JSON. + * @returns JSON object + */ + public toJSON(): { [k: string]: any }; + } + + /** Properties of a CreateEkmConnectionRequest. */ + interface ICreateEkmConnectionRequest { + + /** CreateEkmConnectionRequest parent */ + parent?: (string|null); + + /** CreateEkmConnectionRequest ekmConnectionId */ + ekmConnectionId?: (string|null); + + /** CreateEkmConnectionRequest ekmConnection */ + ekmConnection?: (google.cloud.kms.v1.IEkmConnection|null); + } + + /** Represents a CreateEkmConnectionRequest. */ + class CreateEkmConnectionRequest implements ICreateEkmConnectionRequest { + + /** + * Constructs a new CreateEkmConnectionRequest. + * @param [properties] Properties to set + */ + constructor(properties?: google.cloud.kms.v1.ICreateEkmConnectionRequest); + + /** CreateEkmConnectionRequest parent. */ + public parent: string; + + /** CreateEkmConnectionRequest ekmConnectionId. */ + public ekmConnectionId: string; + + /** CreateEkmConnectionRequest ekmConnection. */ + public ekmConnection?: (google.cloud.kms.v1.IEkmConnection|null); + + /** + * Creates a new CreateEkmConnectionRequest instance using the specified properties. + * @param [properties] Properties to set + * @returns CreateEkmConnectionRequest instance + */ + public static create(properties?: google.cloud.kms.v1.ICreateEkmConnectionRequest): google.cloud.kms.v1.CreateEkmConnectionRequest; + + /** + * Encodes the specified CreateEkmConnectionRequest message. Does not implicitly {@link google.cloud.kms.v1.CreateEkmConnectionRequest.verify|verify} messages. + * @param message CreateEkmConnectionRequest message or plain object to encode + * @param [writer] Writer to encode to + * @returns Writer + */ + public static encode(message: google.cloud.kms.v1.ICreateEkmConnectionRequest, writer?: $protobuf.Writer): $protobuf.Writer; + + /** + * Encodes the specified CreateEkmConnectionRequest message, length delimited. Does not implicitly {@link google.cloud.kms.v1.CreateEkmConnectionRequest.verify|verify} messages. + * @param message CreateEkmConnectionRequest message or plain object to encode + * @param [writer] Writer to encode to + * @returns Writer + */ + public static encodeDelimited(message: google.cloud.kms.v1.ICreateEkmConnectionRequest, writer?: $protobuf.Writer): $protobuf.Writer; + + /** + * Decodes a CreateEkmConnectionRequest message from the specified reader or buffer. + * @param reader Reader or buffer to decode from + * @param [length] Message length if known beforehand + * @returns CreateEkmConnectionRequest + * @throws {Error} If the payload is not a reader or valid buffer + * @throws {$protobuf.util.ProtocolError} If required fields are missing + */ + public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.cloud.kms.v1.CreateEkmConnectionRequest; + + /** + * Decodes a CreateEkmConnectionRequest message from the specified reader or buffer, length delimited. + * @param reader Reader or buffer to decode from + * @returns CreateEkmConnectionRequest + * @throws {Error} If the payload is not a reader or valid buffer + * @throws {$protobuf.util.ProtocolError} If required fields are missing + */ + public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.cloud.kms.v1.CreateEkmConnectionRequest; + + /** + * Verifies a CreateEkmConnectionRequest message. + * @param message Plain object to verify + * @returns `null` if valid, otherwise the reason why it is not + */ + public static verify(message: { [k: string]: any }): (string|null); + + /** + * Creates a CreateEkmConnectionRequest message from a plain object. Also converts values to their respective internal types. + * @param object Plain object + * @returns CreateEkmConnectionRequest + */ + public static fromObject(object: { [k: string]: any }): google.cloud.kms.v1.CreateEkmConnectionRequest; + + /** + * Creates a plain object from a CreateEkmConnectionRequest message. Also converts values to other types if specified. + * @param message CreateEkmConnectionRequest + * @param [options] Conversion options + * @returns Plain object + */ + public static toObject(message: google.cloud.kms.v1.CreateEkmConnectionRequest, options?: $protobuf.IConversionOptions): { [k: string]: any }; + + /** + * Converts this CreateEkmConnectionRequest to JSON. + * @returns JSON object + */ + public toJSON(): { [k: string]: any }; + } + + /** Properties of an UpdateEkmConnectionRequest. */ + interface IUpdateEkmConnectionRequest { + + /** UpdateEkmConnectionRequest ekmConnection */ + ekmConnection?: (google.cloud.kms.v1.IEkmConnection|null); + + /** UpdateEkmConnectionRequest updateMask */ + updateMask?: (google.protobuf.IFieldMask|null); + } + + /** Represents an UpdateEkmConnectionRequest. */ + class UpdateEkmConnectionRequest implements IUpdateEkmConnectionRequest { + + /** + * Constructs a new UpdateEkmConnectionRequest. + * @param [properties] Properties to set + */ + constructor(properties?: google.cloud.kms.v1.IUpdateEkmConnectionRequest); + + /** UpdateEkmConnectionRequest ekmConnection. */ + public ekmConnection?: (google.cloud.kms.v1.IEkmConnection|null); + + /** UpdateEkmConnectionRequest updateMask. */ + public updateMask?: (google.protobuf.IFieldMask|null); + + /** + * Creates a new UpdateEkmConnectionRequest instance using the specified properties. + * @param [properties] Properties to set + * @returns UpdateEkmConnectionRequest instance + */ + public static create(properties?: google.cloud.kms.v1.IUpdateEkmConnectionRequest): google.cloud.kms.v1.UpdateEkmConnectionRequest; + + /** + * Encodes the specified UpdateEkmConnectionRequest message. Does not implicitly {@link google.cloud.kms.v1.UpdateEkmConnectionRequest.verify|verify} messages. + * @param message UpdateEkmConnectionRequest message or plain object to encode + * @param [writer] Writer to encode to + * @returns Writer + */ + public static encode(message: google.cloud.kms.v1.IUpdateEkmConnectionRequest, writer?: $protobuf.Writer): $protobuf.Writer; + + /** + * Encodes the specified UpdateEkmConnectionRequest message, length delimited. Does not implicitly {@link google.cloud.kms.v1.UpdateEkmConnectionRequest.verify|verify} messages. + * @param message UpdateEkmConnectionRequest message or plain object to encode + * @param [writer] Writer to encode to + * @returns Writer + */ + public static encodeDelimited(message: google.cloud.kms.v1.IUpdateEkmConnectionRequest, writer?: $protobuf.Writer): $protobuf.Writer; + + /** + * Decodes an UpdateEkmConnectionRequest message from the specified reader or buffer. + * @param reader Reader or buffer to decode from + * @param [length] Message length if known beforehand + * @returns UpdateEkmConnectionRequest + * @throws {Error} If the payload is not a reader or valid buffer + * @throws {$protobuf.util.ProtocolError} If required fields are missing + */ + public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.cloud.kms.v1.UpdateEkmConnectionRequest; + + /** + * Decodes an UpdateEkmConnectionRequest message from the specified reader or buffer, length delimited. + * @param reader Reader or buffer to decode from + * @returns UpdateEkmConnectionRequest + * @throws {Error} If the payload is not a reader or valid buffer + * @throws {$protobuf.util.ProtocolError} If required fields are missing + */ + public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.cloud.kms.v1.UpdateEkmConnectionRequest; + + /** + * Verifies an UpdateEkmConnectionRequest message. + * @param message Plain object to verify + * @returns `null` if valid, otherwise the reason why it is not + */ + public static verify(message: { [k: string]: any }): (string|null); + + /** + * Creates an UpdateEkmConnectionRequest message from a plain object. Also converts values to their respective internal types. + * @param object Plain object + * @returns UpdateEkmConnectionRequest + */ + public static fromObject(object: { [k: string]: any }): google.cloud.kms.v1.UpdateEkmConnectionRequest; + + /** + * Creates a plain object from an UpdateEkmConnectionRequest message. Also converts values to other types if specified. + * @param message UpdateEkmConnectionRequest + * @param [options] Conversion options + * @returns Plain object + */ + public static toObject(message: google.cloud.kms.v1.UpdateEkmConnectionRequest, options?: $protobuf.IConversionOptions): { [k: string]: any }; + + /** + * Converts this UpdateEkmConnectionRequest to JSON. + * @returns JSON object + */ + public toJSON(): { [k: string]: any }; + } + + /** Properties of a Certificate. */ + interface ICertificate { + + /** Certificate rawDer */ + rawDer?: (Uint8Array|string|null); + + /** Certificate parsed */ + parsed?: (boolean|null); + + /** Certificate issuer */ + issuer?: (string|null); + + /** Certificate subject */ + subject?: (string|null); + + /** Certificate subjectAlternativeDnsNames */ + subjectAlternativeDnsNames?: (string[]|null); + + /** Certificate notBeforeTime */ + notBeforeTime?: (google.protobuf.ITimestamp|null); + + /** Certificate notAfterTime */ + notAfterTime?: (google.protobuf.ITimestamp|null); + + /** Certificate serialNumber */ + serialNumber?: (string|null); + + /** Certificate sha256Fingerprint */ + sha256Fingerprint?: (string|null); + } + + /** Represents a Certificate. */ + class Certificate implements ICertificate { + + /** + * Constructs a new Certificate. + * @param [properties] Properties to set + */ + constructor(properties?: google.cloud.kms.v1.ICertificate); + + /** Certificate rawDer. */ + public rawDer: (Uint8Array|string); + + /** Certificate parsed. */ + public parsed: boolean; + + /** Certificate issuer. */ + public issuer: string; + + /** Certificate subject. */ + public subject: string; + + /** Certificate subjectAlternativeDnsNames. */ + public subjectAlternativeDnsNames: string[]; + + /** Certificate notBeforeTime. */ + public notBeforeTime?: (google.protobuf.ITimestamp|null); + + /** Certificate notAfterTime. */ + public notAfterTime?: (google.protobuf.ITimestamp|null); + + /** Certificate serialNumber. */ + public serialNumber: string; + + /** Certificate sha256Fingerprint. */ + public sha256Fingerprint: string; + + /** + * Creates a new Certificate instance using the specified properties. + * @param [properties] Properties to set + * @returns Certificate instance + */ + public static create(properties?: google.cloud.kms.v1.ICertificate): google.cloud.kms.v1.Certificate; + + /** + * Encodes the specified Certificate message. Does not implicitly {@link google.cloud.kms.v1.Certificate.verify|verify} messages. + * @param message Certificate message or plain object to encode + * @param [writer] Writer to encode to + * @returns Writer + */ + public static encode(message: google.cloud.kms.v1.ICertificate, writer?: $protobuf.Writer): $protobuf.Writer; + + /** + * Encodes the specified Certificate message, length delimited. Does not implicitly {@link google.cloud.kms.v1.Certificate.verify|verify} messages. + * @param message Certificate message or plain object to encode + * @param [writer] Writer to encode to + * @returns Writer + */ + public static encodeDelimited(message: google.cloud.kms.v1.ICertificate, writer?: $protobuf.Writer): $protobuf.Writer; + + /** + * Decodes a Certificate message from the specified reader or buffer. + * @param reader Reader or buffer to decode from + * @param [length] Message length if known beforehand + * @returns Certificate + * @throws {Error} If the payload is not a reader or valid buffer + * @throws {$protobuf.util.ProtocolError} If required fields are missing + */ + public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.cloud.kms.v1.Certificate; + + /** + * Decodes a Certificate message from the specified reader or buffer, length delimited. + * @param reader Reader or buffer to decode from + * @returns Certificate + * @throws {Error} If the payload is not a reader or valid buffer + * @throws {$protobuf.util.ProtocolError} If required fields are missing + */ + public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.cloud.kms.v1.Certificate; + + /** + * Verifies a Certificate message. + * @param message Plain object to verify + * @returns `null` if valid, otherwise the reason why it is not + */ + public static verify(message: { [k: string]: any }): (string|null); + + /** + * Creates a Certificate message from a plain object. Also converts values to their respective internal types. + * @param object Plain object + * @returns Certificate + */ + public static fromObject(object: { [k: string]: any }): google.cloud.kms.v1.Certificate; + + /** + * Creates a plain object from a Certificate message. Also converts values to other types if specified. + * @param message Certificate + * @param [options] Conversion options + * @returns Plain object + */ + public static toObject(message: google.cloud.kms.v1.Certificate, options?: $protobuf.IConversionOptions): { [k: string]: any }; + + /** + * Converts this Certificate to JSON. + * @returns JSON object + */ + public toJSON(): { [k: string]: any }; + } + + /** Properties of an EkmConnection. */ + interface IEkmConnection { + + /** EkmConnection name */ + name?: (string|null); + + /** EkmConnection createTime */ + createTime?: (google.protobuf.ITimestamp|null); + + /** EkmConnection serviceResolvers */ + serviceResolvers?: (google.cloud.kms.v1.EkmConnection.IServiceResolver[]|null); + + /** EkmConnection etag */ + etag?: (string|null); + } + + /** Represents an EkmConnection. */ + class EkmConnection implements IEkmConnection { + + /** + * Constructs a new EkmConnection. + * @param [properties] Properties to set + */ + constructor(properties?: google.cloud.kms.v1.IEkmConnection); + + /** EkmConnection name. */ + public name: string; + + /** EkmConnection createTime. */ + public createTime?: (google.protobuf.ITimestamp|null); + + /** EkmConnection serviceResolvers. */ + public serviceResolvers: google.cloud.kms.v1.EkmConnection.IServiceResolver[]; + + /** EkmConnection etag. */ + public etag: string; + + /** + * Creates a new EkmConnection instance using the specified properties. + * @param [properties] Properties to set + * @returns EkmConnection instance + */ + public static create(properties?: google.cloud.kms.v1.IEkmConnection): google.cloud.kms.v1.EkmConnection; + + /** + * Encodes the specified EkmConnection message. Does not implicitly {@link google.cloud.kms.v1.EkmConnection.verify|verify} messages. + * @param message EkmConnection message or plain object to encode + * @param [writer] Writer to encode to + * @returns Writer + */ + public static encode(message: google.cloud.kms.v1.IEkmConnection, writer?: $protobuf.Writer): $protobuf.Writer; + + /** + * Encodes the specified EkmConnection message, length delimited. Does not implicitly {@link google.cloud.kms.v1.EkmConnection.verify|verify} messages. + * @param message EkmConnection message or plain object to encode + * @param [writer] Writer to encode to + * @returns Writer + */ + public static encodeDelimited(message: google.cloud.kms.v1.IEkmConnection, writer?: $protobuf.Writer): $protobuf.Writer; + + /** + * Decodes an EkmConnection message from the specified reader or buffer. + * @param reader Reader or buffer to decode from + * @param [length] Message length if known beforehand + * @returns EkmConnection + * @throws {Error} If the payload is not a reader or valid buffer + * @throws {$protobuf.util.ProtocolError} If required fields are missing + */ + public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.cloud.kms.v1.EkmConnection; + + /** + * Decodes an EkmConnection message from the specified reader or buffer, length delimited. + * @param reader Reader or buffer to decode from + * @returns EkmConnection + * @throws {Error} If the payload is not a reader or valid buffer + * @throws {$protobuf.util.ProtocolError} If required fields are missing + */ + public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.cloud.kms.v1.EkmConnection; + + /** + * Verifies an EkmConnection message. + * @param message Plain object to verify + * @returns `null` if valid, otherwise the reason why it is not + */ + public static verify(message: { [k: string]: any }): (string|null); + + /** + * Creates an EkmConnection message from a plain object. Also converts values to their respective internal types. + * @param object Plain object + * @returns EkmConnection + */ + public static fromObject(object: { [k: string]: any }): google.cloud.kms.v1.EkmConnection; + + /** + * Creates a plain object from an EkmConnection message. Also converts values to other types if specified. + * @param message EkmConnection + * @param [options] Conversion options + * @returns Plain object + */ + public static toObject(message: google.cloud.kms.v1.EkmConnection, options?: $protobuf.IConversionOptions): { [k: string]: any }; + + /** + * Converts this EkmConnection to JSON. + * @returns JSON object + */ + public toJSON(): { [k: string]: any }; + } + + namespace EkmConnection { + + /** Properties of a ServiceResolver. */ + interface IServiceResolver { + + /** ServiceResolver serviceDirectoryService */ + serviceDirectoryService?: (string|null); + + /** ServiceResolver endpointFilter */ + endpointFilter?: (string|null); + + /** ServiceResolver hostname */ + hostname?: (string|null); + + /** ServiceResolver serverCertificates */ + serverCertificates?: (google.cloud.kms.v1.ICertificate[]|null); + } + + /** Represents a ServiceResolver. */ + class ServiceResolver implements IServiceResolver { + + /** + * Constructs a new ServiceResolver. + * @param [properties] Properties to set + */ + constructor(properties?: google.cloud.kms.v1.EkmConnection.IServiceResolver); + + /** ServiceResolver serviceDirectoryService. */ + public serviceDirectoryService: string; + + /** ServiceResolver endpointFilter. */ + public endpointFilter: string; + + /** ServiceResolver hostname. */ + public hostname: string; + + /** ServiceResolver serverCertificates. */ + public serverCertificates: google.cloud.kms.v1.ICertificate[]; + + /** + * Creates a new ServiceResolver instance using the specified properties. + * @param [properties] Properties to set + * @returns ServiceResolver instance + */ + public static create(properties?: google.cloud.kms.v1.EkmConnection.IServiceResolver): google.cloud.kms.v1.EkmConnection.ServiceResolver; + + /** + * Encodes the specified ServiceResolver message. Does not implicitly {@link google.cloud.kms.v1.EkmConnection.ServiceResolver.verify|verify} messages. + * @param message ServiceResolver message or plain object to encode + * @param [writer] Writer to encode to + * @returns Writer + */ + public static encode(message: google.cloud.kms.v1.EkmConnection.IServiceResolver, writer?: $protobuf.Writer): $protobuf.Writer; + + /** + * Encodes the specified ServiceResolver message, length delimited. Does not implicitly {@link google.cloud.kms.v1.EkmConnection.ServiceResolver.verify|verify} messages. + * @param message ServiceResolver message or plain object to encode + * @param [writer] Writer to encode to + * @returns Writer + */ + public static encodeDelimited(message: google.cloud.kms.v1.EkmConnection.IServiceResolver, writer?: $protobuf.Writer): $protobuf.Writer; + + /** + * Decodes a ServiceResolver message from the specified reader or buffer. + * @param reader Reader or buffer to decode from + * @param [length] Message length if known beforehand + * @returns ServiceResolver + * @throws {Error} If the payload is not a reader or valid buffer + * @throws {$protobuf.util.ProtocolError} If required fields are missing + */ + public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.cloud.kms.v1.EkmConnection.ServiceResolver; + + /** + * Decodes a ServiceResolver message from the specified reader or buffer, length delimited. + * @param reader Reader or buffer to decode from + * @returns ServiceResolver + * @throws {Error} If the payload is not a reader or valid buffer + * @throws {$protobuf.util.ProtocolError} If required fields are missing + */ + public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.cloud.kms.v1.EkmConnection.ServiceResolver; + + /** + * Verifies a ServiceResolver message. + * @param message Plain object to verify + * @returns `null` if valid, otherwise the reason why it is not + */ + public static verify(message: { [k: string]: any }): (string|null); + + /** + * Creates a ServiceResolver message from a plain object. Also converts values to their respective internal types. + * @param object Plain object + * @returns ServiceResolver + */ + public static fromObject(object: { [k: string]: any }): google.cloud.kms.v1.EkmConnection.ServiceResolver; + + /** + * Creates a plain object from a ServiceResolver message. Also converts values to other types if specified. + * @param message ServiceResolver + * @param [options] Conversion options + * @returns Plain object + */ + public static toObject(message: google.cloud.kms.v1.EkmConnection.ServiceResolver, options?: $protobuf.IConversionOptions): { [k: string]: any }; + + /** + * Converts this ServiceResolver to JSON. + * @returns JSON object + */ + public toJSON(): { [k: string]: any }; + } + } + /** Properties of a KeyRing. */ interface IKeyRing { @@ -154,6 +1123,9 @@ export namespace google { /** CryptoKey destroyScheduledDuration */ destroyScheduledDuration?: (google.protobuf.IDuration|null); + + /** CryptoKey cryptoKeyBackend */ + cryptoKeyBackend?: (string|null); } /** Represents a CryptoKey. */ @@ -195,6 +1167,9 @@ export namespace google { /** CryptoKey destroyScheduledDuration. */ public destroyScheduledDuration?: (google.protobuf.IDuration|null); + /** CryptoKey cryptoKeyBackend. */ + public cryptoKeyBackend: string; + /** CryptoKey rotationSchedule. */ public rotationSchedule?: "rotationPeriod"; @@ -385,6 +1360,9 @@ export namespace google { /** KeyOperationAttestation content */ content?: (Uint8Array|string|null); + + /** KeyOperationAttestation certChains */ + certChains?: (google.cloud.kms.v1.KeyOperationAttestation.ICertificateChains|null); } /** Represents a KeyOperationAttestation. */ @@ -402,6 +1380,9 @@ export namespace google { /** KeyOperationAttestation content. */ public content: (Uint8Array|string); + /** KeyOperationAttestation certChains. */ + public certChains?: (google.cloud.kms.v1.KeyOperationAttestation.ICertificateChains|null); + /** * Creates a new KeyOperationAttestation instance using the specified properties. * @param [properties] Properties to set @@ -481,6 +1462,108 @@ export namespace google { CAVIUM_V1_COMPRESSED = 3, CAVIUM_V2_COMPRESSED = 4 } + + /** Properties of a CertificateChains. */ + interface ICertificateChains { + + /** CertificateChains caviumCerts */ + caviumCerts?: (string[]|null); + + /** CertificateChains googleCardCerts */ + googleCardCerts?: (string[]|null); + + /** CertificateChains googlePartitionCerts */ + googlePartitionCerts?: (string[]|null); + } + + /** Represents a CertificateChains. */ + class CertificateChains implements ICertificateChains { + + /** + * Constructs a new CertificateChains. + * @param [properties] Properties to set + */ + constructor(properties?: google.cloud.kms.v1.KeyOperationAttestation.ICertificateChains); + + /** CertificateChains caviumCerts. */ + public caviumCerts: string[]; + + /** CertificateChains googleCardCerts. */ + public googleCardCerts: string[]; + + /** CertificateChains googlePartitionCerts. */ + public googlePartitionCerts: string[]; + + /** + * Creates a new CertificateChains instance using the specified properties. + * @param [properties] Properties to set + * @returns CertificateChains instance + */ + public static create(properties?: google.cloud.kms.v1.KeyOperationAttestation.ICertificateChains): google.cloud.kms.v1.KeyOperationAttestation.CertificateChains; + + /** + * Encodes the specified CertificateChains message. Does not implicitly {@link google.cloud.kms.v1.KeyOperationAttestation.CertificateChains.verify|verify} messages. + * @param message CertificateChains message or plain object to encode + * @param [writer] Writer to encode to + * @returns Writer + */ + public static encode(message: google.cloud.kms.v1.KeyOperationAttestation.ICertificateChains, writer?: $protobuf.Writer): $protobuf.Writer; + + /** + * Encodes the specified CertificateChains message, length delimited. Does not implicitly {@link google.cloud.kms.v1.KeyOperationAttestation.CertificateChains.verify|verify} messages. + * @param message CertificateChains message or plain object to encode + * @param [writer] Writer to encode to + * @returns Writer + */ + public static encodeDelimited(message: google.cloud.kms.v1.KeyOperationAttestation.ICertificateChains, writer?: $protobuf.Writer): $protobuf.Writer; + + /** + * Decodes a CertificateChains message from the specified reader or buffer. + * @param reader Reader or buffer to decode from + * @param [length] Message length if known beforehand + * @returns CertificateChains + * @throws {Error} If the payload is not a reader or valid buffer + * @throws {$protobuf.util.ProtocolError} If required fields are missing + */ + public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.cloud.kms.v1.KeyOperationAttestation.CertificateChains; + + /** + * Decodes a CertificateChains message from the specified reader or buffer, length delimited. + * @param reader Reader or buffer to decode from + * @returns CertificateChains + * @throws {Error} If the payload is not a reader or valid buffer + * @throws {$protobuf.util.ProtocolError} If required fields are missing + */ + public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.cloud.kms.v1.KeyOperationAttestation.CertificateChains; + + /** + * Verifies a CertificateChains message. + * @param message Plain object to verify + * @returns `null` if valid, otherwise the reason why it is not + */ + public static verify(message: { [k: string]: any }): (string|null); + + /** + * Creates a CertificateChains message from a plain object. Also converts values to their respective internal types. + * @param object Plain object + * @returns CertificateChains + */ + public static fromObject(object: { [k: string]: any }): google.cloud.kms.v1.KeyOperationAttestation.CertificateChains; + + /** + * Creates a plain object from a CertificateChains message. Also converts values to other types if specified. + * @param message CertificateChains + * @param [options] Conversion options + * @returns Plain object + */ + public static toObject(message: google.cloud.kms.v1.KeyOperationAttestation.CertificateChains, options?: $protobuf.IConversionOptions): { [k: string]: any }; + + /** + * Converts this CertificateChains to JSON. + * @returns JSON object + */ + public toJSON(): { [k: string]: any }; + } } /** Properties of a CryptoKeyVersion. */ @@ -961,6 +2044,21 @@ export namespace google { namespace ImportJob { + /** ImportMethod enum. */ + enum ImportMethod { + IMPORT_METHOD_UNSPECIFIED = 0, + RSA_OAEP_3072_SHA1_AES_256 = 1, + RSA_OAEP_4096_SHA1_AES_256 = 2 + } + + /** ImportJobState enum. */ + enum ImportJobState { + IMPORT_JOB_STATE_UNSPECIFIED = 0, + PENDING_GENERATION = 1, + ACTIVE = 2, + EXPIRED = 3 + } + /** Properties of a WrappingPublicKey. */ interface IWrappingPublicKey { @@ -1050,29 +2148,6 @@ export namespace google { */ public toJSON(): { [k: string]: any }; } - - /** ImportMethod enum. */ - enum ImportMethod { - IMPORT_METHOD_UNSPECIFIED = 0, - RSA_OAEP_3072_SHA1_AES_256 = 1, - RSA_OAEP_4096_SHA1_AES_256 = 2 - } - - /** ImportJobState enum. */ - enum ImportJobState { - IMPORT_JOB_STATE_UNSPECIFIED = 0, - PENDING_GENERATION = 1, - ACTIVE = 2, - EXPIRED = 3 - } - } - - /** ProtectionLevel enum. */ - enum ProtectionLevel { - PROTECTION_LEVEL_UNSPECIFIED = 0, - SOFTWARE = 1, - HSM = 2, - EXTERNAL = 3 } /** Properties of an ExternalProtectionLevelOptions. */ @@ -1080,6 +2155,9 @@ export namespace google { /** ExternalProtectionLevelOptions externalKeyUri */ externalKeyUri?: (string|null); + + /** ExternalProtectionLevelOptions ekmConnectionKeyPath */ + ekmConnectionKeyPath?: (string|null); } /** Represents an ExternalProtectionLevelOptions. */ @@ -1094,6 +2172,9 @@ export namespace google { /** ExternalProtectionLevelOptions externalKeyUri. */ public externalKeyUri: string; + /** ExternalProtectionLevelOptions ekmConnectionKeyPath. */ + public ekmConnectionKeyPath: string; + /** * Creates a new ExternalProtectionLevelOptions instance using the specified properties. * @param [properties] Properties to set @@ -1165,6 +2246,15 @@ export namespace google { public toJSON(): { [k: string]: any }; } + /** ProtectionLevel enum. */ + enum ProtectionLevel { + PROTECTION_LEVEL_UNSPECIFIED = 0, + SOFTWARE = 1, + HSM = 2, + EXTERNAL = 3, + EXTERNAL_VPC = 4 + } + /** Represents a KeyManagementService */ class KeyManagementService extends $protobuf.rpc.Service { @@ -5806,258 +6896,8 @@ export namespace google { } } - /** Namespace api. */ - namespace api { - - /** FieldBehavior enum. */ - enum FieldBehavior { - FIELD_BEHAVIOR_UNSPECIFIED = 0, - OPTIONAL = 1, - REQUIRED = 2, - OUTPUT_ONLY = 3, - INPUT_ONLY = 4, - IMMUTABLE = 5, - UNORDERED_LIST = 6, - NON_EMPTY_DEFAULT = 7 - } - - /** Properties of a ResourceDescriptor. */ - interface IResourceDescriptor { - - /** ResourceDescriptor type */ - type?: (string|null); - - /** ResourceDescriptor pattern */ - pattern?: (string[]|null); - - /** ResourceDescriptor nameField */ - nameField?: (string|null); - - /** ResourceDescriptor history */ - history?: (google.api.ResourceDescriptor.History|keyof typeof google.api.ResourceDescriptor.History|null); - - /** ResourceDescriptor plural */ - plural?: (string|null); - - /** ResourceDescriptor singular */ - singular?: (string|null); - - /** ResourceDescriptor style */ - style?: (google.api.ResourceDescriptor.Style[]|null); - } - - /** Represents a ResourceDescriptor. */ - class ResourceDescriptor implements IResourceDescriptor { - - /** - * Constructs a new ResourceDescriptor. - * @param [properties] Properties to set - */ - constructor(properties?: google.api.IResourceDescriptor); - - /** ResourceDescriptor type. */ - public type: string; - - /** ResourceDescriptor pattern. */ - public pattern: string[]; - - /** ResourceDescriptor nameField. */ - public nameField: string; - - /** ResourceDescriptor history. */ - public history: (google.api.ResourceDescriptor.History|keyof typeof google.api.ResourceDescriptor.History); - - /** ResourceDescriptor plural. */ - public plural: string; - - /** ResourceDescriptor singular. */ - public singular: string; - - /** ResourceDescriptor style. */ - public style: google.api.ResourceDescriptor.Style[]; - - /** - * Creates a new ResourceDescriptor instance using the specified properties. - * @param [properties] Properties to set - * @returns ResourceDescriptor instance - */ - public static create(properties?: google.api.IResourceDescriptor): google.api.ResourceDescriptor; - - /** - * Encodes the specified ResourceDescriptor message. Does not implicitly {@link google.api.ResourceDescriptor.verify|verify} messages. - * @param message ResourceDescriptor message or plain object to encode - * @param [writer] Writer to encode to - * @returns Writer - */ - public static encode(message: google.api.IResourceDescriptor, writer?: $protobuf.Writer): $protobuf.Writer; - - /** - * Encodes the specified ResourceDescriptor message, length delimited. Does not implicitly {@link google.api.ResourceDescriptor.verify|verify} messages. - * @param message ResourceDescriptor message or plain object to encode - * @param [writer] Writer to encode to - * @returns Writer - */ - public static encodeDelimited(message: google.api.IResourceDescriptor, writer?: $protobuf.Writer): $protobuf.Writer; - - /** - * Decodes a ResourceDescriptor message from the specified reader or buffer. - * @param reader Reader or buffer to decode from - * @param [length] Message length if known beforehand - * @returns ResourceDescriptor - * @throws {Error} If the payload is not a reader or valid buffer - * @throws {$protobuf.util.ProtocolError} If required fields are missing - */ - public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.api.ResourceDescriptor; - - /** - * Decodes a ResourceDescriptor message from the specified reader or buffer, length delimited. - * @param reader Reader or buffer to decode from - * @returns ResourceDescriptor - * @throws {Error} If the payload is not a reader or valid buffer - * @throws {$protobuf.util.ProtocolError} If required fields are missing - */ - public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.api.ResourceDescriptor; - - /** - * Verifies a ResourceDescriptor message. - * @param message Plain object to verify - * @returns `null` if valid, otherwise the reason why it is not - */ - public static verify(message: { [k: string]: any }): (string|null); - - /** - * Creates a ResourceDescriptor message from a plain object. Also converts values to their respective internal types. - * @param object Plain object - * @returns ResourceDescriptor - */ - public static fromObject(object: { [k: string]: any }): google.api.ResourceDescriptor; - - /** - * Creates a plain object from a ResourceDescriptor message. Also converts values to other types if specified. - * @param message ResourceDescriptor - * @param [options] Conversion options - * @returns Plain object - */ - public static toObject(message: google.api.ResourceDescriptor, options?: $protobuf.IConversionOptions): { [k: string]: any }; - - /** - * Converts this ResourceDescriptor to JSON. - * @returns JSON object - */ - public toJSON(): { [k: string]: any }; - } - - namespace ResourceDescriptor { - - /** History enum. */ - enum History { - HISTORY_UNSPECIFIED = 0, - ORIGINALLY_SINGLE_PATTERN = 1, - FUTURE_MULTI_PATTERN = 2 - } - - /** Style enum. */ - enum Style { - STYLE_UNSPECIFIED = 0, - DECLARATIVE_FRIENDLY = 1 - } - } - - /** Properties of a ResourceReference. */ - interface IResourceReference { - - /** ResourceReference type */ - type?: (string|null); - - /** ResourceReference childType */ - childType?: (string|null); - } - - /** Represents a ResourceReference. */ - class ResourceReference implements IResourceReference { - - /** - * Constructs a new ResourceReference. - * @param [properties] Properties to set - */ - constructor(properties?: google.api.IResourceReference); - - /** ResourceReference type. */ - public type: string; - - /** ResourceReference childType. */ - public childType: string; - - /** - * Creates a new ResourceReference instance using the specified properties. - * @param [properties] Properties to set - * @returns ResourceReference instance - */ - public static create(properties?: google.api.IResourceReference): google.api.ResourceReference; - - /** - * Encodes the specified ResourceReference message. Does not implicitly {@link google.api.ResourceReference.verify|verify} messages. - * @param message ResourceReference message or plain object to encode - * @param [writer] Writer to encode to - * @returns Writer - */ - public static encode(message: google.api.IResourceReference, writer?: $protobuf.Writer): $protobuf.Writer; - - /** - * Encodes the specified ResourceReference message, length delimited. Does not implicitly {@link google.api.ResourceReference.verify|verify} messages. - * @param message ResourceReference message or plain object to encode - * @param [writer] Writer to encode to - * @returns Writer - */ - public static encodeDelimited(message: google.api.IResourceReference, writer?: $protobuf.Writer): $protobuf.Writer; - - /** - * Decodes a ResourceReference message from the specified reader or buffer. - * @param reader Reader or buffer to decode from - * @param [length] Message length if known beforehand - * @returns ResourceReference - * @throws {Error} If the payload is not a reader or valid buffer - * @throws {$protobuf.util.ProtocolError} If required fields are missing - */ - public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.api.ResourceReference; - - /** - * Decodes a ResourceReference message from the specified reader or buffer, length delimited. - * @param reader Reader or buffer to decode from - * @returns ResourceReference - * @throws {Error} If the payload is not a reader or valid buffer - * @throws {$protobuf.util.ProtocolError} If required fields are missing - */ - public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.api.ResourceReference; - - /** - * Verifies a ResourceReference message. - * @param message Plain object to verify - * @returns `null` if valid, otherwise the reason why it is not - */ - public static verify(message: { [k: string]: any }): (string|null); - - /** - * Creates a ResourceReference message from a plain object. Also converts values to their respective internal types. - * @param object Plain object - * @returns ResourceReference - */ - public static fromObject(object: { [k: string]: any }): google.api.ResourceReference; - - /** - * Creates a plain object from a ResourceReference message. Also converts values to other types if specified. - * @param message ResourceReference - * @param [options] Conversion options - * @returns Plain object - */ - public static toObject(message: google.api.ResourceReference, options?: $protobuf.IConversionOptions): { [k: string]: any }; - - /** - * Converts this ResourceReference to JSON. - * @returns JSON object - */ - public toJSON(): { [k: string]: any }; - } + /** Namespace api. */ + namespace api { /** Properties of a Http. */ interface IHttp { @@ -6397,6 +7237,256 @@ export namespace google { */ public toJSON(): { [k: string]: any }; } + + /** FieldBehavior enum. */ + enum FieldBehavior { + FIELD_BEHAVIOR_UNSPECIFIED = 0, + OPTIONAL = 1, + REQUIRED = 2, + OUTPUT_ONLY = 3, + INPUT_ONLY = 4, + IMMUTABLE = 5, + UNORDERED_LIST = 6, + NON_EMPTY_DEFAULT = 7 + } + + /** Properties of a ResourceDescriptor. */ + interface IResourceDescriptor { + + /** ResourceDescriptor type */ + type?: (string|null); + + /** ResourceDescriptor pattern */ + pattern?: (string[]|null); + + /** ResourceDescriptor nameField */ + nameField?: (string|null); + + /** ResourceDescriptor history */ + history?: (google.api.ResourceDescriptor.History|keyof typeof google.api.ResourceDescriptor.History|null); + + /** ResourceDescriptor plural */ + plural?: (string|null); + + /** ResourceDescriptor singular */ + singular?: (string|null); + + /** ResourceDescriptor style */ + style?: (google.api.ResourceDescriptor.Style[]|null); + } + + /** Represents a ResourceDescriptor. */ + class ResourceDescriptor implements IResourceDescriptor { + + /** + * Constructs a new ResourceDescriptor. + * @param [properties] Properties to set + */ + constructor(properties?: google.api.IResourceDescriptor); + + /** ResourceDescriptor type. */ + public type: string; + + /** ResourceDescriptor pattern. */ + public pattern: string[]; + + /** ResourceDescriptor nameField. */ + public nameField: string; + + /** ResourceDescriptor history. */ + public history: (google.api.ResourceDescriptor.History|keyof typeof google.api.ResourceDescriptor.History); + + /** ResourceDescriptor plural. */ + public plural: string; + + /** ResourceDescriptor singular. */ + public singular: string; + + /** ResourceDescriptor style. */ + public style: google.api.ResourceDescriptor.Style[]; + + /** + * Creates a new ResourceDescriptor instance using the specified properties. + * @param [properties] Properties to set + * @returns ResourceDescriptor instance + */ + public static create(properties?: google.api.IResourceDescriptor): google.api.ResourceDescriptor; + + /** + * Encodes the specified ResourceDescriptor message. Does not implicitly {@link google.api.ResourceDescriptor.verify|verify} messages. + * @param message ResourceDescriptor message or plain object to encode + * @param [writer] Writer to encode to + * @returns Writer + */ + public static encode(message: google.api.IResourceDescriptor, writer?: $protobuf.Writer): $protobuf.Writer; + + /** + * Encodes the specified ResourceDescriptor message, length delimited. Does not implicitly {@link google.api.ResourceDescriptor.verify|verify} messages. + * @param message ResourceDescriptor message or plain object to encode + * @param [writer] Writer to encode to + * @returns Writer + */ + public static encodeDelimited(message: google.api.IResourceDescriptor, writer?: $protobuf.Writer): $protobuf.Writer; + + /** + * Decodes a ResourceDescriptor message from the specified reader or buffer. + * @param reader Reader or buffer to decode from + * @param [length] Message length if known beforehand + * @returns ResourceDescriptor + * @throws {Error} If the payload is not a reader or valid buffer + * @throws {$protobuf.util.ProtocolError} If required fields are missing + */ + public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.api.ResourceDescriptor; + + /** + * Decodes a ResourceDescriptor message from the specified reader or buffer, length delimited. + * @param reader Reader or buffer to decode from + * @returns ResourceDescriptor + * @throws {Error} If the payload is not a reader or valid buffer + * @throws {$protobuf.util.ProtocolError} If required fields are missing + */ + public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.api.ResourceDescriptor; + + /** + * Verifies a ResourceDescriptor message. + * @param message Plain object to verify + * @returns `null` if valid, otherwise the reason why it is not + */ + public static verify(message: { [k: string]: any }): (string|null); + + /** + * Creates a ResourceDescriptor message from a plain object. Also converts values to their respective internal types. + * @param object Plain object + * @returns ResourceDescriptor + */ + public static fromObject(object: { [k: string]: any }): google.api.ResourceDescriptor; + + /** + * Creates a plain object from a ResourceDescriptor message. Also converts values to other types if specified. + * @param message ResourceDescriptor + * @param [options] Conversion options + * @returns Plain object + */ + public static toObject(message: google.api.ResourceDescriptor, options?: $protobuf.IConversionOptions): { [k: string]: any }; + + /** + * Converts this ResourceDescriptor to JSON. + * @returns JSON object + */ + public toJSON(): { [k: string]: any }; + } + + namespace ResourceDescriptor { + + /** History enum. */ + enum History { + HISTORY_UNSPECIFIED = 0, + ORIGINALLY_SINGLE_PATTERN = 1, + FUTURE_MULTI_PATTERN = 2 + } + + /** Style enum. */ + enum Style { + STYLE_UNSPECIFIED = 0, + DECLARATIVE_FRIENDLY = 1 + } + } + + /** Properties of a ResourceReference. */ + interface IResourceReference { + + /** ResourceReference type */ + type?: (string|null); + + /** ResourceReference childType */ + childType?: (string|null); + } + + /** Represents a ResourceReference. */ + class ResourceReference implements IResourceReference { + + /** + * Constructs a new ResourceReference. + * @param [properties] Properties to set + */ + constructor(properties?: google.api.IResourceReference); + + /** ResourceReference type. */ + public type: string; + + /** ResourceReference childType. */ + public childType: string; + + /** + * Creates a new ResourceReference instance using the specified properties. + * @param [properties] Properties to set + * @returns ResourceReference instance + */ + public static create(properties?: google.api.IResourceReference): google.api.ResourceReference; + + /** + * Encodes the specified ResourceReference message. Does not implicitly {@link google.api.ResourceReference.verify|verify} messages. + * @param message ResourceReference message or plain object to encode + * @param [writer] Writer to encode to + * @returns Writer + */ + public static encode(message: google.api.IResourceReference, writer?: $protobuf.Writer): $protobuf.Writer; + + /** + * Encodes the specified ResourceReference message, length delimited. Does not implicitly {@link google.api.ResourceReference.verify|verify} messages. + * @param message ResourceReference message or plain object to encode + * @param [writer] Writer to encode to + * @returns Writer + */ + public static encodeDelimited(message: google.api.IResourceReference, writer?: $protobuf.Writer): $protobuf.Writer; + + /** + * Decodes a ResourceReference message from the specified reader or buffer. + * @param reader Reader or buffer to decode from + * @param [length] Message length if known beforehand + * @returns ResourceReference + * @throws {Error} If the payload is not a reader or valid buffer + * @throws {$protobuf.util.ProtocolError} If required fields are missing + */ + public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.api.ResourceReference; + + /** + * Decodes a ResourceReference message from the specified reader or buffer, length delimited. + * @param reader Reader or buffer to decode from + * @returns ResourceReference + * @throws {Error} If the payload is not a reader or valid buffer + * @throws {$protobuf.util.ProtocolError} If required fields are missing + */ + public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.api.ResourceReference; + + /** + * Verifies a ResourceReference message. + * @param message Plain object to verify + * @returns `null` if valid, otherwise the reason why it is not + */ + public static verify(message: { [k: string]: any }): (string|null); + + /** + * Creates a ResourceReference message from a plain object. Also converts values to their respective internal types. + * @param object Plain object + * @returns ResourceReference + */ + public static fromObject(object: { [k: string]: any }): google.api.ResourceReference; + + /** + * Creates a plain object from a ResourceReference message. Also converts values to other types if specified. + * @param message ResourceReference + * @param [options] Conversion options + * @returns Plain object + */ + public static toObject(message: google.api.ResourceReference, options?: $protobuf.IConversionOptions): { [k: string]: any }; + + /** + * Converts this ResourceReference to JSON. + * @returns JSON object + */ + public toJSON(): { [k: string]: any }; + } } /** Namespace protobuf. */ @@ -9526,99 +10616,93 @@ export namespace google { */ public toJSON(): { [k: string]: any }; } - } - - /** Properties of a Duration. */ - interface IDuration { + } - /** Duration seconds */ - seconds?: (number|Long|string|null); + /** Properties of a FieldMask. */ + interface IFieldMask { - /** Duration nanos */ - nanos?: (number|null); + /** FieldMask paths */ + paths?: (string[]|null); } - /** Represents a Duration. */ - class Duration implements IDuration { + /** Represents a FieldMask. */ + class FieldMask implements IFieldMask { /** - * Constructs a new Duration. + * Constructs a new FieldMask. * @param [properties] Properties to set */ - constructor(properties?: google.protobuf.IDuration); - - /** Duration seconds. */ - public seconds: (number|Long|string); + constructor(properties?: google.protobuf.IFieldMask); - /** Duration nanos. */ - public nanos: number; + /** FieldMask paths. */ + public paths: string[]; /** - * Creates a new Duration instance using the specified properties. + * Creates a new FieldMask instance using the specified properties. * @param [properties] Properties to set - * @returns Duration instance + * @returns FieldMask instance */ - public static create(properties?: google.protobuf.IDuration): google.protobuf.Duration; + public static create(properties?: google.protobuf.IFieldMask): google.protobuf.FieldMask; /** - * Encodes the specified Duration message. Does not implicitly {@link google.protobuf.Duration.verify|verify} messages. - * @param message Duration message or plain object to encode + * Encodes the specified FieldMask message. Does not implicitly {@link google.protobuf.FieldMask.verify|verify} messages. + * @param message FieldMask message or plain object to encode * @param [writer] Writer to encode to * @returns Writer */ - public static encode(message: google.protobuf.IDuration, writer?: $protobuf.Writer): $protobuf.Writer; + public static encode(message: google.protobuf.IFieldMask, writer?: $protobuf.Writer): $protobuf.Writer; /** - * Encodes the specified Duration message, length delimited. Does not implicitly {@link google.protobuf.Duration.verify|verify} messages. - * @param message Duration message or plain object to encode + * Encodes the specified FieldMask message, length delimited. Does not implicitly {@link google.protobuf.FieldMask.verify|verify} messages. + * @param message FieldMask message or plain object to encode * @param [writer] Writer to encode to * @returns Writer */ - public static encodeDelimited(message: google.protobuf.IDuration, writer?: $protobuf.Writer): $protobuf.Writer; + public static encodeDelimited(message: google.protobuf.IFieldMask, writer?: $protobuf.Writer): $protobuf.Writer; /** - * Decodes a Duration message from the specified reader or buffer. + * Decodes a FieldMask message from the specified reader or buffer. * @param reader Reader or buffer to decode from * @param [length] Message length if known beforehand - * @returns Duration + * @returns FieldMask * @throws {Error} If the payload is not a reader or valid buffer * @throws {$protobuf.util.ProtocolError} If required fields are missing */ - public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.protobuf.Duration; + public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.protobuf.FieldMask; /** - * Decodes a Duration message from the specified reader or buffer, length delimited. + * Decodes a FieldMask message from the specified reader or buffer, length delimited. * @param reader Reader or buffer to decode from - * @returns Duration + * @returns FieldMask * @throws {Error} If the payload is not a reader or valid buffer * @throws {$protobuf.util.ProtocolError} If required fields are missing */ - public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.protobuf.Duration; + public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.protobuf.FieldMask; /** - * Verifies a Duration message. + * Verifies a FieldMask message. * @param message Plain object to verify * @returns `null` if valid, otherwise the reason why it is not */ public static verify(message: { [k: string]: any }): (string|null); /** - * Creates a Duration message from a plain object. Also converts values to their respective internal types. + * Creates a FieldMask message from a plain object. Also converts values to their respective internal types. * @param object Plain object - * @returns Duration + * @returns FieldMask */ - public static fromObject(object: { [k: string]: any }): google.protobuf.Duration; + public static fromObject(object: { [k: string]: any }): google.protobuf.FieldMask; /** - * Creates a plain object from a Duration message. Also converts values to other types if specified. - * @param message Duration + * Creates a plain object from a FieldMask message. Also converts values to other types if specified. + * @param message FieldMask * @param [options] Conversion options * @returns Plain object */ - public static toObject(message: google.protobuf.Duration, options?: $protobuf.IConversionOptions): { [k: string]: any }; + public static toObject(message: google.protobuf.FieldMask, options?: $protobuf.IConversionOptions): { [k: string]: any }; /** - * Converts this Duration to JSON. + * Converts this FieldMask to JSON. * @returns JSON object */ public toJSON(): { [k: string]: any }; @@ -9720,6 +10804,102 @@ export namespace google { public toJSON(): { [k: string]: any }; } + /** Properties of a Duration. */ + interface IDuration { + + /** Duration seconds */ + seconds?: (number|Long|string|null); + + /** Duration nanos */ + nanos?: (number|null); + } + + /** Represents a Duration. */ + class Duration implements IDuration { + + /** + * Constructs a new Duration. + * @param [properties] Properties to set + */ + constructor(properties?: google.protobuf.IDuration); + + /** Duration seconds. */ + public seconds: (number|Long|string); + + /** Duration nanos. */ + public nanos: number; + + /** + * Creates a new Duration instance using the specified properties. + * @param [properties] Properties to set + * @returns Duration instance + */ + public static create(properties?: google.protobuf.IDuration): google.protobuf.Duration; + + /** + * Encodes the specified Duration message. Does not implicitly {@link google.protobuf.Duration.verify|verify} messages. + * @param message Duration message or plain object to encode + * @param [writer] Writer to encode to + * @returns Writer + */ + public static encode(message: google.protobuf.IDuration, writer?: $protobuf.Writer): $protobuf.Writer; + + /** + * Encodes the specified Duration message, length delimited. Does not implicitly {@link google.protobuf.Duration.verify|verify} messages. + * @param message Duration message or plain object to encode + * @param [writer] Writer to encode to + * @returns Writer + */ + public static encodeDelimited(message: google.protobuf.IDuration, writer?: $protobuf.Writer): $protobuf.Writer; + + /** + * Decodes a Duration message from the specified reader or buffer. + * @param reader Reader or buffer to decode from + * @param [length] Message length if known beforehand + * @returns Duration + * @throws {Error} If the payload is not a reader or valid buffer + * @throws {$protobuf.util.ProtocolError} If required fields are missing + */ + public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.protobuf.Duration; + + /** + * Decodes a Duration message from the specified reader or buffer, length delimited. + * @param reader Reader or buffer to decode from + * @returns Duration + * @throws {Error} If the payload is not a reader or valid buffer + * @throws {$protobuf.util.ProtocolError} If required fields are missing + */ + public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.protobuf.Duration; + + /** + * Verifies a Duration message. + * @param message Plain object to verify + * @returns `null` if valid, otherwise the reason why it is not + */ + public static verify(message: { [k: string]: any }): (string|null); + + /** + * Creates a Duration message from a plain object. Also converts values to their respective internal types. + * @param object Plain object + * @returns Duration + */ + public static fromObject(object: { [k: string]: any }): google.protobuf.Duration; + + /** + * Creates a plain object from a Duration message. Also converts values to other types if specified. + * @param message Duration + * @param [options] Conversion options + * @returns Plain object + */ + public static toObject(message: google.protobuf.Duration, options?: $protobuf.IConversionOptions): { [k: string]: any }; + + /** + * Converts this Duration to JSON. + * @returns JSON object + */ + public toJSON(): { [k: string]: any }; + } + /** Properties of a DoubleValue. */ interface IDoubleValue { @@ -10529,95 +11709,5 @@ export namespace google { */ public toJSON(): { [k: string]: any }; } - - /** Properties of a FieldMask. */ - interface IFieldMask { - - /** FieldMask paths */ - paths?: (string[]|null); - } - - /** Represents a FieldMask. */ - class FieldMask implements IFieldMask { - - /** - * Constructs a new FieldMask. - * @param [properties] Properties to set - */ - constructor(properties?: google.protobuf.IFieldMask); - - /** FieldMask paths. */ - public paths: string[]; - - /** - * Creates a new FieldMask instance using the specified properties. - * @param [properties] Properties to set - * @returns FieldMask instance - */ - public static create(properties?: google.protobuf.IFieldMask): google.protobuf.FieldMask; - - /** - * Encodes the specified FieldMask message. Does not implicitly {@link google.protobuf.FieldMask.verify|verify} messages. - * @param message FieldMask message or plain object to encode - * @param [writer] Writer to encode to - * @returns Writer - */ - public static encode(message: google.protobuf.IFieldMask, writer?: $protobuf.Writer): $protobuf.Writer; - - /** - * Encodes the specified FieldMask message, length delimited. Does not implicitly {@link google.protobuf.FieldMask.verify|verify} messages. - * @param message FieldMask message or plain object to encode - * @param [writer] Writer to encode to - * @returns Writer - */ - public static encodeDelimited(message: google.protobuf.IFieldMask, writer?: $protobuf.Writer): $protobuf.Writer; - - /** - * Decodes a FieldMask message from the specified reader or buffer. - * @param reader Reader or buffer to decode from - * @param [length] Message length if known beforehand - * @returns FieldMask - * @throws {Error} If the payload is not a reader or valid buffer - * @throws {$protobuf.util.ProtocolError} If required fields are missing - */ - public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.protobuf.FieldMask; - - /** - * Decodes a FieldMask message from the specified reader or buffer, length delimited. - * @param reader Reader or buffer to decode from - * @returns FieldMask - * @throws {Error} If the payload is not a reader or valid buffer - * @throws {$protobuf.util.ProtocolError} If required fields are missing - */ - public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.protobuf.FieldMask; - - /** - * Verifies a FieldMask message. - * @param message Plain object to verify - * @returns `null` if valid, otherwise the reason why it is not - */ - public static verify(message: { [k: string]: any }): (string|null); - - /** - * Creates a FieldMask message from a plain object. Also converts values to their respective internal types. - * @param object Plain object - * @returns FieldMask - */ - public static fromObject(object: { [k: string]: any }): google.protobuf.FieldMask; - - /** - * Creates a plain object from a FieldMask message. Also converts values to other types if specified. - * @param message FieldMask - * @param [options] Conversion options - * @returns Plain object - */ - public static toObject(message: google.protobuf.FieldMask, options?: $protobuf.IConversionOptions): { [k: string]: any }; - - /** - * Converts this FieldMask to JSON. - * @returns JSON object - */ - public toJSON(): { [k: string]: any }; - } } } diff --git a/protos/protos.js b/protos/protos.js index 4f4f73e6..6240556c 100644 --- a/protos/protos.js +++ b/protos/protos.js @@ -66,25 +66,195 @@ */ var v1 = {}; - v1.KeyRing = (function() { + v1.EkmService = (function() { /** - * Properties of a KeyRing. + * Constructs a new EkmService service. * @memberof google.cloud.kms.v1 - * @interface IKeyRing - * @property {string|null} [name] KeyRing name - * @property {google.protobuf.ITimestamp|null} [createTime] KeyRing createTime + * @classdesc Represents an EkmService + * @extends $protobuf.rpc.Service + * @constructor + * @param {$protobuf.RPCImpl} rpcImpl RPC implementation + * @param {boolean} [requestDelimited=false] Whether requests are length-delimited + * @param {boolean} [responseDelimited=false] Whether responses are length-delimited */ + function EkmService(rpcImpl, requestDelimited, responseDelimited) { + $protobuf.rpc.Service.call(this, rpcImpl, requestDelimited, responseDelimited); + } + + (EkmService.prototype = Object.create($protobuf.rpc.Service.prototype)).constructor = EkmService; /** - * Constructs a new KeyRing. + * Creates new EkmService service using the specified rpc implementation. + * @function create + * @memberof google.cloud.kms.v1.EkmService + * @static + * @param {$protobuf.RPCImpl} rpcImpl RPC implementation + * @param {boolean} [requestDelimited=false] Whether requests are length-delimited + * @param {boolean} [responseDelimited=false] Whether responses are length-delimited + * @returns {EkmService} RPC service. Useful where requests and/or responses are streamed. + */ + EkmService.create = function create(rpcImpl, requestDelimited, responseDelimited) { + return new this(rpcImpl, requestDelimited, responseDelimited); + }; + + /** + * Callback as used by {@link google.cloud.kms.v1.EkmService#listEkmConnections}. + * @memberof google.cloud.kms.v1.EkmService + * @typedef ListEkmConnectionsCallback + * @type {function} + * @param {Error|null} error Error, if any + * @param {google.cloud.kms.v1.ListEkmConnectionsResponse} [response] ListEkmConnectionsResponse + */ + + /** + * Calls ListEkmConnections. + * @function listEkmConnections + * @memberof google.cloud.kms.v1.EkmService + * @instance + * @param {google.cloud.kms.v1.IListEkmConnectionsRequest} request ListEkmConnectionsRequest message or plain object + * @param {google.cloud.kms.v1.EkmService.ListEkmConnectionsCallback} callback Node-style callback called with the error, if any, and ListEkmConnectionsResponse + * @returns {undefined} + * @variation 1 + */ + Object.defineProperty(EkmService.prototype.listEkmConnections = function listEkmConnections(request, callback) { + return this.rpcCall(listEkmConnections, $root.google.cloud.kms.v1.ListEkmConnectionsRequest, $root.google.cloud.kms.v1.ListEkmConnectionsResponse, request, callback); + }, "name", { value: "ListEkmConnections" }); + + /** + * Calls ListEkmConnections. + * @function listEkmConnections + * @memberof google.cloud.kms.v1.EkmService + * @instance + * @param {google.cloud.kms.v1.IListEkmConnectionsRequest} request ListEkmConnectionsRequest message or plain object + * @returns {Promise} Promise + * @variation 2 + */ + + /** + * Callback as used by {@link google.cloud.kms.v1.EkmService#getEkmConnection}. + * @memberof google.cloud.kms.v1.EkmService + * @typedef GetEkmConnectionCallback + * @type {function} + * @param {Error|null} error Error, if any + * @param {google.cloud.kms.v1.EkmConnection} [response] EkmConnection + */ + + /** + * Calls GetEkmConnection. + * @function getEkmConnection + * @memberof google.cloud.kms.v1.EkmService + * @instance + * @param {google.cloud.kms.v1.IGetEkmConnectionRequest} request GetEkmConnectionRequest message or plain object + * @param {google.cloud.kms.v1.EkmService.GetEkmConnectionCallback} callback Node-style callback called with the error, if any, and EkmConnection + * @returns {undefined} + * @variation 1 + */ + Object.defineProperty(EkmService.prototype.getEkmConnection = function getEkmConnection(request, callback) { + return this.rpcCall(getEkmConnection, $root.google.cloud.kms.v1.GetEkmConnectionRequest, $root.google.cloud.kms.v1.EkmConnection, request, callback); + }, "name", { value: "GetEkmConnection" }); + + /** + * Calls GetEkmConnection. + * @function getEkmConnection + * @memberof google.cloud.kms.v1.EkmService + * @instance + * @param {google.cloud.kms.v1.IGetEkmConnectionRequest} request GetEkmConnectionRequest message or plain object + * @returns {Promise} Promise + * @variation 2 + */ + + /** + * Callback as used by {@link google.cloud.kms.v1.EkmService#createEkmConnection}. + * @memberof google.cloud.kms.v1.EkmService + * @typedef CreateEkmConnectionCallback + * @type {function} + * @param {Error|null} error Error, if any + * @param {google.cloud.kms.v1.EkmConnection} [response] EkmConnection + */ + + /** + * Calls CreateEkmConnection. + * @function createEkmConnection + * @memberof google.cloud.kms.v1.EkmService + * @instance + * @param {google.cloud.kms.v1.ICreateEkmConnectionRequest} request CreateEkmConnectionRequest message or plain object + * @param {google.cloud.kms.v1.EkmService.CreateEkmConnectionCallback} callback Node-style callback called with the error, if any, and EkmConnection + * @returns {undefined} + * @variation 1 + */ + Object.defineProperty(EkmService.prototype.createEkmConnection = function createEkmConnection(request, callback) { + return this.rpcCall(createEkmConnection, $root.google.cloud.kms.v1.CreateEkmConnectionRequest, $root.google.cloud.kms.v1.EkmConnection, request, callback); + }, "name", { value: "CreateEkmConnection" }); + + /** + * Calls CreateEkmConnection. + * @function createEkmConnection + * @memberof google.cloud.kms.v1.EkmService + * @instance + * @param {google.cloud.kms.v1.ICreateEkmConnectionRequest} request CreateEkmConnectionRequest message or plain object + * @returns {Promise} Promise + * @variation 2 + */ + + /** + * Callback as used by {@link google.cloud.kms.v1.EkmService#updateEkmConnection}. + * @memberof google.cloud.kms.v1.EkmService + * @typedef UpdateEkmConnectionCallback + * @type {function} + * @param {Error|null} error Error, if any + * @param {google.cloud.kms.v1.EkmConnection} [response] EkmConnection + */ + + /** + * Calls UpdateEkmConnection. + * @function updateEkmConnection + * @memberof google.cloud.kms.v1.EkmService + * @instance + * @param {google.cloud.kms.v1.IUpdateEkmConnectionRequest} request UpdateEkmConnectionRequest message or plain object + * @param {google.cloud.kms.v1.EkmService.UpdateEkmConnectionCallback} callback Node-style callback called with the error, if any, and EkmConnection + * @returns {undefined} + * @variation 1 + */ + Object.defineProperty(EkmService.prototype.updateEkmConnection = function updateEkmConnection(request, callback) { + return this.rpcCall(updateEkmConnection, $root.google.cloud.kms.v1.UpdateEkmConnectionRequest, $root.google.cloud.kms.v1.EkmConnection, request, callback); + }, "name", { value: "UpdateEkmConnection" }); + + /** + * Calls UpdateEkmConnection. + * @function updateEkmConnection + * @memberof google.cloud.kms.v1.EkmService + * @instance + * @param {google.cloud.kms.v1.IUpdateEkmConnectionRequest} request UpdateEkmConnectionRequest message or plain object + * @returns {Promise} Promise + * @variation 2 + */ + + return EkmService; + })(); + + v1.ListEkmConnectionsRequest = (function() { + + /** + * Properties of a ListEkmConnectionsRequest. * @memberof google.cloud.kms.v1 - * @classdesc Represents a KeyRing. - * @implements IKeyRing + * @interface IListEkmConnectionsRequest + * @property {string|null} [parent] ListEkmConnectionsRequest parent + * @property {number|null} [pageSize] ListEkmConnectionsRequest pageSize + * @property {string|null} [pageToken] ListEkmConnectionsRequest pageToken + * @property {string|null} [filter] ListEkmConnectionsRequest filter + * @property {string|null} [orderBy] ListEkmConnectionsRequest orderBy + */ + + /** + * Constructs a new ListEkmConnectionsRequest. + * @memberof google.cloud.kms.v1 + * @classdesc Represents a ListEkmConnectionsRequest. + * @implements IListEkmConnectionsRequest * @constructor - * @param {google.cloud.kms.v1.IKeyRing=} [properties] Properties to set + * @param {google.cloud.kms.v1.IListEkmConnectionsRequest=} [properties] Properties to set */ - function KeyRing(properties) { + function ListEkmConnectionsRequest(properties) { if (properties) for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i) if (properties[keys[i]] != null) @@ -92,88 +262,127 @@ } /** - * KeyRing name. - * @member {string} name - * @memberof google.cloud.kms.v1.KeyRing + * ListEkmConnectionsRequest parent. + * @member {string} parent + * @memberof google.cloud.kms.v1.ListEkmConnectionsRequest * @instance */ - KeyRing.prototype.name = ""; + ListEkmConnectionsRequest.prototype.parent = ""; /** - * KeyRing createTime. - * @member {google.protobuf.ITimestamp|null|undefined} createTime - * @memberof google.cloud.kms.v1.KeyRing + * ListEkmConnectionsRequest pageSize. + * @member {number} pageSize + * @memberof google.cloud.kms.v1.ListEkmConnectionsRequest * @instance */ - KeyRing.prototype.createTime = null; + ListEkmConnectionsRequest.prototype.pageSize = 0; /** - * Creates a new KeyRing instance using the specified properties. + * ListEkmConnectionsRequest pageToken. + * @member {string} pageToken + * @memberof google.cloud.kms.v1.ListEkmConnectionsRequest + * @instance + */ + ListEkmConnectionsRequest.prototype.pageToken = ""; + + /** + * ListEkmConnectionsRequest filter. + * @member {string} filter + * @memberof google.cloud.kms.v1.ListEkmConnectionsRequest + * @instance + */ + ListEkmConnectionsRequest.prototype.filter = ""; + + /** + * ListEkmConnectionsRequest orderBy. + * @member {string} orderBy + * @memberof google.cloud.kms.v1.ListEkmConnectionsRequest + * @instance + */ + ListEkmConnectionsRequest.prototype.orderBy = ""; + + /** + * Creates a new ListEkmConnectionsRequest instance using the specified properties. * @function create - * @memberof google.cloud.kms.v1.KeyRing + * @memberof google.cloud.kms.v1.ListEkmConnectionsRequest * @static - * @param {google.cloud.kms.v1.IKeyRing=} [properties] Properties to set - * @returns {google.cloud.kms.v1.KeyRing} KeyRing instance + * @param {google.cloud.kms.v1.IListEkmConnectionsRequest=} [properties] Properties to set + * @returns {google.cloud.kms.v1.ListEkmConnectionsRequest} ListEkmConnectionsRequest instance */ - KeyRing.create = function create(properties) { - return new KeyRing(properties); + ListEkmConnectionsRequest.create = function create(properties) { + return new ListEkmConnectionsRequest(properties); }; /** - * Encodes the specified KeyRing message. Does not implicitly {@link google.cloud.kms.v1.KeyRing.verify|verify} messages. + * Encodes the specified ListEkmConnectionsRequest message. Does not implicitly {@link google.cloud.kms.v1.ListEkmConnectionsRequest.verify|verify} messages. * @function encode - * @memberof google.cloud.kms.v1.KeyRing + * @memberof google.cloud.kms.v1.ListEkmConnectionsRequest * @static - * @param {google.cloud.kms.v1.IKeyRing} message KeyRing message or plain object to encode + * @param {google.cloud.kms.v1.IListEkmConnectionsRequest} message ListEkmConnectionsRequest message or plain object to encode * @param {$protobuf.Writer} [writer] Writer to encode to * @returns {$protobuf.Writer} Writer */ - KeyRing.encode = function encode(message, writer) { + ListEkmConnectionsRequest.encode = function encode(message, writer) { if (!writer) writer = $Writer.create(); - if (message.name != null && Object.hasOwnProperty.call(message, "name")) - writer.uint32(/* id 1, wireType 2 =*/10).string(message.name); - if (message.createTime != null && Object.hasOwnProperty.call(message, "createTime")) - $root.google.protobuf.Timestamp.encode(message.createTime, writer.uint32(/* id 2, wireType 2 =*/18).fork()).ldelim(); + if (message.parent != null && Object.hasOwnProperty.call(message, "parent")) + writer.uint32(/* id 1, wireType 2 =*/10).string(message.parent); + if (message.pageSize != null && Object.hasOwnProperty.call(message, "pageSize")) + writer.uint32(/* id 2, wireType 0 =*/16).int32(message.pageSize); + if (message.pageToken != null && Object.hasOwnProperty.call(message, "pageToken")) + writer.uint32(/* id 3, wireType 2 =*/26).string(message.pageToken); + if (message.filter != null && Object.hasOwnProperty.call(message, "filter")) + writer.uint32(/* id 4, wireType 2 =*/34).string(message.filter); + if (message.orderBy != null && Object.hasOwnProperty.call(message, "orderBy")) + writer.uint32(/* id 5, wireType 2 =*/42).string(message.orderBy); return writer; }; /** - * Encodes the specified KeyRing message, length delimited. Does not implicitly {@link google.cloud.kms.v1.KeyRing.verify|verify} messages. + * Encodes the specified ListEkmConnectionsRequest message, length delimited. Does not implicitly {@link google.cloud.kms.v1.ListEkmConnectionsRequest.verify|verify} messages. * @function encodeDelimited - * @memberof google.cloud.kms.v1.KeyRing + * @memberof google.cloud.kms.v1.ListEkmConnectionsRequest * @static - * @param {google.cloud.kms.v1.IKeyRing} message KeyRing message or plain object to encode + * @param {google.cloud.kms.v1.IListEkmConnectionsRequest} message ListEkmConnectionsRequest message or plain object to encode * @param {$protobuf.Writer} [writer] Writer to encode to * @returns {$protobuf.Writer} Writer */ - KeyRing.encodeDelimited = function encodeDelimited(message, writer) { + ListEkmConnectionsRequest.encodeDelimited = function encodeDelimited(message, writer) { return this.encode(message, writer).ldelim(); }; /** - * Decodes a KeyRing message from the specified reader or buffer. + * Decodes a ListEkmConnectionsRequest message from the specified reader or buffer. * @function decode - * @memberof google.cloud.kms.v1.KeyRing + * @memberof google.cloud.kms.v1.ListEkmConnectionsRequest * @static * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from * @param {number} [length] Message length if known beforehand - * @returns {google.cloud.kms.v1.KeyRing} KeyRing + * @returns {google.cloud.kms.v1.ListEkmConnectionsRequest} ListEkmConnectionsRequest * @throws {Error} If the payload is not a reader or valid buffer * @throws {$protobuf.util.ProtocolError} If required fields are missing */ - KeyRing.decode = function decode(reader, length) { + ListEkmConnectionsRequest.decode = function decode(reader, length) { if (!(reader instanceof $Reader)) reader = $Reader.create(reader); - var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.cloud.kms.v1.KeyRing(); + var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.cloud.kms.v1.ListEkmConnectionsRequest(); while (reader.pos < end) { var tag = reader.uint32(); switch (tag >>> 3) { case 1: - message.name = reader.string(); + message.parent = reader.string(); break; case 2: - message.createTime = $root.google.protobuf.Timestamp.decode(reader, reader.uint32()); + message.pageSize = reader.int32(); + break; + case 3: + message.pageToken = reader.string(); + break; + case 4: + message.filter = reader.string(); + break; + case 5: + message.orderBy = reader.string(); break; default: reader.skipType(tag & 7); @@ -184,131 +393,143 @@ }; /** - * Decodes a KeyRing message from the specified reader or buffer, length delimited. + * Decodes a ListEkmConnectionsRequest message from the specified reader or buffer, length delimited. * @function decodeDelimited - * @memberof google.cloud.kms.v1.KeyRing + * @memberof google.cloud.kms.v1.ListEkmConnectionsRequest * @static * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from - * @returns {google.cloud.kms.v1.KeyRing} KeyRing + * @returns {google.cloud.kms.v1.ListEkmConnectionsRequest} ListEkmConnectionsRequest * @throws {Error} If the payload is not a reader or valid buffer * @throws {$protobuf.util.ProtocolError} If required fields are missing */ - KeyRing.decodeDelimited = function decodeDelimited(reader) { + ListEkmConnectionsRequest.decodeDelimited = function decodeDelimited(reader) { if (!(reader instanceof $Reader)) reader = new $Reader(reader); return this.decode(reader, reader.uint32()); }; /** - * Verifies a KeyRing message. + * Verifies a ListEkmConnectionsRequest message. * @function verify - * @memberof google.cloud.kms.v1.KeyRing + * @memberof google.cloud.kms.v1.ListEkmConnectionsRequest * @static * @param {Object.} message Plain object to verify * @returns {string|null} `null` if valid, otherwise the reason why it is not */ - KeyRing.verify = function verify(message) { + ListEkmConnectionsRequest.verify = function verify(message) { if (typeof message !== "object" || message === null) return "object expected"; - if (message.name != null && message.hasOwnProperty("name")) - if (!$util.isString(message.name)) - return "name: string expected"; - if (message.createTime != null && message.hasOwnProperty("createTime")) { - var error = $root.google.protobuf.Timestamp.verify(message.createTime); - if (error) - return "createTime." + error; - } + if (message.parent != null && message.hasOwnProperty("parent")) + if (!$util.isString(message.parent)) + return "parent: string expected"; + if (message.pageSize != null && message.hasOwnProperty("pageSize")) + if (!$util.isInteger(message.pageSize)) + return "pageSize: integer expected"; + if (message.pageToken != null && message.hasOwnProperty("pageToken")) + if (!$util.isString(message.pageToken)) + return "pageToken: string expected"; + if (message.filter != null && message.hasOwnProperty("filter")) + if (!$util.isString(message.filter)) + return "filter: string expected"; + if (message.orderBy != null && message.hasOwnProperty("orderBy")) + if (!$util.isString(message.orderBy)) + return "orderBy: string expected"; return null; }; /** - * Creates a KeyRing message from a plain object. Also converts values to their respective internal types. + * Creates a ListEkmConnectionsRequest message from a plain object. Also converts values to their respective internal types. * @function fromObject - * @memberof google.cloud.kms.v1.KeyRing + * @memberof google.cloud.kms.v1.ListEkmConnectionsRequest * @static * @param {Object.} object Plain object - * @returns {google.cloud.kms.v1.KeyRing} KeyRing + * @returns {google.cloud.kms.v1.ListEkmConnectionsRequest} ListEkmConnectionsRequest */ - KeyRing.fromObject = function fromObject(object) { - if (object instanceof $root.google.cloud.kms.v1.KeyRing) + ListEkmConnectionsRequest.fromObject = function fromObject(object) { + if (object instanceof $root.google.cloud.kms.v1.ListEkmConnectionsRequest) return object; - var message = new $root.google.cloud.kms.v1.KeyRing(); - if (object.name != null) - message.name = String(object.name); - if (object.createTime != null) { - if (typeof object.createTime !== "object") - throw TypeError(".google.cloud.kms.v1.KeyRing.createTime: object expected"); - message.createTime = $root.google.protobuf.Timestamp.fromObject(object.createTime); - } + var message = new $root.google.cloud.kms.v1.ListEkmConnectionsRequest(); + if (object.parent != null) + message.parent = String(object.parent); + if (object.pageSize != null) + message.pageSize = object.pageSize | 0; + if (object.pageToken != null) + message.pageToken = String(object.pageToken); + if (object.filter != null) + message.filter = String(object.filter); + if (object.orderBy != null) + message.orderBy = String(object.orderBy); return message; }; /** - * Creates a plain object from a KeyRing message. Also converts values to other types if specified. + * Creates a plain object from a ListEkmConnectionsRequest message. Also converts values to other types if specified. * @function toObject - * @memberof google.cloud.kms.v1.KeyRing + * @memberof google.cloud.kms.v1.ListEkmConnectionsRequest * @static - * @param {google.cloud.kms.v1.KeyRing} message KeyRing + * @param {google.cloud.kms.v1.ListEkmConnectionsRequest} message ListEkmConnectionsRequest * @param {$protobuf.IConversionOptions} [options] Conversion options * @returns {Object.} Plain object */ - KeyRing.toObject = function toObject(message, options) { + ListEkmConnectionsRequest.toObject = function toObject(message, options) { if (!options) options = {}; var object = {}; if (options.defaults) { - object.name = ""; - object.createTime = null; + object.parent = ""; + object.pageSize = 0; + object.pageToken = ""; + object.filter = ""; + object.orderBy = ""; } - if (message.name != null && message.hasOwnProperty("name")) - object.name = message.name; - if (message.createTime != null && message.hasOwnProperty("createTime")) - object.createTime = $root.google.protobuf.Timestamp.toObject(message.createTime, options); + if (message.parent != null && message.hasOwnProperty("parent")) + object.parent = message.parent; + if (message.pageSize != null && message.hasOwnProperty("pageSize")) + object.pageSize = message.pageSize; + if (message.pageToken != null && message.hasOwnProperty("pageToken")) + object.pageToken = message.pageToken; + if (message.filter != null && message.hasOwnProperty("filter")) + object.filter = message.filter; + if (message.orderBy != null && message.hasOwnProperty("orderBy")) + object.orderBy = message.orderBy; return object; }; /** - * Converts this KeyRing to JSON. + * Converts this ListEkmConnectionsRequest to JSON. * @function toJSON - * @memberof google.cloud.kms.v1.KeyRing + * @memberof google.cloud.kms.v1.ListEkmConnectionsRequest * @instance * @returns {Object.} JSON object */ - KeyRing.prototype.toJSON = function toJSON() { + ListEkmConnectionsRequest.prototype.toJSON = function toJSON() { return this.constructor.toObject(this, $protobuf.util.toJSONOptions); }; - return KeyRing; + return ListEkmConnectionsRequest; })(); - v1.CryptoKey = (function() { + v1.ListEkmConnectionsResponse = (function() { /** - * Properties of a CryptoKey. + * Properties of a ListEkmConnectionsResponse. * @memberof google.cloud.kms.v1 - * @interface ICryptoKey - * @property {string|null} [name] CryptoKey name - * @property {google.cloud.kms.v1.ICryptoKeyVersion|null} [primary] CryptoKey primary - * @property {google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose|null} [purpose] CryptoKey purpose - * @property {google.protobuf.ITimestamp|null} [createTime] CryptoKey createTime - * @property {google.protobuf.ITimestamp|null} [nextRotationTime] CryptoKey nextRotationTime - * @property {google.protobuf.IDuration|null} [rotationPeriod] CryptoKey rotationPeriod - * @property {google.cloud.kms.v1.ICryptoKeyVersionTemplate|null} [versionTemplate] CryptoKey versionTemplate - * @property {Object.|null} [labels] CryptoKey labels - * @property {boolean|null} [importOnly] CryptoKey importOnly - * @property {google.protobuf.IDuration|null} [destroyScheduledDuration] CryptoKey destroyScheduledDuration + * @interface IListEkmConnectionsResponse + * @property {Array.|null} [ekmConnections] ListEkmConnectionsResponse ekmConnections + * @property {string|null} [nextPageToken] ListEkmConnectionsResponse nextPageToken + * @property {number|null} [totalSize] ListEkmConnectionsResponse totalSize */ /** - * Constructs a new CryptoKey. + * Constructs a new ListEkmConnectionsResponse. * @memberof google.cloud.kms.v1 - * @classdesc Represents a CryptoKey. - * @implements ICryptoKey + * @classdesc Represents a ListEkmConnectionsResponse. + * @implements IListEkmConnectionsResponse * @constructor - * @param {google.cloud.kms.v1.ICryptoKey=} [properties] Properties to set + * @param {google.cloud.kms.v1.IListEkmConnectionsResponse=} [properties] Properties to set */ - function CryptoKey(properties) { - this.labels = {}; + function ListEkmConnectionsResponse(properties) { + this.ekmConnections = []; if (properties) for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i) if (properties[keys[i]] != null) @@ -316,226 +537,104 @@ } /** - * CryptoKey name. - * @member {string} name - * @memberof google.cloud.kms.v1.CryptoKey - * @instance - */ - CryptoKey.prototype.name = ""; - - /** - * CryptoKey primary. - * @member {google.cloud.kms.v1.ICryptoKeyVersion|null|undefined} primary - * @memberof google.cloud.kms.v1.CryptoKey - * @instance - */ - CryptoKey.prototype.primary = null; - - /** - * CryptoKey purpose. - * @member {google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose} purpose - * @memberof google.cloud.kms.v1.CryptoKey - * @instance - */ - CryptoKey.prototype.purpose = 0; - - /** - * CryptoKey createTime. - * @member {google.protobuf.ITimestamp|null|undefined} createTime - * @memberof google.cloud.kms.v1.CryptoKey - * @instance - */ - CryptoKey.prototype.createTime = null; - - /** - * CryptoKey nextRotationTime. - * @member {google.protobuf.ITimestamp|null|undefined} nextRotationTime - * @memberof google.cloud.kms.v1.CryptoKey - * @instance - */ - CryptoKey.prototype.nextRotationTime = null; - - /** - * CryptoKey rotationPeriod. - * @member {google.protobuf.IDuration|null|undefined} rotationPeriod - * @memberof google.cloud.kms.v1.CryptoKey - * @instance - */ - CryptoKey.prototype.rotationPeriod = null; - - /** - * CryptoKey versionTemplate. - * @member {google.cloud.kms.v1.ICryptoKeyVersionTemplate|null|undefined} versionTemplate - * @memberof google.cloud.kms.v1.CryptoKey - * @instance - */ - CryptoKey.prototype.versionTemplate = null; - - /** - * CryptoKey labels. - * @member {Object.} labels - * @memberof google.cloud.kms.v1.CryptoKey - * @instance - */ - CryptoKey.prototype.labels = $util.emptyObject; - - /** - * CryptoKey importOnly. - * @member {boolean} importOnly - * @memberof google.cloud.kms.v1.CryptoKey + * ListEkmConnectionsResponse ekmConnections. + * @member {Array.} ekmConnections + * @memberof google.cloud.kms.v1.ListEkmConnectionsResponse * @instance */ - CryptoKey.prototype.importOnly = false; + ListEkmConnectionsResponse.prototype.ekmConnections = $util.emptyArray; /** - * CryptoKey destroyScheduledDuration. - * @member {google.protobuf.IDuration|null|undefined} destroyScheduledDuration - * @memberof google.cloud.kms.v1.CryptoKey + * ListEkmConnectionsResponse nextPageToken. + * @member {string} nextPageToken + * @memberof google.cloud.kms.v1.ListEkmConnectionsResponse * @instance */ - CryptoKey.prototype.destroyScheduledDuration = null; - - // OneOf field names bound to virtual getters and setters - var $oneOfFields; + ListEkmConnectionsResponse.prototype.nextPageToken = ""; /** - * CryptoKey rotationSchedule. - * @member {"rotationPeriod"|undefined} rotationSchedule - * @memberof google.cloud.kms.v1.CryptoKey + * ListEkmConnectionsResponse totalSize. + * @member {number} totalSize + * @memberof google.cloud.kms.v1.ListEkmConnectionsResponse * @instance */ - Object.defineProperty(CryptoKey.prototype, "rotationSchedule", { - get: $util.oneOfGetter($oneOfFields = ["rotationPeriod"]), - set: $util.oneOfSetter($oneOfFields) - }); + ListEkmConnectionsResponse.prototype.totalSize = 0; /** - * Creates a new CryptoKey instance using the specified properties. + * Creates a new ListEkmConnectionsResponse instance using the specified properties. * @function create - * @memberof google.cloud.kms.v1.CryptoKey + * @memberof google.cloud.kms.v1.ListEkmConnectionsResponse * @static - * @param {google.cloud.kms.v1.ICryptoKey=} [properties] Properties to set - * @returns {google.cloud.kms.v1.CryptoKey} CryptoKey instance + * @param {google.cloud.kms.v1.IListEkmConnectionsResponse=} [properties] Properties to set + * @returns {google.cloud.kms.v1.ListEkmConnectionsResponse} ListEkmConnectionsResponse instance */ - CryptoKey.create = function create(properties) { - return new CryptoKey(properties); + ListEkmConnectionsResponse.create = function create(properties) { + return new ListEkmConnectionsResponse(properties); }; /** - * Encodes the specified CryptoKey message. Does not implicitly {@link google.cloud.kms.v1.CryptoKey.verify|verify} messages. + * Encodes the specified ListEkmConnectionsResponse message. Does not implicitly {@link google.cloud.kms.v1.ListEkmConnectionsResponse.verify|verify} messages. * @function encode - * @memberof google.cloud.kms.v1.CryptoKey + * @memberof google.cloud.kms.v1.ListEkmConnectionsResponse * @static - * @param {google.cloud.kms.v1.ICryptoKey} message CryptoKey message or plain object to encode + * @param {google.cloud.kms.v1.IListEkmConnectionsResponse} message ListEkmConnectionsResponse message or plain object to encode * @param {$protobuf.Writer} [writer] Writer to encode to * @returns {$protobuf.Writer} Writer */ - CryptoKey.encode = function encode(message, writer) { + ListEkmConnectionsResponse.encode = function encode(message, writer) { if (!writer) writer = $Writer.create(); - if (message.name != null && Object.hasOwnProperty.call(message, "name")) - writer.uint32(/* id 1, wireType 2 =*/10).string(message.name); - if (message.primary != null && Object.hasOwnProperty.call(message, "primary")) - $root.google.cloud.kms.v1.CryptoKeyVersion.encode(message.primary, writer.uint32(/* id 2, wireType 2 =*/18).fork()).ldelim(); - if (message.purpose != null && Object.hasOwnProperty.call(message, "purpose")) - writer.uint32(/* id 3, wireType 0 =*/24).int32(message.purpose); - if (message.createTime != null && Object.hasOwnProperty.call(message, "createTime")) - $root.google.protobuf.Timestamp.encode(message.createTime, writer.uint32(/* id 5, wireType 2 =*/42).fork()).ldelim(); - if (message.nextRotationTime != null && Object.hasOwnProperty.call(message, "nextRotationTime")) - $root.google.protobuf.Timestamp.encode(message.nextRotationTime, writer.uint32(/* id 7, wireType 2 =*/58).fork()).ldelim(); - if (message.rotationPeriod != null && Object.hasOwnProperty.call(message, "rotationPeriod")) - $root.google.protobuf.Duration.encode(message.rotationPeriod, writer.uint32(/* id 8, wireType 2 =*/66).fork()).ldelim(); - if (message.labels != null && Object.hasOwnProperty.call(message, "labels")) - for (var keys = Object.keys(message.labels), i = 0; i < keys.length; ++i) - writer.uint32(/* id 10, wireType 2 =*/82).fork().uint32(/* id 1, wireType 2 =*/10).string(keys[i]).uint32(/* id 2, wireType 2 =*/18).string(message.labels[keys[i]]).ldelim(); - if (message.versionTemplate != null && Object.hasOwnProperty.call(message, "versionTemplate")) - $root.google.cloud.kms.v1.CryptoKeyVersionTemplate.encode(message.versionTemplate, writer.uint32(/* id 11, wireType 2 =*/90).fork()).ldelim(); - if (message.importOnly != null && Object.hasOwnProperty.call(message, "importOnly")) - writer.uint32(/* id 13, wireType 0 =*/104).bool(message.importOnly); - if (message.destroyScheduledDuration != null && Object.hasOwnProperty.call(message, "destroyScheduledDuration")) - $root.google.protobuf.Duration.encode(message.destroyScheduledDuration, writer.uint32(/* id 14, wireType 2 =*/114).fork()).ldelim(); + if (message.ekmConnections != null && message.ekmConnections.length) + for (var i = 0; i < message.ekmConnections.length; ++i) + $root.google.cloud.kms.v1.EkmConnection.encode(message.ekmConnections[i], writer.uint32(/* id 1, wireType 2 =*/10).fork()).ldelim(); + if (message.nextPageToken != null && Object.hasOwnProperty.call(message, "nextPageToken")) + writer.uint32(/* id 2, wireType 2 =*/18).string(message.nextPageToken); + if (message.totalSize != null && Object.hasOwnProperty.call(message, "totalSize")) + writer.uint32(/* id 3, wireType 0 =*/24).int32(message.totalSize); return writer; }; /** - * Encodes the specified CryptoKey message, length delimited. Does not implicitly {@link google.cloud.kms.v1.CryptoKey.verify|verify} messages. + * Encodes the specified ListEkmConnectionsResponse message, length delimited. Does not implicitly {@link google.cloud.kms.v1.ListEkmConnectionsResponse.verify|verify} messages. * @function encodeDelimited - * @memberof google.cloud.kms.v1.CryptoKey + * @memberof google.cloud.kms.v1.ListEkmConnectionsResponse * @static - * @param {google.cloud.kms.v1.ICryptoKey} message CryptoKey message or plain object to encode + * @param {google.cloud.kms.v1.IListEkmConnectionsResponse} message ListEkmConnectionsResponse message or plain object to encode * @param {$protobuf.Writer} [writer] Writer to encode to * @returns {$protobuf.Writer} Writer */ - CryptoKey.encodeDelimited = function encodeDelimited(message, writer) { + ListEkmConnectionsResponse.encodeDelimited = function encodeDelimited(message, writer) { return this.encode(message, writer).ldelim(); }; /** - * Decodes a CryptoKey message from the specified reader or buffer. + * Decodes a ListEkmConnectionsResponse message from the specified reader or buffer. * @function decode - * @memberof google.cloud.kms.v1.CryptoKey + * @memberof google.cloud.kms.v1.ListEkmConnectionsResponse * @static * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from * @param {number} [length] Message length if known beforehand - * @returns {google.cloud.kms.v1.CryptoKey} CryptoKey + * @returns {google.cloud.kms.v1.ListEkmConnectionsResponse} ListEkmConnectionsResponse * @throws {Error} If the payload is not a reader or valid buffer * @throws {$protobuf.util.ProtocolError} If required fields are missing */ - CryptoKey.decode = function decode(reader, length) { + ListEkmConnectionsResponse.decode = function decode(reader, length) { if (!(reader instanceof $Reader)) reader = $Reader.create(reader); - var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.cloud.kms.v1.CryptoKey(), key, value; + var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.cloud.kms.v1.ListEkmConnectionsResponse(); while (reader.pos < end) { var tag = reader.uint32(); switch (tag >>> 3) { case 1: - message.name = reader.string(); + if (!(message.ekmConnections && message.ekmConnections.length)) + message.ekmConnections = []; + message.ekmConnections.push($root.google.cloud.kms.v1.EkmConnection.decode(reader, reader.uint32())); break; case 2: - message.primary = $root.google.cloud.kms.v1.CryptoKeyVersion.decode(reader, reader.uint32()); + message.nextPageToken = reader.string(); break; case 3: - message.purpose = reader.int32(); - break; - case 5: - message.createTime = $root.google.protobuf.Timestamp.decode(reader, reader.uint32()); - break; - case 7: - message.nextRotationTime = $root.google.protobuf.Timestamp.decode(reader, reader.uint32()); - break; - case 8: - message.rotationPeriod = $root.google.protobuf.Duration.decode(reader, reader.uint32()); - break; - case 11: - message.versionTemplate = $root.google.cloud.kms.v1.CryptoKeyVersionTemplate.decode(reader, reader.uint32()); - break; - case 10: - if (message.labels === $util.emptyObject) - message.labels = {}; - var end2 = reader.uint32() + reader.pos; - key = ""; - value = ""; - while (reader.pos < end2) { - var tag2 = reader.uint32(); - switch (tag2 >>> 3) { - case 1: - key = reader.string(); - break; - case 2: - value = reader.string(); - break; - default: - reader.skipType(tag2 & 7); - break; - } - } - message.labels[key] = value; - break; - case 13: - message.importOnly = reader.bool(); - break; - case 14: - message.destroyScheduledDuration = $root.google.protobuf.Duration.decode(reader, reader.uint32()); + message.totalSize = reader.int32(); break; default: reader.skipType(tag & 7); @@ -546,280 +645,142 @@ }; /** - * Decodes a CryptoKey message from the specified reader or buffer, length delimited. + * Decodes a ListEkmConnectionsResponse message from the specified reader or buffer, length delimited. * @function decodeDelimited - * @memberof google.cloud.kms.v1.CryptoKey + * @memberof google.cloud.kms.v1.ListEkmConnectionsResponse * @static * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from - * @returns {google.cloud.kms.v1.CryptoKey} CryptoKey + * @returns {google.cloud.kms.v1.ListEkmConnectionsResponse} ListEkmConnectionsResponse * @throws {Error} If the payload is not a reader or valid buffer * @throws {$protobuf.util.ProtocolError} If required fields are missing */ - CryptoKey.decodeDelimited = function decodeDelimited(reader) { + ListEkmConnectionsResponse.decodeDelimited = function decodeDelimited(reader) { if (!(reader instanceof $Reader)) reader = new $Reader(reader); return this.decode(reader, reader.uint32()); }; /** - * Verifies a CryptoKey message. + * Verifies a ListEkmConnectionsResponse message. * @function verify - * @memberof google.cloud.kms.v1.CryptoKey + * @memberof google.cloud.kms.v1.ListEkmConnectionsResponse * @static * @param {Object.} message Plain object to verify * @returns {string|null} `null` if valid, otherwise the reason why it is not */ - CryptoKey.verify = function verify(message) { + ListEkmConnectionsResponse.verify = function verify(message) { if (typeof message !== "object" || message === null) return "object expected"; - var properties = {}; - if (message.name != null && message.hasOwnProperty("name")) - if (!$util.isString(message.name)) - return "name: string expected"; - if (message.primary != null && message.hasOwnProperty("primary")) { - var error = $root.google.cloud.kms.v1.CryptoKeyVersion.verify(message.primary); - if (error) - return "primary." + error; - } - if (message.purpose != null && message.hasOwnProperty("purpose")) - switch (message.purpose) { - default: - return "purpose: enum value expected"; - case 0: - case 1: - case 5: - case 6: - case 9: - break; - } - if (message.createTime != null && message.hasOwnProperty("createTime")) { - var error = $root.google.protobuf.Timestamp.verify(message.createTime); - if (error) - return "createTime." + error; - } - if (message.nextRotationTime != null && message.hasOwnProperty("nextRotationTime")) { - var error = $root.google.protobuf.Timestamp.verify(message.nextRotationTime); - if (error) - return "nextRotationTime." + error; - } - if (message.rotationPeriod != null && message.hasOwnProperty("rotationPeriod")) { - properties.rotationSchedule = 1; - { - var error = $root.google.protobuf.Duration.verify(message.rotationPeriod); + if (message.ekmConnections != null && message.hasOwnProperty("ekmConnections")) { + if (!Array.isArray(message.ekmConnections)) + return "ekmConnections: array expected"; + for (var i = 0; i < message.ekmConnections.length; ++i) { + var error = $root.google.cloud.kms.v1.EkmConnection.verify(message.ekmConnections[i]); if (error) - return "rotationPeriod." + error; + return "ekmConnections." + error; } } - if (message.versionTemplate != null && message.hasOwnProperty("versionTemplate")) { - var error = $root.google.cloud.kms.v1.CryptoKeyVersionTemplate.verify(message.versionTemplate); - if (error) - return "versionTemplate." + error; - } - if (message.labels != null && message.hasOwnProperty("labels")) { - if (!$util.isObject(message.labels)) - return "labels: object expected"; - var key = Object.keys(message.labels); - for (var i = 0; i < key.length; ++i) - if (!$util.isString(message.labels[key[i]])) - return "labels: string{k:string} expected"; - } - if (message.importOnly != null && message.hasOwnProperty("importOnly")) - if (typeof message.importOnly !== "boolean") - return "importOnly: boolean expected"; - if (message.destroyScheduledDuration != null && message.hasOwnProperty("destroyScheduledDuration")) { - var error = $root.google.protobuf.Duration.verify(message.destroyScheduledDuration); - if (error) - return "destroyScheduledDuration." + error; - } - return null; - }; - - /** - * Creates a CryptoKey message from a plain object. Also converts values to their respective internal types. - * @function fromObject - * @memberof google.cloud.kms.v1.CryptoKey - * @static - * @param {Object.} object Plain object - * @returns {google.cloud.kms.v1.CryptoKey} CryptoKey - */ - CryptoKey.fromObject = function fromObject(object) { - if (object instanceof $root.google.cloud.kms.v1.CryptoKey) - return object; - var message = new $root.google.cloud.kms.v1.CryptoKey(); - if (object.name != null) - message.name = String(object.name); - if (object.primary != null) { - if (typeof object.primary !== "object") - throw TypeError(".google.cloud.kms.v1.CryptoKey.primary: object expected"); - message.primary = $root.google.cloud.kms.v1.CryptoKeyVersion.fromObject(object.primary); - } - switch (object.purpose) { - case "CRYPTO_KEY_PURPOSE_UNSPECIFIED": - case 0: - message.purpose = 0; - break; - case "ENCRYPT_DECRYPT": - case 1: - message.purpose = 1; - break; - case "ASYMMETRIC_SIGN": - case 5: - message.purpose = 5; - break; - case "ASYMMETRIC_DECRYPT": - case 6: - message.purpose = 6; - break; - case "MAC": - case 9: - message.purpose = 9; - break; - } - if (object.createTime != null) { - if (typeof object.createTime !== "object") - throw TypeError(".google.cloud.kms.v1.CryptoKey.createTime: object expected"); - message.createTime = $root.google.protobuf.Timestamp.fromObject(object.createTime); - } - if (object.nextRotationTime != null) { - if (typeof object.nextRotationTime !== "object") - throw TypeError(".google.cloud.kms.v1.CryptoKey.nextRotationTime: object expected"); - message.nextRotationTime = $root.google.protobuf.Timestamp.fromObject(object.nextRotationTime); - } - if (object.rotationPeriod != null) { - if (typeof object.rotationPeriod !== "object") - throw TypeError(".google.cloud.kms.v1.CryptoKey.rotationPeriod: object expected"); - message.rotationPeriod = $root.google.protobuf.Duration.fromObject(object.rotationPeriod); - } - if (object.versionTemplate != null) { - if (typeof object.versionTemplate !== "object") - throw TypeError(".google.cloud.kms.v1.CryptoKey.versionTemplate: object expected"); - message.versionTemplate = $root.google.cloud.kms.v1.CryptoKeyVersionTemplate.fromObject(object.versionTemplate); - } - if (object.labels) { - if (typeof object.labels !== "object") - throw TypeError(".google.cloud.kms.v1.CryptoKey.labels: object expected"); - message.labels = {}; - for (var keys = Object.keys(object.labels), i = 0; i < keys.length; ++i) - message.labels[keys[i]] = String(object.labels[keys[i]]); - } - if (object.importOnly != null) - message.importOnly = Boolean(object.importOnly); - if (object.destroyScheduledDuration != null) { - if (typeof object.destroyScheduledDuration !== "object") - throw TypeError(".google.cloud.kms.v1.CryptoKey.destroyScheduledDuration: object expected"); - message.destroyScheduledDuration = $root.google.protobuf.Duration.fromObject(object.destroyScheduledDuration); + if (message.nextPageToken != null && message.hasOwnProperty("nextPageToken")) + if (!$util.isString(message.nextPageToken)) + return "nextPageToken: string expected"; + if (message.totalSize != null && message.hasOwnProperty("totalSize")) + if (!$util.isInteger(message.totalSize)) + return "totalSize: integer expected"; + return null; + }; + + /** + * Creates a ListEkmConnectionsResponse message from a plain object. Also converts values to their respective internal types. + * @function fromObject + * @memberof google.cloud.kms.v1.ListEkmConnectionsResponse + * @static + * @param {Object.} object Plain object + * @returns {google.cloud.kms.v1.ListEkmConnectionsResponse} ListEkmConnectionsResponse + */ + ListEkmConnectionsResponse.fromObject = function fromObject(object) { + if (object instanceof $root.google.cloud.kms.v1.ListEkmConnectionsResponse) + return object; + var message = new $root.google.cloud.kms.v1.ListEkmConnectionsResponse(); + if (object.ekmConnections) { + if (!Array.isArray(object.ekmConnections)) + throw TypeError(".google.cloud.kms.v1.ListEkmConnectionsResponse.ekmConnections: array expected"); + message.ekmConnections = []; + for (var i = 0; i < object.ekmConnections.length; ++i) { + if (typeof object.ekmConnections[i] !== "object") + throw TypeError(".google.cloud.kms.v1.ListEkmConnectionsResponse.ekmConnections: object expected"); + message.ekmConnections[i] = $root.google.cloud.kms.v1.EkmConnection.fromObject(object.ekmConnections[i]); + } } + if (object.nextPageToken != null) + message.nextPageToken = String(object.nextPageToken); + if (object.totalSize != null) + message.totalSize = object.totalSize | 0; return message; }; /** - * Creates a plain object from a CryptoKey message. Also converts values to other types if specified. + * Creates a plain object from a ListEkmConnectionsResponse message. Also converts values to other types if specified. * @function toObject - * @memberof google.cloud.kms.v1.CryptoKey + * @memberof google.cloud.kms.v1.ListEkmConnectionsResponse * @static - * @param {google.cloud.kms.v1.CryptoKey} message CryptoKey + * @param {google.cloud.kms.v1.ListEkmConnectionsResponse} message ListEkmConnectionsResponse * @param {$protobuf.IConversionOptions} [options] Conversion options * @returns {Object.} Plain object */ - CryptoKey.toObject = function toObject(message, options) { + ListEkmConnectionsResponse.toObject = function toObject(message, options) { if (!options) options = {}; var object = {}; - if (options.objects || options.defaults) - object.labels = {}; + if (options.arrays || options.defaults) + object.ekmConnections = []; if (options.defaults) { - object.name = ""; - object.primary = null; - object.purpose = options.enums === String ? "CRYPTO_KEY_PURPOSE_UNSPECIFIED" : 0; - object.createTime = null; - object.nextRotationTime = null; - object.versionTemplate = null; - object.importOnly = false; - object.destroyScheduledDuration = null; - } - if (message.name != null && message.hasOwnProperty("name")) - object.name = message.name; - if (message.primary != null && message.hasOwnProperty("primary")) - object.primary = $root.google.cloud.kms.v1.CryptoKeyVersion.toObject(message.primary, options); - if (message.purpose != null && message.hasOwnProperty("purpose")) - object.purpose = options.enums === String ? $root.google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose[message.purpose] : message.purpose; - if (message.createTime != null && message.hasOwnProperty("createTime")) - object.createTime = $root.google.protobuf.Timestamp.toObject(message.createTime, options); - if (message.nextRotationTime != null && message.hasOwnProperty("nextRotationTime")) - object.nextRotationTime = $root.google.protobuf.Timestamp.toObject(message.nextRotationTime, options); - if (message.rotationPeriod != null && message.hasOwnProperty("rotationPeriod")) { - object.rotationPeriod = $root.google.protobuf.Duration.toObject(message.rotationPeriod, options); - if (options.oneofs) - object.rotationSchedule = "rotationPeriod"; + object.nextPageToken = ""; + object.totalSize = 0; } - var keys2; - if (message.labels && (keys2 = Object.keys(message.labels)).length) { - object.labels = {}; - for (var j = 0; j < keys2.length; ++j) - object.labels[keys2[j]] = message.labels[keys2[j]]; + if (message.ekmConnections && message.ekmConnections.length) { + object.ekmConnections = []; + for (var j = 0; j < message.ekmConnections.length; ++j) + object.ekmConnections[j] = $root.google.cloud.kms.v1.EkmConnection.toObject(message.ekmConnections[j], options); } - if (message.versionTemplate != null && message.hasOwnProperty("versionTemplate")) - object.versionTemplate = $root.google.cloud.kms.v1.CryptoKeyVersionTemplate.toObject(message.versionTemplate, options); - if (message.importOnly != null && message.hasOwnProperty("importOnly")) - object.importOnly = message.importOnly; - if (message.destroyScheduledDuration != null && message.hasOwnProperty("destroyScheduledDuration")) - object.destroyScheduledDuration = $root.google.protobuf.Duration.toObject(message.destroyScheduledDuration, options); + if (message.nextPageToken != null && message.hasOwnProperty("nextPageToken")) + object.nextPageToken = message.nextPageToken; + if (message.totalSize != null && message.hasOwnProperty("totalSize")) + object.totalSize = message.totalSize; return object; }; /** - * Converts this CryptoKey to JSON. + * Converts this ListEkmConnectionsResponse to JSON. * @function toJSON - * @memberof google.cloud.kms.v1.CryptoKey + * @memberof google.cloud.kms.v1.ListEkmConnectionsResponse * @instance * @returns {Object.} JSON object */ - CryptoKey.prototype.toJSON = function toJSON() { + ListEkmConnectionsResponse.prototype.toJSON = function toJSON() { return this.constructor.toObject(this, $protobuf.util.toJSONOptions); }; - /** - * CryptoKeyPurpose enum. - * @name google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose - * @enum {number} - * @property {number} CRYPTO_KEY_PURPOSE_UNSPECIFIED=0 CRYPTO_KEY_PURPOSE_UNSPECIFIED value - * @property {number} ENCRYPT_DECRYPT=1 ENCRYPT_DECRYPT value - * @property {number} ASYMMETRIC_SIGN=5 ASYMMETRIC_SIGN value - * @property {number} ASYMMETRIC_DECRYPT=6 ASYMMETRIC_DECRYPT value - * @property {number} MAC=9 MAC value - */ - CryptoKey.CryptoKeyPurpose = (function() { - var valuesById = {}, values = Object.create(valuesById); - values[valuesById[0] = "CRYPTO_KEY_PURPOSE_UNSPECIFIED"] = 0; - values[valuesById[1] = "ENCRYPT_DECRYPT"] = 1; - values[valuesById[5] = "ASYMMETRIC_SIGN"] = 5; - values[valuesById[6] = "ASYMMETRIC_DECRYPT"] = 6; - values[valuesById[9] = "MAC"] = 9; - return values; - })(); - - return CryptoKey; + return ListEkmConnectionsResponse; })(); - v1.CryptoKeyVersionTemplate = (function() { + v1.GetEkmConnectionRequest = (function() { /** - * Properties of a CryptoKeyVersionTemplate. + * Properties of a GetEkmConnectionRequest. * @memberof google.cloud.kms.v1 - * @interface ICryptoKeyVersionTemplate - * @property {google.cloud.kms.v1.ProtectionLevel|null} [protectionLevel] CryptoKeyVersionTemplate protectionLevel - * @property {google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm|null} [algorithm] CryptoKeyVersionTemplate algorithm + * @interface IGetEkmConnectionRequest + * @property {string|null} [name] GetEkmConnectionRequest name */ /** - * Constructs a new CryptoKeyVersionTemplate. + * Constructs a new GetEkmConnectionRequest. * @memberof google.cloud.kms.v1 - * @classdesc Represents a CryptoKeyVersionTemplate. - * @implements ICryptoKeyVersionTemplate + * @classdesc Represents a GetEkmConnectionRequest. + * @implements IGetEkmConnectionRequest * @constructor - * @param {google.cloud.kms.v1.ICryptoKeyVersionTemplate=} [properties] Properties to set + * @param {google.cloud.kms.v1.IGetEkmConnectionRequest=} [properties] Properties to set */ - function CryptoKeyVersionTemplate(properties) { + function GetEkmConnectionRequest(properties) { if (properties) for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i) if (properties[keys[i]] != null) @@ -827,88 +788,75 @@ } /** - * CryptoKeyVersionTemplate protectionLevel. - * @member {google.cloud.kms.v1.ProtectionLevel} protectionLevel - * @memberof google.cloud.kms.v1.CryptoKeyVersionTemplate - * @instance - */ - CryptoKeyVersionTemplate.prototype.protectionLevel = 0; - - /** - * CryptoKeyVersionTemplate algorithm. - * @member {google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm} algorithm - * @memberof google.cloud.kms.v1.CryptoKeyVersionTemplate + * GetEkmConnectionRequest name. + * @member {string} name + * @memberof google.cloud.kms.v1.GetEkmConnectionRequest * @instance */ - CryptoKeyVersionTemplate.prototype.algorithm = 0; + GetEkmConnectionRequest.prototype.name = ""; /** - * Creates a new CryptoKeyVersionTemplate instance using the specified properties. + * Creates a new GetEkmConnectionRequest instance using the specified properties. * @function create - * @memberof google.cloud.kms.v1.CryptoKeyVersionTemplate + * @memberof google.cloud.kms.v1.GetEkmConnectionRequest * @static - * @param {google.cloud.kms.v1.ICryptoKeyVersionTemplate=} [properties] Properties to set - * @returns {google.cloud.kms.v1.CryptoKeyVersionTemplate} CryptoKeyVersionTemplate instance + * @param {google.cloud.kms.v1.IGetEkmConnectionRequest=} [properties] Properties to set + * @returns {google.cloud.kms.v1.GetEkmConnectionRequest} GetEkmConnectionRequest instance */ - CryptoKeyVersionTemplate.create = function create(properties) { - return new CryptoKeyVersionTemplate(properties); + GetEkmConnectionRequest.create = function create(properties) { + return new GetEkmConnectionRequest(properties); }; /** - * Encodes the specified CryptoKeyVersionTemplate message. Does not implicitly {@link google.cloud.kms.v1.CryptoKeyVersionTemplate.verify|verify} messages. + * Encodes the specified GetEkmConnectionRequest message. Does not implicitly {@link google.cloud.kms.v1.GetEkmConnectionRequest.verify|verify} messages. * @function encode - * @memberof google.cloud.kms.v1.CryptoKeyVersionTemplate + * @memberof google.cloud.kms.v1.GetEkmConnectionRequest * @static - * @param {google.cloud.kms.v1.ICryptoKeyVersionTemplate} message CryptoKeyVersionTemplate message or plain object to encode + * @param {google.cloud.kms.v1.IGetEkmConnectionRequest} message GetEkmConnectionRequest message or plain object to encode * @param {$protobuf.Writer} [writer] Writer to encode to * @returns {$protobuf.Writer} Writer */ - CryptoKeyVersionTemplate.encode = function encode(message, writer) { + GetEkmConnectionRequest.encode = function encode(message, writer) { if (!writer) writer = $Writer.create(); - if (message.protectionLevel != null && Object.hasOwnProperty.call(message, "protectionLevel")) - writer.uint32(/* id 1, wireType 0 =*/8).int32(message.protectionLevel); - if (message.algorithm != null && Object.hasOwnProperty.call(message, "algorithm")) - writer.uint32(/* id 3, wireType 0 =*/24).int32(message.algorithm); + if (message.name != null && Object.hasOwnProperty.call(message, "name")) + writer.uint32(/* id 1, wireType 2 =*/10).string(message.name); return writer; }; /** - * Encodes the specified CryptoKeyVersionTemplate message, length delimited. Does not implicitly {@link google.cloud.kms.v1.CryptoKeyVersionTemplate.verify|verify} messages. + * Encodes the specified GetEkmConnectionRequest message, length delimited. Does not implicitly {@link google.cloud.kms.v1.GetEkmConnectionRequest.verify|verify} messages. * @function encodeDelimited - * @memberof google.cloud.kms.v1.CryptoKeyVersionTemplate + * @memberof google.cloud.kms.v1.GetEkmConnectionRequest * @static - * @param {google.cloud.kms.v1.ICryptoKeyVersionTemplate} message CryptoKeyVersionTemplate message or plain object to encode + * @param {google.cloud.kms.v1.IGetEkmConnectionRequest} message GetEkmConnectionRequest message or plain object to encode * @param {$protobuf.Writer} [writer] Writer to encode to * @returns {$protobuf.Writer} Writer */ - CryptoKeyVersionTemplate.encodeDelimited = function encodeDelimited(message, writer) { + GetEkmConnectionRequest.encodeDelimited = function encodeDelimited(message, writer) { return this.encode(message, writer).ldelim(); }; /** - * Decodes a CryptoKeyVersionTemplate message from the specified reader or buffer. + * Decodes a GetEkmConnectionRequest message from the specified reader or buffer. * @function decode - * @memberof google.cloud.kms.v1.CryptoKeyVersionTemplate + * @memberof google.cloud.kms.v1.GetEkmConnectionRequest * @static * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from * @param {number} [length] Message length if known beforehand - * @returns {google.cloud.kms.v1.CryptoKeyVersionTemplate} CryptoKeyVersionTemplate + * @returns {google.cloud.kms.v1.GetEkmConnectionRequest} GetEkmConnectionRequest * @throws {Error} If the payload is not a reader or valid buffer * @throws {$protobuf.util.ProtocolError} If required fields are missing */ - CryptoKeyVersionTemplate.decode = function decode(reader, length) { + GetEkmConnectionRequest.decode = function decode(reader, length) { if (!(reader instanceof $Reader)) reader = $Reader.create(reader); - var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.cloud.kms.v1.CryptoKeyVersionTemplate(); + var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.cloud.kms.v1.GetEkmConnectionRequest(); while (reader.pos < end) { var tag = reader.uint32(); switch (tag >>> 3) { case 1: - message.protectionLevel = reader.int32(); - break; - case 3: - message.algorithm = reader.int32(); + message.name = reader.string(); break; default: reader.skipType(tag & 7); @@ -919,268 +867,109 @@ }; /** - * Decodes a CryptoKeyVersionTemplate message from the specified reader or buffer, length delimited. + * Decodes a GetEkmConnectionRequest message from the specified reader or buffer, length delimited. * @function decodeDelimited - * @memberof google.cloud.kms.v1.CryptoKeyVersionTemplate + * @memberof google.cloud.kms.v1.GetEkmConnectionRequest * @static * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from - * @returns {google.cloud.kms.v1.CryptoKeyVersionTemplate} CryptoKeyVersionTemplate + * @returns {google.cloud.kms.v1.GetEkmConnectionRequest} GetEkmConnectionRequest * @throws {Error} If the payload is not a reader or valid buffer * @throws {$protobuf.util.ProtocolError} If required fields are missing */ - CryptoKeyVersionTemplate.decodeDelimited = function decodeDelimited(reader) { + GetEkmConnectionRequest.decodeDelimited = function decodeDelimited(reader) { if (!(reader instanceof $Reader)) reader = new $Reader(reader); return this.decode(reader, reader.uint32()); }; /** - * Verifies a CryptoKeyVersionTemplate message. + * Verifies a GetEkmConnectionRequest message. * @function verify - * @memberof google.cloud.kms.v1.CryptoKeyVersionTemplate + * @memberof google.cloud.kms.v1.GetEkmConnectionRequest * @static * @param {Object.} message Plain object to verify * @returns {string|null} `null` if valid, otherwise the reason why it is not */ - CryptoKeyVersionTemplate.verify = function verify(message) { + GetEkmConnectionRequest.verify = function verify(message) { if (typeof message !== "object" || message === null) return "object expected"; - if (message.protectionLevel != null && message.hasOwnProperty("protectionLevel")) - switch (message.protectionLevel) { - default: - return "protectionLevel: enum value expected"; - case 0: - case 1: - case 2: - case 3: - break; - } - if (message.algorithm != null && message.hasOwnProperty("algorithm")) - switch (message.algorithm) { - default: - return "algorithm: enum value expected"; - case 0: - case 1: - case 2: - case 3: - case 4: - case 15: - case 5: - case 6: - case 7: - case 16: - case 28: - case 29: - case 30: - case 8: - case 9: - case 10: - case 17: - case 37: - case 38: - case 39: - case 12: - case 13: - case 31: - case 32: - case 18: - break; - } + if (message.name != null && message.hasOwnProperty("name")) + if (!$util.isString(message.name)) + return "name: string expected"; return null; }; /** - * Creates a CryptoKeyVersionTemplate message from a plain object. Also converts values to their respective internal types. + * Creates a GetEkmConnectionRequest message from a plain object. Also converts values to their respective internal types. * @function fromObject - * @memberof google.cloud.kms.v1.CryptoKeyVersionTemplate + * @memberof google.cloud.kms.v1.GetEkmConnectionRequest * @static * @param {Object.} object Plain object - * @returns {google.cloud.kms.v1.CryptoKeyVersionTemplate} CryptoKeyVersionTemplate + * @returns {google.cloud.kms.v1.GetEkmConnectionRequest} GetEkmConnectionRequest */ - CryptoKeyVersionTemplate.fromObject = function fromObject(object) { - if (object instanceof $root.google.cloud.kms.v1.CryptoKeyVersionTemplate) + GetEkmConnectionRequest.fromObject = function fromObject(object) { + if (object instanceof $root.google.cloud.kms.v1.GetEkmConnectionRequest) return object; - var message = new $root.google.cloud.kms.v1.CryptoKeyVersionTemplate(); - switch (object.protectionLevel) { - case "PROTECTION_LEVEL_UNSPECIFIED": - case 0: - message.protectionLevel = 0; - break; - case "SOFTWARE": - case 1: - message.protectionLevel = 1; - break; - case "HSM": - case 2: - message.protectionLevel = 2; - break; - case "EXTERNAL": - case 3: - message.protectionLevel = 3; - break; - } - switch (object.algorithm) { - case "CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED": - case 0: - message.algorithm = 0; - break; - case "GOOGLE_SYMMETRIC_ENCRYPTION": - case 1: - message.algorithm = 1; - break; - case "RSA_SIGN_PSS_2048_SHA256": - case 2: - message.algorithm = 2; - break; - case "RSA_SIGN_PSS_3072_SHA256": - case 3: - message.algorithm = 3; - break; - case "RSA_SIGN_PSS_4096_SHA256": - case 4: - message.algorithm = 4; - break; - case "RSA_SIGN_PSS_4096_SHA512": - case 15: - message.algorithm = 15; - break; - case "RSA_SIGN_PKCS1_2048_SHA256": - case 5: - message.algorithm = 5; - break; - case "RSA_SIGN_PKCS1_3072_SHA256": - case 6: - message.algorithm = 6; - break; - case "RSA_SIGN_PKCS1_4096_SHA256": - case 7: - message.algorithm = 7; - break; - case "RSA_SIGN_PKCS1_4096_SHA512": - case 16: - message.algorithm = 16; - break; - case "RSA_SIGN_RAW_PKCS1_2048": - case 28: - message.algorithm = 28; - break; - case "RSA_SIGN_RAW_PKCS1_3072": - case 29: - message.algorithm = 29; - break; - case "RSA_SIGN_RAW_PKCS1_4096": - case 30: - message.algorithm = 30; - break; - case "RSA_DECRYPT_OAEP_2048_SHA256": - case 8: - message.algorithm = 8; - break; - case "RSA_DECRYPT_OAEP_3072_SHA256": - case 9: - message.algorithm = 9; - break; - case "RSA_DECRYPT_OAEP_4096_SHA256": - case 10: - message.algorithm = 10; - break; - case "RSA_DECRYPT_OAEP_4096_SHA512": - case 17: - message.algorithm = 17; - break; - case "RSA_DECRYPT_OAEP_2048_SHA1": - case 37: - message.algorithm = 37; - break; - case "RSA_DECRYPT_OAEP_3072_SHA1": - case 38: - message.algorithm = 38; - break; - case "RSA_DECRYPT_OAEP_4096_SHA1": - case 39: - message.algorithm = 39; - break; - case "EC_SIGN_P256_SHA256": - case 12: - message.algorithm = 12; - break; - case "EC_SIGN_P384_SHA384": - case 13: - message.algorithm = 13; - break; - case "EC_SIGN_SECP256K1_SHA256": - case 31: - message.algorithm = 31; - break; - case "HMAC_SHA256": - case 32: - message.algorithm = 32; - break; - case "EXTERNAL_SYMMETRIC_ENCRYPTION": - case 18: - message.algorithm = 18; - break; - } + var message = new $root.google.cloud.kms.v1.GetEkmConnectionRequest(); + if (object.name != null) + message.name = String(object.name); return message; }; /** - * Creates a plain object from a CryptoKeyVersionTemplate message. Also converts values to other types if specified. + * Creates a plain object from a GetEkmConnectionRequest message. Also converts values to other types if specified. * @function toObject - * @memberof google.cloud.kms.v1.CryptoKeyVersionTemplate + * @memberof google.cloud.kms.v1.GetEkmConnectionRequest * @static - * @param {google.cloud.kms.v1.CryptoKeyVersionTemplate} message CryptoKeyVersionTemplate + * @param {google.cloud.kms.v1.GetEkmConnectionRequest} message GetEkmConnectionRequest * @param {$protobuf.IConversionOptions} [options] Conversion options * @returns {Object.} Plain object */ - CryptoKeyVersionTemplate.toObject = function toObject(message, options) { + GetEkmConnectionRequest.toObject = function toObject(message, options) { if (!options) options = {}; var object = {}; - if (options.defaults) { - object.protectionLevel = options.enums === String ? "PROTECTION_LEVEL_UNSPECIFIED" : 0; - object.algorithm = options.enums === String ? "CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED" : 0; - } - if (message.protectionLevel != null && message.hasOwnProperty("protectionLevel")) - object.protectionLevel = options.enums === String ? $root.google.cloud.kms.v1.ProtectionLevel[message.protectionLevel] : message.protectionLevel; - if (message.algorithm != null && message.hasOwnProperty("algorithm")) - object.algorithm = options.enums === String ? $root.google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm[message.algorithm] : message.algorithm; + if (options.defaults) + object.name = ""; + if (message.name != null && message.hasOwnProperty("name")) + object.name = message.name; return object; }; /** - * Converts this CryptoKeyVersionTemplate to JSON. + * Converts this GetEkmConnectionRequest to JSON. * @function toJSON - * @memberof google.cloud.kms.v1.CryptoKeyVersionTemplate + * @memberof google.cloud.kms.v1.GetEkmConnectionRequest * @instance * @returns {Object.} JSON object */ - CryptoKeyVersionTemplate.prototype.toJSON = function toJSON() { + GetEkmConnectionRequest.prototype.toJSON = function toJSON() { return this.constructor.toObject(this, $protobuf.util.toJSONOptions); }; - return CryptoKeyVersionTemplate; + return GetEkmConnectionRequest; })(); - v1.KeyOperationAttestation = (function() { + v1.CreateEkmConnectionRequest = (function() { /** - * Properties of a KeyOperationAttestation. + * Properties of a CreateEkmConnectionRequest. * @memberof google.cloud.kms.v1 - * @interface IKeyOperationAttestation - * @property {google.cloud.kms.v1.KeyOperationAttestation.AttestationFormat|null} [format] KeyOperationAttestation format - * @property {Uint8Array|null} [content] KeyOperationAttestation content + * @interface ICreateEkmConnectionRequest + * @property {string|null} [parent] CreateEkmConnectionRequest parent + * @property {string|null} [ekmConnectionId] CreateEkmConnectionRequest ekmConnectionId + * @property {google.cloud.kms.v1.IEkmConnection|null} [ekmConnection] CreateEkmConnectionRequest ekmConnection */ /** - * Constructs a new KeyOperationAttestation. + * Constructs a new CreateEkmConnectionRequest. * @memberof google.cloud.kms.v1 - * @classdesc Represents a KeyOperationAttestation. - * @implements IKeyOperationAttestation + * @classdesc Represents a CreateEkmConnectionRequest. + * @implements ICreateEkmConnectionRequest * @constructor - * @param {google.cloud.kms.v1.IKeyOperationAttestation=} [properties] Properties to set + * @param {google.cloud.kms.v1.ICreateEkmConnectionRequest=} [properties] Properties to set */ - function KeyOperationAttestation(properties) { + function CreateEkmConnectionRequest(properties) { if (properties) for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i) if (properties[keys[i]] != null) @@ -1188,88 +977,101 @@ } /** - * KeyOperationAttestation format. - * @member {google.cloud.kms.v1.KeyOperationAttestation.AttestationFormat} format - * @memberof google.cloud.kms.v1.KeyOperationAttestation + * CreateEkmConnectionRequest parent. + * @member {string} parent + * @memberof google.cloud.kms.v1.CreateEkmConnectionRequest * @instance */ - KeyOperationAttestation.prototype.format = 0; + CreateEkmConnectionRequest.prototype.parent = ""; /** - * KeyOperationAttestation content. - * @member {Uint8Array} content - * @memberof google.cloud.kms.v1.KeyOperationAttestation + * CreateEkmConnectionRequest ekmConnectionId. + * @member {string} ekmConnectionId + * @memberof google.cloud.kms.v1.CreateEkmConnectionRequest * @instance */ - KeyOperationAttestation.prototype.content = $util.newBuffer([]); + CreateEkmConnectionRequest.prototype.ekmConnectionId = ""; /** - * Creates a new KeyOperationAttestation instance using the specified properties. + * CreateEkmConnectionRequest ekmConnection. + * @member {google.cloud.kms.v1.IEkmConnection|null|undefined} ekmConnection + * @memberof google.cloud.kms.v1.CreateEkmConnectionRequest + * @instance + */ + CreateEkmConnectionRequest.prototype.ekmConnection = null; + + /** + * Creates a new CreateEkmConnectionRequest instance using the specified properties. * @function create - * @memberof google.cloud.kms.v1.KeyOperationAttestation + * @memberof google.cloud.kms.v1.CreateEkmConnectionRequest * @static - * @param {google.cloud.kms.v1.IKeyOperationAttestation=} [properties] Properties to set - * @returns {google.cloud.kms.v1.KeyOperationAttestation} KeyOperationAttestation instance + * @param {google.cloud.kms.v1.ICreateEkmConnectionRequest=} [properties] Properties to set + * @returns {google.cloud.kms.v1.CreateEkmConnectionRequest} CreateEkmConnectionRequest instance */ - KeyOperationAttestation.create = function create(properties) { - return new KeyOperationAttestation(properties); + CreateEkmConnectionRequest.create = function create(properties) { + return new CreateEkmConnectionRequest(properties); }; /** - * Encodes the specified KeyOperationAttestation message. Does not implicitly {@link google.cloud.kms.v1.KeyOperationAttestation.verify|verify} messages. + * Encodes the specified CreateEkmConnectionRequest message. Does not implicitly {@link google.cloud.kms.v1.CreateEkmConnectionRequest.verify|verify} messages. * @function encode - * @memberof google.cloud.kms.v1.KeyOperationAttestation + * @memberof google.cloud.kms.v1.CreateEkmConnectionRequest * @static - * @param {google.cloud.kms.v1.IKeyOperationAttestation} message KeyOperationAttestation message or plain object to encode + * @param {google.cloud.kms.v1.ICreateEkmConnectionRequest} message CreateEkmConnectionRequest message or plain object to encode * @param {$protobuf.Writer} [writer] Writer to encode to * @returns {$protobuf.Writer} Writer */ - KeyOperationAttestation.encode = function encode(message, writer) { + CreateEkmConnectionRequest.encode = function encode(message, writer) { if (!writer) writer = $Writer.create(); - if (message.format != null && Object.hasOwnProperty.call(message, "format")) - writer.uint32(/* id 4, wireType 0 =*/32).int32(message.format); - if (message.content != null && Object.hasOwnProperty.call(message, "content")) - writer.uint32(/* id 5, wireType 2 =*/42).bytes(message.content); + if (message.parent != null && Object.hasOwnProperty.call(message, "parent")) + writer.uint32(/* id 1, wireType 2 =*/10).string(message.parent); + if (message.ekmConnectionId != null && Object.hasOwnProperty.call(message, "ekmConnectionId")) + writer.uint32(/* id 2, wireType 2 =*/18).string(message.ekmConnectionId); + if (message.ekmConnection != null && Object.hasOwnProperty.call(message, "ekmConnection")) + $root.google.cloud.kms.v1.EkmConnection.encode(message.ekmConnection, writer.uint32(/* id 3, wireType 2 =*/26).fork()).ldelim(); return writer; }; /** - * Encodes the specified KeyOperationAttestation message, length delimited. Does not implicitly {@link google.cloud.kms.v1.KeyOperationAttestation.verify|verify} messages. + * Encodes the specified CreateEkmConnectionRequest message, length delimited. Does not implicitly {@link google.cloud.kms.v1.CreateEkmConnectionRequest.verify|verify} messages. * @function encodeDelimited - * @memberof google.cloud.kms.v1.KeyOperationAttestation + * @memberof google.cloud.kms.v1.CreateEkmConnectionRequest * @static - * @param {google.cloud.kms.v1.IKeyOperationAttestation} message KeyOperationAttestation message or plain object to encode + * @param {google.cloud.kms.v1.ICreateEkmConnectionRequest} message CreateEkmConnectionRequest message or plain object to encode * @param {$protobuf.Writer} [writer] Writer to encode to * @returns {$protobuf.Writer} Writer */ - KeyOperationAttestation.encodeDelimited = function encodeDelimited(message, writer) { + CreateEkmConnectionRequest.encodeDelimited = function encodeDelimited(message, writer) { return this.encode(message, writer).ldelim(); }; /** - * Decodes a KeyOperationAttestation message from the specified reader or buffer. + * Decodes a CreateEkmConnectionRequest message from the specified reader or buffer. * @function decode - * @memberof google.cloud.kms.v1.KeyOperationAttestation + * @memberof google.cloud.kms.v1.CreateEkmConnectionRequest * @static * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from * @param {number} [length] Message length if known beforehand - * @returns {google.cloud.kms.v1.KeyOperationAttestation} KeyOperationAttestation + * @returns {google.cloud.kms.v1.CreateEkmConnectionRequest} CreateEkmConnectionRequest * @throws {Error} If the payload is not a reader or valid buffer * @throws {$protobuf.util.ProtocolError} If required fields are missing */ - KeyOperationAttestation.decode = function decode(reader, length) { + CreateEkmConnectionRequest.decode = function decode(reader, length) { if (!(reader instanceof $Reader)) reader = $Reader.create(reader); - var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.cloud.kms.v1.KeyOperationAttestation(); + var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.cloud.kms.v1.CreateEkmConnectionRequest(); while (reader.pos < end) { var tag = reader.uint32(); switch (tag >>> 3) { - case 4: - message.format = reader.int32(); + case 1: + message.parent = reader.string(); break; - case 5: - message.content = reader.bytes(); + case 2: + message.ekmConnectionId = reader.string(); + break; + case 3: + message.ekmConnection = $root.google.cloud.kms.v1.EkmConnection.decode(reader, reader.uint32()); break; default: reader.skipType(tag & 7); @@ -1280,172 +1082,130 @@ }; /** - * Decodes a KeyOperationAttestation message from the specified reader or buffer, length delimited. + * Decodes a CreateEkmConnectionRequest message from the specified reader or buffer, length delimited. * @function decodeDelimited - * @memberof google.cloud.kms.v1.KeyOperationAttestation + * @memberof google.cloud.kms.v1.CreateEkmConnectionRequest * @static * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from - * @returns {google.cloud.kms.v1.KeyOperationAttestation} KeyOperationAttestation + * @returns {google.cloud.kms.v1.CreateEkmConnectionRequest} CreateEkmConnectionRequest * @throws {Error} If the payload is not a reader or valid buffer * @throws {$protobuf.util.ProtocolError} If required fields are missing */ - KeyOperationAttestation.decodeDelimited = function decodeDelimited(reader) { + CreateEkmConnectionRequest.decodeDelimited = function decodeDelimited(reader) { if (!(reader instanceof $Reader)) reader = new $Reader(reader); return this.decode(reader, reader.uint32()); }; /** - * Verifies a KeyOperationAttestation message. + * Verifies a CreateEkmConnectionRequest message. * @function verify - * @memberof google.cloud.kms.v1.KeyOperationAttestation + * @memberof google.cloud.kms.v1.CreateEkmConnectionRequest * @static * @param {Object.} message Plain object to verify * @returns {string|null} `null` if valid, otherwise the reason why it is not */ - KeyOperationAttestation.verify = function verify(message) { + CreateEkmConnectionRequest.verify = function verify(message) { if (typeof message !== "object" || message === null) return "object expected"; - if (message.format != null && message.hasOwnProperty("format")) - switch (message.format) { - default: - return "format: enum value expected"; - case 0: - case 3: - case 4: - break; - } - if (message.content != null && message.hasOwnProperty("content")) - if (!(message.content && typeof message.content.length === "number" || $util.isString(message.content))) - return "content: buffer expected"; + if (message.parent != null && message.hasOwnProperty("parent")) + if (!$util.isString(message.parent)) + return "parent: string expected"; + if (message.ekmConnectionId != null && message.hasOwnProperty("ekmConnectionId")) + if (!$util.isString(message.ekmConnectionId)) + return "ekmConnectionId: string expected"; + if (message.ekmConnection != null && message.hasOwnProperty("ekmConnection")) { + var error = $root.google.cloud.kms.v1.EkmConnection.verify(message.ekmConnection); + if (error) + return "ekmConnection." + error; + } return null; }; /** - * Creates a KeyOperationAttestation message from a plain object. Also converts values to their respective internal types. + * Creates a CreateEkmConnectionRequest message from a plain object. Also converts values to their respective internal types. * @function fromObject - * @memberof google.cloud.kms.v1.KeyOperationAttestation + * @memberof google.cloud.kms.v1.CreateEkmConnectionRequest * @static * @param {Object.} object Plain object - * @returns {google.cloud.kms.v1.KeyOperationAttestation} KeyOperationAttestation + * @returns {google.cloud.kms.v1.CreateEkmConnectionRequest} CreateEkmConnectionRequest */ - KeyOperationAttestation.fromObject = function fromObject(object) { - if (object instanceof $root.google.cloud.kms.v1.KeyOperationAttestation) + CreateEkmConnectionRequest.fromObject = function fromObject(object) { + if (object instanceof $root.google.cloud.kms.v1.CreateEkmConnectionRequest) return object; - var message = new $root.google.cloud.kms.v1.KeyOperationAttestation(); - switch (object.format) { - case "ATTESTATION_FORMAT_UNSPECIFIED": - case 0: - message.format = 0; - break; - case "CAVIUM_V1_COMPRESSED": - case 3: - message.format = 3; - break; - case "CAVIUM_V2_COMPRESSED": - case 4: - message.format = 4; - break; + var message = new $root.google.cloud.kms.v1.CreateEkmConnectionRequest(); + if (object.parent != null) + message.parent = String(object.parent); + if (object.ekmConnectionId != null) + message.ekmConnectionId = String(object.ekmConnectionId); + if (object.ekmConnection != null) { + if (typeof object.ekmConnection !== "object") + throw TypeError(".google.cloud.kms.v1.CreateEkmConnectionRequest.ekmConnection: object expected"); + message.ekmConnection = $root.google.cloud.kms.v1.EkmConnection.fromObject(object.ekmConnection); } - if (object.content != null) - if (typeof object.content === "string") - $util.base64.decode(object.content, message.content = $util.newBuffer($util.base64.length(object.content)), 0); - else if (object.content.length) - message.content = object.content; return message; }; /** - * Creates a plain object from a KeyOperationAttestation message. Also converts values to other types if specified. + * Creates a plain object from a CreateEkmConnectionRequest message. Also converts values to other types if specified. * @function toObject - * @memberof google.cloud.kms.v1.KeyOperationAttestation + * @memberof google.cloud.kms.v1.CreateEkmConnectionRequest * @static - * @param {google.cloud.kms.v1.KeyOperationAttestation} message KeyOperationAttestation + * @param {google.cloud.kms.v1.CreateEkmConnectionRequest} message CreateEkmConnectionRequest * @param {$protobuf.IConversionOptions} [options] Conversion options * @returns {Object.} Plain object */ - KeyOperationAttestation.toObject = function toObject(message, options) { + CreateEkmConnectionRequest.toObject = function toObject(message, options) { if (!options) options = {}; var object = {}; if (options.defaults) { - object.format = options.enums === String ? "ATTESTATION_FORMAT_UNSPECIFIED" : 0; - if (options.bytes === String) - object.content = ""; - else { - object.content = []; - if (options.bytes !== Array) - object.content = $util.newBuffer(object.content); - } + object.parent = ""; + object.ekmConnectionId = ""; + object.ekmConnection = null; } - if (message.format != null && message.hasOwnProperty("format")) - object.format = options.enums === String ? $root.google.cloud.kms.v1.KeyOperationAttestation.AttestationFormat[message.format] : message.format; - if (message.content != null && message.hasOwnProperty("content")) - object.content = options.bytes === String ? $util.base64.encode(message.content, 0, message.content.length) : options.bytes === Array ? Array.prototype.slice.call(message.content) : message.content; + if (message.parent != null && message.hasOwnProperty("parent")) + object.parent = message.parent; + if (message.ekmConnectionId != null && message.hasOwnProperty("ekmConnectionId")) + object.ekmConnectionId = message.ekmConnectionId; + if (message.ekmConnection != null && message.hasOwnProperty("ekmConnection")) + object.ekmConnection = $root.google.cloud.kms.v1.EkmConnection.toObject(message.ekmConnection, options); return object; }; /** - * Converts this KeyOperationAttestation to JSON. + * Converts this CreateEkmConnectionRequest to JSON. * @function toJSON - * @memberof google.cloud.kms.v1.KeyOperationAttestation + * @memberof google.cloud.kms.v1.CreateEkmConnectionRequest * @instance * @returns {Object.} JSON object */ - KeyOperationAttestation.prototype.toJSON = function toJSON() { + CreateEkmConnectionRequest.prototype.toJSON = function toJSON() { return this.constructor.toObject(this, $protobuf.util.toJSONOptions); }; - /** - * AttestationFormat enum. - * @name google.cloud.kms.v1.KeyOperationAttestation.AttestationFormat - * @enum {number} - * @property {number} ATTESTATION_FORMAT_UNSPECIFIED=0 ATTESTATION_FORMAT_UNSPECIFIED value - * @property {number} CAVIUM_V1_COMPRESSED=3 CAVIUM_V1_COMPRESSED value - * @property {number} CAVIUM_V2_COMPRESSED=4 CAVIUM_V2_COMPRESSED value - */ - KeyOperationAttestation.AttestationFormat = (function() { - var valuesById = {}, values = Object.create(valuesById); - values[valuesById[0] = "ATTESTATION_FORMAT_UNSPECIFIED"] = 0; - values[valuesById[3] = "CAVIUM_V1_COMPRESSED"] = 3; - values[valuesById[4] = "CAVIUM_V2_COMPRESSED"] = 4; - return values; - })(); - - return KeyOperationAttestation; + return CreateEkmConnectionRequest; })(); - v1.CryptoKeyVersion = (function() { + v1.UpdateEkmConnectionRequest = (function() { /** - * Properties of a CryptoKeyVersion. + * Properties of an UpdateEkmConnectionRequest. * @memberof google.cloud.kms.v1 - * @interface ICryptoKeyVersion - * @property {string|null} [name] CryptoKeyVersion name - * @property {google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState|null} [state] CryptoKeyVersion state - * @property {google.cloud.kms.v1.ProtectionLevel|null} [protectionLevel] CryptoKeyVersion protectionLevel - * @property {google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm|null} [algorithm] CryptoKeyVersion algorithm - * @property {google.cloud.kms.v1.IKeyOperationAttestation|null} [attestation] CryptoKeyVersion attestation - * @property {google.protobuf.ITimestamp|null} [createTime] CryptoKeyVersion createTime - * @property {google.protobuf.ITimestamp|null} [generateTime] CryptoKeyVersion generateTime - * @property {google.protobuf.ITimestamp|null} [destroyTime] CryptoKeyVersion destroyTime - * @property {google.protobuf.ITimestamp|null} [destroyEventTime] CryptoKeyVersion destroyEventTime - * @property {string|null} [importJob] CryptoKeyVersion importJob - * @property {google.protobuf.ITimestamp|null} [importTime] CryptoKeyVersion importTime - * @property {string|null} [importFailureReason] CryptoKeyVersion importFailureReason - * @property {google.cloud.kms.v1.IExternalProtectionLevelOptions|null} [externalProtectionLevelOptions] CryptoKeyVersion externalProtectionLevelOptions - * @property {boolean|null} [reimportEligible] CryptoKeyVersion reimportEligible + * @interface IUpdateEkmConnectionRequest + * @property {google.cloud.kms.v1.IEkmConnection|null} [ekmConnection] UpdateEkmConnectionRequest ekmConnection + * @property {google.protobuf.IFieldMask|null} [updateMask] UpdateEkmConnectionRequest updateMask */ /** - * Constructs a new CryptoKeyVersion. + * Constructs a new UpdateEkmConnectionRequest. * @memberof google.cloud.kms.v1 - * @classdesc Represents a CryptoKeyVersion. - * @implements ICryptoKeyVersion + * @classdesc Represents an UpdateEkmConnectionRequest. + * @implements IUpdateEkmConnectionRequest * @constructor - * @param {google.cloud.kms.v1.ICryptoKeyVersion=} [properties] Properties to set + * @param {google.cloud.kms.v1.IUpdateEkmConnectionRequest=} [properties] Properties to set */ - function CryptoKeyVersion(properties) { + function UpdateEkmConnectionRequest(properties) { if (properties) for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i) if (properties[keys[i]] != null) @@ -1453,244 +1213,410 @@ } /** - * CryptoKeyVersion name. - * @member {string} name - * @memberof google.cloud.kms.v1.CryptoKeyVersion + * UpdateEkmConnectionRequest ekmConnection. + * @member {google.cloud.kms.v1.IEkmConnection|null|undefined} ekmConnection + * @memberof google.cloud.kms.v1.UpdateEkmConnectionRequest * @instance */ - CryptoKeyVersion.prototype.name = ""; + UpdateEkmConnectionRequest.prototype.ekmConnection = null; /** - * CryptoKeyVersion state. - * @member {google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState} state - * @memberof google.cloud.kms.v1.CryptoKeyVersion + * UpdateEkmConnectionRequest updateMask. + * @member {google.protobuf.IFieldMask|null|undefined} updateMask + * @memberof google.cloud.kms.v1.UpdateEkmConnectionRequest * @instance */ - CryptoKeyVersion.prototype.state = 0; + UpdateEkmConnectionRequest.prototype.updateMask = null; /** - * CryptoKeyVersion protectionLevel. - * @member {google.cloud.kms.v1.ProtectionLevel} protectionLevel - * @memberof google.cloud.kms.v1.CryptoKeyVersion - * @instance + * Creates a new UpdateEkmConnectionRequest instance using the specified properties. + * @function create + * @memberof google.cloud.kms.v1.UpdateEkmConnectionRequest + * @static + * @param {google.cloud.kms.v1.IUpdateEkmConnectionRequest=} [properties] Properties to set + * @returns {google.cloud.kms.v1.UpdateEkmConnectionRequest} UpdateEkmConnectionRequest instance */ - CryptoKeyVersion.prototype.protectionLevel = 0; + UpdateEkmConnectionRequest.create = function create(properties) { + return new UpdateEkmConnectionRequest(properties); + }; /** - * CryptoKeyVersion algorithm. - * @member {google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm} algorithm - * @memberof google.cloud.kms.v1.CryptoKeyVersion - * @instance + * Encodes the specified UpdateEkmConnectionRequest message. Does not implicitly {@link google.cloud.kms.v1.UpdateEkmConnectionRequest.verify|verify} messages. + * @function encode + * @memberof google.cloud.kms.v1.UpdateEkmConnectionRequest + * @static + * @param {google.cloud.kms.v1.IUpdateEkmConnectionRequest} message UpdateEkmConnectionRequest message or plain object to encode + * @param {$protobuf.Writer} [writer] Writer to encode to + * @returns {$protobuf.Writer} Writer */ - CryptoKeyVersion.prototype.algorithm = 0; + UpdateEkmConnectionRequest.encode = function encode(message, writer) { + if (!writer) + writer = $Writer.create(); + if (message.ekmConnection != null && Object.hasOwnProperty.call(message, "ekmConnection")) + $root.google.cloud.kms.v1.EkmConnection.encode(message.ekmConnection, writer.uint32(/* id 1, wireType 2 =*/10).fork()).ldelim(); + if (message.updateMask != null && Object.hasOwnProperty.call(message, "updateMask")) + $root.google.protobuf.FieldMask.encode(message.updateMask, writer.uint32(/* id 2, wireType 2 =*/18).fork()).ldelim(); + return writer; + }; /** - * CryptoKeyVersion attestation. - * @member {google.cloud.kms.v1.IKeyOperationAttestation|null|undefined} attestation - * @memberof google.cloud.kms.v1.CryptoKeyVersion - * @instance + * Encodes the specified UpdateEkmConnectionRequest message, length delimited. Does not implicitly {@link google.cloud.kms.v1.UpdateEkmConnectionRequest.verify|verify} messages. + * @function encodeDelimited + * @memberof google.cloud.kms.v1.UpdateEkmConnectionRequest + * @static + * @param {google.cloud.kms.v1.IUpdateEkmConnectionRequest} message UpdateEkmConnectionRequest message or plain object to encode + * @param {$protobuf.Writer} [writer] Writer to encode to + * @returns {$protobuf.Writer} Writer */ - CryptoKeyVersion.prototype.attestation = null; + UpdateEkmConnectionRequest.encodeDelimited = function encodeDelimited(message, writer) { + return this.encode(message, writer).ldelim(); + }; /** - * CryptoKeyVersion createTime. - * @member {google.protobuf.ITimestamp|null|undefined} createTime - * @memberof google.cloud.kms.v1.CryptoKeyVersion - * @instance + * Decodes an UpdateEkmConnectionRequest message from the specified reader or buffer. + * @function decode + * @memberof google.cloud.kms.v1.UpdateEkmConnectionRequest + * @static + * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from + * @param {number} [length] Message length if known beforehand + * @returns {google.cloud.kms.v1.UpdateEkmConnectionRequest} UpdateEkmConnectionRequest + * @throws {Error} If the payload is not a reader or valid buffer + * @throws {$protobuf.util.ProtocolError} If required fields are missing */ - CryptoKeyVersion.prototype.createTime = null; + UpdateEkmConnectionRequest.decode = function decode(reader, length) { + if (!(reader instanceof $Reader)) + reader = $Reader.create(reader); + var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.cloud.kms.v1.UpdateEkmConnectionRequest(); + while (reader.pos < end) { + var tag = reader.uint32(); + switch (tag >>> 3) { + case 1: + message.ekmConnection = $root.google.cloud.kms.v1.EkmConnection.decode(reader, reader.uint32()); + break; + case 2: + message.updateMask = $root.google.protobuf.FieldMask.decode(reader, reader.uint32()); + break; + default: + reader.skipType(tag & 7); + break; + } + } + return message; + }; /** - * CryptoKeyVersion generateTime. - * @member {google.protobuf.ITimestamp|null|undefined} generateTime - * @memberof google.cloud.kms.v1.CryptoKeyVersion + * Decodes an UpdateEkmConnectionRequest message from the specified reader or buffer, length delimited. + * @function decodeDelimited + * @memberof google.cloud.kms.v1.UpdateEkmConnectionRequest + * @static + * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from + * @returns {google.cloud.kms.v1.UpdateEkmConnectionRequest} UpdateEkmConnectionRequest + * @throws {Error} If the payload is not a reader or valid buffer + * @throws {$protobuf.util.ProtocolError} If required fields are missing + */ + UpdateEkmConnectionRequest.decodeDelimited = function decodeDelimited(reader) { + if (!(reader instanceof $Reader)) + reader = new $Reader(reader); + return this.decode(reader, reader.uint32()); + }; + + /** + * Verifies an UpdateEkmConnectionRequest message. + * @function verify + * @memberof google.cloud.kms.v1.UpdateEkmConnectionRequest + * @static + * @param {Object.} message Plain object to verify + * @returns {string|null} `null` if valid, otherwise the reason why it is not + */ + UpdateEkmConnectionRequest.verify = function verify(message) { + if (typeof message !== "object" || message === null) + return "object expected"; + if (message.ekmConnection != null && message.hasOwnProperty("ekmConnection")) { + var error = $root.google.cloud.kms.v1.EkmConnection.verify(message.ekmConnection); + if (error) + return "ekmConnection." + error; + } + if (message.updateMask != null && message.hasOwnProperty("updateMask")) { + var error = $root.google.protobuf.FieldMask.verify(message.updateMask); + if (error) + return "updateMask." + error; + } + return null; + }; + + /** + * Creates an UpdateEkmConnectionRequest message from a plain object. Also converts values to their respective internal types. + * @function fromObject + * @memberof google.cloud.kms.v1.UpdateEkmConnectionRequest + * @static + * @param {Object.} object Plain object + * @returns {google.cloud.kms.v1.UpdateEkmConnectionRequest} UpdateEkmConnectionRequest + */ + UpdateEkmConnectionRequest.fromObject = function fromObject(object) { + if (object instanceof $root.google.cloud.kms.v1.UpdateEkmConnectionRequest) + return object; + var message = new $root.google.cloud.kms.v1.UpdateEkmConnectionRequest(); + if (object.ekmConnection != null) { + if (typeof object.ekmConnection !== "object") + throw TypeError(".google.cloud.kms.v1.UpdateEkmConnectionRequest.ekmConnection: object expected"); + message.ekmConnection = $root.google.cloud.kms.v1.EkmConnection.fromObject(object.ekmConnection); + } + if (object.updateMask != null) { + if (typeof object.updateMask !== "object") + throw TypeError(".google.cloud.kms.v1.UpdateEkmConnectionRequest.updateMask: object expected"); + message.updateMask = $root.google.protobuf.FieldMask.fromObject(object.updateMask); + } + return message; + }; + + /** + * Creates a plain object from an UpdateEkmConnectionRequest message. Also converts values to other types if specified. + * @function toObject + * @memberof google.cloud.kms.v1.UpdateEkmConnectionRequest + * @static + * @param {google.cloud.kms.v1.UpdateEkmConnectionRequest} message UpdateEkmConnectionRequest + * @param {$protobuf.IConversionOptions} [options] Conversion options + * @returns {Object.} Plain object + */ + UpdateEkmConnectionRequest.toObject = function toObject(message, options) { + if (!options) + options = {}; + var object = {}; + if (options.defaults) { + object.ekmConnection = null; + object.updateMask = null; + } + if (message.ekmConnection != null && message.hasOwnProperty("ekmConnection")) + object.ekmConnection = $root.google.cloud.kms.v1.EkmConnection.toObject(message.ekmConnection, options); + if (message.updateMask != null && message.hasOwnProperty("updateMask")) + object.updateMask = $root.google.protobuf.FieldMask.toObject(message.updateMask, options); + return object; + }; + + /** + * Converts this UpdateEkmConnectionRequest to JSON. + * @function toJSON + * @memberof google.cloud.kms.v1.UpdateEkmConnectionRequest * @instance + * @returns {Object.} JSON object */ - CryptoKeyVersion.prototype.generateTime = null; + UpdateEkmConnectionRequest.prototype.toJSON = function toJSON() { + return this.constructor.toObject(this, $protobuf.util.toJSONOptions); + }; + + return UpdateEkmConnectionRequest; + })(); + + v1.Certificate = (function() { /** - * CryptoKeyVersion destroyTime. - * @member {google.protobuf.ITimestamp|null|undefined} destroyTime - * @memberof google.cloud.kms.v1.CryptoKeyVersion + * Properties of a Certificate. + * @memberof google.cloud.kms.v1 + * @interface ICertificate + * @property {Uint8Array|null} [rawDer] Certificate rawDer + * @property {boolean|null} [parsed] Certificate parsed + * @property {string|null} [issuer] Certificate issuer + * @property {string|null} [subject] Certificate subject + * @property {Array.|null} [subjectAlternativeDnsNames] Certificate subjectAlternativeDnsNames + * @property {google.protobuf.ITimestamp|null} [notBeforeTime] Certificate notBeforeTime + * @property {google.protobuf.ITimestamp|null} [notAfterTime] Certificate notAfterTime + * @property {string|null} [serialNumber] Certificate serialNumber + * @property {string|null} [sha256Fingerprint] Certificate sha256Fingerprint + */ + + /** + * Constructs a new Certificate. + * @memberof google.cloud.kms.v1 + * @classdesc Represents a Certificate. + * @implements ICertificate + * @constructor + * @param {google.cloud.kms.v1.ICertificate=} [properties] Properties to set + */ + function Certificate(properties) { + this.subjectAlternativeDnsNames = []; + if (properties) + for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i) + if (properties[keys[i]] != null) + this[keys[i]] = properties[keys[i]]; + } + + /** + * Certificate rawDer. + * @member {Uint8Array} rawDer + * @memberof google.cloud.kms.v1.Certificate * @instance */ - CryptoKeyVersion.prototype.destroyTime = null; + Certificate.prototype.rawDer = $util.newBuffer([]); /** - * CryptoKeyVersion destroyEventTime. - * @member {google.protobuf.ITimestamp|null|undefined} destroyEventTime - * @memberof google.cloud.kms.v1.CryptoKeyVersion + * Certificate parsed. + * @member {boolean} parsed + * @memberof google.cloud.kms.v1.Certificate * @instance */ - CryptoKeyVersion.prototype.destroyEventTime = null; + Certificate.prototype.parsed = false; /** - * CryptoKeyVersion importJob. - * @member {string} importJob - * @memberof google.cloud.kms.v1.CryptoKeyVersion + * Certificate issuer. + * @member {string} issuer + * @memberof google.cloud.kms.v1.Certificate * @instance */ - CryptoKeyVersion.prototype.importJob = ""; + Certificate.prototype.issuer = ""; /** - * CryptoKeyVersion importTime. - * @member {google.protobuf.ITimestamp|null|undefined} importTime - * @memberof google.cloud.kms.v1.CryptoKeyVersion + * Certificate subject. + * @member {string} subject + * @memberof google.cloud.kms.v1.Certificate * @instance */ - CryptoKeyVersion.prototype.importTime = null; + Certificate.prototype.subject = ""; /** - * CryptoKeyVersion importFailureReason. - * @member {string} importFailureReason - * @memberof google.cloud.kms.v1.CryptoKeyVersion + * Certificate subjectAlternativeDnsNames. + * @member {Array.} subjectAlternativeDnsNames + * @memberof google.cloud.kms.v1.Certificate * @instance */ - CryptoKeyVersion.prototype.importFailureReason = ""; + Certificate.prototype.subjectAlternativeDnsNames = $util.emptyArray; /** - * CryptoKeyVersion externalProtectionLevelOptions. - * @member {google.cloud.kms.v1.IExternalProtectionLevelOptions|null|undefined} externalProtectionLevelOptions - * @memberof google.cloud.kms.v1.CryptoKeyVersion + * Certificate notBeforeTime. + * @member {google.protobuf.ITimestamp|null|undefined} notBeforeTime + * @memberof google.cloud.kms.v1.Certificate * @instance */ - CryptoKeyVersion.prototype.externalProtectionLevelOptions = null; + Certificate.prototype.notBeforeTime = null; /** - * CryptoKeyVersion reimportEligible. - * @member {boolean} reimportEligible - * @memberof google.cloud.kms.v1.CryptoKeyVersion + * Certificate notAfterTime. + * @member {google.protobuf.ITimestamp|null|undefined} notAfterTime + * @memberof google.cloud.kms.v1.Certificate * @instance */ - CryptoKeyVersion.prototype.reimportEligible = false; + Certificate.prototype.notAfterTime = null; /** - * Creates a new CryptoKeyVersion instance using the specified properties. + * Certificate serialNumber. + * @member {string} serialNumber + * @memberof google.cloud.kms.v1.Certificate + * @instance + */ + Certificate.prototype.serialNumber = ""; + + /** + * Certificate sha256Fingerprint. + * @member {string} sha256Fingerprint + * @memberof google.cloud.kms.v1.Certificate + * @instance + */ + Certificate.prototype.sha256Fingerprint = ""; + + /** + * Creates a new Certificate instance using the specified properties. * @function create - * @memberof google.cloud.kms.v1.CryptoKeyVersion + * @memberof google.cloud.kms.v1.Certificate * @static - * @param {google.cloud.kms.v1.ICryptoKeyVersion=} [properties] Properties to set - * @returns {google.cloud.kms.v1.CryptoKeyVersion} CryptoKeyVersion instance + * @param {google.cloud.kms.v1.ICertificate=} [properties] Properties to set + * @returns {google.cloud.kms.v1.Certificate} Certificate instance */ - CryptoKeyVersion.create = function create(properties) { - return new CryptoKeyVersion(properties); + Certificate.create = function create(properties) { + return new Certificate(properties); }; /** - * Encodes the specified CryptoKeyVersion message. Does not implicitly {@link google.cloud.kms.v1.CryptoKeyVersion.verify|verify} messages. + * Encodes the specified Certificate message. Does not implicitly {@link google.cloud.kms.v1.Certificate.verify|verify} messages. * @function encode - * @memberof google.cloud.kms.v1.CryptoKeyVersion + * @memberof google.cloud.kms.v1.Certificate * @static - * @param {google.cloud.kms.v1.ICryptoKeyVersion} message CryptoKeyVersion message or plain object to encode + * @param {google.cloud.kms.v1.ICertificate} message Certificate message or plain object to encode * @param {$protobuf.Writer} [writer] Writer to encode to * @returns {$protobuf.Writer} Writer */ - CryptoKeyVersion.encode = function encode(message, writer) { + Certificate.encode = function encode(message, writer) { if (!writer) writer = $Writer.create(); - if (message.name != null && Object.hasOwnProperty.call(message, "name")) - writer.uint32(/* id 1, wireType 2 =*/10).string(message.name); - if (message.state != null && Object.hasOwnProperty.call(message, "state")) - writer.uint32(/* id 3, wireType 0 =*/24).int32(message.state); - if (message.createTime != null && Object.hasOwnProperty.call(message, "createTime")) - $root.google.protobuf.Timestamp.encode(message.createTime, writer.uint32(/* id 4, wireType 2 =*/34).fork()).ldelim(); - if (message.destroyTime != null && Object.hasOwnProperty.call(message, "destroyTime")) - $root.google.protobuf.Timestamp.encode(message.destroyTime, writer.uint32(/* id 5, wireType 2 =*/42).fork()).ldelim(); - if (message.destroyEventTime != null && Object.hasOwnProperty.call(message, "destroyEventTime")) - $root.google.protobuf.Timestamp.encode(message.destroyEventTime, writer.uint32(/* id 6, wireType 2 =*/50).fork()).ldelim(); - if (message.protectionLevel != null && Object.hasOwnProperty.call(message, "protectionLevel")) - writer.uint32(/* id 7, wireType 0 =*/56).int32(message.protectionLevel); - if (message.attestation != null && Object.hasOwnProperty.call(message, "attestation")) - $root.google.cloud.kms.v1.KeyOperationAttestation.encode(message.attestation, writer.uint32(/* id 8, wireType 2 =*/66).fork()).ldelim(); - if (message.algorithm != null && Object.hasOwnProperty.call(message, "algorithm")) - writer.uint32(/* id 10, wireType 0 =*/80).int32(message.algorithm); - if (message.generateTime != null && Object.hasOwnProperty.call(message, "generateTime")) - $root.google.protobuf.Timestamp.encode(message.generateTime, writer.uint32(/* id 11, wireType 2 =*/90).fork()).ldelim(); - if (message.importJob != null && Object.hasOwnProperty.call(message, "importJob")) - writer.uint32(/* id 14, wireType 2 =*/114).string(message.importJob); - if (message.importTime != null && Object.hasOwnProperty.call(message, "importTime")) - $root.google.protobuf.Timestamp.encode(message.importTime, writer.uint32(/* id 15, wireType 2 =*/122).fork()).ldelim(); - if (message.importFailureReason != null && Object.hasOwnProperty.call(message, "importFailureReason")) - writer.uint32(/* id 16, wireType 2 =*/130).string(message.importFailureReason); - if (message.externalProtectionLevelOptions != null && Object.hasOwnProperty.call(message, "externalProtectionLevelOptions")) - $root.google.cloud.kms.v1.ExternalProtectionLevelOptions.encode(message.externalProtectionLevelOptions, writer.uint32(/* id 17, wireType 2 =*/138).fork()).ldelim(); - if (message.reimportEligible != null && Object.hasOwnProperty.call(message, "reimportEligible")) - writer.uint32(/* id 18, wireType 0 =*/144).bool(message.reimportEligible); + if (message.rawDer != null && Object.hasOwnProperty.call(message, "rawDer")) + writer.uint32(/* id 1, wireType 2 =*/10).bytes(message.rawDer); + if (message.parsed != null && Object.hasOwnProperty.call(message, "parsed")) + writer.uint32(/* id 2, wireType 0 =*/16).bool(message.parsed); + if (message.issuer != null && Object.hasOwnProperty.call(message, "issuer")) + writer.uint32(/* id 3, wireType 2 =*/26).string(message.issuer); + if (message.subject != null && Object.hasOwnProperty.call(message, "subject")) + writer.uint32(/* id 4, wireType 2 =*/34).string(message.subject); + if (message.subjectAlternativeDnsNames != null && message.subjectAlternativeDnsNames.length) + for (var i = 0; i < message.subjectAlternativeDnsNames.length; ++i) + writer.uint32(/* id 5, wireType 2 =*/42).string(message.subjectAlternativeDnsNames[i]); + if (message.notBeforeTime != null && Object.hasOwnProperty.call(message, "notBeforeTime")) + $root.google.protobuf.Timestamp.encode(message.notBeforeTime, writer.uint32(/* id 6, wireType 2 =*/50).fork()).ldelim(); + if (message.notAfterTime != null && Object.hasOwnProperty.call(message, "notAfterTime")) + $root.google.protobuf.Timestamp.encode(message.notAfterTime, writer.uint32(/* id 7, wireType 2 =*/58).fork()).ldelim(); + if (message.serialNumber != null && Object.hasOwnProperty.call(message, "serialNumber")) + writer.uint32(/* id 8, wireType 2 =*/66).string(message.serialNumber); + if (message.sha256Fingerprint != null && Object.hasOwnProperty.call(message, "sha256Fingerprint")) + writer.uint32(/* id 9, wireType 2 =*/74).string(message.sha256Fingerprint); return writer; }; /** - * Encodes the specified CryptoKeyVersion message, length delimited. Does not implicitly {@link google.cloud.kms.v1.CryptoKeyVersion.verify|verify} messages. + * Encodes the specified Certificate message, length delimited. Does not implicitly {@link google.cloud.kms.v1.Certificate.verify|verify} messages. * @function encodeDelimited - * @memberof google.cloud.kms.v1.CryptoKeyVersion + * @memberof google.cloud.kms.v1.Certificate * @static - * @param {google.cloud.kms.v1.ICryptoKeyVersion} message CryptoKeyVersion message or plain object to encode + * @param {google.cloud.kms.v1.ICertificate} message Certificate message or plain object to encode * @param {$protobuf.Writer} [writer] Writer to encode to * @returns {$protobuf.Writer} Writer */ - CryptoKeyVersion.encodeDelimited = function encodeDelimited(message, writer) { + Certificate.encodeDelimited = function encodeDelimited(message, writer) { return this.encode(message, writer).ldelim(); }; /** - * Decodes a CryptoKeyVersion message from the specified reader or buffer. + * Decodes a Certificate message from the specified reader or buffer. * @function decode - * @memberof google.cloud.kms.v1.CryptoKeyVersion + * @memberof google.cloud.kms.v1.Certificate * @static * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from * @param {number} [length] Message length if known beforehand - * @returns {google.cloud.kms.v1.CryptoKeyVersion} CryptoKeyVersion + * @returns {google.cloud.kms.v1.Certificate} Certificate * @throws {Error} If the payload is not a reader or valid buffer * @throws {$protobuf.util.ProtocolError} If required fields are missing */ - CryptoKeyVersion.decode = function decode(reader, length) { + Certificate.decode = function decode(reader, length) { if (!(reader instanceof $Reader)) reader = $Reader.create(reader); - var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.cloud.kms.v1.CryptoKeyVersion(); + var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.cloud.kms.v1.Certificate(); while (reader.pos < end) { var tag = reader.uint32(); switch (tag >>> 3) { case 1: - message.name = reader.string(); + message.rawDer = reader.bytes(); break; - case 3: - message.state = reader.int32(); - break; - case 7: - message.protectionLevel = reader.int32(); - break; - case 10: - message.algorithm = reader.int32(); + case 2: + message.parsed = reader.bool(); break; - case 8: - message.attestation = $root.google.cloud.kms.v1.KeyOperationAttestation.decode(reader, reader.uint32()); + case 3: + message.issuer = reader.string(); break; case 4: - message.createTime = $root.google.protobuf.Timestamp.decode(reader, reader.uint32()); - break; - case 11: - message.generateTime = $root.google.protobuf.Timestamp.decode(reader, reader.uint32()); + message.subject = reader.string(); break; case 5: - message.destroyTime = $root.google.protobuf.Timestamp.decode(reader, reader.uint32()); + if (!(message.subjectAlternativeDnsNames && message.subjectAlternativeDnsNames.length)) + message.subjectAlternativeDnsNames = []; + message.subjectAlternativeDnsNames.push(reader.string()); break; case 6: - message.destroyEventTime = $root.google.protobuf.Timestamp.decode(reader, reader.uint32()); - break; - case 14: - message.importJob = reader.string(); - break; - case 15: - message.importTime = $root.google.protobuf.Timestamp.decode(reader, reader.uint32()); + message.notBeforeTime = $root.google.protobuf.Timestamp.decode(reader, reader.uint32()); break; - case 16: - message.importFailureReason = reader.string(); + case 7: + message.notAfterTime = $root.google.protobuf.Timestamp.decode(reader, reader.uint32()); break; - case 17: - message.externalProtectionLevelOptions = $root.google.cloud.kms.v1.ExternalProtectionLevelOptions.decode(reader, reader.uint32()); + case 8: + message.serialNumber = reader.string(); break; - case 18: - message.reimportEligible = reader.bool(); + case 9: + message.sha256Fingerprint = reader.string(); break; default: reader.skipType(tag & 7); @@ -1701,208 +1627,2919 @@ }; /** - * Decodes a CryptoKeyVersion message from the specified reader or buffer, length delimited. + * Decodes a Certificate message from the specified reader or buffer, length delimited. * @function decodeDelimited - * @memberof google.cloud.kms.v1.CryptoKeyVersion + * @memberof google.cloud.kms.v1.Certificate * @static * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from - * @returns {google.cloud.kms.v1.CryptoKeyVersion} CryptoKeyVersion + * @returns {google.cloud.kms.v1.Certificate} Certificate * @throws {Error} If the payload is not a reader or valid buffer * @throws {$protobuf.util.ProtocolError} If required fields are missing */ - CryptoKeyVersion.decodeDelimited = function decodeDelimited(reader) { + Certificate.decodeDelimited = function decodeDelimited(reader) { if (!(reader instanceof $Reader)) reader = new $Reader(reader); return this.decode(reader, reader.uint32()); }; /** - * Verifies a CryptoKeyVersion message. + * Verifies a Certificate message. * @function verify - * @memberof google.cloud.kms.v1.CryptoKeyVersion + * @memberof google.cloud.kms.v1.Certificate * @static * @param {Object.} message Plain object to verify * @returns {string|null} `null` if valid, otherwise the reason why it is not */ - CryptoKeyVersion.verify = function verify(message) { + Certificate.verify = function verify(message) { if (typeof message !== "object" || message === null) return "object expected"; - if (message.name != null && message.hasOwnProperty("name")) - if (!$util.isString(message.name)) - return "name: string expected"; - if (message.state != null && message.hasOwnProperty("state")) - switch (message.state) { - default: - return "state: enum value expected"; - case 0: - case 5: - case 1: - case 2: - case 3: - case 4: - case 6: - case 7: - break; - } - if (message.protectionLevel != null && message.hasOwnProperty("protectionLevel")) - switch (message.protectionLevel) { - default: - return "protectionLevel: enum value expected"; - case 0: - case 1: - case 2: - case 3: - break; - } - if (message.algorithm != null && message.hasOwnProperty("algorithm")) - switch (message.algorithm) { - default: - return "algorithm: enum value expected"; - case 0: - case 1: - case 2: - case 3: - case 4: - case 15: - case 5: - case 6: - case 7: - case 16: - case 28: - case 29: - case 30: - case 8: - case 9: - case 10: - case 17: - case 37: - case 38: - case 39: - case 12: - case 13: - case 31: - case 32: - case 18: - break; - } - if (message.attestation != null && message.hasOwnProperty("attestation")) { - var error = $root.google.cloud.kms.v1.KeyOperationAttestation.verify(message.attestation); - if (error) - return "attestation." + error; - } - if (message.createTime != null && message.hasOwnProperty("createTime")) { - var error = $root.google.protobuf.Timestamp.verify(message.createTime); - if (error) - return "createTime." + error; - } - if (message.generateTime != null && message.hasOwnProperty("generateTime")) { - var error = $root.google.protobuf.Timestamp.verify(message.generateTime); - if (error) - return "generateTime." + error; - } - if (message.destroyTime != null && message.hasOwnProperty("destroyTime")) { - var error = $root.google.protobuf.Timestamp.verify(message.destroyTime); - if (error) - return "destroyTime." + error; - } - if (message.destroyEventTime != null && message.hasOwnProperty("destroyEventTime")) { - var error = $root.google.protobuf.Timestamp.verify(message.destroyEventTime); - if (error) - return "destroyEventTime." + error; + if (message.rawDer != null && message.hasOwnProperty("rawDer")) + if (!(message.rawDer && typeof message.rawDer.length === "number" || $util.isString(message.rawDer))) + return "rawDer: buffer expected"; + if (message.parsed != null && message.hasOwnProperty("parsed")) + if (typeof message.parsed !== "boolean") + return "parsed: boolean expected"; + if (message.issuer != null && message.hasOwnProperty("issuer")) + if (!$util.isString(message.issuer)) + return "issuer: string expected"; + if (message.subject != null && message.hasOwnProperty("subject")) + if (!$util.isString(message.subject)) + return "subject: string expected"; + if (message.subjectAlternativeDnsNames != null && message.hasOwnProperty("subjectAlternativeDnsNames")) { + if (!Array.isArray(message.subjectAlternativeDnsNames)) + return "subjectAlternativeDnsNames: array expected"; + for (var i = 0; i < message.subjectAlternativeDnsNames.length; ++i) + if (!$util.isString(message.subjectAlternativeDnsNames[i])) + return "subjectAlternativeDnsNames: string[] expected"; } - if (message.importJob != null && message.hasOwnProperty("importJob")) - if (!$util.isString(message.importJob)) - return "importJob: string expected"; - if (message.importTime != null && message.hasOwnProperty("importTime")) { - var error = $root.google.protobuf.Timestamp.verify(message.importTime); + if (message.notBeforeTime != null && message.hasOwnProperty("notBeforeTime")) { + var error = $root.google.protobuf.Timestamp.verify(message.notBeforeTime); if (error) - return "importTime." + error; + return "notBeforeTime." + error; } - if (message.importFailureReason != null && message.hasOwnProperty("importFailureReason")) - if (!$util.isString(message.importFailureReason)) - return "importFailureReason: string expected"; - if (message.externalProtectionLevelOptions != null && message.hasOwnProperty("externalProtectionLevelOptions")) { - var error = $root.google.cloud.kms.v1.ExternalProtectionLevelOptions.verify(message.externalProtectionLevelOptions); + if (message.notAfterTime != null && message.hasOwnProperty("notAfterTime")) { + var error = $root.google.protobuf.Timestamp.verify(message.notAfterTime); if (error) - return "externalProtectionLevelOptions." + error; + return "notAfterTime." + error; } - if (message.reimportEligible != null && message.hasOwnProperty("reimportEligible")) - if (typeof message.reimportEligible !== "boolean") - return "reimportEligible: boolean expected"; + if (message.serialNumber != null && message.hasOwnProperty("serialNumber")) + if (!$util.isString(message.serialNumber)) + return "serialNumber: string expected"; + if (message.sha256Fingerprint != null && message.hasOwnProperty("sha256Fingerprint")) + if (!$util.isString(message.sha256Fingerprint)) + return "sha256Fingerprint: string expected"; return null; }; /** - * Creates a CryptoKeyVersion message from a plain object. Also converts values to their respective internal types. + * Creates a Certificate message from a plain object. Also converts values to their respective internal types. * @function fromObject - * @memberof google.cloud.kms.v1.CryptoKeyVersion + * @memberof google.cloud.kms.v1.Certificate * @static * @param {Object.} object Plain object - * @returns {google.cloud.kms.v1.CryptoKeyVersion} CryptoKeyVersion + * @returns {google.cloud.kms.v1.Certificate} Certificate */ - CryptoKeyVersion.fromObject = function fromObject(object) { - if (object instanceof $root.google.cloud.kms.v1.CryptoKeyVersion) + Certificate.fromObject = function fromObject(object) { + if (object instanceof $root.google.cloud.kms.v1.Certificate) return object; - var message = new $root.google.cloud.kms.v1.CryptoKeyVersion(); - if (object.name != null) - message.name = String(object.name); - switch (object.state) { - case "CRYPTO_KEY_VERSION_STATE_UNSPECIFIED": - case 0: - message.state = 0; - break; - case "PENDING_GENERATION": - case 5: - message.state = 5; - break; - case "ENABLED": - case 1: - message.state = 1; - break; - case "DISABLED": - case 2: - message.state = 2; - break; - case "DESTROYED": - case 3: - message.state = 3; - break; - case "DESTROY_SCHEDULED": - case 4: - message.state = 4; - break; - case "PENDING_IMPORT": - case 6: - message.state = 6; - break; - case "IMPORT_FAILED": - case 7: - message.state = 7; - break; + var message = new $root.google.cloud.kms.v1.Certificate(); + if (object.rawDer != null) + if (typeof object.rawDer === "string") + $util.base64.decode(object.rawDer, message.rawDer = $util.newBuffer($util.base64.length(object.rawDer)), 0); + else if (object.rawDer.length) + message.rawDer = object.rawDer; + if (object.parsed != null) + message.parsed = Boolean(object.parsed); + if (object.issuer != null) + message.issuer = String(object.issuer); + if (object.subject != null) + message.subject = String(object.subject); + if (object.subjectAlternativeDnsNames) { + if (!Array.isArray(object.subjectAlternativeDnsNames)) + throw TypeError(".google.cloud.kms.v1.Certificate.subjectAlternativeDnsNames: array expected"); + message.subjectAlternativeDnsNames = []; + for (var i = 0; i < object.subjectAlternativeDnsNames.length; ++i) + message.subjectAlternativeDnsNames[i] = String(object.subjectAlternativeDnsNames[i]); } - switch (object.protectionLevel) { - case "PROTECTION_LEVEL_UNSPECIFIED": - case 0: - message.protectionLevel = 0; - break; - case "SOFTWARE": - case 1: - message.protectionLevel = 1; - break; - case "HSM": - case 2: - message.protectionLevel = 2; - break; - case "EXTERNAL": - case 3: - message.protectionLevel = 3; - break; + if (object.notBeforeTime != null) { + if (typeof object.notBeforeTime !== "object") + throw TypeError(".google.cloud.kms.v1.Certificate.notBeforeTime: object expected"); + message.notBeforeTime = $root.google.protobuf.Timestamp.fromObject(object.notBeforeTime); } - switch (object.algorithm) { - case "CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED": - case 0: - message.algorithm = 0; - break; + if (object.notAfterTime != null) { + if (typeof object.notAfterTime !== "object") + throw TypeError(".google.cloud.kms.v1.Certificate.notAfterTime: object expected"); + message.notAfterTime = $root.google.protobuf.Timestamp.fromObject(object.notAfterTime); + } + if (object.serialNumber != null) + message.serialNumber = String(object.serialNumber); + if (object.sha256Fingerprint != null) + message.sha256Fingerprint = String(object.sha256Fingerprint); + return message; + }; + + /** + * Creates a plain object from a Certificate message. Also converts values to other types if specified. + * @function toObject + * @memberof google.cloud.kms.v1.Certificate + * @static + * @param {google.cloud.kms.v1.Certificate} message Certificate + * @param {$protobuf.IConversionOptions} [options] Conversion options + * @returns {Object.} Plain object + */ + Certificate.toObject = function toObject(message, options) { + if (!options) + options = {}; + var object = {}; + if (options.arrays || options.defaults) + object.subjectAlternativeDnsNames = []; + if (options.defaults) { + if (options.bytes === String) + object.rawDer = ""; + else { + object.rawDer = []; + if (options.bytes !== Array) + object.rawDer = $util.newBuffer(object.rawDer); + } + object.parsed = false; + object.issuer = ""; + object.subject = ""; + object.notBeforeTime = null; + object.notAfterTime = null; + object.serialNumber = ""; + object.sha256Fingerprint = ""; + } + if (message.rawDer != null && message.hasOwnProperty("rawDer")) + object.rawDer = options.bytes === String ? $util.base64.encode(message.rawDer, 0, message.rawDer.length) : options.bytes === Array ? Array.prototype.slice.call(message.rawDer) : message.rawDer; + if (message.parsed != null && message.hasOwnProperty("parsed")) + object.parsed = message.parsed; + if (message.issuer != null && message.hasOwnProperty("issuer")) + object.issuer = message.issuer; + if (message.subject != null && message.hasOwnProperty("subject")) + object.subject = message.subject; + if (message.subjectAlternativeDnsNames && message.subjectAlternativeDnsNames.length) { + object.subjectAlternativeDnsNames = []; + for (var j = 0; j < message.subjectAlternativeDnsNames.length; ++j) + object.subjectAlternativeDnsNames[j] = message.subjectAlternativeDnsNames[j]; + } + if (message.notBeforeTime != null && message.hasOwnProperty("notBeforeTime")) + object.notBeforeTime = $root.google.protobuf.Timestamp.toObject(message.notBeforeTime, options); + if (message.notAfterTime != null && message.hasOwnProperty("notAfterTime")) + object.notAfterTime = $root.google.protobuf.Timestamp.toObject(message.notAfterTime, options); + if (message.serialNumber != null && message.hasOwnProperty("serialNumber")) + object.serialNumber = message.serialNumber; + if (message.sha256Fingerprint != null && message.hasOwnProperty("sha256Fingerprint")) + object.sha256Fingerprint = message.sha256Fingerprint; + return object; + }; + + /** + * Converts this Certificate to JSON. + * @function toJSON + * @memberof google.cloud.kms.v1.Certificate + * @instance + * @returns {Object.} JSON object + */ + Certificate.prototype.toJSON = function toJSON() { + return this.constructor.toObject(this, $protobuf.util.toJSONOptions); + }; + + return Certificate; + })(); + + v1.EkmConnection = (function() { + + /** + * Properties of an EkmConnection. + * @memberof google.cloud.kms.v1 + * @interface IEkmConnection + * @property {string|null} [name] EkmConnection name + * @property {google.protobuf.ITimestamp|null} [createTime] EkmConnection createTime + * @property {Array.|null} [serviceResolvers] EkmConnection serviceResolvers + * @property {string|null} [etag] EkmConnection etag + */ + + /** + * Constructs a new EkmConnection. + * @memberof google.cloud.kms.v1 + * @classdesc Represents an EkmConnection. + * @implements IEkmConnection + * @constructor + * @param {google.cloud.kms.v1.IEkmConnection=} [properties] Properties to set + */ + function EkmConnection(properties) { + this.serviceResolvers = []; + if (properties) + for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i) + if (properties[keys[i]] != null) + this[keys[i]] = properties[keys[i]]; + } + + /** + * EkmConnection name. + * @member {string} name + * @memberof google.cloud.kms.v1.EkmConnection + * @instance + */ + EkmConnection.prototype.name = ""; + + /** + * EkmConnection createTime. + * @member {google.protobuf.ITimestamp|null|undefined} createTime + * @memberof google.cloud.kms.v1.EkmConnection + * @instance + */ + EkmConnection.prototype.createTime = null; + + /** + * EkmConnection serviceResolvers. + * @member {Array.} serviceResolvers + * @memberof google.cloud.kms.v1.EkmConnection + * @instance + */ + EkmConnection.prototype.serviceResolvers = $util.emptyArray; + + /** + * EkmConnection etag. + * @member {string} etag + * @memberof google.cloud.kms.v1.EkmConnection + * @instance + */ + EkmConnection.prototype.etag = ""; + + /** + * Creates a new EkmConnection instance using the specified properties. + * @function create + * @memberof google.cloud.kms.v1.EkmConnection + * @static + * @param {google.cloud.kms.v1.IEkmConnection=} [properties] Properties to set + * @returns {google.cloud.kms.v1.EkmConnection} EkmConnection instance + */ + EkmConnection.create = function create(properties) { + return new EkmConnection(properties); + }; + + /** + * Encodes the specified EkmConnection message. Does not implicitly {@link google.cloud.kms.v1.EkmConnection.verify|verify} messages. + * @function encode + * @memberof google.cloud.kms.v1.EkmConnection + * @static + * @param {google.cloud.kms.v1.IEkmConnection} message EkmConnection message or plain object to encode + * @param {$protobuf.Writer} [writer] Writer to encode to + * @returns {$protobuf.Writer} Writer + */ + EkmConnection.encode = function encode(message, writer) { + if (!writer) + writer = $Writer.create(); + if (message.name != null && Object.hasOwnProperty.call(message, "name")) + writer.uint32(/* id 1, wireType 2 =*/10).string(message.name); + if (message.createTime != null && Object.hasOwnProperty.call(message, "createTime")) + $root.google.protobuf.Timestamp.encode(message.createTime, writer.uint32(/* id 2, wireType 2 =*/18).fork()).ldelim(); + if (message.serviceResolvers != null && message.serviceResolvers.length) + for (var i = 0; i < message.serviceResolvers.length; ++i) + $root.google.cloud.kms.v1.EkmConnection.ServiceResolver.encode(message.serviceResolvers[i], writer.uint32(/* id 3, wireType 2 =*/26).fork()).ldelim(); + if (message.etag != null && Object.hasOwnProperty.call(message, "etag")) + writer.uint32(/* id 5, wireType 2 =*/42).string(message.etag); + return writer; + }; + + /** + * Encodes the specified EkmConnection message, length delimited. Does not implicitly {@link google.cloud.kms.v1.EkmConnection.verify|verify} messages. + * @function encodeDelimited + * @memberof google.cloud.kms.v1.EkmConnection + * @static + * @param {google.cloud.kms.v1.IEkmConnection} message EkmConnection message or plain object to encode + * @param {$protobuf.Writer} [writer] Writer to encode to + * @returns {$protobuf.Writer} Writer + */ + EkmConnection.encodeDelimited = function encodeDelimited(message, writer) { + return this.encode(message, writer).ldelim(); + }; + + /** + * Decodes an EkmConnection message from the specified reader or buffer. + * @function decode + * @memberof google.cloud.kms.v1.EkmConnection + * @static + * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from + * @param {number} [length] Message length if known beforehand + * @returns {google.cloud.kms.v1.EkmConnection} EkmConnection + * @throws {Error} If the payload is not a reader or valid buffer + * @throws {$protobuf.util.ProtocolError} If required fields are missing + */ + EkmConnection.decode = function decode(reader, length) { + if (!(reader instanceof $Reader)) + reader = $Reader.create(reader); + var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.cloud.kms.v1.EkmConnection(); + while (reader.pos < end) { + var tag = reader.uint32(); + switch (tag >>> 3) { + case 1: + message.name = reader.string(); + break; + case 2: + message.createTime = $root.google.protobuf.Timestamp.decode(reader, reader.uint32()); + break; + case 3: + if (!(message.serviceResolvers && message.serviceResolvers.length)) + message.serviceResolvers = []; + message.serviceResolvers.push($root.google.cloud.kms.v1.EkmConnection.ServiceResolver.decode(reader, reader.uint32())); + break; + case 5: + message.etag = reader.string(); + break; + default: + reader.skipType(tag & 7); + break; + } + } + return message; + }; + + /** + * Decodes an EkmConnection message from the specified reader or buffer, length delimited. + * @function decodeDelimited + * @memberof google.cloud.kms.v1.EkmConnection + * @static + * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from + * @returns {google.cloud.kms.v1.EkmConnection} EkmConnection + * @throws {Error} If the payload is not a reader or valid buffer + * @throws {$protobuf.util.ProtocolError} If required fields are missing + */ + EkmConnection.decodeDelimited = function decodeDelimited(reader) { + if (!(reader instanceof $Reader)) + reader = new $Reader(reader); + return this.decode(reader, reader.uint32()); + }; + + /** + * Verifies an EkmConnection message. + * @function verify + * @memberof google.cloud.kms.v1.EkmConnection + * @static + * @param {Object.} message Plain object to verify + * @returns {string|null} `null` if valid, otherwise the reason why it is not + */ + EkmConnection.verify = function verify(message) { + if (typeof message !== "object" || message === null) + return "object expected"; + if (message.name != null && message.hasOwnProperty("name")) + if (!$util.isString(message.name)) + return "name: string expected"; + if (message.createTime != null && message.hasOwnProperty("createTime")) { + var error = $root.google.protobuf.Timestamp.verify(message.createTime); + if (error) + return "createTime." + error; + } + if (message.serviceResolvers != null && message.hasOwnProperty("serviceResolvers")) { + if (!Array.isArray(message.serviceResolvers)) + return "serviceResolvers: array expected"; + for (var i = 0; i < message.serviceResolvers.length; ++i) { + var error = $root.google.cloud.kms.v1.EkmConnection.ServiceResolver.verify(message.serviceResolvers[i]); + if (error) + return "serviceResolvers." + error; + } + } + if (message.etag != null && message.hasOwnProperty("etag")) + if (!$util.isString(message.etag)) + return "etag: string expected"; + return null; + }; + + /** + * Creates an EkmConnection message from a plain object. Also converts values to their respective internal types. + * @function fromObject + * @memberof google.cloud.kms.v1.EkmConnection + * @static + * @param {Object.} object Plain object + * @returns {google.cloud.kms.v1.EkmConnection} EkmConnection + */ + EkmConnection.fromObject = function fromObject(object) { + if (object instanceof $root.google.cloud.kms.v1.EkmConnection) + return object; + var message = new $root.google.cloud.kms.v1.EkmConnection(); + if (object.name != null) + message.name = String(object.name); + if (object.createTime != null) { + if (typeof object.createTime !== "object") + throw TypeError(".google.cloud.kms.v1.EkmConnection.createTime: object expected"); + message.createTime = $root.google.protobuf.Timestamp.fromObject(object.createTime); + } + if (object.serviceResolvers) { + if (!Array.isArray(object.serviceResolvers)) + throw TypeError(".google.cloud.kms.v1.EkmConnection.serviceResolvers: array expected"); + message.serviceResolvers = []; + for (var i = 0; i < object.serviceResolvers.length; ++i) { + if (typeof object.serviceResolvers[i] !== "object") + throw TypeError(".google.cloud.kms.v1.EkmConnection.serviceResolvers: object expected"); + message.serviceResolvers[i] = $root.google.cloud.kms.v1.EkmConnection.ServiceResolver.fromObject(object.serviceResolvers[i]); + } + } + if (object.etag != null) + message.etag = String(object.etag); + return message; + }; + + /** + * Creates a plain object from an EkmConnection message. Also converts values to other types if specified. + * @function toObject + * @memberof google.cloud.kms.v1.EkmConnection + * @static + * @param {google.cloud.kms.v1.EkmConnection} message EkmConnection + * @param {$protobuf.IConversionOptions} [options] Conversion options + * @returns {Object.} Plain object + */ + EkmConnection.toObject = function toObject(message, options) { + if (!options) + options = {}; + var object = {}; + if (options.arrays || options.defaults) + object.serviceResolvers = []; + if (options.defaults) { + object.name = ""; + object.createTime = null; + object.etag = ""; + } + if (message.name != null && message.hasOwnProperty("name")) + object.name = message.name; + if (message.createTime != null && message.hasOwnProperty("createTime")) + object.createTime = $root.google.protobuf.Timestamp.toObject(message.createTime, options); + if (message.serviceResolvers && message.serviceResolvers.length) { + object.serviceResolvers = []; + for (var j = 0; j < message.serviceResolvers.length; ++j) + object.serviceResolvers[j] = $root.google.cloud.kms.v1.EkmConnection.ServiceResolver.toObject(message.serviceResolvers[j], options); + } + if (message.etag != null && message.hasOwnProperty("etag")) + object.etag = message.etag; + return object; + }; + + /** + * Converts this EkmConnection to JSON. + * @function toJSON + * @memberof google.cloud.kms.v1.EkmConnection + * @instance + * @returns {Object.} JSON object + */ + EkmConnection.prototype.toJSON = function toJSON() { + return this.constructor.toObject(this, $protobuf.util.toJSONOptions); + }; + + EkmConnection.ServiceResolver = (function() { + + /** + * Properties of a ServiceResolver. + * @memberof google.cloud.kms.v1.EkmConnection + * @interface IServiceResolver + * @property {string|null} [serviceDirectoryService] ServiceResolver serviceDirectoryService + * @property {string|null} [endpointFilter] ServiceResolver endpointFilter + * @property {string|null} [hostname] ServiceResolver hostname + * @property {Array.|null} [serverCertificates] ServiceResolver serverCertificates + */ + + /** + * Constructs a new ServiceResolver. + * @memberof google.cloud.kms.v1.EkmConnection + * @classdesc Represents a ServiceResolver. + * @implements IServiceResolver + * @constructor + * @param {google.cloud.kms.v1.EkmConnection.IServiceResolver=} [properties] Properties to set + */ + function ServiceResolver(properties) { + this.serverCertificates = []; + if (properties) + for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i) + if (properties[keys[i]] != null) + this[keys[i]] = properties[keys[i]]; + } + + /** + * ServiceResolver serviceDirectoryService. + * @member {string} serviceDirectoryService + * @memberof google.cloud.kms.v1.EkmConnection.ServiceResolver + * @instance + */ + ServiceResolver.prototype.serviceDirectoryService = ""; + + /** + * ServiceResolver endpointFilter. + * @member {string} endpointFilter + * @memberof google.cloud.kms.v1.EkmConnection.ServiceResolver + * @instance + */ + ServiceResolver.prototype.endpointFilter = ""; + + /** + * ServiceResolver hostname. + * @member {string} hostname + * @memberof google.cloud.kms.v1.EkmConnection.ServiceResolver + * @instance + */ + ServiceResolver.prototype.hostname = ""; + + /** + * ServiceResolver serverCertificates. + * @member {Array.} serverCertificates + * @memberof google.cloud.kms.v1.EkmConnection.ServiceResolver + * @instance + */ + ServiceResolver.prototype.serverCertificates = $util.emptyArray; + + /** + * Creates a new ServiceResolver instance using the specified properties. + * @function create + * @memberof google.cloud.kms.v1.EkmConnection.ServiceResolver + * @static + * @param {google.cloud.kms.v1.EkmConnection.IServiceResolver=} [properties] Properties to set + * @returns {google.cloud.kms.v1.EkmConnection.ServiceResolver} ServiceResolver instance + */ + ServiceResolver.create = function create(properties) { + return new ServiceResolver(properties); + }; + + /** + * Encodes the specified ServiceResolver message. Does not implicitly {@link google.cloud.kms.v1.EkmConnection.ServiceResolver.verify|verify} messages. + * @function encode + * @memberof google.cloud.kms.v1.EkmConnection.ServiceResolver + * @static + * @param {google.cloud.kms.v1.EkmConnection.IServiceResolver} message ServiceResolver message or plain object to encode + * @param {$protobuf.Writer} [writer] Writer to encode to + * @returns {$protobuf.Writer} Writer + */ + ServiceResolver.encode = function encode(message, writer) { + if (!writer) + writer = $Writer.create(); + if (message.serviceDirectoryService != null && Object.hasOwnProperty.call(message, "serviceDirectoryService")) + writer.uint32(/* id 1, wireType 2 =*/10).string(message.serviceDirectoryService); + if (message.endpointFilter != null && Object.hasOwnProperty.call(message, "endpointFilter")) + writer.uint32(/* id 2, wireType 2 =*/18).string(message.endpointFilter); + if (message.hostname != null && Object.hasOwnProperty.call(message, "hostname")) + writer.uint32(/* id 3, wireType 2 =*/26).string(message.hostname); + if (message.serverCertificates != null && message.serverCertificates.length) + for (var i = 0; i < message.serverCertificates.length; ++i) + $root.google.cloud.kms.v1.Certificate.encode(message.serverCertificates[i], writer.uint32(/* id 4, wireType 2 =*/34).fork()).ldelim(); + return writer; + }; + + /** + * Encodes the specified ServiceResolver message, length delimited. Does not implicitly {@link google.cloud.kms.v1.EkmConnection.ServiceResolver.verify|verify} messages. + * @function encodeDelimited + * @memberof google.cloud.kms.v1.EkmConnection.ServiceResolver + * @static + * @param {google.cloud.kms.v1.EkmConnection.IServiceResolver} message ServiceResolver message or plain object to encode + * @param {$protobuf.Writer} [writer] Writer to encode to + * @returns {$protobuf.Writer} Writer + */ + ServiceResolver.encodeDelimited = function encodeDelimited(message, writer) { + return this.encode(message, writer).ldelim(); + }; + + /** + * Decodes a ServiceResolver message from the specified reader or buffer. + * @function decode + * @memberof google.cloud.kms.v1.EkmConnection.ServiceResolver + * @static + * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from + * @param {number} [length] Message length if known beforehand + * @returns {google.cloud.kms.v1.EkmConnection.ServiceResolver} ServiceResolver + * @throws {Error} If the payload is not a reader or valid buffer + * @throws {$protobuf.util.ProtocolError} If required fields are missing + */ + ServiceResolver.decode = function decode(reader, length) { + if (!(reader instanceof $Reader)) + reader = $Reader.create(reader); + var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.cloud.kms.v1.EkmConnection.ServiceResolver(); + while (reader.pos < end) { + var tag = reader.uint32(); + switch (tag >>> 3) { + case 1: + message.serviceDirectoryService = reader.string(); + break; + case 2: + message.endpointFilter = reader.string(); + break; + case 3: + message.hostname = reader.string(); + break; + case 4: + if (!(message.serverCertificates && message.serverCertificates.length)) + message.serverCertificates = []; + message.serverCertificates.push($root.google.cloud.kms.v1.Certificate.decode(reader, reader.uint32())); + break; + default: + reader.skipType(tag & 7); + break; + } + } + return message; + }; + + /** + * Decodes a ServiceResolver message from the specified reader or buffer, length delimited. + * @function decodeDelimited + * @memberof google.cloud.kms.v1.EkmConnection.ServiceResolver + * @static + * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from + * @returns {google.cloud.kms.v1.EkmConnection.ServiceResolver} ServiceResolver + * @throws {Error} If the payload is not a reader or valid buffer + * @throws {$protobuf.util.ProtocolError} If required fields are missing + */ + ServiceResolver.decodeDelimited = function decodeDelimited(reader) { + if (!(reader instanceof $Reader)) + reader = new $Reader(reader); + return this.decode(reader, reader.uint32()); + }; + + /** + * Verifies a ServiceResolver message. + * @function verify + * @memberof google.cloud.kms.v1.EkmConnection.ServiceResolver + * @static + * @param {Object.} message Plain object to verify + * @returns {string|null} `null` if valid, otherwise the reason why it is not + */ + ServiceResolver.verify = function verify(message) { + if (typeof message !== "object" || message === null) + return "object expected"; + if (message.serviceDirectoryService != null && message.hasOwnProperty("serviceDirectoryService")) + if (!$util.isString(message.serviceDirectoryService)) + return "serviceDirectoryService: string expected"; + if (message.endpointFilter != null && message.hasOwnProperty("endpointFilter")) + if (!$util.isString(message.endpointFilter)) + return "endpointFilter: string expected"; + if (message.hostname != null && message.hasOwnProperty("hostname")) + if (!$util.isString(message.hostname)) + return "hostname: string expected"; + if (message.serverCertificates != null && message.hasOwnProperty("serverCertificates")) { + if (!Array.isArray(message.serverCertificates)) + return "serverCertificates: array expected"; + for (var i = 0; i < message.serverCertificates.length; ++i) { + var error = $root.google.cloud.kms.v1.Certificate.verify(message.serverCertificates[i]); + if (error) + return "serverCertificates." + error; + } + } + return null; + }; + + /** + * Creates a ServiceResolver message from a plain object. Also converts values to their respective internal types. + * @function fromObject + * @memberof google.cloud.kms.v1.EkmConnection.ServiceResolver + * @static + * @param {Object.} object Plain object + * @returns {google.cloud.kms.v1.EkmConnection.ServiceResolver} ServiceResolver + */ + ServiceResolver.fromObject = function fromObject(object) { + if (object instanceof $root.google.cloud.kms.v1.EkmConnection.ServiceResolver) + return object; + var message = new $root.google.cloud.kms.v1.EkmConnection.ServiceResolver(); + if (object.serviceDirectoryService != null) + message.serviceDirectoryService = String(object.serviceDirectoryService); + if (object.endpointFilter != null) + message.endpointFilter = String(object.endpointFilter); + if (object.hostname != null) + message.hostname = String(object.hostname); + if (object.serverCertificates) { + if (!Array.isArray(object.serverCertificates)) + throw TypeError(".google.cloud.kms.v1.EkmConnection.ServiceResolver.serverCertificates: array expected"); + message.serverCertificates = []; + for (var i = 0; i < object.serverCertificates.length; ++i) { + if (typeof object.serverCertificates[i] !== "object") + throw TypeError(".google.cloud.kms.v1.EkmConnection.ServiceResolver.serverCertificates: object expected"); + message.serverCertificates[i] = $root.google.cloud.kms.v1.Certificate.fromObject(object.serverCertificates[i]); + } + } + return message; + }; + + /** + * Creates a plain object from a ServiceResolver message. Also converts values to other types if specified. + * @function toObject + * @memberof google.cloud.kms.v1.EkmConnection.ServiceResolver + * @static + * @param {google.cloud.kms.v1.EkmConnection.ServiceResolver} message ServiceResolver + * @param {$protobuf.IConversionOptions} [options] Conversion options + * @returns {Object.} Plain object + */ + ServiceResolver.toObject = function toObject(message, options) { + if (!options) + options = {}; + var object = {}; + if (options.arrays || options.defaults) + object.serverCertificates = []; + if (options.defaults) { + object.serviceDirectoryService = ""; + object.endpointFilter = ""; + object.hostname = ""; + } + if (message.serviceDirectoryService != null && message.hasOwnProperty("serviceDirectoryService")) + object.serviceDirectoryService = message.serviceDirectoryService; + if (message.endpointFilter != null && message.hasOwnProperty("endpointFilter")) + object.endpointFilter = message.endpointFilter; + if (message.hostname != null && message.hasOwnProperty("hostname")) + object.hostname = message.hostname; + if (message.serverCertificates && message.serverCertificates.length) { + object.serverCertificates = []; + for (var j = 0; j < message.serverCertificates.length; ++j) + object.serverCertificates[j] = $root.google.cloud.kms.v1.Certificate.toObject(message.serverCertificates[j], options); + } + return object; + }; + + /** + * Converts this ServiceResolver to JSON. + * @function toJSON + * @memberof google.cloud.kms.v1.EkmConnection.ServiceResolver + * @instance + * @returns {Object.} JSON object + */ + ServiceResolver.prototype.toJSON = function toJSON() { + return this.constructor.toObject(this, $protobuf.util.toJSONOptions); + }; + + return ServiceResolver; + })(); + + return EkmConnection; + })(); + + v1.KeyRing = (function() { + + /** + * Properties of a KeyRing. + * @memberof google.cloud.kms.v1 + * @interface IKeyRing + * @property {string|null} [name] KeyRing name + * @property {google.protobuf.ITimestamp|null} [createTime] KeyRing createTime + */ + + /** + * Constructs a new KeyRing. + * @memberof google.cloud.kms.v1 + * @classdesc Represents a KeyRing. + * @implements IKeyRing + * @constructor + * @param {google.cloud.kms.v1.IKeyRing=} [properties] Properties to set + */ + function KeyRing(properties) { + if (properties) + for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i) + if (properties[keys[i]] != null) + this[keys[i]] = properties[keys[i]]; + } + + /** + * KeyRing name. + * @member {string} name + * @memberof google.cloud.kms.v1.KeyRing + * @instance + */ + KeyRing.prototype.name = ""; + + /** + * KeyRing createTime. + * @member {google.protobuf.ITimestamp|null|undefined} createTime + * @memberof google.cloud.kms.v1.KeyRing + * @instance + */ + KeyRing.prototype.createTime = null; + + /** + * Creates a new KeyRing instance using the specified properties. + * @function create + * @memberof google.cloud.kms.v1.KeyRing + * @static + * @param {google.cloud.kms.v1.IKeyRing=} [properties] Properties to set + * @returns {google.cloud.kms.v1.KeyRing} KeyRing instance + */ + KeyRing.create = function create(properties) { + return new KeyRing(properties); + }; + + /** + * Encodes the specified KeyRing message. Does not implicitly {@link google.cloud.kms.v1.KeyRing.verify|verify} messages. + * @function encode + * @memberof google.cloud.kms.v1.KeyRing + * @static + * @param {google.cloud.kms.v1.IKeyRing} message KeyRing message or plain object to encode + * @param {$protobuf.Writer} [writer] Writer to encode to + * @returns {$protobuf.Writer} Writer + */ + KeyRing.encode = function encode(message, writer) { + if (!writer) + writer = $Writer.create(); + if (message.name != null && Object.hasOwnProperty.call(message, "name")) + writer.uint32(/* id 1, wireType 2 =*/10).string(message.name); + if (message.createTime != null && Object.hasOwnProperty.call(message, "createTime")) + $root.google.protobuf.Timestamp.encode(message.createTime, writer.uint32(/* id 2, wireType 2 =*/18).fork()).ldelim(); + return writer; + }; + + /** + * Encodes the specified KeyRing message, length delimited. Does not implicitly {@link google.cloud.kms.v1.KeyRing.verify|verify} messages. + * @function encodeDelimited + * @memberof google.cloud.kms.v1.KeyRing + * @static + * @param {google.cloud.kms.v1.IKeyRing} message KeyRing message or plain object to encode + * @param {$protobuf.Writer} [writer] Writer to encode to + * @returns {$protobuf.Writer} Writer + */ + KeyRing.encodeDelimited = function encodeDelimited(message, writer) { + return this.encode(message, writer).ldelim(); + }; + + /** + * Decodes a KeyRing message from the specified reader or buffer. + * @function decode + * @memberof google.cloud.kms.v1.KeyRing + * @static + * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from + * @param {number} [length] Message length if known beforehand + * @returns {google.cloud.kms.v1.KeyRing} KeyRing + * @throws {Error} If the payload is not a reader or valid buffer + * @throws {$protobuf.util.ProtocolError} If required fields are missing + */ + KeyRing.decode = function decode(reader, length) { + if (!(reader instanceof $Reader)) + reader = $Reader.create(reader); + var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.cloud.kms.v1.KeyRing(); + while (reader.pos < end) { + var tag = reader.uint32(); + switch (tag >>> 3) { + case 1: + message.name = reader.string(); + break; + case 2: + message.createTime = $root.google.protobuf.Timestamp.decode(reader, reader.uint32()); + break; + default: + reader.skipType(tag & 7); + break; + } + } + return message; + }; + + /** + * Decodes a KeyRing message from the specified reader or buffer, length delimited. + * @function decodeDelimited + * @memberof google.cloud.kms.v1.KeyRing + * @static + * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from + * @returns {google.cloud.kms.v1.KeyRing} KeyRing + * @throws {Error} If the payload is not a reader or valid buffer + * @throws {$protobuf.util.ProtocolError} If required fields are missing + */ + KeyRing.decodeDelimited = function decodeDelimited(reader) { + if (!(reader instanceof $Reader)) + reader = new $Reader(reader); + return this.decode(reader, reader.uint32()); + }; + + /** + * Verifies a KeyRing message. + * @function verify + * @memberof google.cloud.kms.v1.KeyRing + * @static + * @param {Object.} message Plain object to verify + * @returns {string|null} `null` if valid, otherwise the reason why it is not + */ + KeyRing.verify = function verify(message) { + if (typeof message !== "object" || message === null) + return "object expected"; + if (message.name != null && message.hasOwnProperty("name")) + if (!$util.isString(message.name)) + return "name: string expected"; + if (message.createTime != null && message.hasOwnProperty("createTime")) { + var error = $root.google.protobuf.Timestamp.verify(message.createTime); + if (error) + return "createTime." + error; + } + return null; + }; + + /** + * Creates a KeyRing message from a plain object. Also converts values to their respective internal types. + * @function fromObject + * @memberof google.cloud.kms.v1.KeyRing + * @static + * @param {Object.} object Plain object + * @returns {google.cloud.kms.v1.KeyRing} KeyRing + */ + KeyRing.fromObject = function fromObject(object) { + if (object instanceof $root.google.cloud.kms.v1.KeyRing) + return object; + var message = new $root.google.cloud.kms.v1.KeyRing(); + if (object.name != null) + message.name = String(object.name); + if (object.createTime != null) { + if (typeof object.createTime !== "object") + throw TypeError(".google.cloud.kms.v1.KeyRing.createTime: object expected"); + message.createTime = $root.google.protobuf.Timestamp.fromObject(object.createTime); + } + return message; + }; + + /** + * Creates a plain object from a KeyRing message. Also converts values to other types if specified. + * @function toObject + * @memberof google.cloud.kms.v1.KeyRing + * @static + * @param {google.cloud.kms.v1.KeyRing} message KeyRing + * @param {$protobuf.IConversionOptions} [options] Conversion options + * @returns {Object.} Plain object + */ + KeyRing.toObject = function toObject(message, options) { + if (!options) + options = {}; + var object = {}; + if (options.defaults) { + object.name = ""; + object.createTime = null; + } + if (message.name != null && message.hasOwnProperty("name")) + object.name = message.name; + if (message.createTime != null && message.hasOwnProperty("createTime")) + object.createTime = $root.google.protobuf.Timestamp.toObject(message.createTime, options); + return object; + }; + + /** + * Converts this KeyRing to JSON. + * @function toJSON + * @memberof google.cloud.kms.v1.KeyRing + * @instance + * @returns {Object.} JSON object + */ + KeyRing.prototype.toJSON = function toJSON() { + return this.constructor.toObject(this, $protobuf.util.toJSONOptions); + }; + + return KeyRing; + })(); + + v1.CryptoKey = (function() { + + /** + * Properties of a CryptoKey. + * @memberof google.cloud.kms.v1 + * @interface ICryptoKey + * @property {string|null} [name] CryptoKey name + * @property {google.cloud.kms.v1.ICryptoKeyVersion|null} [primary] CryptoKey primary + * @property {google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose|null} [purpose] CryptoKey purpose + * @property {google.protobuf.ITimestamp|null} [createTime] CryptoKey createTime + * @property {google.protobuf.ITimestamp|null} [nextRotationTime] CryptoKey nextRotationTime + * @property {google.protobuf.IDuration|null} [rotationPeriod] CryptoKey rotationPeriod + * @property {google.cloud.kms.v1.ICryptoKeyVersionTemplate|null} [versionTemplate] CryptoKey versionTemplate + * @property {Object.|null} [labels] CryptoKey labels + * @property {boolean|null} [importOnly] CryptoKey importOnly + * @property {google.protobuf.IDuration|null} [destroyScheduledDuration] CryptoKey destroyScheduledDuration + * @property {string|null} [cryptoKeyBackend] CryptoKey cryptoKeyBackend + */ + + /** + * Constructs a new CryptoKey. + * @memberof google.cloud.kms.v1 + * @classdesc Represents a CryptoKey. + * @implements ICryptoKey + * @constructor + * @param {google.cloud.kms.v1.ICryptoKey=} [properties] Properties to set + */ + function CryptoKey(properties) { + this.labels = {}; + if (properties) + for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i) + if (properties[keys[i]] != null) + this[keys[i]] = properties[keys[i]]; + } + + /** + * CryptoKey name. + * @member {string} name + * @memberof google.cloud.kms.v1.CryptoKey + * @instance + */ + CryptoKey.prototype.name = ""; + + /** + * CryptoKey primary. + * @member {google.cloud.kms.v1.ICryptoKeyVersion|null|undefined} primary + * @memberof google.cloud.kms.v1.CryptoKey + * @instance + */ + CryptoKey.prototype.primary = null; + + /** + * CryptoKey purpose. + * @member {google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose} purpose + * @memberof google.cloud.kms.v1.CryptoKey + * @instance + */ + CryptoKey.prototype.purpose = 0; + + /** + * CryptoKey createTime. + * @member {google.protobuf.ITimestamp|null|undefined} createTime + * @memberof google.cloud.kms.v1.CryptoKey + * @instance + */ + CryptoKey.prototype.createTime = null; + + /** + * CryptoKey nextRotationTime. + * @member {google.protobuf.ITimestamp|null|undefined} nextRotationTime + * @memberof google.cloud.kms.v1.CryptoKey + * @instance + */ + CryptoKey.prototype.nextRotationTime = null; + + /** + * CryptoKey rotationPeriod. + * @member {google.protobuf.IDuration|null|undefined} rotationPeriod + * @memberof google.cloud.kms.v1.CryptoKey + * @instance + */ + CryptoKey.prototype.rotationPeriod = null; + + /** + * CryptoKey versionTemplate. + * @member {google.cloud.kms.v1.ICryptoKeyVersionTemplate|null|undefined} versionTemplate + * @memberof google.cloud.kms.v1.CryptoKey + * @instance + */ + CryptoKey.prototype.versionTemplate = null; + + /** + * CryptoKey labels. + * @member {Object.} labels + * @memberof google.cloud.kms.v1.CryptoKey + * @instance + */ + CryptoKey.prototype.labels = $util.emptyObject; + + /** + * CryptoKey importOnly. + * @member {boolean} importOnly + * @memberof google.cloud.kms.v1.CryptoKey + * @instance + */ + CryptoKey.prototype.importOnly = false; + + /** + * CryptoKey destroyScheduledDuration. + * @member {google.protobuf.IDuration|null|undefined} destroyScheduledDuration + * @memberof google.cloud.kms.v1.CryptoKey + * @instance + */ + CryptoKey.prototype.destroyScheduledDuration = null; + + /** + * CryptoKey cryptoKeyBackend. + * @member {string} cryptoKeyBackend + * @memberof google.cloud.kms.v1.CryptoKey + * @instance + */ + CryptoKey.prototype.cryptoKeyBackend = ""; + + // OneOf field names bound to virtual getters and setters + var $oneOfFields; + + /** + * CryptoKey rotationSchedule. + * @member {"rotationPeriod"|undefined} rotationSchedule + * @memberof google.cloud.kms.v1.CryptoKey + * @instance + */ + Object.defineProperty(CryptoKey.prototype, "rotationSchedule", { + get: $util.oneOfGetter($oneOfFields = ["rotationPeriod"]), + set: $util.oneOfSetter($oneOfFields) + }); + + /** + * Creates a new CryptoKey instance using the specified properties. + * @function create + * @memberof google.cloud.kms.v1.CryptoKey + * @static + * @param {google.cloud.kms.v1.ICryptoKey=} [properties] Properties to set + * @returns {google.cloud.kms.v1.CryptoKey} CryptoKey instance + */ + CryptoKey.create = function create(properties) { + return new CryptoKey(properties); + }; + + /** + * Encodes the specified CryptoKey message. Does not implicitly {@link google.cloud.kms.v1.CryptoKey.verify|verify} messages. + * @function encode + * @memberof google.cloud.kms.v1.CryptoKey + * @static + * @param {google.cloud.kms.v1.ICryptoKey} message CryptoKey message or plain object to encode + * @param {$protobuf.Writer} [writer] Writer to encode to + * @returns {$protobuf.Writer} Writer + */ + CryptoKey.encode = function encode(message, writer) { + if (!writer) + writer = $Writer.create(); + if (message.name != null && Object.hasOwnProperty.call(message, "name")) + writer.uint32(/* id 1, wireType 2 =*/10).string(message.name); + if (message.primary != null && Object.hasOwnProperty.call(message, "primary")) + $root.google.cloud.kms.v1.CryptoKeyVersion.encode(message.primary, writer.uint32(/* id 2, wireType 2 =*/18).fork()).ldelim(); + if (message.purpose != null && Object.hasOwnProperty.call(message, "purpose")) + writer.uint32(/* id 3, wireType 0 =*/24).int32(message.purpose); + if (message.createTime != null && Object.hasOwnProperty.call(message, "createTime")) + $root.google.protobuf.Timestamp.encode(message.createTime, writer.uint32(/* id 5, wireType 2 =*/42).fork()).ldelim(); + if (message.nextRotationTime != null && Object.hasOwnProperty.call(message, "nextRotationTime")) + $root.google.protobuf.Timestamp.encode(message.nextRotationTime, writer.uint32(/* id 7, wireType 2 =*/58).fork()).ldelim(); + if (message.rotationPeriod != null && Object.hasOwnProperty.call(message, "rotationPeriod")) + $root.google.protobuf.Duration.encode(message.rotationPeriod, writer.uint32(/* id 8, wireType 2 =*/66).fork()).ldelim(); + if (message.labels != null && Object.hasOwnProperty.call(message, "labels")) + for (var keys = Object.keys(message.labels), i = 0; i < keys.length; ++i) + writer.uint32(/* id 10, wireType 2 =*/82).fork().uint32(/* id 1, wireType 2 =*/10).string(keys[i]).uint32(/* id 2, wireType 2 =*/18).string(message.labels[keys[i]]).ldelim(); + if (message.versionTemplate != null && Object.hasOwnProperty.call(message, "versionTemplate")) + $root.google.cloud.kms.v1.CryptoKeyVersionTemplate.encode(message.versionTemplate, writer.uint32(/* id 11, wireType 2 =*/90).fork()).ldelim(); + if (message.importOnly != null && Object.hasOwnProperty.call(message, "importOnly")) + writer.uint32(/* id 13, wireType 0 =*/104).bool(message.importOnly); + if (message.destroyScheduledDuration != null && Object.hasOwnProperty.call(message, "destroyScheduledDuration")) + $root.google.protobuf.Duration.encode(message.destroyScheduledDuration, writer.uint32(/* id 14, wireType 2 =*/114).fork()).ldelim(); + if (message.cryptoKeyBackend != null && Object.hasOwnProperty.call(message, "cryptoKeyBackend")) + writer.uint32(/* id 15, wireType 2 =*/122).string(message.cryptoKeyBackend); + return writer; + }; + + /** + * Encodes the specified CryptoKey message, length delimited. Does not implicitly {@link google.cloud.kms.v1.CryptoKey.verify|verify} messages. + * @function encodeDelimited + * @memberof google.cloud.kms.v1.CryptoKey + * @static + * @param {google.cloud.kms.v1.ICryptoKey} message CryptoKey message or plain object to encode + * @param {$protobuf.Writer} [writer] Writer to encode to + * @returns {$protobuf.Writer} Writer + */ + CryptoKey.encodeDelimited = function encodeDelimited(message, writer) { + return this.encode(message, writer).ldelim(); + }; + + /** + * Decodes a CryptoKey message from the specified reader or buffer. + * @function decode + * @memberof google.cloud.kms.v1.CryptoKey + * @static + * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from + * @param {number} [length] Message length if known beforehand + * @returns {google.cloud.kms.v1.CryptoKey} CryptoKey + * @throws {Error} If the payload is not a reader or valid buffer + * @throws {$protobuf.util.ProtocolError} If required fields are missing + */ + CryptoKey.decode = function decode(reader, length) { + if (!(reader instanceof $Reader)) + reader = $Reader.create(reader); + var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.cloud.kms.v1.CryptoKey(), key, value; + while (reader.pos < end) { + var tag = reader.uint32(); + switch (tag >>> 3) { + case 1: + message.name = reader.string(); + break; + case 2: + message.primary = $root.google.cloud.kms.v1.CryptoKeyVersion.decode(reader, reader.uint32()); + break; + case 3: + message.purpose = reader.int32(); + break; + case 5: + message.createTime = $root.google.protobuf.Timestamp.decode(reader, reader.uint32()); + break; + case 7: + message.nextRotationTime = $root.google.protobuf.Timestamp.decode(reader, reader.uint32()); + break; + case 8: + message.rotationPeriod = $root.google.protobuf.Duration.decode(reader, reader.uint32()); + break; + case 11: + message.versionTemplate = $root.google.cloud.kms.v1.CryptoKeyVersionTemplate.decode(reader, reader.uint32()); + break; + case 10: + if (message.labels === $util.emptyObject) + message.labels = {}; + var end2 = reader.uint32() + reader.pos; + key = ""; + value = ""; + while (reader.pos < end2) { + var tag2 = reader.uint32(); + switch (tag2 >>> 3) { + case 1: + key = reader.string(); + break; + case 2: + value = reader.string(); + break; + default: + reader.skipType(tag2 & 7); + break; + } + } + message.labels[key] = value; + break; + case 13: + message.importOnly = reader.bool(); + break; + case 14: + message.destroyScheduledDuration = $root.google.protobuf.Duration.decode(reader, reader.uint32()); + break; + case 15: + message.cryptoKeyBackend = reader.string(); + break; + default: + reader.skipType(tag & 7); + break; + } + } + return message; + }; + + /** + * Decodes a CryptoKey message from the specified reader or buffer, length delimited. + * @function decodeDelimited + * @memberof google.cloud.kms.v1.CryptoKey + * @static + * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from + * @returns {google.cloud.kms.v1.CryptoKey} CryptoKey + * @throws {Error} If the payload is not a reader or valid buffer + * @throws {$protobuf.util.ProtocolError} If required fields are missing + */ + CryptoKey.decodeDelimited = function decodeDelimited(reader) { + if (!(reader instanceof $Reader)) + reader = new $Reader(reader); + return this.decode(reader, reader.uint32()); + }; + + /** + * Verifies a CryptoKey message. + * @function verify + * @memberof google.cloud.kms.v1.CryptoKey + * @static + * @param {Object.} message Plain object to verify + * @returns {string|null} `null` if valid, otherwise the reason why it is not + */ + CryptoKey.verify = function verify(message) { + if (typeof message !== "object" || message === null) + return "object expected"; + var properties = {}; + if (message.name != null && message.hasOwnProperty("name")) + if (!$util.isString(message.name)) + return "name: string expected"; + if (message.primary != null && message.hasOwnProperty("primary")) { + var error = $root.google.cloud.kms.v1.CryptoKeyVersion.verify(message.primary); + if (error) + return "primary." + error; + } + if (message.purpose != null && message.hasOwnProperty("purpose")) + switch (message.purpose) { + default: + return "purpose: enum value expected"; + case 0: + case 1: + case 5: + case 6: + case 9: + break; + } + if (message.createTime != null && message.hasOwnProperty("createTime")) { + var error = $root.google.protobuf.Timestamp.verify(message.createTime); + if (error) + return "createTime." + error; + } + if (message.nextRotationTime != null && message.hasOwnProperty("nextRotationTime")) { + var error = $root.google.protobuf.Timestamp.verify(message.nextRotationTime); + if (error) + return "nextRotationTime." + error; + } + if (message.rotationPeriod != null && message.hasOwnProperty("rotationPeriod")) { + properties.rotationSchedule = 1; + { + var error = $root.google.protobuf.Duration.verify(message.rotationPeriod); + if (error) + return "rotationPeriod." + error; + } + } + if (message.versionTemplate != null && message.hasOwnProperty("versionTemplate")) { + var error = $root.google.cloud.kms.v1.CryptoKeyVersionTemplate.verify(message.versionTemplate); + if (error) + return "versionTemplate." + error; + } + if (message.labels != null && message.hasOwnProperty("labels")) { + if (!$util.isObject(message.labels)) + return "labels: object expected"; + var key = Object.keys(message.labels); + for (var i = 0; i < key.length; ++i) + if (!$util.isString(message.labels[key[i]])) + return "labels: string{k:string} expected"; + } + if (message.importOnly != null && message.hasOwnProperty("importOnly")) + if (typeof message.importOnly !== "boolean") + return "importOnly: boolean expected"; + if (message.destroyScheduledDuration != null && message.hasOwnProperty("destroyScheduledDuration")) { + var error = $root.google.protobuf.Duration.verify(message.destroyScheduledDuration); + if (error) + return "destroyScheduledDuration." + error; + } + if (message.cryptoKeyBackend != null && message.hasOwnProperty("cryptoKeyBackend")) + if (!$util.isString(message.cryptoKeyBackend)) + return "cryptoKeyBackend: string expected"; + return null; + }; + + /** + * Creates a CryptoKey message from a plain object. Also converts values to their respective internal types. + * @function fromObject + * @memberof google.cloud.kms.v1.CryptoKey + * @static + * @param {Object.} object Plain object + * @returns {google.cloud.kms.v1.CryptoKey} CryptoKey + */ + CryptoKey.fromObject = function fromObject(object) { + if (object instanceof $root.google.cloud.kms.v1.CryptoKey) + return object; + var message = new $root.google.cloud.kms.v1.CryptoKey(); + if (object.name != null) + message.name = String(object.name); + if (object.primary != null) { + if (typeof object.primary !== "object") + throw TypeError(".google.cloud.kms.v1.CryptoKey.primary: object expected"); + message.primary = $root.google.cloud.kms.v1.CryptoKeyVersion.fromObject(object.primary); + } + switch (object.purpose) { + case "CRYPTO_KEY_PURPOSE_UNSPECIFIED": + case 0: + message.purpose = 0; + break; + case "ENCRYPT_DECRYPT": + case 1: + message.purpose = 1; + break; + case "ASYMMETRIC_SIGN": + case 5: + message.purpose = 5; + break; + case "ASYMMETRIC_DECRYPT": + case 6: + message.purpose = 6; + break; + case "MAC": + case 9: + message.purpose = 9; + break; + } + if (object.createTime != null) { + if (typeof object.createTime !== "object") + throw TypeError(".google.cloud.kms.v1.CryptoKey.createTime: object expected"); + message.createTime = $root.google.protobuf.Timestamp.fromObject(object.createTime); + } + if (object.nextRotationTime != null) { + if (typeof object.nextRotationTime !== "object") + throw TypeError(".google.cloud.kms.v1.CryptoKey.nextRotationTime: object expected"); + message.nextRotationTime = $root.google.protobuf.Timestamp.fromObject(object.nextRotationTime); + } + if (object.rotationPeriod != null) { + if (typeof object.rotationPeriod !== "object") + throw TypeError(".google.cloud.kms.v1.CryptoKey.rotationPeriod: object expected"); + message.rotationPeriod = $root.google.protobuf.Duration.fromObject(object.rotationPeriod); + } + if (object.versionTemplate != null) { + if (typeof object.versionTemplate !== "object") + throw TypeError(".google.cloud.kms.v1.CryptoKey.versionTemplate: object expected"); + message.versionTemplate = $root.google.cloud.kms.v1.CryptoKeyVersionTemplate.fromObject(object.versionTemplate); + } + if (object.labels) { + if (typeof object.labels !== "object") + throw TypeError(".google.cloud.kms.v1.CryptoKey.labels: object expected"); + message.labels = {}; + for (var keys = Object.keys(object.labels), i = 0; i < keys.length; ++i) + message.labels[keys[i]] = String(object.labels[keys[i]]); + } + if (object.importOnly != null) + message.importOnly = Boolean(object.importOnly); + if (object.destroyScheduledDuration != null) { + if (typeof object.destroyScheduledDuration !== "object") + throw TypeError(".google.cloud.kms.v1.CryptoKey.destroyScheduledDuration: object expected"); + message.destroyScheduledDuration = $root.google.protobuf.Duration.fromObject(object.destroyScheduledDuration); + } + if (object.cryptoKeyBackend != null) + message.cryptoKeyBackend = String(object.cryptoKeyBackend); + return message; + }; + + /** + * Creates a plain object from a CryptoKey message. Also converts values to other types if specified. + * @function toObject + * @memberof google.cloud.kms.v1.CryptoKey + * @static + * @param {google.cloud.kms.v1.CryptoKey} message CryptoKey + * @param {$protobuf.IConversionOptions} [options] Conversion options + * @returns {Object.} Plain object + */ + CryptoKey.toObject = function toObject(message, options) { + if (!options) + options = {}; + var object = {}; + if (options.objects || options.defaults) + object.labels = {}; + if (options.defaults) { + object.name = ""; + object.primary = null; + object.purpose = options.enums === String ? "CRYPTO_KEY_PURPOSE_UNSPECIFIED" : 0; + object.createTime = null; + object.nextRotationTime = null; + object.versionTemplate = null; + object.importOnly = false; + object.destroyScheduledDuration = null; + object.cryptoKeyBackend = ""; + } + if (message.name != null && message.hasOwnProperty("name")) + object.name = message.name; + if (message.primary != null && message.hasOwnProperty("primary")) + object.primary = $root.google.cloud.kms.v1.CryptoKeyVersion.toObject(message.primary, options); + if (message.purpose != null && message.hasOwnProperty("purpose")) + object.purpose = options.enums === String ? $root.google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose[message.purpose] : message.purpose; + if (message.createTime != null && message.hasOwnProperty("createTime")) + object.createTime = $root.google.protobuf.Timestamp.toObject(message.createTime, options); + if (message.nextRotationTime != null && message.hasOwnProperty("nextRotationTime")) + object.nextRotationTime = $root.google.protobuf.Timestamp.toObject(message.nextRotationTime, options); + if (message.rotationPeriod != null && message.hasOwnProperty("rotationPeriod")) { + object.rotationPeriod = $root.google.protobuf.Duration.toObject(message.rotationPeriod, options); + if (options.oneofs) + object.rotationSchedule = "rotationPeriod"; + } + var keys2; + if (message.labels && (keys2 = Object.keys(message.labels)).length) { + object.labels = {}; + for (var j = 0; j < keys2.length; ++j) + object.labels[keys2[j]] = message.labels[keys2[j]]; + } + if (message.versionTemplate != null && message.hasOwnProperty("versionTemplate")) + object.versionTemplate = $root.google.cloud.kms.v1.CryptoKeyVersionTemplate.toObject(message.versionTemplate, options); + if (message.importOnly != null && message.hasOwnProperty("importOnly")) + object.importOnly = message.importOnly; + if (message.destroyScheduledDuration != null && message.hasOwnProperty("destroyScheduledDuration")) + object.destroyScheduledDuration = $root.google.protobuf.Duration.toObject(message.destroyScheduledDuration, options); + if (message.cryptoKeyBackend != null && message.hasOwnProperty("cryptoKeyBackend")) + object.cryptoKeyBackend = message.cryptoKeyBackend; + return object; + }; + + /** + * Converts this CryptoKey to JSON. + * @function toJSON + * @memberof google.cloud.kms.v1.CryptoKey + * @instance + * @returns {Object.} JSON object + */ + CryptoKey.prototype.toJSON = function toJSON() { + return this.constructor.toObject(this, $protobuf.util.toJSONOptions); + }; + + /** + * CryptoKeyPurpose enum. + * @name google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose + * @enum {number} + * @property {number} CRYPTO_KEY_PURPOSE_UNSPECIFIED=0 CRYPTO_KEY_PURPOSE_UNSPECIFIED value + * @property {number} ENCRYPT_DECRYPT=1 ENCRYPT_DECRYPT value + * @property {number} ASYMMETRIC_SIGN=5 ASYMMETRIC_SIGN value + * @property {number} ASYMMETRIC_DECRYPT=6 ASYMMETRIC_DECRYPT value + * @property {number} MAC=9 MAC value + */ + CryptoKey.CryptoKeyPurpose = (function() { + var valuesById = {}, values = Object.create(valuesById); + values[valuesById[0] = "CRYPTO_KEY_PURPOSE_UNSPECIFIED"] = 0; + values[valuesById[1] = "ENCRYPT_DECRYPT"] = 1; + values[valuesById[5] = "ASYMMETRIC_SIGN"] = 5; + values[valuesById[6] = "ASYMMETRIC_DECRYPT"] = 6; + values[valuesById[9] = "MAC"] = 9; + return values; + })(); + + return CryptoKey; + })(); + + v1.CryptoKeyVersionTemplate = (function() { + + /** + * Properties of a CryptoKeyVersionTemplate. + * @memberof google.cloud.kms.v1 + * @interface ICryptoKeyVersionTemplate + * @property {google.cloud.kms.v1.ProtectionLevel|null} [protectionLevel] CryptoKeyVersionTemplate protectionLevel + * @property {google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm|null} [algorithm] CryptoKeyVersionTemplate algorithm + */ + + /** + * Constructs a new CryptoKeyVersionTemplate. + * @memberof google.cloud.kms.v1 + * @classdesc Represents a CryptoKeyVersionTemplate. + * @implements ICryptoKeyVersionTemplate + * @constructor + * @param {google.cloud.kms.v1.ICryptoKeyVersionTemplate=} [properties] Properties to set + */ + function CryptoKeyVersionTemplate(properties) { + if (properties) + for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i) + if (properties[keys[i]] != null) + this[keys[i]] = properties[keys[i]]; + } + + /** + * CryptoKeyVersionTemplate protectionLevel. + * @member {google.cloud.kms.v1.ProtectionLevel} protectionLevel + * @memberof google.cloud.kms.v1.CryptoKeyVersionTemplate + * @instance + */ + CryptoKeyVersionTemplate.prototype.protectionLevel = 0; + + /** + * CryptoKeyVersionTemplate algorithm. + * @member {google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm} algorithm + * @memberof google.cloud.kms.v1.CryptoKeyVersionTemplate + * @instance + */ + CryptoKeyVersionTemplate.prototype.algorithm = 0; + + /** + * Creates a new CryptoKeyVersionTemplate instance using the specified properties. + * @function create + * @memberof google.cloud.kms.v1.CryptoKeyVersionTemplate + * @static + * @param {google.cloud.kms.v1.ICryptoKeyVersionTemplate=} [properties] Properties to set + * @returns {google.cloud.kms.v1.CryptoKeyVersionTemplate} CryptoKeyVersionTemplate instance + */ + CryptoKeyVersionTemplate.create = function create(properties) { + return new CryptoKeyVersionTemplate(properties); + }; + + /** + * Encodes the specified CryptoKeyVersionTemplate message. Does not implicitly {@link google.cloud.kms.v1.CryptoKeyVersionTemplate.verify|verify} messages. + * @function encode + * @memberof google.cloud.kms.v1.CryptoKeyVersionTemplate + * @static + * @param {google.cloud.kms.v1.ICryptoKeyVersionTemplate} message CryptoKeyVersionTemplate message or plain object to encode + * @param {$protobuf.Writer} [writer] Writer to encode to + * @returns {$protobuf.Writer} Writer + */ + CryptoKeyVersionTemplate.encode = function encode(message, writer) { + if (!writer) + writer = $Writer.create(); + if (message.protectionLevel != null && Object.hasOwnProperty.call(message, "protectionLevel")) + writer.uint32(/* id 1, wireType 0 =*/8).int32(message.protectionLevel); + if (message.algorithm != null && Object.hasOwnProperty.call(message, "algorithm")) + writer.uint32(/* id 3, wireType 0 =*/24).int32(message.algorithm); + return writer; + }; + + /** + * Encodes the specified CryptoKeyVersionTemplate message, length delimited. Does not implicitly {@link google.cloud.kms.v1.CryptoKeyVersionTemplate.verify|verify} messages. + * @function encodeDelimited + * @memberof google.cloud.kms.v1.CryptoKeyVersionTemplate + * @static + * @param {google.cloud.kms.v1.ICryptoKeyVersionTemplate} message CryptoKeyVersionTemplate message or plain object to encode + * @param {$protobuf.Writer} [writer] Writer to encode to + * @returns {$protobuf.Writer} Writer + */ + CryptoKeyVersionTemplate.encodeDelimited = function encodeDelimited(message, writer) { + return this.encode(message, writer).ldelim(); + }; + + /** + * Decodes a CryptoKeyVersionTemplate message from the specified reader or buffer. + * @function decode + * @memberof google.cloud.kms.v1.CryptoKeyVersionTemplate + * @static + * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from + * @param {number} [length] Message length if known beforehand + * @returns {google.cloud.kms.v1.CryptoKeyVersionTemplate} CryptoKeyVersionTemplate + * @throws {Error} If the payload is not a reader or valid buffer + * @throws {$protobuf.util.ProtocolError} If required fields are missing + */ + CryptoKeyVersionTemplate.decode = function decode(reader, length) { + if (!(reader instanceof $Reader)) + reader = $Reader.create(reader); + var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.cloud.kms.v1.CryptoKeyVersionTemplate(); + while (reader.pos < end) { + var tag = reader.uint32(); + switch (tag >>> 3) { + case 1: + message.protectionLevel = reader.int32(); + break; + case 3: + message.algorithm = reader.int32(); + break; + default: + reader.skipType(tag & 7); + break; + } + } + return message; + }; + + /** + * Decodes a CryptoKeyVersionTemplate message from the specified reader or buffer, length delimited. + * @function decodeDelimited + * @memberof google.cloud.kms.v1.CryptoKeyVersionTemplate + * @static + * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from + * @returns {google.cloud.kms.v1.CryptoKeyVersionTemplate} CryptoKeyVersionTemplate + * @throws {Error} If the payload is not a reader or valid buffer + * @throws {$protobuf.util.ProtocolError} If required fields are missing + */ + CryptoKeyVersionTemplate.decodeDelimited = function decodeDelimited(reader) { + if (!(reader instanceof $Reader)) + reader = new $Reader(reader); + return this.decode(reader, reader.uint32()); + }; + + /** + * Verifies a CryptoKeyVersionTemplate message. + * @function verify + * @memberof google.cloud.kms.v1.CryptoKeyVersionTemplate + * @static + * @param {Object.} message Plain object to verify + * @returns {string|null} `null` if valid, otherwise the reason why it is not + */ + CryptoKeyVersionTemplate.verify = function verify(message) { + if (typeof message !== "object" || message === null) + return "object expected"; + if (message.protectionLevel != null && message.hasOwnProperty("protectionLevel")) + switch (message.protectionLevel) { + default: + return "protectionLevel: enum value expected"; + case 0: + case 1: + case 2: + case 3: + case 4: + break; + } + if (message.algorithm != null && message.hasOwnProperty("algorithm")) + switch (message.algorithm) { + default: + return "algorithm: enum value expected"; + case 0: + case 1: + case 2: + case 3: + case 4: + case 15: + case 5: + case 6: + case 7: + case 16: + case 28: + case 29: + case 30: + case 8: + case 9: + case 10: + case 17: + case 37: + case 38: + case 39: + case 12: + case 13: + case 31: + case 32: + case 18: + break; + } + return null; + }; + + /** + * Creates a CryptoKeyVersionTemplate message from a plain object. Also converts values to their respective internal types. + * @function fromObject + * @memberof google.cloud.kms.v1.CryptoKeyVersionTemplate + * @static + * @param {Object.} object Plain object + * @returns {google.cloud.kms.v1.CryptoKeyVersionTemplate} CryptoKeyVersionTemplate + */ + CryptoKeyVersionTemplate.fromObject = function fromObject(object) { + if (object instanceof $root.google.cloud.kms.v1.CryptoKeyVersionTemplate) + return object; + var message = new $root.google.cloud.kms.v1.CryptoKeyVersionTemplate(); + switch (object.protectionLevel) { + case "PROTECTION_LEVEL_UNSPECIFIED": + case 0: + message.protectionLevel = 0; + break; + case "SOFTWARE": + case 1: + message.protectionLevel = 1; + break; + case "HSM": + case 2: + message.protectionLevel = 2; + break; + case "EXTERNAL": + case 3: + message.protectionLevel = 3; + break; + case "EXTERNAL_VPC": + case 4: + message.protectionLevel = 4; + break; + } + switch (object.algorithm) { + case "CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED": + case 0: + message.algorithm = 0; + break; + case "GOOGLE_SYMMETRIC_ENCRYPTION": + case 1: + message.algorithm = 1; + break; + case "RSA_SIGN_PSS_2048_SHA256": + case 2: + message.algorithm = 2; + break; + case "RSA_SIGN_PSS_3072_SHA256": + case 3: + message.algorithm = 3; + break; + case "RSA_SIGN_PSS_4096_SHA256": + case 4: + message.algorithm = 4; + break; + case "RSA_SIGN_PSS_4096_SHA512": + case 15: + message.algorithm = 15; + break; + case "RSA_SIGN_PKCS1_2048_SHA256": + case 5: + message.algorithm = 5; + break; + case "RSA_SIGN_PKCS1_3072_SHA256": + case 6: + message.algorithm = 6; + break; + case "RSA_SIGN_PKCS1_4096_SHA256": + case 7: + message.algorithm = 7; + break; + case "RSA_SIGN_PKCS1_4096_SHA512": + case 16: + message.algorithm = 16; + break; + case "RSA_SIGN_RAW_PKCS1_2048": + case 28: + message.algorithm = 28; + break; + case "RSA_SIGN_RAW_PKCS1_3072": + case 29: + message.algorithm = 29; + break; + case "RSA_SIGN_RAW_PKCS1_4096": + case 30: + message.algorithm = 30; + break; + case "RSA_DECRYPT_OAEP_2048_SHA256": + case 8: + message.algorithm = 8; + break; + case "RSA_DECRYPT_OAEP_3072_SHA256": + case 9: + message.algorithm = 9; + break; + case "RSA_DECRYPT_OAEP_4096_SHA256": + case 10: + message.algorithm = 10; + break; + case "RSA_DECRYPT_OAEP_4096_SHA512": + case 17: + message.algorithm = 17; + break; + case "RSA_DECRYPT_OAEP_2048_SHA1": + case 37: + message.algorithm = 37; + break; + case "RSA_DECRYPT_OAEP_3072_SHA1": + case 38: + message.algorithm = 38; + break; + case "RSA_DECRYPT_OAEP_4096_SHA1": + case 39: + message.algorithm = 39; + break; + case "EC_SIGN_P256_SHA256": + case 12: + message.algorithm = 12; + break; + case "EC_SIGN_P384_SHA384": + case 13: + message.algorithm = 13; + break; + case "EC_SIGN_SECP256K1_SHA256": + case 31: + message.algorithm = 31; + break; + case "HMAC_SHA256": + case 32: + message.algorithm = 32; + break; + case "EXTERNAL_SYMMETRIC_ENCRYPTION": + case 18: + message.algorithm = 18; + break; + } + return message; + }; + + /** + * Creates a plain object from a CryptoKeyVersionTemplate message. Also converts values to other types if specified. + * @function toObject + * @memberof google.cloud.kms.v1.CryptoKeyVersionTemplate + * @static + * @param {google.cloud.kms.v1.CryptoKeyVersionTemplate} message CryptoKeyVersionTemplate + * @param {$protobuf.IConversionOptions} [options] Conversion options + * @returns {Object.} Plain object + */ + CryptoKeyVersionTemplate.toObject = function toObject(message, options) { + if (!options) + options = {}; + var object = {}; + if (options.defaults) { + object.protectionLevel = options.enums === String ? "PROTECTION_LEVEL_UNSPECIFIED" : 0; + object.algorithm = options.enums === String ? "CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED" : 0; + } + if (message.protectionLevel != null && message.hasOwnProperty("protectionLevel")) + object.protectionLevel = options.enums === String ? $root.google.cloud.kms.v1.ProtectionLevel[message.protectionLevel] : message.protectionLevel; + if (message.algorithm != null && message.hasOwnProperty("algorithm")) + object.algorithm = options.enums === String ? $root.google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm[message.algorithm] : message.algorithm; + return object; + }; + + /** + * Converts this CryptoKeyVersionTemplate to JSON. + * @function toJSON + * @memberof google.cloud.kms.v1.CryptoKeyVersionTemplate + * @instance + * @returns {Object.} JSON object + */ + CryptoKeyVersionTemplate.prototype.toJSON = function toJSON() { + return this.constructor.toObject(this, $protobuf.util.toJSONOptions); + }; + + return CryptoKeyVersionTemplate; + })(); + + v1.KeyOperationAttestation = (function() { + + /** + * Properties of a KeyOperationAttestation. + * @memberof google.cloud.kms.v1 + * @interface IKeyOperationAttestation + * @property {google.cloud.kms.v1.KeyOperationAttestation.AttestationFormat|null} [format] KeyOperationAttestation format + * @property {Uint8Array|null} [content] KeyOperationAttestation content + * @property {google.cloud.kms.v1.KeyOperationAttestation.ICertificateChains|null} [certChains] KeyOperationAttestation certChains + */ + + /** + * Constructs a new KeyOperationAttestation. + * @memberof google.cloud.kms.v1 + * @classdesc Represents a KeyOperationAttestation. + * @implements IKeyOperationAttestation + * @constructor + * @param {google.cloud.kms.v1.IKeyOperationAttestation=} [properties] Properties to set + */ + function KeyOperationAttestation(properties) { + if (properties) + for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i) + if (properties[keys[i]] != null) + this[keys[i]] = properties[keys[i]]; + } + + /** + * KeyOperationAttestation format. + * @member {google.cloud.kms.v1.KeyOperationAttestation.AttestationFormat} format + * @memberof google.cloud.kms.v1.KeyOperationAttestation + * @instance + */ + KeyOperationAttestation.prototype.format = 0; + + /** + * KeyOperationAttestation content. + * @member {Uint8Array} content + * @memberof google.cloud.kms.v1.KeyOperationAttestation + * @instance + */ + KeyOperationAttestation.prototype.content = $util.newBuffer([]); + + /** + * KeyOperationAttestation certChains. + * @member {google.cloud.kms.v1.KeyOperationAttestation.ICertificateChains|null|undefined} certChains + * @memberof google.cloud.kms.v1.KeyOperationAttestation + * @instance + */ + KeyOperationAttestation.prototype.certChains = null; + + /** + * Creates a new KeyOperationAttestation instance using the specified properties. + * @function create + * @memberof google.cloud.kms.v1.KeyOperationAttestation + * @static + * @param {google.cloud.kms.v1.IKeyOperationAttestation=} [properties] Properties to set + * @returns {google.cloud.kms.v1.KeyOperationAttestation} KeyOperationAttestation instance + */ + KeyOperationAttestation.create = function create(properties) { + return new KeyOperationAttestation(properties); + }; + + /** + * Encodes the specified KeyOperationAttestation message. Does not implicitly {@link google.cloud.kms.v1.KeyOperationAttestation.verify|verify} messages. + * @function encode + * @memberof google.cloud.kms.v1.KeyOperationAttestation + * @static + * @param {google.cloud.kms.v1.IKeyOperationAttestation} message KeyOperationAttestation message or plain object to encode + * @param {$protobuf.Writer} [writer] Writer to encode to + * @returns {$protobuf.Writer} Writer + */ + KeyOperationAttestation.encode = function encode(message, writer) { + if (!writer) + writer = $Writer.create(); + if (message.format != null && Object.hasOwnProperty.call(message, "format")) + writer.uint32(/* id 4, wireType 0 =*/32).int32(message.format); + if (message.content != null && Object.hasOwnProperty.call(message, "content")) + writer.uint32(/* id 5, wireType 2 =*/42).bytes(message.content); + if (message.certChains != null && Object.hasOwnProperty.call(message, "certChains")) + $root.google.cloud.kms.v1.KeyOperationAttestation.CertificateChains.encode(message.certChains, writer.uint32(/* id 6, wireType 2 =*/50).fork()).ldelim(); + return writer; + }; + + /** + * Encodes the specified KeyOperationAttestation message, length delimited. Does not implicitly {@link google.cloud.kms.v1.KeyOperationAttestation.verify|verify} messages. + * @function encodeDelimited + * @memberof google.cloud.kms.v1.KeyOperationAttestation + * @static + * @param {google.cloud.kms.v1.IKeyOperationAttestation} message KeyOperationAttestation message or plain object to encode + * @param {$protobuf.Writer} [writer] Writer to encode to + * @returns {$protobuf.Writer} Writer + */ + KeyOperationAttestation.encodeDelimited = function encodeDelimited(message, writer) { + return this.encode(message, writer).ldelim(); + }; + + /** + * Decodes a KeyOperationAttestation message from the specified reader or buffer. + * @function decode + * @memberof google.cloud.kms.v1.KeyOperationAttestation + * @static + * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from + * @param {number} [length] Message length if known beforehand + * @returns {google.cloud.kms.v1.KeyOperationAttestation} KeyOperationAttestation + * @throws {Error} If the payload is not a reader or valid buffer + * @throws {$protobuf.util.ProtocolError} If required fields are missing + */ + KeyOperationAttestation.decode = function decode(reader, length) { + if (!(reader instanceof $Reader)) + reader = $Reader.create(reader); + var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.cloud.kms.v1.KeyOperationAttestation(); + while (reader.pos < end) { + var tag = reader.uint32(); + switch (tag >>> 3) { + case 4: + message.format = reader.int32(); + break; + case 5: + message.content = reader.bytes(); + break; + case 6: + message.certChains = $root.google.cloud.kms.v1.KeyOperationAttestation.CertificateChains.decode(reader, reader.uint32()); + break; + default: + reader.skipType(tag & 7); + break; + } + } + return message; + }; + + /** + * Decodes a KeyOperationAttestation message from the specified reader or buffer, length delimited. + * @function decodeDelimited + * @memberof google.cloud.kms.v1.KeyOperationAttestation + * @static + * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from + * @returns {google.cloud.kms.v1.KeyOperationAttestation} KeyOperationAttestation + * @throws {Error} If the payload is not a reader or valid buffer + * @throws {$protobuf.util.ProtocolError} If required fields are missing + */ + KeyOperationAttestation.decodeDelimited = function decodeDelimited(reader) { + if (!(reader instanceof $Reader)) + reader = new $Reader(reader); + return this.decode(reader, reader.uint32()); + }; + + /** + * Verifies a KeyOperationAttestation message. + * @function verify + * @memberof google.cloud.kms.v1.KeyOperationAttestation + * @static + * @param {Object.} message Plain object to verify + * @returns {string|null} `null` if valid, otherwise the reason why it is not + */ + KeyOperationAttestation.verify = function verify(message) { + if (typeof message !== "object" || message === null) + return "object expected"; + if (message.format != null && message.hasOwnProperty("format")) + switch (message.format) { + default: + return "format: enum value expected"; + case 0: + case 3: + case 4: + break; + } + if (message.content != null && message.hasOwnProperty("content")) + if (!(message.content && typeof message.content.length === "number" || $util.isString(message.content))) + return "content: buffer expected"; + if (message.certChains != null && message.hasOwnProperty("certChains")) { + var error = $root.google.cloud.kms.v1.KeyOperationAttestation.CertificateChains.verify(message.certChains); + if (error) + return "certChains." + error; + } + return null; + }; + + /** + * Creates a KeyOperationAttestation message from a plain object. Also converts values to their respective internal types. + * @function fromObject + * @memberof google.cloud.kms.v1.KeyOperationAttestation + * @static + * @param {Object.} object Plain object + * @returns {google.cloud.kms.v1.KeyOperationAttestation} KeyOperationAttestation + */ + KeyOperationAttestation.fromObject = function fromObject(object) { + if (object instanceof $root.google.cloud.kms.v1.KeyOperationAttestation) + return object; + var message = new $root.google.cloud.kms.v1.KeyOperationAttestation(); + switch (object.format) { + case "ATTESTATION_FORMAT_UNSPECIFIED": + case 0: + message.format = 0; + break; + case "CAVIUM_V1_COMPRESSED": + case 3: + message.format = 3; + break; + case "CAVIUM_V2_COMPRESSED": + case 4: + message.format = 4; + break; + } + if (object.content != null) + if (typeof object.content === "string") + $util.base64.decode(object.content, message.content = $util.newBuffer($util.base64.length(object.content)), 0); + else if (object.content.length) + message.content = object.content; + if (object.certChains != null) { + if (typeof object.certChains !== "object") + throw TypeError(".google.cloud.kms.v1.KeyOperationAttestation.certChains: object expected"); + message.certChains = $root.google.cloud.kms.v1.KeyOperationAttestation.CertificateChains.fromObject(object.certChains); + } + return message; + }; + + /** + * Creates a plain object from a KeyOperationAttestation message. Also converts values to other types if specified. + * @function toObject + * @memberof google.cloud.kms.v1.KeyOperationAttestation + * @static + * @param {google.cloud.kms.v1.KeyOperationAttestation} message KeyOperationAttestation + * @param {$protobuf.IConversionOptions} [options] Conversion options + * @returns {Object.} Plain object + */ + KeyOperationAttestation.toObject = function toObject(message, options) { + if (!options) + options = {}; + var object = {}; + if (options.defaults) { + object.format = options.enums === String ? "ATTESTATION_FORMAT_UNSPECIFIED" : 0; + if (options.bytes === String) + object.content = ""; + else { + object.content = []; + if (options.bytes !== Array) + object.content = $util.newBuffer(object.content); + } + object.certChains = null; + } + if (message.format != null && message.hasOwnProperty("format")) + object.format = options.enums === String ? $root.google.cloud.kms.v1.KeyOperationAttestation.AttestationFormat[message.format] : message.format; + if (message.content != null && message.hasOwnProperty("content")) + object.content = options.bytes === String ? $util.base64.encode(message.content, 0, message.content.length) : options.bytes === Array ? Array.prototype.slice.call(message.content) : message.content; + if (message.certChains != null && message.hasOwnProperty("certChains")) + object.certChains = $root.google.cloud.kms.v1.KeyOperationAttestation.CertificateChains.toObject(message.certChains, options); + return object; + }; + + /** + * Converts this KeyOperationAttestation to JSON. + * @function toJSON + * @memberof google.cloud.kms.v1.KeyOperationAttestation + * @instance + * @returns {Object.} JSON object + */ + KeyOperationAttestation.prototype.toJSON = function toJSON() { + return this.constructor.toObject(this, $protobuf.util.toJSONOptions); + }; + + /** + * AttestationFormat enum. + * @name google.cloud.kms.v1.KeyOperationAttestation.AttestationFormat + * @enum {number} + * @property {number} ATTESTATION_FORMAT_UNSPECIFIED=0 ATTESTATION_FORMAT_UNSPECIFIED value + * @property {number} CAVIUM_V1_COMPRESSED=3 CAVIUM_V1_COMPRESSED value + * @property {number} CAVIUM_V2_COMPRESSED=4 CAVIUM_V2_COMPRESSED value + */ + KeyOperationAttestation.AttestationFormat = (function() { + var valuesById = {}, values = Object.create(valuesById); + values[valuesById[0] = "ATTESTATION_FORMAT_UNSPECIFIED"] = 0; + values[valuesById[3] = "CAVIUM_V1_COMPRESSED"] = 3; + values[valuesById[4] = "CAVIUM_V2_COMPRESSED"] = 4; + return values; + })(); + + KeyOperationAttestation.CertificateChains = (function() { + + /** + * Properties of a CertificateChains. + * @memberof google.cloud.kms.v1.KeyOperationAttestation + * @interface ICertificateChains + * @property {Array.|null} [caviumCerts] CertificateChains caviumCerts + * @property {Array.|null} [googleCardCerts] CertificateChains googleCardCerts + * @property {Array.|null} [googlePartitionCerts] CertificateChains googlePartitionCerts + */ + + /** + * Constructs a new CertificateChains. + * @memberof google.cloud.kms.v1.KeyOperationAttestation + * @classdesc Represents a CertificateChains. + * @implements ICertificateChains + * @constructor + * @param {google.cloud.kms.v1.KeyOperationAttestation.ICertificateChains=} [properties] Properties to set + */ + function CertificateChains(properties) { + this.caviumCerts = []; + this.googleCardCerts = []; + this.googlePartitionCerts = []; + if (properties) + for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i) + if (properties[keys[i]] != null) + this[keys[i]] = properties[keys[i]]; + } + + /** + * CertificateChains caviumCerts. + * @member {Array.} caviumCerts + * @memberof google.cloud.kms.v1.KeyOperationAttestation.CertificateChains + * @instance + */ + CertificateChains.prototype.caviumCerts = $util.emptyArray; + + /** + * CertificateChains googleCardCerts. + * @member {Array.} googleCardCerts + * @memberof google.cloud.kms.v1.KeyOperationAttestation.CertificateChains + * @instance + */ + CertificateChains.prototype.googleCardCerts = $util.emptyArray; + + /** + * CertificateChains googlePartitionCerts. + * @member {Array.} googlePartitionCerts + * @memberof google.cloud.kms.v1.KeyOperationAttestation.CertificateChains + * @instance + */ + CertificateChains.prototype.googlePartitionCerts = $util.emptyArray; + + /** + * Creates a new CertificateChains instance using the specified properties. + * @function create + * @memberof google.cloud.kms.v1.KeyOperationAttestation.CertificateChains + * @static + * @param {google.cloud.kms.v1.KeyOperationAttestation.ICertificateChains=} [properties] Properties to set + * @returns {google.cloud.kms.v1.KeyOperationAttestation.CertificateChains} CertificateChains instance + */ + CertificateChains.create = function create(properties) { + return new CertificateChains(properties); + }; + + /** + * Encodes the specified CertificateChains message. Does not implicitly {@link google.cloud.kms.v1.KeyOperationAttestation.CertificateChains.verify|verify} messages. + * @function encode + * @memberof google.cloud.kms.v1.KeyOperationAttestation.CertificateChains + * @static + * @param {google.cloud.kms.v1.KeyOperationAttestation.ICertificateChains} message CertificateChains message or plain object to encode + * @param {$protobuf.Writer} [writer] Writer to encode to + * @returns {$protobuf.Writer} Writer + */ + CertificateChains.encode = function encode(message, writer) { + if (!writer) + writer = $Writer.create(); + if (message.caviumCerts != null && message.caviumCerts.length) + for (var i = 0; i < message.caviumCerts.length; ++i) + writer.uint32(/* id 1, wireType 2 =*/10).string(message.caviumCerts[i]); + if (message.googleCardCerts != null && message.googleCardCerts.length) + for (var i = 0; i < message.googleCardCerts.length; ++i) + writer.uint32(/* id 2, wireType 2 =*/18).string(message.googleCardCerts[i]); + if (message.googlePartitionCerts != null && message.googlePartitionCerts.length) + for (var i = 0; i < message.googlePartitionCerts.length; ++i) + writer.uint32(/* id 3, wireType 2 =*/26).string(message.googlePartitionCerts[i]); + return writer; + }; + + /** + * Encodes the specified CertificateChains message, length delimited. Does not implicitly {@link google.cloud.kms.v1.KeyOperationAttestation.CertificateChains.verify|verify} messages. + * @function encodeDelimited + * @memberof google.cloud.kms.v1.KeyOperationAttestation.CertificateChains + * @static + * @param {google.cloud.kms.v1.KeyOperationAttestation.ICertificateChains} message CertificateChains message or plain object to encode + * @param {$protobuf.Writer} [writer] Writer to encode to + * @returns {$protobuf.Writer} Writer + */ + CertificateChains.encodeDelimited = function encodeDelimited(message, writer) { + return this.encode(message, writer).ldelim(); + }; + + /** + * Decodes a CertificateChains message from the specified reader or buffer. + * @function decode + * @memberof google.cloud.kms.v1.KeyOperationAttestation.CertificateChains + * @static + * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from + * @param {number} [length] Message length if known beforehand + * @returns {google.cloud.kms.v1.KeyOperationAttestation.CertificateChains} CertificateChains + * @throws {Error} If the payload is not a reader or valid buffer + * @throws {$protobuf.util.ProtocolError} If required fields are missing + */ + CertificateChains.decode = function decode(reader, length) { + if (!(reader instanceof $Reader)) + reader = $Reader.create(reader); + var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.cloud.kms.v1.KeyOperationAttestation.CertificateChains(); + while (reader.pos < end) { + var tag = reader.uint32(); + switch (tag >>> 3) { + case 1: + if (!(message.caviumCerts && message.caviumCerts.length)) + message.caviumCerts = []; + message.caviumCerts.push(reader.string()); + break; + case 2: + if (!(message.googleCardCerts && message.googleCardCerts.length)) + message.googleCardCerts = []; + message.googleCardCerts.push(reader.string()); + break; + case 3: + if (!(message.googlePartitionCerts && message.googlePartitionCerts.length)) + message.googlePartitionCerts = []; + message.googlePartitionCerts.push(reader.string()); + break; + default: + reader.skipType(tag & 7); + break; + } + } + return message; + }; + + /** + * Decodes a CertificateChains message from the specified reader or buffer, length delimited. + * @function decodeDelimited + * @memberof google.cloud.kms.v1.KeyOperationAttestation.CertificateChains + * @static + * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from + * @returns {google.cloud.kms.v1.KeyOperationAttestation.CertificateChains} CertificateChains + * @throws {Error} If the payload is not a reader or valid buffer + * @throws {$protobuf.util.ProtocolError} If required fields are missing + */ + CertificateChains.decodeDelimited = function decodeDelimited(reader) { + if (!(reader instanceof $Reader)) + reader = new $Reader(reader); + return this.decode(reader, reader.uint32()); + }; + + /** + * Verifies a CertificateChains message. + * @function verify + * @memberof google.cloud.kms.v1.KeyOperationAttestation.CertificateChains + * @static + * @param {Object.} message Plain object to verify + * @returns {string|null} `null` if valid, otherwise the reason why it is not + */ + CertificateChains.verify = function verify(message) { + if (typeof message !== "object" || message === null) + return "object expected"; + if (message.caviumCerts != null && message.hasOwnProperty("caviumCerts")) { + if (!Array.isArray(message.caviumCerts)) + return "caviumCerts: array expected"; + for (var i = 0; i < message.caviumCerts.length; ++i) + if (!$util.isString(message.caviumCerts[i])) + return "caviumCerts: string[] expected"; + } + if (message.googleCardCerts != null && message.hasOwnProperty("googleCardCerts")) { + if (!Array.isArray(message.googleCardCerts)) + return "googleCardCerts: array expected"; + for (var i = 0; i < message.googleCardCerts.length; ++i) + if (!$util.isString(message.googleCardCerts[i])) + return "googleCardCerts: string[] expected"; + } + if (message.googlePartitionCerts != null && message.hasOwnProperty("googlePartitionCerts")) { + if (!Array.isArray(message.googlePartitionCerts)) + return "googlePartitionCerts: array expected"; + for (var i = 0; i < message.googlePartitionCerts.length; ++i) + if (!$util.isString(message.googlePartitionCerts[i])) + return "googlePartitionCerts: string[] expected"; + } + return null; + }; + + /** + * Creates a CertificateChains message from a plain object. Also converts values to their respective internal types. + * @function fromObject + * @memberof google.cloud.kms.v1.KeyOperationAttestation.CertificateChains + * @static + * @param {Object.} object Plain object + * @returns {google.cloud.kms.v1.KeyOperationAttestation.CertificateChains} CertificateChains + */ + CertificateChains.fromObject = function fromObject(object) { + if (object instanceof $root.google.cloud.kms.v1.KeyOperationAttestation.CertificateChains) + return object; + var message = new $root.google.cloud.kms.v1.KeyOperationAttestation.CertificateChains(); + if (object.caviumCerts) { + if (!Array.isArray(object.caviumCerts)) + throw TypeError(".google.cloud.kms.v1.KeyOperationAttestation.CertificateChains.caviumCerts: array expected"); + message.caviumCerts = []; + for (var i = 0; i < object.caviumCerts.length; ++i) + message.caviumCerts[i] = String(object.caviumCerts[i]); + } + if (object.googleCardCerts) { + if (!Array.isArray(object.googleCardCerts)) + throw TypeError(".google.cloud.kms.v1.KeyOperationAttestation.CertificateChains.googleCardCerts: array expected"); + message.googleCardCerts = []; + for (var i = 0; i < object.googleCardCerts.length; ++i) + message.googleCardCerts[i] = String(object.googleCardCerts[i]); + } + if (object.googlePartitionCerts) { + if (!Array.isArray(object.googlePartitionCerts)) + throw TypeError(".google.cloud.kms.v1.KeyOperationAttestation.CertificateChains.googlePartitionCerts: array expected"); + message.googlePartitionCerts = []; + for (var i = 0; i < object.googlePartitionCerts.length; ++i) + message.googlePartitionCerts[i] = String(object.googlePartitionCerts[i]); + } + return message; + }; + + /** + * Creates a plain object from a CertificateChains message. Also converts values to other types if specified. + * @function toObject + * @memberof google.cloud.kms.v1.KeyOperationAttestation.CertificateChains + * @static + * @param {google.cloud.kms.v1.KeyOperationAttestation.CertificateChains} message CertificateChains + * @param {$protobuf.IConversionOptions} [options] Conversion options + * @returns {Object.} Plain object + */ + CertificateChains.toObject = function toObject(message, options) { + if (!options) + options = {}; + var object = {}; + if (options.arrays || options.defaults) { + object.caviumCerts = []; + object.googleCardCerts = []; + object.googlePartitionCerts = []; + } + if (message.caviumCerts && message.caviumCerts.length) { + object.caviumCerts = []; + for (var j = 0; j < message.caviumCerts.length; ++j) + object.caviumCerts[j] = message.caviumCerts[j]; + } + if (message.googleCardCerts && message.googleCardCerts.length) { + object.googleCardCerts = []; + for (var j = 0; j < message.googleCardCerts.length; ++j) + object.googleCardCerts[j] = message.googleCardCerts[j]; + } + if (message.googlePartitionCerts && message.googlePartitionCerts.length) { + object.googlePartitionCerts = []; + for (var j = 0; j < message.googlePartitionCerts.length; ++j) + object.googlePartitionCerts[j] = message.googlePartitionCerts[j]; + } + return object; + }; + + /** + * Converts this CertificateChains to JSON. + * @function toJSON + * @memberof google.cloud.kms.v1.KeyOperationAttestation.CertificateChains + * @instance + * @returns {Object.} JSON object + */ + CertificateChains.prototype.toJSON = function toJSON() { + return this.constructor.toObject(this, $protobuf.util.toJSONOptions); + }; + + return CertificateChains; + })(); + + return KeyOperationAttestation; + })(); + + v1.CryptoKeyVersion = (function() { + + /** + * Properties of a CryptoKeyVersion. + * @memberof google.cloud.kms.v1 + * @interface ICryptoKeyVersion + * @property {string|null} [name] CryptoKeyVersion name + * @property {google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState|null} [state] CryptoKeyVersion state + * @property {google.cloud.kms.v1.ProtectionLevel|null} [protectionLevel] CryptoKeyVersion protectionLevel + * @property {google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm|null} [algorithm] CryptoKeyVersion algorithm + * @property {google.cloud.kms.v1.IKeyOperationAttestation|null} [attestation] CryptoKeyVersion attestation + * @property {google.protobuf.ITimestamp|null} [createTime] CryptoKeyVersion createTime + * @property {google.protobuf.ITimestamp|null} [generateTime] CryptoKeyVersion generateTime + * @property {google.protobuf.ITimestamp|null} [destroyTime] CryptoKeyVersion destroyTime + * @property {google.protobuf.ITimestamp|null} [destroyEventTime] CryptoKeyVersion destroyEventTime + * @property {string|null} [importJob] CryptoKeyVersion importJob + * @property {google.protobuf.ITimestamp|null} [importTime] CryptoKeyVersion importTime + * @property {string|null} [importFailureReason] CryptoKeyVersion importFailureReason + * @property {google.cloud.kms.v1.IExternalProtectionLevelOptions|null} [externalProtectionLevelOptions] CryptoKeyVersion externalProtectionLevelOptions + * @property {boolean|null} [reimportEligible] CryptoKeyVersion reimportEligible + */ + + /** + * Constructs a new CryptoKeyVersion. + * @memberof google.cloud.kms.v1 + * @classdesc Represents a CryptoKeyVersion. + * @implements ICryptoKeyVersion + * @constructor + * @param {google.cloud.kms.v1.ICryptoKeyVersion=} [properties] Properties to set + */ + function CryptoKeyVersion(properties) { + if (properties) + for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i) + if (properties[keys[i]] != null) + this[keys[i]] = properties[keys[i]]; + } + + /** + * CryptoKeyVersion name. + * @member {string} name + * @memberof google.cloud.kms.v1.CryptoKeyVersion + * @instance + */ + CryptoKeyVersion.prototype.name = ""; + + /** + * CryptoKeyVersion state. + * @member {google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState} state + * @memberof google.cloud.kms.v1.CryptoKeyVersion + * @instance + */ + CryptoKeyVersion.prototype.state = 0; + + /** + * CryptoKeyVersion protectionLevel. + * @member {google.cloud.kms.v1.ProtectionLevel} protectionLevel + * @memberof google.cloud.kms.v1.CryptoKeyVersion + * @instance + */ + CryptoKeyVersion.prototype.protectionLevel = 0; + + /** + * CryptoKeyVersion algorithm. + * @member {google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm} algorithm + * @memberof google.cloud.kms.v1.CryptoKeyVersion + * @instance + */ + CryptoKeyVersion.prototype.algorithm = 0; + + /** + * CryptoKeyVersion attestation. + * @member {google.cloud.kms.v1.IKeyOperationAttestation|null|undefined} attestation + * @memberof google.cloud.kms.v1.CryptoKeyVersion + * @instance + */ + CryptoKeyVersion.prototype.attestation = null; + + /** + * CryptoKeyVersion createTime. + * @member {google.protobuf.ITimestamp|null|undefined} createTime + * @memberof google.cloud.kms.v1.CryptoKeyVersion + * @instance + */ + CryptoKeyVersion.prototype.createTime = null; + + /** + * CryptoKeyVersion generateTime. + * @member {google.protobuf.ITimestamp|null|undefined} generateTime + * @memberof google.cloud.kms.v1.CryptoKeyVersion + * @instance + */ + CryptoKeyVersion.prototype.generateTime = null; + + /** + * CryptoKeyVersion destroyTime. + * @member {google.protobuf.ITimestamp|null|undefined} destroyTime + * @memberof google.cloud.kms.v1.CryptoKeyVersion + * @instance + */ + CryptoKeyVersion.prototype.destroyTime = null; + + /** + * CryptoKeyVersion destroyEventTime. + * @member {google.protobuf.ITimestamp|null|undefined} destroyEventTime + * @memberof google.cloud.kms.v1.CryptoKeyVersion + * @instance + */ + CryptoKeyVersion.prototype.destroyEventTime = null; + + /** + * CryptoKeyVersion importJob. + * @member {string} importJob + * @memberof google.cloud.kms.v1.CryptoKeyVersion + * @instance + */ + CryptoKeyVersion.prototype.importJob = ""; + + /** + * CryptoKeyVersion importTime. + * @member {google.protobuf.ITimestamp|null|undefined} importTime + * @memberof google.cloud.kms.v1.CryptoKeyVersion + * @instance + */ + CryptoKeyVersion.prototype.importTime = null; + + /** + * CryptoKeyVersion importFailureReason. + * @member {string} importFailureReason + * @memberof google.cloud.kms.v1.CryptoKeyVersion + * @instance + */ + CryptoKeyVersion.prototype.importFailureReason = ""; + + /** + * CryptoKeyVersion externalProtectionLevelOptions. + * @member {google.cloud.kms.v1.IExternalProtectionLevelOptions|null|undefined} externalProtectionLevelOptions + * @memberof google.cloud.kms.v1.CryptoKeyVersion + * @instance + */ + CryptoKeyVersion.prototype.externalProtectionLevelOptions = null; + + /** + * CryptoKeyVersion reimportEligible. + * @member {boolean} reimportEligible + * @memberof google.cloud.kms.v1.CryptoKeyVersion + * @instance + */ + CryptoKeyVersion.prototype.reimportEligible = false; + + /** + * Creates a new CryptoKeyVersion instance using the specified properties. + * @function create + * @memberof google.cloud.kms.v1.CryptoKeyVersion + * @static + * @param {google.cloud.kms.v1.ICryptoKeyVersion=} [properties] Properties to set + * @returns {google.cloud.kms.v1.CryptoKeyVersion} CryptoKeyVersion instance + */ + CryptoKeyVersion.create = function create(properties) { + return new CryptoKeyVersion(properties); + }; + + /** + * Encodes the specified CryptoKeyVersion message. Does not implicitly {@link google.cloud.kms.v1.CryptoKeyVersion.verify|verify} messages. + * @function encode + * @memberof google.cloud.kms.v1.CryptoKeyVersion + * @static + * @param {google.cloud.kms.v1.ICryptoKeyVersion} message CryptoKeyVersion message or plain object to encode + * @param {$protobuf.Writer} [writer] Writer to encode to + * @returns {$protobuf.Writer} Writer + */ + CryptoKeyVersion.encode = function encode(message, writer) { + if (!writer) + writer = $Writer.create(); + if (message.name != null && Object.hasOwnProperty.call(message, "name")) + writer.uint32(/* id 1, wireType 2 =*/10).string(message.name); + if (message.state != null && Object.hasOwnProperty.call(message, "state")) + writer.uint32(/* id 3, wireType 0 =*/24).int32(message.state); + if (message.createTime != null && Object.hasOwnProperty.call(message, "createTime")) + $root.google.protobuf.Timestamp.encode(message.createTime, writer.uint32(/* id 4, wireType 2 =*/34).fork()).ldelim(); + if (message.destroyTime != null && Object.hasOwnProperty.call(message, "destroyTime")) + $root.google.protobuf.Timestamp.encode(message.destroyTime, writer.uint32(/* id 5, wireType 2 =*/42).fork()).ldelim(); + if (message.destroyEventTime != null && Object.hasOwnProperty.call(message, "destroyEventTime")) + $root.google.protobuf.Timestamp.encode(message.destroyEventTime, writer.uint32(/* id 6, wireType 2 =*/50).fork()).ldelim(); + if (message.protectionLevel != null && Object.hasOwnProperty.call(message, "protectionLevel")) + writer.uint32(/* id 7, wireType 0 =*/56).int32(message.protectionLevel); + if (message.attestation != null && Object.hasOwnProperty.call(message, "attestation")) + $root.google.cloud.kms.v1.KeyOperationAttestation.encode(message.attestation, writer.uint32(/* id 8, wireType 2 =*/66).fork()).ldelim(); + if (message.algorithm != null && Object.hasOwnProperty.call(message, "algorithm")) + writer.uint32(/* id 10, wireType 0 =*/80).int32(message.algorithm); + if (message.generateTime != null && Object.hasOwnProperty.call(message, "generateTime")) + $root.google.protobuf.Timestamp.encode(message.generateTime, writer.uint32(/* id 11, wireType 2 =*/90).fork()).ldelim(); + if (message.importJob != null && Object.hasOwnProperty.call(message, "importJob")) + writer.uint32(/* id 14, wireType 2 =*/114).string(message.importJob); + if (message.importTime != null && Object.hasOwnProperty.call(message, "importTime")) + $root.google.protobuf.Timestamp.encode(message.importTime, writer.uint32(/* id 15, wireType 2 =*/122).fork()).ldelim(); + if (message.importFailureReason != null && Object.hasOwnProperty.call(message, "importFailureReason")) + writer.uint32(/* id 16, wireType 2 =*/130).string(message.importFailureReason); + if (message.externalProtectionLevelOptions != null && Object.hasOwnProperty.call(message, "externalProtectionLevelOptions")) + $root.google.cloud.kms.v1.ExternalProtectionLevelOptions.encode(message.externalProtectionLevelOptions, writer.uint32(/* id 17, wireType 2 =*/138).fork()).ldelim(); + if (message.reimportEligible != null && Object.hasOwnProperty.call(message, "reimportEligible")) + writer.uint32(/* id 18, wireType 0 =*/144).bool(message.reimportEligible); + return writer; + }; + + /** + * Encodes the specified CryptoKeyVersion message, length delimited. Does not implicitly {@link google.cloud.kms.v1.CryptoKeyVersion.verify|verify} messages. + * @function encodeDelimited + * @memberof google.cloud.kms.v1.CryptoKeyVersion + * @static + * @param {google.cloud.kms.v1.ICryptoKeyVersion} message CryptoKeyVersion message or plain object to encode + * @param {$protobuf.Writer} [writer] Writer to encode to + * @returns {$protobuf.Writer} Writer + */ + CryptoKeyVersion.encodeDelimited = function encodeDelimited(message, writer) { + return this.encode(message, writer).ldelim(); + }; + + /** + * Decodes a CryptoKeyVersion message from the specified reader or buffer. + * @function decode + * @memberof google.cloud.kms.v1.CryptoKeyVersion + * @static + * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from + * @param {number} [length] Message length if known beforehand + * @returns {google.cloud.kms.v1.CryptoKeyVersion} CryptoKeyVersion + * @throws {Error} If the payload is not a reader or valid buffer + * @throws {$protobuf.util.ProtocolError} If required fields are missing + */ + CryptoKeyVersion.decode = function decode(reader, length) { + if (!(reader instanceof $Reader)) + reader = $Reader.create(reader); + var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.cloud.kms.v1.CryptoKeyVersion(); + while (reader.pos < end) { + var tag = reader.uint32(); + switch (tag >>> 3) { + case 1: + message.name = reader.string(); + break; + case 3: + message.state = reader.int32(); + break; + case 7: + message.protectionLevel = reader.int32(); + break; + case 10: + message.algorithm = reader.int32(); + break; + case 8: + message.attestation = $root.google.cloud.kms.v1.KeyOperationAttestation.decode(reader, reader.uint32()); + break; + case 4: + message.createTime = $root.google.protobuf.Timestamp.decode(reader, reader.uint32()); + break; + case 11: + message.generateTime = $root.google.protobuf.Timestamp.decode(reader, reader.uint32()); + break; + case 5: + message.destroyTime = $root.google.protobuf.Timestamp.decode(reader, reader.uint32()); + break; + case 6: + message.destroyEventTime = $root.google.protobuf.Timestamp.decode(reader, reader.uint32()); + break; + case 14: + message.importJob = reader.string(); + break; + case 15: + message.importTime = $root.google.protobuf.Timestamp.decode(reader, reader.uint32()); + break; + case 16: + message.importFailureReason = reader.string(); + break; + case 17: + message.externalProtectionLevelOptions = $root.google.cloud.kms.v1.ExternalProtectionLevelOptions.decode(reader, reader.uint32()); + break; + case 18: + message.reimportEligible = reader.bool(); + break; + default: + reader.skipType(tag & 7); + break; + } + } + return message; + }; + + /** + * Decodes a CryptoKeyVersion message from the specified reader or buffer, length delimited. + * @function decodeDelimited + * @memberof google.cloud.kms.v1.CryptoKeyVersion + * @static + * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from + * @returns {google.cloud.kms.v1.CryptoKeyVersion} CryptoKeyVersion + * @throws {Error} If the payload is not a reader or valid buffer + * @throws {$protobuf.util.ProtocolError} If required fields are missing + */ + CryptoKeyVersion.decodeDelimited = function decodeDelimited(reader) { + if (!(reader instanceof $Reader)) + reader = new $Reader(reader); + return this.decode(reader, reader.uint32()); + }; + + /** + * Verifies a CryptoKeyVersion message. + * @function verify + * @memberof google.cloud.kms.v1.CryptoKeyVersion + * @static + * @param {Object.} message Plain object to verify + * @returns {string|null} `null` if valid, otherwise the reason why it is not + */ + CryptoKeyVersion.verify = function verify(message) { + if (typeof message !== "object" || message === null) + return "object expected"; + if (message.name != null && message.hasOwnProperty("name")) + if (!$util.isString(message.name)) + return "name: string expected"; + if (message.state != null && message.hasOwnProperty("state")) + switch (message.state) { + default: + return "state: enum value expected"; + case 0: + case 5: + case 1: + case 2: + case 3: + case 4: + case 6: + case 7: + break; + } + if (message.protectionLevel != null && message.hasOwnProperty("protectionLevel")) + switch (message.protectionLevel) { + default: + return "protectionLevel: enum value expected"; + case 0: + case 1: + case 2: + case 3: + case 4: + break; + } + if (message.algorithm != null && message.hasOwnProperty("algorithm")) + switch (message.algorithm) { + default: + return "algorithm: enum value expected"; + case 0: + case 1: + case 2: + case 3: + case 4: + case 15: + case 5: + case 6: + case 7: + case 16: + case 28: + case 29: + case 30: + case 8: + case 9: + case 10: + case 17: + case 37: + case 38: + case 39: + case 12: + case 13: + case 31: + case 32: + case 18: + break; + } + if (message.attestation != null && message.hasOwnProperty("attestation")) { + var error = $root.google.cloud.kms.v1.KeyOperationAttestation.verify(message.attestation); + if (error) + return "attestation." + error; + } + if (message.createTime != null && message.hasOwnProperty("createTime")) { + var error = $root.google.protobuf.Timestamp.verify(message.createTime); + if (error) + return "createTime." + error; + } + if (message.generateTime != null && message.hasOwnProperty("generateTime")) { + var error = $root.google.protobuf.Timestamp.verify(message.generateTime); + if (error) + return "generateTime." + error; + } + if (message.destroyTime != null && message.hasOwnProperty("destroyTime")) { + var error = $root.google.protobuf.Timestamp.verify(message.destroyTime); + if (error) + return "destroyTime." + error; + } + if (message.destroyEventTime != null && message.hasOwnProperty("destroyEventTime")) { + var error = $root.google.protobuf.Timestamp.verify(message.destroyEventTime); + if (error) + return "destroyEventTime." + error; + } + if (message.importJob != null && message.hasOwnProperty("importJob")) + if (!$util.isString(message.importJob)) + return "importJob: string expected"; + if (message.importTime != null && message.hasOwnProperty("importTime")) { + var error = $root.google.protobuf.Timestamp.verify(message.importTime); + if (error) + return "importTime." + error; + } + if (message.importFailureReason != null && message.hasOwnProperty("importFailureReason")) + if (!$util.isString(message.importFailureReason)) + return "importFailureReason: string expected"; + if (message.externalProtectionLevelOptions != null && message.hasOwnProperty("externalProtectionLevelOptions")) { + var error = $root.google.cloud.kms.v1.ExternalProtectionLevelOptions.verify(message.externalProtectionLevelOptions); + if (error) + return "externalProtectionLevelOptions." + error; + } + if (message.reimportEligible != null && message.hasOwnProperty("reimportEligible")) + if (typeof message.reimportEligible !== "boolean") + return "reimportEligible: boolean expected"; + return null; + }; + + /** + * Creates a CryptoKeyVersion message from a plain object. Also converts values to their respective internal types. + * @function fromObject + * @memberof google.cloud.kms.v1.CryptoKeyVersion + * @static + * @param {Object.} object Plain object + * @returns {google.cloud.kms.v1.CryptoKeyVersion} CryptoKeyVersion + */ + CryptoKeyVersion.fromObject = function fromObject(object) { + if (object instanceof $root.google.cloud.kms.v1.CryptoKeyVersion) + return object; + var message = new $root.google.cloud.kms.v1.CryptoKeyVersion(); + if (object.name != null) + message.name = String(object.name); + switch (object.state) { + case "CRYPTO_KEY_VERSION_STATE_UNSPECIFIED": + case 0: + message.state = 0; + break; + case "PENDING_GENERATION": + case 5: + message.state = 5; + break; + case "ENABLED": + case 1: + message.state = 1; + break; + case "DISABLED": + case 2: + message.state = 2; + break; + case "DESTROYED": + case 3: + message.state = 3; + break; + case "DESTROY_SCHEDULED": + case 4: + message.state = 4; + break; + case "PENDING_IMPORT": + case 6: + message.state = 6; + break; + case "IMPORT_FAILED": + case 7: + message.state = 7; + break; + } + switch (object.protectionLevel) { + case "PROTECTION_LEVEL_UNSPECIFIED": + case 0: + message.protectionLevel = 0; + break; + case "SOFTWARE": + case 1: + message.protectionLevel = 1; + break; + case "HSM": + case 2: + message.protectionLevel = 2; + break; + case "EXTERNAL": + case 3: + message.protectionLevel = 3; + break; + case "EXTERNAL_VPC": + case 4: + message.protectionLevel = 4; + break; + } + switch (object.algorithm) { + case "CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED": + case 0: + message.algorithm = 0; + break; case "GOOGLE_SYMMETRIC_ENCRYPTION": case 1: message.algorithm = 1; @@ -2454,6 +5091,7 @@ case 1: case 2: case 3: + case 4: break; } return null; @@ -2599,6 +5237,10 @@ case 3: message.protectionLevel = 3; break; + case "EXTERNAL_VPC": + case 4: + message.protectionLevel = 4; + break; } return message; }; @@ -2926,6 +5568,7 @@ case 1: case 2: case 3: + case 4: break; } if (message.createTime != null && message.hasOwnProperty("createTime")) { @@ -3016,6 +5659,10 @@ case 3: message.protectionLevel = 3; break; + case "EXTERNAL_VPC": + case 4: + message.protectionLevel = 4; + break; } if (object.createTime != null) { if (typeof object.createTime !== "object") @@ -3127,6 +5774,40 @@ return this.constructor.toObject(this, $protobuf.util.toJSONOptions); }; + /** + * ImportMethod enum. + * @name google.cloud.kms.v1.ImportJob.ImportMethod + * @enum {number} + * @property {number} IMPORT_METHOD_UNSPECIFIED=0 IMPORT_METHOD_UNSPECIFIED value + * @property {number} RSA_OAEP_3072_SHA1_AES_256=1 RSA_OAEP_3072_SHA1_AES_256 value + * @property {number} RSA_OAEP_4096_SHA1_AES_256=2 RSA_OAEP_4096_SHA1_AES_256 value + */ + ImportJob.ImportMethod = (function() { + var valuesById = {}, values = Object.create(valuesById); + values[valuesById[0] = "IMPORT_METHOD_UNSPECIFIED"] = 0; + values[valuesById[1] = "RSA_OAEP_3072_SHA1_AES_256"] = 1; + values[valuesById[2] = "RSA_OAEP_4096_SHA1_AES_256"] = 2; + return values; + })(); + + /** + * ImportJobState enum. + * @name google.cloud.kms.v1.ImportJob.ImportJobState + * @enum {number} + * @property {number} IMPORT_JOB_STATE_UNSPECIFIED=0 IMPORT_JOB_STATE_UNSPECIFIED value + * @property {number} PENDING_GENERATION=1 PENDING_GENERATION value + * @property {number} ACTIVE=2 ACTIVE value + * @property {number} EXPIRED=3 EXPIRED value + */ + ImportJob.ImportJobState = (function() { + var valuesById = {}, values = Object.create(valuesById); + values[valuesById[0] = "IMPORT_JOB_STATE_UNSPECIFIED"] = 0; + values[valuesById[1] = "PENDING_GENERATION"] = 1; + values[valuesById[2] = "ACTIVE"] = 2; + values[valuesById[3] = "EXPIRED"] = 3; + return values; + })(); + ImportJob.WrappingPublicKey = (function() { /** @@ -3314,61 +5995,9 @@ return WrappingPublicKey; })(); - /** - * ImportMethod enum. - * @name google.cloud.kms.v1.ImportJob.ImportMethod - * @enum {number} - * @property {number} IMPORT_METHOD_UNSPECIFIED=0 IMPORT_METHOD_UNSPECIFIED value - * @property {number} RSA_OAEP_3072_SHA1_AES_256=1 RSA_OAEP_3072_SHA1_AES_256 value - * @property {number} RSA_OAEP_4096_SHA1_AES_256=2 RSA_OAEP_4096_SHA1_AES_256 value - */ - ImportJob.ImportMethod = (function() { - var valuesById = {}, values = Object.create(valuesById); - values[valuesById[0] = "IMPORT_METHOD_UNSPECIFIED"] = 0; - values[valuesById[1] = "RSA_OAEP_3072_SHA1_AES_256"] = 1; - values[valuesById[2] = "RSA_OAEP_4096_SHA1_AES_256"] = 2; - return values; - })(); - - /** - * ImportJobState enum. - * @name google.cloud.kms.v1.ImportJob.ImportJobState - * @enum {number} - * @property {number} IMPORT_JOB_STATE_UNSPECIFIED=0 IMPORT_JOB_STATE_UNSPECIFIED value - * @property {number} PENDING_GENERATION=1 PENDING_GENERATION value - * @property {number} ACTIVE=2 ACTIVE value - * @property {number} EXPIRED=3 EXPIRED value - */ - ImportJob.ImportJobState = (function() { - var valuesById = {}, values = Object.create(valuesById); - values[valuesById[0] = "IMPORT_JOB_STATE_UNSPECIFIED"] = 0; - values[valuesById[1] = "PENDING_GENERATION"] = 1; - values[valuesById[2] = "ACTIVE"] = 2; - values[valuesById[3] = "EXPIRED"] = 3; - return values; - })(); - return ImportJob; })(); - /** - * ProtectionLevel enum. - * @name google.cloud.kms.v1.ProtectionLevel - * @enum {number} - * @property {number} PROTECTION_LEVEL_UNSPECIFIED=0 PROTECTION_LEVEL_UNSPECIFIED value - * @property {number} SOFTWARE=1 SOFTWARE value - * @property {number} HSM=2 HSM value - * @property {number} EXTERNAL=3 EXTERNAL value - */ - v1.ProtectionLevel = (function() { - var valuesById = {}, values = Object.create(valuesById); - values[valuesById[0] = "PROTECTION_LEVEL_UNSPECIFIED"] = 0; - values[valuesById[1] = "SOFTWARE"] = 1; - values[valuesById[2] = "HSM"] = 2; - values[valuesById[3] = "EXTERNAL"] = 3; - return values; - })(); - v1.ExternalProtectionLevelOptions = (function() { /** @@ -3376,6 +6005,7 @@ * @memberof google.cloud.kms.v1 * @interface IExternalProtectionLevelOptions * @property {string|null} [externalKeyUri] ExternalProtectionLevelOptions externalKeyUri + * @property {string|null} [ekmConnectionKeyPath] ExternalProtectionLevelOptions ekmConnectionKeyPath */ /** @@ -3401,6 +6031,14 @@ */ ExternalProtectionLevelOptions.prototype.externalKeyUri = ""; + /** + * ExternalProtectionLevelOptions ekmConnectionKeyPath. + * @member {string} ekmConnectionKeyPath + * @memberof google.cloud.kms.v1.ExternalProtectionLevelOptions + * @instance + */ + ExternalProtectionLevelOptions.prototype.ekmConnectionKeyPath = ""; + /** * Creates a new ExternalProtectionLevelOptions instance using the specified properties. * @function create @@ -3427,6 +6065,8 @@ writer = $Writer.create(); if (message.externalKeyUri != null && Object.hasOwnProperty.call(message, "externalKeyUri")) writer.uint32(/* id 1, wireType 2 =*/10).string(message.externalKeyUri); + if (message.ekmConnectionKeyPath != null && Object.hasOwnProperty.call(message, "ekmConnectionKeyPath")) + writer.uint32(/* id 2, wireType 2 =*/18).string(message.ekmConnectionKeyPath); return writer; }; @@ -3464,6 +6104,9 @@ case 1: message.externalKeyUri = reader.string(); break; + case 2: + message.ekmConnectionKeyPath = reader.string(); + break; default: reader.skipType(tag & 7); break; @@ -3502,6 +6145,9 @@ if (message.externalKeyUri != null && message.hasOwnProperty("externalKeyUri")) if (!$util.isString(message.externalKeyUri)) return "externalKeyUri: string expected"; + if (message.ekmConnectionKeyPath != null && message.hasOwnProperty("ekmConnectionKeyPath")) + if (!$util.isString(message.ekmConnectionKeyPath)) + return "ekmConnectionKeyPath: string expected"; return null; }; @@ -3519,6 +6165,8 @@ var message = new $root.google.cloud.kms.v1.ExternalProtectionLevelOptions(); if (object.externalKeyUri != null) message.externalKeyUri = String(object.externalKeyUri); + if (object.ekmConnectionKeyPath != null) + message.ekmConnectionKeyPath = String(object.ekmConnectionKeyPath); return message; }; @@ -3535,10 +6183,14 @@ if (!options) options = {}; var object = {}; - if (options.defaults) + if (options.defaults) { object.externalKeyUri = ""; + object.ekmConnectionKeyPath = ""; + } if (message.externalKeyUri != null && message.hasOwnProperty("externalKeyUri")) object.externalKeyUri = message.externalKeyUri; + if (message.ekmConnectionKeyPath != null && message.hasOwnProperty("ekmConnectionKeyPath")) + object.ekmConnectionKeyPath = message.ekmConnectionKeyPath; return object; }; @@ -3556,6 +6208,26 @@ return ExternalProtectionLevelOptions; })(); + /** + * ProtectionLevel enum. + * @name google.cloud.kms.v1.ProtectionLevel + * @enum {number} + * @property {number} PROTECTION_LEVEL_UNSPECIFIED=0 PROTECTION_LEVEL_UNSPECIFIED value + * @property {number} SOFTWARE=1 SOFTWARE value + * @property {number} HSM=2 HSM value + * @property {number} EXTERNAL=3 EXTERNAL value + * @property {number} EXTERNAL_VPC=4 EXTERNAL_VPC value + */ + v1.ProtectionLevel = (function() { + var valuesById = {}, values = Object.create(valuesById); + values[valuesById[0] = "PROTECTION_LEVEL_UNSPECIFIED"] = 0; + values[valuesById[1] = "SOFTWARE"] = 1; + values[valuesById[2] = "HSM"] = 2; + values[valuesById[3] = "EXTERNAL"] = 3; + values[valuesById[4] = "EXTERNAL_VPC"] = 4; + return values; + })(); + v1.KeyManagementService = (function() { /** @@ -11848,6 +14520,7 @@ case 1: case 2: case 3: + case 4: break; } return null; @@ -11886,6 +14559,10 @@ case 3: message.protectionLevel = 3; break; + case "EXTERNAL_VPC": + case 4: + message.protectionLevel = 4; + break; } return message; }; @@ -12156,6 +14833,7 @@ case 1: case 2: case 3: + case 4: break; } return null; @@ -12206,6 +14884,10 @@ case 3: message.protectionLevel = 3; break; + case "EXTERNAL_VPC": + case 4: + message.protectionLevel = 4; + break; } return message; }; @@ -12457,6 +15139,7 @@ case 1: case 2: case 3: + case 4: break; } return null; @@ -12503,6 +15186,10 @@ case 3: message.protectionLevel = 3; break; + case "EXTERNAL_VPC": + case 4: + message.protectionLevel = 4; + break; } return message; }; @@ -12782,6 +15469,7 @@ case 1: case 2: case 3: + case 4: break; } return null; @@ -12832,6 +15520,10 @@ case 3: message.protectionLevel = 3; break; + case "EXTERNAL_VPC": + case 4: + message.protectionLevel = 4; + break; } return message; }; @@ -13083,6 +15775,7 @@ case 1: case 2: case 3: + case 4: break; } return null; @@ -13129,6 +15822,10 @@ case 3: message.protectionLevel = 3; break; + case "EXTERNAL_VPC": + case 4: + message.protectionLevel = 4; + break; } return message; }; @@ -13391,6 +16088,7 @@ case 1: case 2: case 3: + case 4: break; } return null; @@ -13439,6 +16137,10 @@ case 3: message.protectionLevel = 3; break; + case "EXTERNAL_VPC": + case 4: + message.protectionLevel = 4; + break; } return message; }; @@ -13719,6 +16421,7 @@ case 1: case 2: case 3: + case 4: break; } return null; @@ -13763,6 +16466,10 @@ case 3: message.protectionLevel = 3; break; + case "EXTERNAL_VPC": + case 4: + message.protectionLevel = 4; + break; } return message; }; @@ -14539,58 +17246,26 @@ */ var api = {}; - /** - * FieldBehavior enum. - * @name google.api.FieldBehavior - * @enum {number} - * @property {number} FIELD_BEHAVIOR_UNSPECIFIED=0 FIELD_BEHAVIOR_UNSPECIFIED value - * @property {number} OPTIONAL=1 OPTIONAL value - * @property {number} REQUIRED=2 REQUIRED value - * @property {number} OUTPUT_ONLY=3 OUTPUT_ONLY value - * @property {number} INPUT_ONLY=4 INPUT_ONLY value - * @property {number} IMMUTABLE=5 IMMUTABLE value - * @property {number} UNORDERED_LIST=6 UNORDERED_LIST value - * @property {number} NON_EMPTY_DEFAULT=7 NON_EMPTY_DEFAULT value - */ - api.FieldBehavior = (function() { - var valuesById = {}, values = Object.create(valuesById); - values[valuesById[0] = "FIELD_BEHAVIOR_UNSPECIFIED"] = 0; - values[valuesById[1] = "OPTIONAL"] = 1; - values[valuesById[2] = "REQUIRED"] = 2; - values[valuesById[3] = "OUTPUT_ONLY"] = 3; - values[valuesById[4] = "INPUT_ONLY"] = 4; - values[valuesById[5] = "IMMUTABLE"] = 5; - values[valuesById[6] = "UNORDERED_LIST"] = 6; - values[valuesById[7] = "NON_EMPTY_DEFAULT"] = 7; - return values; - })(); - - api.ResourceDescriptor = (function() { + api.Http = (function() { /** - * Properties of a ResourceDescriptor. + * Properties of a Http. * @memberof google.api - * @interface IResourceDescriptor - * @property {string|null} [type] ResourceDescriptor type - * @property {Array.|null} [pattern] ResourceDescriptor pattern - * @property {string|null} [nameField] ResourceDescriptor nameField - * @property {google.api.ResourceDescriptor.History|null} [history] ResourceDescriptor history - * @property {string|null} [plural] ResourceDescriptor plural - * @property {string|null} [singular] ResourceDescriptor singular - * @property {Array.|null} [style] ResourceDescriptor style + * @interface IHttp + * @property {Array.|null} [rules] Http rules + * @property {boolean|null} [fullyDecodeReservedExpansion] Http fullyDecodeReservedExpansion */ /** - * Constructs a new ResourceDescriptor. + * Constructs a new Http. * @memberof google.api - * @classdesc Represents a ResourceDescriptor. - * @implements IResourceDescriptor + * @classdesc Represents a Http. + * @implements IHttp * @constructor - * @param {google.api.IResourceDescriptor=} [properties] Properties to set + * @param {google.api.IHttp=} [properties] Properties to set */ - function ResourceDescriptor(properties) { - this.pattern = []; - this.style = []; + function Http(properties) { + this.rules = []; if (properties) for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i) if (properties[keys[i]] != null) @@ -14598,167 +17273,91 @@ } /** - * ResourceDescriptor type. - * @member {string} type - * @memberof google.api.ResourceDescriptor - * @instance - */ - ResourceDescriptor.prototype.type = ""; - - /** - * ResourceDescriptor pattern. - * @member {Array.} pattern - * @memberof google.api.ResourceDescriptor - * @instance - */ - ResourceDescriptor.prototype.pattern = $util.emptyArray; - - /** - * ResourceDescriptor nameField. - * @member {string} nameField - * @memberof google.api.ResourceDescriptor - * @instance - */ - ResourceDescriptor.prototype.nameField = ""; - - /** - * ResourceDescriptor history. - * @member {google.api.ResourceDescriptor.History} history - * @memberof google.api.ResourceDescriptor - * @instance - */ - ResourceDescriptor.prototype.history = 0; - - /** - * ResourceDescriptor plural. - * @member {string} plural - * @memberof google.api.ResourceDescriptor - * @instance - */ - ResourceDescriptor.prototype.plural = ""; - - /** - * ResourceDescriptor singular. - * @member {string} singular - * @memberof google.api.ResourceDescriptor + * Http rules. + * @member {Array.} rules + * @memberof google.api.Http * @instance */ - ResourceDescriptor.prototype.singular = ""; + Http.prototype.rules = $util.emptyArray; /** - * ResourceDescriptor style. - * @member {Array.} style - * @memberof google.api.ResourceDescriptor + * Http fullyDecodeReservedExpansion. + * @member {boolean} fullyDecodeReservedExpansion + * @memberof google.api.Http * @instance */ - ResourceDescriptor.prototype.style = $util.emptyArray; + Http.prototype.fullyDecodeReservedExpansion = false; /** - * Creates a new ResourceDescriptor instance using the specified properties. + * Creates a new Http instance using the specified properties. * @function create - * @memberof google.api.ResourceDescriptor + * @memberof google.api.Http * @static - * @param {google.api.IResourceDescriptor=} [properties] Properties to set - * @returns {google.api.ResourceDescriptor} ResourceDescriptor instance + * @param {google.api.IHttp=} [properties] Properties to set + * @returns {google.api.Http} Http instance */ - ResourceDescriptor.create = function create(properties) { - return new ResourceDescriptor(properties); + Http.create = function create(properties) { + return new Http(properties); }; /** - * Encodes the specified ResourceDescriptor message. Does not implicitly {@link google.api.ResourceDescriptor.verify|verify} messages. + * Encodes the specified Http message. Does not implicitly {@link google.api.Http.verify|verify} messages. * @function encode - * @memberof google.api.ResourceDescriptor + * @memberof google.api.Http * @static - * @param {google.api.IResourceDescriptor} message ResourceDescriptor message or plain object to encode + * @param {google.api.IHttp} message Http message or plain object to encode * @param {$protobuf.Writer} [writer] Writer to encode to * @returns {$protobuf.Writer} Writer */ - ResourceDescriptor.encode = function encode(message, writer) { + Http.encode = function encode(message, writer) { if (!writer) writer = $Writer.create(); - if (message.type != null && Object.hasOwnProperty.call(message, "type")) - writer.uint32(/* id 1, wireType 2 =*/10).string(message.type); - if (message.pattern != null && message.pattern.length) - for (var i = 0; i < message.pattern.length; ++i) - writer.uint32(/* id 2, wireType 2 =*/18).string(message.pattern[i]); - if (message.nameField != null && Object.hasOwnProperty.call(message, "nameField")) - writer.uint32(/* id 3, wireType 2 =*/26).string(message.nameField); - if (message.history != null && Object.hasOwnProperty.call(message, "history")) - writer.uint32(/* id 4, wireType 0 =*/32).int32(message.history); - if (message.plural != null && Object.hasOwnProperty.call(message, "plural")) - writer.uint32(/* id 5, wireType 2 =*/42).string(message.plural); - if (message.singular != null && Object.hasOwnProperty.call(message, "singular")) - writer.uint32(/* id 6, wireType 2 =*/50).string(message.singular); - if (message.style != null && message.style.length) { - writer.uint32(/* id 10, wireType 2 =*/82).fork(); - for (var i = 0; i < message.style.length; ++i) - writer.int32(message.style[i]); - writer.ldelim(); - } + if (message.rules != null && message.rules.length) + for (var i = 0; i < message.rules.length; ++i) + $root.google.api.HttpRule.encode(message.rules[i], writer.uint32(/* id 1, wireType 2 =*/10).fork()).ldelim(); + if (message.fullyDecodeReservedExpansion != null && Object.hasOwnProperty.call(message, "fullyDecodeReservedExpansion")) + writer.uint32(/* id 2, wireType 0 =*/16).bool(message.fullyDecodeReservedExpansion); return writer; }; /** - * Encodes the specified ResourceDescriptor message, length delimited. Does not implicitly {@link google.api.ResourceDescriptor.verify|verify} messages. + * Encodes the specified Http message, length delimited. Does not implicitly {@link google.api.Http.verify|verify} messages. * @function encodeDelimited - * @memberof google.api.ResourceDescriptor + * @memberof google.api.Http * @static - * @param {google.api.IResourceDescriptor} message ResourceDescriptor message or plain object to encode + * @param {google.api.IHttp} message Http message or plain object to encode * @param {$protobuf.Writer} [writer] Writer to encode to * @returns {$protobuf.Writer} Writer */ - ResourceDescriptor.encodeDelimited = function encodeDelimited(message, writer) { + Http.encodeDelimited = function encodeDelimited(message, writer) { return this.encode(message, writer).ldelim(); }; /** - * Decodes a ResourceDescriptor message from the specified reader or buffer. + * Decodes a Http message from the specified reader or buffer. * @function decode - * @memberof google.api.ResourceDescriptor + * @memberof google.api.Http * @static * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from * @param {number} [length] Message length if known beforehand - * @returns {google.api.ResourceDescriptor} ResourceDescriptor + * @returns {google.api.Http} Http * @throws {Error} If the payload is not a reader or valid buffer * @throws {$protobuf.util.ProtocolError} If required fields are missing */ - ResourceDescriptor.decode = function decode(reader, length) { + Http.decode = function decode(reader, length) { if (!(reader instanceof $Reader)) reader = $Reader.create(reader); - var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.api.ResourceDescriptor(); + var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.api.Http(); while (reader.pos < end) { var tag = reader.uint32(); switch (tag >>> 3) { case 1: - message.type = reader.string(); + if (!(message.rules && message.rules.length)) + message.rules = []; + message.rules.push($root.google.api.HttpRule.decode(reader, reader.uint32())); break; case 2: - if (!(message.pattern && message.pattern.length)) - message.pattern = []; - message.pattern.push(reader.string()); - break; - case 3: - message.nameField = reader.string(); - break; - case 4: - message.history = reader.int32(); - break; - case 5: - message.plural = reader.string(); - break; - case 6: - message.singular = reader.string(); - break; - case 10: - if (!(message.style && message.style.length)) - message.style = []; - if ((tag & 7) === 2) { - var end2 = reader.uint32() + reader.pos; - while (reader.pos < end2) - message.style.push(reader.int32()); - } else - message.style.push(reader.int32()); + message.fullyDecodeReservedExpansion = reader.bool(); break; default: reader.skipType(tag & 7); @@ -14769,246 +17368,143 @@ }; /** - * Decodes a ResourceDescriptor message from the specified reader or buffer, length delimited. + * Decodes a Http message from the specified reader or buffer, length delimited. * @function decodeDelimited - * @memberof google.api.ResourceDescriptor + * @memberof google.api.Http * @static * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from - * @returns {google.api.ResourceDescriptor} ResourceDescriptor + * @returns {google.api.Http} Http * @throws {Error} If the payload is not a reader or valid buffer * @throws {$protobuf.util.ProtocolError} If required fields are missing */ - ResourceDescriptor.decodeDelimited = function decodeDelimited(reader) { + Http.decodeDelimited = function decodeDelimited(reader) { if (!(reader instanceof $Reader)) reader = new $Reader(reader); return this.decode(reader, reader.uint32()); }; /** - * Verifies a ResourceDescriptor message. + * Verifies a Http message. * @function verify - * @memberof google.api.ResourceDescriptor + * @memberof google.api.Http * @static * @param {Object.} message Plain object to verify * @returns {string|null} `null` if valid, otherwise the reason why it is not */ - ResourceDescriptor.verify = function verify(message) { + Http.verify = function verify(message) { if (typeof message !== "object" || message === null) return "object expected"; - if (message.type != null && message.hasOwnProperty("type")) - if (!$util.isString(message.type)) - return "type: string expected"; - if (message.pattern != null && message.hasOwnProperty("pattern")) { - if (!Array.isArray(message.pattern)) - return "pattern: array expected"; - for (var i = 0; i < message.pattern.length; ++i) - if (!$util.isString(message.pattern[i])) - return "pattern: string[] expected"; - } - if (message.nameField != null && message.hasOwnProperty("nameField")) - if (!$util.isString(message.nameField)) - return "nameField: string expected"; - if (message.history != null && message.hasOwnProperty("history")) - switch (message.history) { - default: - return "history: enum value expected"; - case 0: - case 1: - case 2: - break; + if (message.rules != null && message.hasOwnProperty("rules")) { + if (!Array.isArray(message.rules)) + return "rules: array expected"; + for (var i = 0; i < message.rules.length; ++i) { + var error = $root.google.api.HttpRule.verify(message.rules[i]); + if (error) + return "rules." + error; } - if (message.plural != null && message.hasOwnProperty("plural")) - if (!$util.isString(message.plural)) - return "plural: string expected"; - if (message.singular != null && message.hasOwnProperty("singular")) - if (!$util.isString(message.singular)) - return "singular: string expected"; - if (message.style != null && message.hasOwnProperty("style")) { - if (!Array.isArray(message.style)) - return "style: array expected"; - for (var i = 0; i < message.style.length; ++i) - switch (message.style[i]) { - default: - return "style: enum value[] expected"; - case 0: - case 1: - break; - } } + if (message.fullyDecodeReservedExpansion != null && message.hasOwnProperty("fullyDecodeReservedExpansion")) + if (typeof message.fullyDecodeReservedExpansion !== "boolean") + return "fullyDecodeReservedExpansion: boolean expected"; return null; }; /** - * Creates a ResourceDescriptor message from a plain object. Also converts values to their respective internal types. + * Creates a Http message from a plain object. Also converts values to their respective internal types. * @function fromObject - * @memberof google.api.ResourceDescriptor + * @memberof google.api.Http * @static * @param {Object.} object Plain object - * @returns {google.api.ResourceDescriptor} ResourceDescriptor + * @returns {google.api.Http} Http */ - ResourceDescriptor.fromObject = function fromObject(object) { - if (object instanceof $root.google.api.ResourceDescriptor) + Http.fromObject = function fromObject(object) { + if (object instanceof $root.google.api.Http) return object; - var message = new $root.google.api.ResourceDescriptor(); - if (object.type != null) - message.type = String(object.type); - if (object.pattern) { - if (!Array.isArray(object.pattern)) - throw TypeError(".google.api.ResourceDescriptor.pattern: array expected"); - message.pattern = []; - for (var i = 0; i < object.pattern.length; ++i) - message.pattern[i] = String(object.pattern[i]); - } - if (object.nameField != null) - message.nameField = String(object.nameField); - switch (object.history) { - case "HISTORY_UNSPECIFIED": - case 0: - message.history = 0; - break; - case "ORIGINALLY_SINGLE_PATTERN": - case 1: - message.history = 1; - break; - case "FUTURE_MULTI_PATTERN": - case 2: - message.history = 2; - break; - } - if (object.plural != null) - message.plural = String(object.plural); - if (object.singular != null) - message.singular = String(object.singular); - if (object.style) { - if (!Array.isArray(object.style)) - throw TypeError(".google.api.ResourceDescriptor.style: array expected"); - message.style = []; - for (var i = 0; i < object.style.length; ++i) - switch (object.style[i]) { - default: - case "STYLE_UNSPECIFIED": - case 0: - message.style[i] = 0; - break; - case "DECLARATIVE_FRIENDLY": - case 1: - message.style[i] = 1; - break; - } + var message = new $root.google.api.Http(); + if (object.rules) { + if (!Array.isArray(object.rules)) + throw TypeError(".google.api.Http.rules: array expected"); + message.rules = []; + for (var i = 0; i < object.rules.length; ++i) { + if (typeof object.rules[i] !== "object") + throw TypeError(".google.api.Http.rules: object expected"); + message.rules[i] = $root.google.api.HttpRule.fromObject(object.rules[i]); + } } + if (object.fullyDecodeReservedExpansion != null) + message.fullyDecodeReservedExpansion = Boolean(object.fullyDecodeReservedExpansion); return message; }; /** - * Creates a plain object from a ResourceDescriptor message. Also converts values to other types if specified. + * Creates a plain object from a Http message. Also converts values to other types if specified. * @function toObject - * @memberof google.api.ResourceDescriptor + * @memberof google.api.Http * @static - * @param {google.api.ResourceDescriptor} message ResourceDescriptor + * @param {google.api.Http} message Http * @param {$protobuf.IConversionOptions} [options] Conversion options * @returns {Object.} Plain object */ - ResourceDescriptor.toObject = function toObject(message, options) { + Http.toObject = function toObject(message, options) { if (!options) options = {}; var object = {}; - if (options.arrays || options.defaults) { - object.pattern = []; - object.style = []; - } - if (options.defaults) { - object.type = ""; - object.nameField = ""; - object.history = options.enums === String ? "HISTORY_UNSPECIFIED" : 0; - object.plural = ""; - object.singular = ""; - } - if (message.type != null && message.hasOwnProperty("type")) - object.type = message.type; - if (message.pattern && message.pattern.length) { - object.pattern = []; - for (var j = 0; j < message.pattern.length; ++j) - object.pattern[j] = message.pattern[j]; - } - if (message.nameField != null && message.hasOwnProperty("nameField")) - object.nameField = message.nameField; - if (message.history != null && message.hasOwnProperty("history")) - object.history = options.enums === String ? $root.google.api.ResourceDescriptor.History[message.history] : message.history; - if (message.plural != null && message.hasOwnProperty("plural")) - object.plural = message.plural; - if (message.singular != null && message.hasOwnProperty("singular")) - object.singular = message.singular; - if (message.style && message.style.length) { - object.style = []; - for (var j = 0; j < message.style.length; ++j) - object.style[j] = options.enums === String ? $root.google.api.ResourceDescriptor.Style[message.style[j]] : message.style[j]; + if (options.arrays || options.defaults) + object.rules = []; + if (options.defaults) + object.fullyDecodeReservedExpansion = false; + if (message.rules && message.rules.length) { + object.rules = []; + for (var j = 0; j < message.rules.length; ++j) + object.rules[j] = $root.google.api.HttpRule.toObject(message.rules[j], options); } + if (message.fullyDecodeReservedExpansion != null && message.hasOwnProperty("fullyDecodeReservedExpansion")) + object.fullyDecodeReservedExpansion = message.fullyDecodeReservedExpansion; return object; }; /** - * Converts this ResourceDescriptor to JSON. + * Converts this Http to JSON. * @function toJSON - * @memberof google.api.ResourceDescriptor + * @memberof google.api.Http * @instance * @returns {Object.} JSON object */ - ResourceDescriptor.prototype.toJSON = function toJSON() { + Http.prototype.toJSON = function toJSON() { return this.constructor.toObject(this, $protobuf.util.toJSONOptions); }; - /** - * History enum. - * @name google.api.ResourceDescriptor.History - * @enum {number} - * @property {number} HISTORY_UNSPECIFIED=0 HISTORY_UNSPECIFIED value - * @property {number} ORIGINALLY_SINGLE_PATTERN=1 ORIGINALLY_SINGLE_PATTERN value - * @property {number} FUTURE_MULTI_PATTERN=2 FUTURE_MULTI_PATTERN value - */ - ResourceDescriptor.History = (function() { - var valuesById = {}, values = Object.create(valuesById); - values[valuesById[0] = "HISTORY_UNSPECIFIED"] = 0; - values[valuesById[1] = "ORIGINALLY_SINGLE_PATTERN"] = 1; - values[valuesById[2] = "FUTURE_MULTI_PATTERN"] = 2; - return values; - })(); - - /** - * Style enum. - * @name google.api.ResourceDescriptor.Style - * @enum {number} - * @property {number} STYLE_UNSPECIFIED=0 STYLE_UNSPECIFIED value - * @property {number} DECLARATIVE_FRIENDLY=1 DECLARATIVE_FRIENDLY value - */ - ResourceDescriptor.Style = (function() { - var valuesById = {}, values = Object.create(valuesById); - values[valuesById[0] = "STYLE_UNSPECIFIED"] = 0; - values[valuesById[1] = "DECLARATIVE_FRIENDLY"] = 1; - return values; - })(); - - return ResourceDescriptor; + return Http; })(); - api.ResourceReference = (function() { + api.HttpRule = (function() { /** - * Properties of a ResourceReference. + * Properties of a HttpRule. * @memberof google.api - * @interface IResourceReference - * @property {string|null} [type] ResourceReference type - * @property {string|null} [childType] ResourceReference childType + * @interface IHttpRule + * @property {string|null} [selector] HttpRule selector + * @property {string|null} [get] HttpRule get + * @property {string|null} [put] HttpRule put + * @property {string|null} [post] HttpRule post + * @property {string|null} ["delete"] HttpRule delete + * @property {string|null} [patch] HttpRule patch + * @property {google.api.ICustomHttpPattern|null} [custom] HttpRule custom + * @property {string|null} [body] HttpRule body + * @property {string|null} [responseBody] HttpRule responseBody + * @property {Array.|null} [additionalBindings] HttpRule additionalBindings */ /** - * Constructs a new ResourceReference. + * Constructs a new HttpRule. * @memberof google.api - * @classdesc Represents a ResourceReference. - * @implements IResourceReference + * @classdesc Represents a HttpRule. + * @implements IHttpRule * @constructor - * @param {google.api.IResourceReference=} [properties] Properties to set + * @param {google.api.IHttpRule=} [properties] Properties to set */ - function ResourceReference(properties) { + function HttpRule(properties) { + this.additionalBindings = []; if (properties) for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i) if (properties[keys[i]] != null) @@ -15016,88 +17512,209 @@ } /** - * ResourceReference type. - * @member {string} type - * @memberof google.api.ResourceReference + * HttpRule selector. + * @member {string} selector + * @memberof google.api.HttpRule * @instance */ - ResourceReference.prototype.type = ""; + HttpRule.prototype.selector = ""; /** - * ResourceReference childType. - * @member {string} childType - * @memberof google.api.ResourceReference + * HttpRule get. + * @member {string|null|undefined} get + * @memberof google.api.HttpRule * @instance */ - ResourceReference.prototype.childType = ""; + HttpRule.prototype.get = null; /** - * Creates a new ResourceReference instance using the specified properties. + * HttpRule put. + * @member {string|null|undefined} put + * @memberof google.api.HttpRule + * @instance + */ + HttpRule.prototype.put = null; + + /** + * HttpRule post. + * @member {string|null|undefined} post + * @memberof google.api.HttpRule + * @instance + */ + HttpRule.prototype.post = null; + + /** + * HttpRule delete. + * @member {string|null|undefined} delete + * @memberof google.api.HttpRule + * @instance + */ + HttpRule.prototype["delete"] = null; + + /** + * HttpRule patch. + * @member {string|null|undefined} patch + * @memberof google.api.HttpRule + * @instance + */ + HttpRule.prototype.patch = null; + + /** + * HttpRule custom. + * @member {google.api.ICustomHttpPattern|null|undefined} custom + * @memberof google.api.HttpRule + * @instance + */ + HttpRule.prototype.custom = null; + + /** + * HttpRule body. + * @member {string} body + * @memberof google.api.HttpRule + * @instance + */ + HttpRule.prototype.body = ""; + + /** + * HttpRule responseBody. + * @member {string} responseBody + * @memberof google.api.HttpRule + * @instance + */ + HttpRule.prototype.responseBody = ""; + + /** + * HttpRule additionalBindings. + * @member {Array.} additionalBindings + * @memberof google.api.HttpRule + * @instance + */ + HttpRule.prototype.additionalBindings = $util.emptyArray; + + // OneOf field names bound to virtual getters and setters + var $oneOfFields; + + /** + * HttpRule pattern. + * @member {"get"|"put"|"post"|"delete"|"patch"|"custom"|undefined} pattern + * @memberof google.api.HttpRule + * @instance + */ + Object.defineProperty(HttpRule.prototype, "pattern", { + get: $util.oneOfGetter($oneOfFields = ["get", "put", "post", "delete", "patch", "custom"]), + set: $util.oneOfSetter($oneOfFields) + }); + + /** + * Creates a new HttpRule instance using the specified properties. * @function create - * @memberof google.api.ResourceReference + * @memberof google.api.HttpRule * @static - * @param {google.api.IResourceReference=} [properties] Properties to set - * @returns {google.api.ResourceReference} ResourceReference instance + * @param {google.api.IHttpRule=} [properties] Properties to set + * @returns {google.api.HttpRule} HttpRule instance */ - ResourceReference.create = function create(properties) { - return new ResourceReference(properties); + HttpRule.create = function create(properties) { + return new HttpRule(properties); }; /** - * Encodes the specified ResourceReference message. Does not implicitly {@link google.api.ResourceReference.verify|verify} messages. + * Encodes the specified HttpRule message. Does not implicitly {@link google.api.HttpRule.verify|verify} messages. * @function encode - * @memberof google.api.ResourceReference + * @memberof google.api.HttpRule * @static - * @param {google.api.IResourceReference} message ResourceReference message or plain object to encode + * @param {google.api.IHttpRule} message HttpRule message or plain object to encode * @param {$protobuf.Writer} [writer] Writer to encode to * @returns {$protobuf.Writer} Writer */ - ResourceReference.encode = function encode(message, writer) { + HttpRule.encode = function encode(message, writer) { if (!writer) writer = $Writer.create(); - if (message.type != null && Object.hasOwnProperty.call(message, "type")) - writer.uint32(/* id 1, wireType 2 =*/10).string(message.type); - if (message.childType != null && Object.hasOwnProperty.call(message, "childType")) - writer.uint32(/* id 2, wireType 2 =*/18).string(message.childType); + if (message.selector != null && Object.hasOwnProperty.call(message, "selector")) + writer.uint32(/* id 1, wireType 2 =*/10).string(message.selector); + if (message.get != null && Object.hasOwnProperty.call(message, "get")) + writer.uint32(/* id 2, wireType 2 =*/18).string(message.get); + if (message.put != null && Object.hasOwnProperty.call(message, "put")) + writer.uint32(/* id 3, wireType 2 =*/26).string(message.put); + if (message.post != null && Object.hasOwnProperty.call(message, "post")) + writer.uint32(/* id 4, wireType 2 =*/34).string(message.post); + if (message["delete"] != null && Object.hasOwnProperty.call(message, "delete")) + writer.uint32(/* id 5, wireType 2 =*/42).string(message["delete"]); + if (message.patch != null && Object.hasOwnProperty.call(message, "patch")) + writer.uint32(/* id 6, wireType 2 =*/50).string(message.patch); + if (message.body != null && Object.hasOwnProperty.call(message, "body")) + writer.uint32(/* id 7, wireType 2 =*/58).string(message.body); + if (message.custom != null && Object.hasOwnProperty.call(message, "custom")) + $root.google.api.CustomHttpPattern.encode(message.custom, writer.uint32(/* id 8, wireType 2 =*/66).fork()).ldelim(); + if (message.additionalBindings != null && message.additionalBindings.length) + for (var i = 0; i < message.additionalBindings.length; ++i) + $root.google.api.HttpRule.encode(message.additionalBindings[i], writer.uint32(/* id 11, wireType 2 =*/90).fork()).ldelim(); + if (message.responseBody != null && Object.hasOwnProperty.call(message, "responseBody")) + writer.uint32(/* id 12, wireType 2 =*/98).string(message.responseBody); return writer; }; /** - * Encodes the specified ResourceReference message, length delimited. Does not implicitly {@link google.api.ResourceReference.verify|verify} messages. + * Encodes the specified HttpRule message, length delimited. Does not implicitly {@link google.api.HttpRule.verify|verify} messages. * @function encodeDelimited - * @memberof google.api.ResourceReference + * @memberof google.api.HttpRule * @static - * @param {google.api.IResourceReference} message ResourceReference message or plain object to encode + * @param {google.api.IHttpRule} message HttpRule message or plain object to encode * @param {$protobuf.Writer} [writer] Writer to encode to * @returns {$protobuf.Writer} Writer */ - ResourceReference.encodeDelimited = function encodeDelimited(message, writer) { + HttpRule.encodeDelimited = function encodeDelimited(message, writer) { return this.encode(message, writer).ldelim(); }; /** - * Decodes a ResourceReference message from the specified reader or buffer. + * Decodes a HttpRule message from the specified reader or buffer. * @function decode - * @memberof google.api.ResourceReference + * @memberof google.api.HttpRule * @static * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from * @param {number} [length] Message length if known beforehand - * @returns {google.api.ResourceReference} ResourceReference + * @returns {google.api.HttpRule} HttpRule * @throws {Error} If the payload is not a reader or valid buffer * @throws {$protobuf.util.ProtocolError} If required fields are missing */ - ResourceReference.decode = function decode(reader, length) { + HttpRule.decode = function decode(reader, length) { if (!(reader instanceof $Reader)) reader = $Reader.create(reader); - var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.api.ResourceReference(); + var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.api.HttpRule(); while (reader.pos < end) { var tag = reader.uint32(); switch (tag >>> 3) { case 1: - message.type = reader.string(); + message.selector = reader.string(); + break; + case 2: + message.get = reader.string(); + break; + case 3: + message.put = reader.string(); + break; + case 4: + message.post = reader.string(); + break; + case 5: + message["delete"] = reader.string(); + break; + case 6: + message.patch = reader.string(); + break; + case 8: + message.custom = $root.google.api.CustomHttpPattern.decode(reader, reader.uint32()); + break; + case 7: + message.body = reader.string(); break; - case 2: - message.childType = reader.string(); + case 12: + message.responseBody = reader.string(); + break; + case 11: + if (!(message.additionalBindings && message.additionalBindings.length)) + message.additionalBindings = []; + message.additionalBindings.push($root.google.api.HttpRule.decode(reader, reader.uint32())); break; default: reader.skipType(tag & 7); @@ -15108,118 +17725,240 @@ }; /** - * Decodes a ResourceReference message from the specified reader or buffer, length delimited. + * Decodes a HttpRule message from the specified reader or buffer, length delimited. * @function decodeDelimited - * @memberof google.api.ResourceReference + * @memberof google.api.HttpRule * @static * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from - * @returns {google.api.ResourceReference} ResourceReference + * @returns {google.api.HttpRule} HttpRule * @throws {Error} If the payload is not a reader or valid buffer * @throws {$protobuf.util.ProtocolError} If required fields are missing */ - ResourceReference.decodeDelimited = function decodeDelimited(reader) { + HttpRule.decodeDelimited = function decodeDelimited(reader) { if (!(reader instanceof $Reader)) reader = new $Reader(reader); return this.decode(reader, reader.uint32()); }; /** - * Verifies a ResourceReference message. + * Verifies a HttpRule message. * @function verify - * @memberof google.api.ResourceReference + * @memberof google.api.HttpRule * @static * @param {Object.} message Plain object to verify * @returns {string|null} `null` if valid, otherwise the reason why it is not */ - ResourceReference.verify = function verify(message) { + HttpRule.verify = function verify(message) { if (typeof message !== "object" || message === null) return "object expected"; - if (message.type != null && message.hasOwnProperty("type")) - if (!$util.isString(message.type)) - return "type: string expected"; - if (message.childType != null && message.hasOwnProperty("childType")) - if (!$util.isString(message.childType)) - return "childType: string expected"; + var properties = {}; + if (message.selector != null && message.hasOwnProperty("selector")) + if (!$util.isString(message.selector)) + return "selector: string expected"; + if (message.get != null && message.hasOwnProperty("get")) { + properties.pattern = 1; + if (!$util.isString(message.get)) + return "get: string expected"; + } + if (message.put != null && message.hasOwnProperty("put")) { + if (properties.pattern === 1) + return "pattern: multiple values"; + properties.pattern = 1; + if (!$util.isString(message.put)) + return "put: string expected"; + } + if (message.post != null && message.hasOwnProperty("post")) { + if (properties.pattern === 1) + return "pattern: multiple values"; + properties.pattern = 1; + if (!$util.isString(message.post)) + return "post: string expected"; + } + if (message["delete"] != null && message.hasOwnProperty("delete")) { + if (properties.pattern === 1) + return "pattern: multiple values"; + properties.pattern = 1; + if (!$util.isString(message["delete"])) + return "delete: string expected"; + } + if (message.patch != null && message.hasOwnProperty("patch")) { + if (properties.pattern === 1) + return "pattern: multiple values"; + properties.pattern = 1; + if (!$util.isString(message.patch)) + return "patch: string expected"; + } + if (message.custom != null && message.hasOwnProperty("custom")) { + if (properties.pattern === 1) + return "pattern: multiple values"; + properties.pattern = 1; + { + var error = $root.google.api.CustomHttpPattern.verify(message.custom); + if (error) + return "custom." + error; + } + } + if (message.body != null && message.hasOwnProperty("body")) + if (!$util.isString(message.body)) + return "body: string expected"; + if (message.responseBody != null && message.hasOwnProperty("responseBody")) + if (!$util.isString(message.responseBody)) + return "responseBody: string expected"; + if (message.additionalBindings != null && message.hasOwnProperty("additionalBindings")) { + if (!Array.isArray(message.additionalBindings)) + return "additionalBindings: array expected"; + for (var i = 0; i < message.additionalBindings.length; ++i) { + var error = $root.google.api.HttpRule.verify(message.additionalBindings[i]); + if (error) + return "additionalBindings." + error; + } + } return null; }; /** - * Creates a ResourceReference message from a plain object. Also converts values to their respective internal types. + * Creates a HttpRule message from a plain object. Also converts values to their respective internal types. * @function fromObject - * @memberof google.api.ResourceReference + * @memberof google.api.HttpRule * @static * @param {Object.} object Plain object - * @returns {google.api.ResourceReference} ResourceReference + * @returns {google.api.HttpRule} HttpRule */ - ResourceReference.fromObject = function fromObject(object) { - if (object instanceof $root.google.api.ResourceReference) + HttpRule.fromObject = function fromObject(object) { + if (object instanceof $root.google.api.HttpRule) return object; - var message = new $root.google.api.ResourceReference(); - if (object.type != null) - message.type = String(object.type); - if (object.childType != null) - message.childType = String(object.childType); + var message = new $root.google.api.HttpRule(); + if (object.selector != null) + message.selector = String(object.selector); + if (object.get != null) + message.get = String(object.get); + if (object.put != null) + message.put = String(object.put); + if (object.post != null) + message.post = String(object.post); + if (object["delete"] != null) + message["delete"] = String(object["delete"]); + if (object.patch != null) + message.patch = String(object.patch); + if (object.custom != null) { + if (typeof object.custom !== "object") + throw TypeError(".google.api.HttpRule.custom: object expected"); + message.custom = $root.google.api.CustomHttpPattern.fromObject(object.custom); + } + if (object.body != null) + message.body = String(object.body); + if (object.responseBody != null) + message.responseBody = String(object.responseBody); + if (object.additionalBindings) { + if (!Array.isArray(object.additionalBindings)) + throw TypeError(".google.api.HttpRule.additionalBindings: array expected"); + message.additionalBindings = []; + for (var i = 0; i < object.additionalBindings.length; ++i) { + if (typeof object.additionalBindings[i] !== "object") + throw TypeError(".google.api.HttpRule.additionalBindings: object expected"); + message.additionalBindings[i] = $root.google.api.HttpRule.fromObject(object.additionalBindings[i]); + } + } return message; }; /** - * Creates a plain object from a ResourceReference message. Also converts values to other types if specified. + * Creates a plain object from a HttpRule message. Also converts values to other types if specified. * @function toObject - * @memberof google.api.ResourceReference + * @memberof google.api.HttpRule * @static - * @param {google.api.ResourceReference} message ResourceReference + * @param {google.api.HttpRule} message HttpRule * @param {$protobuf.IConversionOptions} [options] Conversion options * @returns {Object.} Plain object */ - ResourceReference.toObject = function toObject(message, options) { + HttpRule.toObject = function toObject(message, options) { if (!options) options = {}; var object = {}; + if (options.arrays || options.defaults) + object.additionalBindings = []; if (options.defaults) { - object.type = ""; - object.childType = ""; + object.selector = ""; + object.body = ""; + object.responseBody = ""; } - if (message.type != null && message.hasOwnProperty("type")) - object.type = message.type; - if (message.childType != null && message.hasOwnProperty("childType")) - object.childType = message.childType; + if (message.selector != null && message.hasOwnProperty("selector")) + object.selector = message.selector; + if (message.get != null && message.hasOwnProperty("get")) { + object.get = message.get; + if (options.oneofs) + object.pattern = "get"; + } + if (message.put != null && message.hasOwnProperty("put")) { + object.put = message.put; + if (options.oneofs) + object.pattern = "put"; + } + if (message.post != null && message.hasOwnProperty("post")) { + object.post = message.post; + if (options.oneofs) + object.pattern = "post"; + } + if (message["delete"] != null && message.hasOwnProperty("delete")) { + object["delete"] = message["delete"]; + if (options.oneofs) + object.pattern = "delete"; + } + if (message.patch != null && message.hasOwnProperty("patch")) { + object.patch = message.patch; + if (options.oneofs) + object.pattern = "patch"; + } + if (message.body != null && message.hasOwnProperty("body")) + object.body = message.body; + if (message.custom != null && message.hasOwnProperty("custom")) { + object.custom = $root.google.api.CustomHttpPattern.toObject(message.custom, options); + if (options.oneofs) + object.pattern = "custom"; + } + if (message.additionalBindings && message.additionalBindings.length) { + object.additionalBindings = []; + for (var j = 0; j < message.additionalBindings.length; ++j) + object.additionalBindings[j] = $root.google.api.HttpRule.toObject(message.additionalBindings[j], options); + } + if (message.responseBody != null && message.hasOwnProperty("responseBody")) + object.responseBody = message.responseBody; return object; }; /** - * Converts this ResourceReference to JSON. + * Converts this HttpRule to JSON. * @function toJSON - * @memberof google.api.ResourceReference + * @memberof google.api.HttpRule * @instance * @returns {Object.} JSON object */ - ResourceReference.prototype.toJSON = function toJSON() { + HttpRule.prototype.toJSON = function toJSON() { return this.constructor.toObject(this, $protobuf.util.toJSONOptions); }; - return ResourceReference; + return HttpRule; })(); - api.Http = (function() { + api.CustomHttpPattern = (function() { /** - * Properties of a Http. + * Properties of a CustomHttpPattern. * @memberof google.api - * @interface IHttp - * @property {Array.|null} [rules] Http rules - * @property {boolean|null} [fullyDecodeReservedExpansion] Http fullyDecodeReservedExpansion + * @interface ICustomHttpPattern + * @property {string|null} [kind] CustomHttpPattern kind + * @property {string|null} [path] CustomHttpPattern path */ /** - * Constructs a new Http. + * Constructs a new CustomHttpPattern. * @memberof google.api - * @classdesc Represents a Http. - * @implements IHttp + * @classdesc Represents a CustomHttpPattern. + * @implements ICustomHttpPattern * @constructor - * @param {google.api.IHttp=} [properties] Properties to set + * @param {google.api.ICustomHttpPattern=} [properties] Properties to set */ - function Http(properties) { - this.rules = []; + function CustomHttpPattern(properties) { if (properties) for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i) if (properties[keys[i]] != null) @@ -15227,91 +17966,88 @@ } /** - * Http rules. - * @member {Array.} rules - * @memberof google.api.Http + * CustomHttpPattern kind. + * @member {string} kind + * @memberof google.api.CustomHttpPattern * @instance */ - Http.prototype.rules = $util.emptyArray; + CustomHttpPattern.prototype.kind = ""; /** - * Http fullyDecodeReservedExpansion. - * @member {boolean} fullyDecodeReservedExpansion - * @memberof google.api.Http + * CustomHttpPattern path. + * @member {string} path + * @memberof google.api.CustomHttpPattern * @instance */ - Http.prototype.fullyDecodeReservedExpansion = false; + CustomHttpPattern.prototype.path = ""; /** - * Creates a new Http instance using the specified properties. + * Creates a new CustomHttpPattern instance using the specified properties. * @function create - * @memberof google.api.Http + * @memberof google.api.CustomHttpPattern * @static - * @param {google.api.IHttp=} [properties] Properties to set - * @returns {google.api.Http} Http instance + * @param {google.api.ICustomHttpPattern=} [properties] Properties to set + * @returns {google.api.CustomHttpPattern} CustomHttpPattern instance */ - Http.create = function create(properties) { - return new Http(properties); + CustomHttpPattern.create = function create(properties) { + return new CustomHttpPattern(properties); }; /** - * Encodes the specified Http message. Does not implicitly {@link google.api.Http.verify|verify} messages. + * Encodes the specified CustomHttpPattern message. Does not implicitly {@link google.api.CustomHttpPattern.verify|verify} messages. * @function encode - * @memberof google.api.Http + * @memberof google.api.CustomHttpPattern * @static - * @param {google.api.IHttp} message Http message or plain object to encode + * @param {google.api.ICustomHttpPattern} message CustomHttpPattern message or plain object to encode * @param {$protobuf.Writer} [writer] Writer to encode to * @returns {$protobuf.Writer} Writer */ - Http.encode = function encode(message, writer) { + CustomHttpPattern.encode = function encode(message, writer) { if (!writer) writer = $Writer.create(); - if (message.rules != null && message.rules.length) - for (var i = 0; i < message.rules.length; ++i) - $root.google.api.HttpRule.encode(message.rules[i], writer.uint32(/* id 1, wireType 2 =*/10).fork()).ldelim(); - if (message.fullyDecodeReservedExpansion != null && Object.hasOwnProperty.call(message, "fullyDecodeReservedExpansion")) - writer.uint32(/* id 2, wireType 0 =*/16).bool(message.fullyDecodeReservedExpansion); + if (message.kind != null && Object.hasOwnProperty.call(message, "kind")) + writer.uint32(/* id 1, wireType 2 =*/10).string(message.kind); + if (message.path != null && Object.hasOwnProperty.call(message, "path")) + writer.uint32(/* id 2, wireType 2 =*/18).string(message.path); return writer; }; /** - * Encodes the specified Http message, length delimited. Does not implicitly {@link google.api.Http.verify|verify} messages. + * Encodes the specified CustomHttpPattern message, length delimited. Does not implicitly {@link google.api.CustomHttpPattern.verify|verify} messages. * @function encodeDelimited - * @memberof google.api.Http + * @memberof google.api.CustomHttpPattern * @static - * @param {google.api.IHttp} message Http message or plain object to encode + * @param {google.api.ICustomHttpPattern} message CustomHttpPattern message or plain object to encode * @param {$protobuf.Writer} [writer] Writer to encode to * @returns {$protobuf.Writer} Writer */ - Http.encodeDelimited = function encodeDelimited(message, writer) { + CustomHttpPattern.encodeDelimited = function encodeDelimited(message, writer) { return this.encode(message, writer).ldelim(); }; /** - * Decodes a Http message from the specified reader or buffer. + * Decodes a CustomHttpPattern message from the specified reader or buffer. * @function decode - * @memberof google.api.Http + * @memberof google.api.CustomHttpPattern * @static * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from * @param {number} [length] Message length if known beforehand - * @returns {google.api.Http} Http + * @returns {google.api.CustomHttpPattern} CustomHttpPattern * @throws {Error} If the payload is not a reader or valid buffer * @throws {$protobuf.util.ProtocolError} If required fields are missing */ - Http.decode = function decode(reader, length) { + CustomHttpPattern.decode = function decode(reader, length) { if (!(reader instanceof $Reader)) reader = $Reader.create(reader); - var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.api.Http(); + var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.api.CustomHttpPattern(); while (reader.pos < end) { var tag = reader.uint32(); switch (tag >>> 3) { case 1: - if (!(message.rules && message.rules.length)) - message.rules = []; - message.rules.push($root.google.api.HttpRule.decode(reader, reader.uint32())); + message.kind = reader.string(); break; case 2: - message.fullyDecodeReservedExpansion = reader.bool(); + message.path = reader.string(); break; default: reader.skipType(tag & 7); @@ -15322,143 +18058,150 @@ }; /** - * Decodes a Http message from the specified reader or buffer, length delimited. + * Decodes a CustomHttpPattern message from the specified reader or buffer, length delimited. * @function decodeDelimited - * @memberof google.api.Http + * @memberof google.api.CustomHttpPattern * @static * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from - * @returns {google.api.Http} Http + * @returns {google.api.CustomHttpPattern} CustomHttpPattern * @throws {Error} If the payload is not a reader or valid buffer * @throws {$protobuf.util.ProtocolError} If required fields are missing */ - Http.decodeDelimited = function decodeDelimited(reader) { + CustomHttpPattern.decodeDelimited = function decodeDelimited(reader) { if (!(reader instanceof $Reader)) reader = new $Reader(reader); return this.decode(reader, reader.uint32()); }; /** - * Verifies a Http message. + * Verifies a CustomHttpPattern message. * @function verify - * @memberof google.api.Http + * @memberof google.api.CustomHttpPattern * @static * @param {Object.} message Plain object to verify * @returns {string|null} `null` if valid, otherwise the reason why it is not */ - Http.verify = function verify(message) { + CustomHttpPattern.verify = function verify(message) { if (typeof message !== "object" || message === null) return "object expected"; - if (message.rules != null && message.hasOwnProperty("rules")) { - if (!Array.isArray(message.rules)) - return "rules: array expected"; - for (var i = 0; i < message.rules.length; ++i) { - var error = $root.google.api.HttpRule.verify(message.rules[i]); - if (error) - return "rules." + error; - } - } - if (message.fullyDecodeReservedExpansion != null && message.hasOwnProperty("fullyDecodeReservedExpansion")) - if (typeof message.fullyDecodeReservedExpansion !== "boolean") - return "fullyDecodeReservedExpansion: boolean expected"; + if (message.kind != null && message.hasOwnProperty("kind")) + if (!$util.isString(message.kind)) + return "kind: string expected"; + if (message.path != null && message.hasOwnProperty("path")) + if (!$util.isString(message.path)) + return "path: string expected"; return null; }; /** - * Creates a Http message from a plain object. Also converts values to their respective internal types. + * Creates a CustomHttpPattern message from a plain object. Also converts values to their respective internal types. * @function fromObject - * @memberof google.api.Http + * @memberof google.api.CustomHttpPattern * @static * @param {Object.} object Plain object - * @returns {google.api.Http} Http + * @returns {google.api.CustomHttpPattern} CustomHttpPattern */ - Http.fromObject = function fromObject(object) { - if (object instanceof $root.google.api.Http) + CustomHttpPattern.fromObject = function fromObject(object) { + if (object instanceof $root.google.api.CustomHttpPattern) return object; - var message = new $root.google.api.Http(); - if (object.rules) { - if (!Array.isArray(object.rules)) - throw TypeError(".google.api.Http.rules: array expected"); - message.rules = []; - for (var i = 0; i < object.rules.length; ++i) { - if (typeof object.rules[i] !== "object") - throw TypeError(".google.api.Http.rules: object expected"); - message.rules[i] = $root.google.api.HttpRule.fromObject(object.rules[i]); - } - } - if (object.fullyDecodeReservedExpansion != null) - message.fullyDecodeReservedExpansion = Boolean(object.fullyDecodeReservedExpansion); + var message = new $root.google.api.CustomHttpPattern(); + if (object.kind != null) + message.kind = String(object.kind); + if (object.path != null) + message.path = String(object.path); return message; }; /** - * Creates a plain object from a Http message. Also converts values to other types if specified. + * Creates a plain object from a CustomHttpPattern message. Also converts values to other types if specified. * @function toObject - * @memberof google.api.Http + * @memberof google.api.CustomHttpPattern * @static - * @param {google.api.Http} message Http + * @param {google.api.CustomHttpPattern} message CustomHttpPattern * @param {$protobuf.IConversionOptions} [options] Conversion options * @returns {Object.} Plain object */ - Http.toObject = function toObject(message, options) { + CustomHttpPattern.toObject = function toObject(message, options) { if (!options) options = {}; var object = {}; - if (options.arrays || options.defaults) - object.rules = []; - if (options.defaults) - object.fullyDecodeReservedExpansion = false; - if (message.rules && message.rules.length) { - object.rules = []; - for (var j = 0; j < message.rules.length; ++j) - object.rules[j] = $root.google.api.HttpRule.toObject(message.rules[j], options); + if (options.defaults) { + object.kind = ""; + object.path = ""; } - if (message.fullyDecodeReservedExpansion != null && message.hasOwnProperty("fullyDecodeReservedExpansion")) - object.fullyDecodeReservedExpansion = message.fullyDecodeReservedExpansion; + if (message.kind != null && message.hasOwnProperty("kind")) + object.kind = message.kind; + if (message.path != null && message.hasOwnProperty("path")) + object.path = message.path; return object; }; /** - * Converts this Http to JSON. + * Converts this CustomHttpPattern to JSON. * @function toJSON - * @memberof google.api.Http + * @memberof google.api.CustomHttpPattern * @instance * @returns {Object.} JSON object */ - Http.prototype.toJSON = function toJSON() { + CustomHttpPattern.prototype.toJSON = function toJSON() { return this.constructor.toObject(this, $protobuf.util.toJSONOptions); }; - return Http; + return CustomHttpPattern; })(); - api.HttpRule = (function() { + /** + * FieldBehavior enum. + * @name google.api.FieldBehavior + * @enum {number} + * @property {number} FIELD_BEHAVIOR_UNSPECIFIED=0 FIELD_BEHAVIOR_UNSPECIFIED value + * @property {number} OPTIONAL=1 OPTIONAL value + * @property {number} REQUIRED=2 REQUIRED value + * @property {number} OUTPUT_ONLY=3 OUTPUT_ONLY value + * @property {number} INPUT_ONLY=4 INPUT_ONLY value + * @property {number} IMMUTABLE=5 IMMUTABLE value + * @property {number} UNORDERED_LIST=6 UNORDERED_LIST value + * @property {number} NON_EMPTY_DEFAULT=7 NON_EMPTY_DEFAULT value + */ + api.FieldBehavior = (function() { + var valuesById = {}, values = Object.create(valuesById); + values[valuesById[0] = "FIELD_BEHAVIOR_UNSPECIFIED"] = 0; + values[valuesById[1] = "OPTIONAL"] = 1; + values[valuesById[2] = "REQUIRED"] = 2; + values[valuesById[3] = "OUTPUT_ONLY"] = 3; + values[valuesById[4] = "INPUT_ONLY"] = 4; + values[valuesById[5] = "IMMUTABLE"] = 5; + values[valuesById[6] = "UNORDERED_LIST"] = 6; + values[valuesById[7] = "NON_EMPTY_DEFAULT"] = 7; + return values; + })(); + + api.ResourceDescriptor = (function() { /** - * Properties of a HttpRule. + * Properties of a ResourceDescriptor. * @memberof google.api - * @interface IHttpRule - * @property {string|null} [selector] HttpRule selector - * @property {string|null} [get] HttpRule get - * @property {string|null} [put] HttpRule put - * @property {string|null} [post] HttpRule post - * @property {string|null} ["delete"] HttpRule delete - * @property {string|null} [patch] HttpRule patch - * @property {google.api.ICustomHttpPattern|null} [custom] HttpRule custom - * @property {string|null} [body] HttpRule body - * @property {string|null} [responseBody] HttpRule responseBody - * @property {Array.|null} [additionalBindings] HttpRule additionalBindings + * @interface IResourceDescriptor + * @property {string|null} [type] ResourceDescriptor type + * @property {Array.|null} [pattern] ResourceDescriptor pattern + * @property {string|null} [nameField] ResourceDescriptor nameField + * @property {google.api.ResourceDescriptor.History|null} [history] ResourceDescriptor history + * @property {string|null} [plural] ResourceDescriptor plural + * @property {string|null} [singular] ResourceDescriptor singular + * @property {Array.|null} [style] ResourceDescriptor style */ /** - * Constructs a new HttpRule. + * Constructs a new ResourceDescriptor. * @memberof google.api - * @classdesc Represents a HttpRule. - * @implements IHttpRule + * @classdesc Represents a ResourceDescriptor. + * @implements IResourceDescriptor * @constructor - * @param {google.api.IHttpRule=} [properties] Properties to set + * @param {google.api.IResourceDescriptor=} [properties] Properties to set */ - function HttpRule(properties) { - this.additionalBindings = []; + function ResourceDescriptor(properties) { + this.pattern = []; + this.style = []; if (properties) for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i) if (properties[keys[i]] != null) @@ -15466,209 +18209,167 @@ } /** - * HttpRule selector. - * @member {string} selector - * @memberof google.api.HttpRule - * @instance - */ - HttpRule.prototype.selector = ""; - - /** - * HttpRule get. - * @member {string|null|undefined} get - * @memberof google.api.HttpRule - * @instance - */ - HttpRule.prototype.get = null; - - /** - * HttpRule put. - * @member {string|null|undefined} put - * @memberof google.api.HttpRule - * @instance - */ - HttpRule.prototype.put = null; - - /** - * HttpRule post. - * @member {string|null|undefined} post - * @memberof google.api.HttpRule - * @instance - */ - HttpRule.prototype.post = null; - - /** - * HttpRule delete. - * @member {string|null|undefined} delete - * @memberof google.api.HttpRule + * ResourceDescriptor type. + * @member {string} type + * @memberof google.api.ResourceDescriptor * @instance */ - HttpRule.prototype["delete"] = null; + ResourceDescriptor.prototype.type = ""; /** - * HttpRule patch. - * @member {string|null|undefined} patch - * @memberof google.api.HttpRule + * ResourceDescriptor pattern. + * @member {Array.} pattern + * @memberof google.api.ResourceDescriptor * @instance */ - HttpRule.prototype.patch = null; + ResourceDescriptor.prototype.pattern = $util.emptyArray; /** - * HttpRule custom. - * @member {google.api.ICustomHttpPattern|null|undefined} custom - * @memberof google.api.HttpRule + * ResourceDescriptor nameField. + * @member {string} nameField + * @memberof google.api.ResourceDescriptor * @instance */ - HttpRule.prototype.custom = null; + ResourceDescriptor.prototype.nameField = ""; - /** - * HttpRule body. - * @member {string} body - * @memberof google.api.HttpRule + /** + * ResourceDescriptor history. + * @member {google.api.ResourceDescriptor.History} history + * @memberof google.api.ResourceDescriptor * @instance */ - HttpRule.prototype.body = ""; + ResourceDescriptor.prototype.history = 0; /** - * HttpRule responseBody. - * @member {string} responseBody - * @memberof google.api.HttpRule + * ResourceDescriptor plural. + * @member {string} plural + * @memberof google.api.ResourceDescriptor * @instance */ - HttpRule.prototype.responseBody = ""; + ResourceDescriptor.prototype.plural = ""; /** - * HttpRule additionalBindings. - * @member {Array.} additionalBindings - * @memberof google.api.HttpRule + * ResourceDescriptor singular. + * @member {string} singular + * @memberof google.api.ResourceDescriptor * @instance */ - HttpRule.prototype.additionalBindings = $util.emptyArray; - - // OneOf field names bound to virtual getters and setters - var $oneOfFields; + ResourceDescriptor.prototype.singular = ""; /** - * HttpRule pattern. - * @member {"get"|"put"|"post"|"delete"|"patch"|"custom"|undefined} pattern - * @memberof google.api.HttpRule + * ResourceDescriptor style. + * @member {Array.} style + * @memberof google.api.ResourceDescriptor * @instance */ - Object.defineProperty(HttpRule.prototype, "pattern", { - get: $util.oneOfGetter($oneOfFields = ["get", "put", "post", "delete", "patch", "custom"]), - set: $util.oneOfSetter($oneOfFields) - }); + ResourceDescriptor.prototype.style = $util.emptyArray; /** - * Creates a new HttpRule instance using the specified properties. + * Creates a new ResourceDescriptor instance using the specified properties. * @function create - * @memberof google.api.HttpRule + * @memberof google.api.ResourceDescriptor * @static - * @param {google.api.IHttpRule=} [properties] Properties to set - * @returns {google.api.HttpRule} HttpRule instance + * @param {google.api.IResourceDescriptor=} [properties] Properties to set + * @returns {google.api.ResourceDescriptor} ResourceDescriptor instance */ - HttpRule.create = function create(properties) { - return new HttpRule(properties); + ResourceDescriptor.create = function create(properties) { + return new ResourceDescriptor(properties); }; /** - * Encodes the specified HttpRule message. Does not implicitly {@link google.api.HttpRule.verify|verify} messages. + * Encodes the specified ResourceDescriptor message. Does not implicitly {@link google.api.ResourceDescriptor.verify|verify} messages. * @function encode - * @memberof google.api.HttpRule + * @memberof google.api.ResourceDescriptor * @static - * @param {google.api.IHttpRule} message HttpRule message or plain object to encode + * @param {google.api.IResourceDescriptor} message ResourceDescriptor message or plain object to encode * @param {$protobuf.Writer} [writer] Writer to encode to * @returns {$protobuf.Writer} Writer */ - HttpRule.encode = function encode(message, writer) { + ResourceDescriptor.encode = function encode(message, writer) { if (!writer) writer = $Writer.create(); - if (message.selector != null && Object.hasOwnProperty.call(message, "selector")) - writer.uint32(/* id 1, wireType 2 =*/10).string(message.selector); - if (message.get != null && Object.hasOwnProperty.call(message, "get")) - writer.uint32(/* id 2, wireType 2 =*/18).string(message.get); - if (message.put != null && Object.hasOwnProperty.call(message, "put")) - writer.uint32(/* id 3, wireType 2 =*/26).string(message.put); - if (message.post != null && Object.hasOwnProperty.call(message, "post")) - writer.uint32(/* id 4, wireType 2 =*/34).string(message.post); - if (message["delete"] != null && Object.hasOwnProperty.call(message, "delete")) - writer.uint32(/* id 5, wireType 2 =*/42).string(message["delete"]); - if (message.patch != null && Object.hasOwnProperty.call(message, "patch")) - writer.uint32(/* id 6, wireType 2 =*/50).string(message.patch); - if (message.body != null && Object.hasOwnProperty.call(message, "body")) - writer.uint32(/* id 7, wireType 2 =*/58).string(message.body); - if (message.custom != null && Object.hasOwnProperty.call(message, "custom")) - $root.google.api.CustomHttpPattern.encode(message.custom, writer.uint32(/* id 8, wireType 2 =*/66).fork()).ldelim(); - if (message.additionalBindings != null && message.additionalBindings.length) - for (var i = 0; i < message.additionalBindings.length; ++i) - $root.google.api.HttpRule.encode(message.additionalBindings[i], writer.uint32(/* id 11, wireType 2 =*/90).fork()).ldelim(); - if (message.responseBody != null && Object.hasOwnProperty.call(message, "responseBody")) - writer.uint32(/* id 12, wireType 2 =*/98).string(message.responseBody); + if (message.type != null && Object.hasOwnProperty.call(message, "type")) + writer.uint32(/* id 1, wireType 2 =*/10).string(message.type); + if (message.pattern != null && message.pattern.length) + for (var i = 0; i < message.pattern.length; ++i) + writer.uint32(/* id 2, wireType 2 =*/18).string(message.pattern[i]); + if (message.nameField != null && Object.hasOwnProperty.call(message, "nameField")) + writer.uint32(/* id 3, wireType 2 =*/26).string(message.nameField); + if (message.history != null && Object.hasOwnProperty.call(message, "history")) + writer.uint32(/* id 4, wireType 0 =*/32).int32(message.history); + if (message.plural != null && Object.hasOwnProperty.call(message, "plural")) + writer.uint32(/* id 5, wireType 2 =*/42).string(message.plural); + if (message.singular != null && Object.hasOwnProperty.call(message, "singular")) + writer.uint32(/* id 6, wireType 2 =*/50).string(message.singular); + if (message.style != null && message.style.length) { + writer.uint32(/* id 10, wireType 2 =*/82).fork(); + for (var i = 0; i < message.style.length; ++i) + writer.int32(message.style[i]); + writer.ldelim(); + } return writer; }; /** - * Encodes the specified HttpRule message, length delimited. Does not implicitly {@link google.api.HttpRule.verify|verify} messages. + * Encodes the specified ResourceDescriptor message, length delimited. Does not implicitly {@link google.api.ResourceDescriptor.verify|verify} messages. * @function encodeDelimited - * @memberof google.api.HttpRule + * @memberof google.api.ResourceDescriptor * @static - * @param {google.api.IHttpRule} message HttpRule message or plain object to encode + * @param {google.api.IResourceDescriptor} message ResourceDescriptor message or plain object to encode * @param {$protobuf.Writer} [writer] Writer to encode to * @returns {$protobuf.Writer} Writer */ - HttpRule.encodeDelimited = function encodeDelimited(message, writer) { + ResourceDescriptor.encodeDelimited = function encodeDelimited(message, writer) { return this.encode(message, writer).ldelim(); }; /** - * Decodes a HttpRule message from the specified reader or buffer. + * Decodes a ResourceDescriptor message from the specified reader or buffer. * @function decode - * @memberof google.api.HttpRule + * @memberof google.api.ResourceDescriptor * @static * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from * @param {number} [length] Message length if known beforehand - * @returns {google.api.HttpRule} HttpRule + * @returns {google.api.ResourceDescriptor} ResourceDescriptor * @throws {Error} If the payload is not a reader or valid buffer * @throws {$protobuf.util.ProtocolError} If required fields are missing */ - HttpRule.decode = function decode(reader, length) { + ResourceDescriptor.decode = function decode(reader, length) { if (!(reader instanceof $Reader)) reader = $Reader.create(reader); - var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.api.HttpRule(); + var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.api.ResourceDescriptor(); while (reader.pos < end) { var tag = reader.uint32(); switch (tag >>> 3) { case 1: - message.selector = reader.string(); + message.type = reader.string(); break; case 2: - message.get = reader.string(); + if (!(message.pattern && message.pattern.length)) + message.pattern = []; + message.pattern.push(reader.string()); break; case 3: - message.put = reader.string(); + message.nameField = reader.string(); break; case 4: - message.post = reader.string(); + message.history = reader.int32(); break; case 5: - message["delete"] = reader.string(); + message.plural = reader.string(); break; case 6: - message.patch = reader.string(); - break; - case 8: - message.custom = $root.google.api.CustomHttpPattern.decode(reader, reader.uint32()); - break; - case 7: - message.body = reader.string(); - break; - case 12: - message.responseBody = reader.string(); + message.singular = reader.string(); break; - case 11: - if (!(message.additionalBindings && message.additionalBindings.length)) - message.additionalBindings = []; - message.additionalBindings.push($root.google.api.HttpRule.decode(reader, reader.uint32())); + case 10: + if (!(message.style && message.style.length)) + message.style = []; + if ((tag & 7) === 2) { + var end2 = reader.uint32() + reader.pos; + while (reader.pos < end2) + message.style.push(reader.int32()); + } else + message.style.push(reader.int32()); break; default: reader.skipType(tag & 7); @@ -15679,240 +18380,246 @@ }; /** - * Decodes a HttpRule message from the specified reader or buffer, length delimited. + * Decodes a ResourceDescriptor message from the specified reader or buffer, length delimited. * @function decodeDelimited - * @memberof google.api.HttpRule + * @memberof google.api.ResourceDescriptor * @static * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from - * @returns {google.api.HttpRule} HttpRule + * @returns {google.api.ResourceDescriptor} ResourceDescriptor * @throws {Error} If the payload is not a reader or valid buffer * @throws {$protobuf.util.ProtocolError} If required fields are missing */ - HttpRule.decodeDelimited = function decodeDelimited(reader) { + ResourceDescriptor.decodeDelimited = function decodeDelimited(reader) { if (!(reader instanceof $Reader)) reader = new $Reader(reader); return this.decode(reader, reader.uint32()); }; /** - * Verifies a HttpRule message. + * Verifies a ResourceDescriptor message. * @function verify - * @memberof google.api.HttpRule + * @memberof google.api.ResourceDescriptor * @static * @param {Object.} message Plain object to verify * @returns {string|null} `null` if valid, otherwise the reason why it is not */ - HttpRule.verify = function verify(message) { + ResourceDescriptor.verify = function verify(message) { if (typeof message !== "object" || message === null) return "object expected"; - var properties = {}; - if (message.selector != null && message.hasOwnProperty("selector")) - if (!$util.isString(message.selector)) - return "selector: string expected"; - if (message.get != null && message.hasOwnProperty("get")) { - properties.pattern = 1; - if (!$util.isString(message.get)) - return "get: string expected"; - } - if (message.put != null && message.hasOwnProperty("put")) { - if (properties.pattern === 1) - return "pattern: multiple values"; - properties.pattern = 1; - if (!$util.isString(message.put)) - return "put: string expected"; - } - if (message.post != null && message.hasOwnProperty("post")) { - if (properties.pattern === 1) - return "pattern: multiple values"; - properties.pattern = 1; - if (!$util.isString(message.post)) - return "post: string expected"; - } - if (message["delete"] != null && message.hasOwnProperty("delete")) { - if (properties.pattern === 1) - return "pattern: multiple values"; - properties.pattern = 1; - if (!$util.isString(message["delete"])) - return "delete: string expected"; - } - if (message.patch != null && message.hasOwnProperty("patch")) { - if (properties.pattern === 1) - return "pattern: multiple values"; - properties.pattern = 1; - if (!$util.isString(message.patch)) - return "patch: string expected"; - } - if (message.custom != null && message.hasOwnProperty("custom")) { - if (properties.pattern === 1) - return "pattern: multiple values"; - properties.pattern = 1; - { - var error = $root.google.api.CustomHttpPattern.verify(message.custom); - if (error) - return "custom." + error; - } + if (message.type != null && message.hasOwnProperty("type")) + if (!$util.isString(message.type)) + return "type: string expected"; + if (message.pattern != null && message.hasOwnProperty("pattern")) { + if (!Array.isArray(message.pattern)) + return "pattern: array expected"; + for (var i = 0; i < message.pattern.length; ++i) + if (!$util.isString(message.pattern[i])) + return "pattern: string[] expected"; } - if (message.body != null && message.hasOwnProperty("body")) - if (!$util.isString(message.body)) - return "body: string expected"; - if (message.responseBody != null && message.hasOwnProperty("responseBody")) - if (!$util.isString(message.responseBody)) - return "responseBody: string expected"; - if (message.additionalBindings != null && message.hasOwnProperty("additionalBindings")) { - if (!Array.isArray(message.additionalBindings)) - return "additionalBindings: array expected"; - for (var i = 0; i < message.additionalBindings.length; ++i) { - var error = $root.google.api.HttpRule.verify(message.additionalBindings[i]); - if (error) - return "additionalBindings." + error; + if (message.nameField != null && message.hasOwnProperty("nameField")) + if (!$util.isString(message.nameField)) + return "nameField: string expected"; + if (message.history != null && message.hasOwnProperty("history")) + switch (message.history) { + default: + return "history: enum value expected"; + case 0: + case 1: + case 2: + break; } + if (message.plural != null && message.hasOwnProperty("plural")) + if (!$util.isString(message.plural)) + return "plural: string expected"; + if (message.singular != null && message.hasOwnProperty("singular")) + if (!$util.isString(message.singular)) + return "singular: string expected"; + if (message.style != null && message.hasOwnProperty("style")) { + if (!Array.isArray(message.style)) + return "style: array expected"; + for (var i = 0; i < message.style.length; ++i) + switch (message.style[i]) { + default: + return "style: enum value[] expected"; + case 0: + case 1: + break; + } } return null; }; /** - * Creates a HttpRule message from a plain object. Also converts values to their respective internal types. + * Creates a ResourceDescriptor message from a plain object. Also converts values to their respective internal types. * @function fromObject - * @memberof google.api.HttpRule + * @memberof google.api.ResourceDescriptor * @static * @param {Object.} object Plain object - * @returns {google.api.HttpRule} HttpRule + * @returns {google.api.ResourceDescriptor} ResourceDescriptor */ - HttpRule.fromObject = function fromObject(object) { - if (object instanceof $root.google.api.HttpRule) + ResourceDescriptor.fromObject = function fromObject(object) { + if (object instanceof $root.google.api.ResourceDescriptor) return object; - var message = new $root.google.api.HttpRule(); - if (object.selector != null) - message.selector = String(object.selector); - if (object.get != null) - message.get = String(object.get); - if (object.put != null) - message.put = String(object.put); - if (object.post != null) - message.post = String(object.post); - if (object["delete"] != null) - message["delete"] = String(object["delete"]); - if (object.patch != null) - message.patch = String(object.patch); - if (object.custom != null) { - if (typeof object.custom !== "object") - throw TypeError(".google.api.HttpRule.custom: object expected"); - message.custom = $root.google.api.CustomHttpPattern.fromObject(object.custom); + var message = new $root.google.api.ResourceDescriptor(); + if (object.type != null) + message.type = String(object.type); + if (object.pattern) { + if (!Array.isArray(object.pattern)) + throw TypeError(".google.api.ResourceDescriptor.pattern: array expected"); + message.pattern = []; + for (var i = 0; i < object.pattern.length; ++i) + message.pattern[i] = String(object.pattern[i]); } - if (object.body != null) - message.body = String(object.body); - if (object.responseBody != null) - message.responseBody = String(object.responseBody); - if (object.additionalBindings) { - if (!Array.isArray(object.additionalBindings)) - throw TypeError(".google.api.HttpRule.additionalBindings: array expected"); - message.additionalBindings = []; - for (var i = 0; i < object.additionalBindings.length; ++i) { - if (typeof object.additionalBindings[i] !== "object") - throw TypeError(".google.api.HttpRule.additionalBindings: object expected"); - message.additionalBindings[i] = $root.google.api.HttpRule.fromObject(object.additionalBindings[i]); - } + if (object.nameField != null) + message.nameField = String(object.nameField); + switch (object.history) { + case "HISTORY_UNSPECIFIED": + case 0: + message.history = 0; + break; + case "ORIGINALLY_SINGLE_PATTERN": + case 1: + message.history = 1; + break; + case "FUTURE_MULTI_PATTERN": + case 2: + message.history = 2; + break; + } + if (object.plural != null) + message.plural = String(object.plural); + if (object.singular != null) + message.singular = String(object.singular); + if (object.style) { + if (!Array.isArray(object.style)) + throw TypeError(".google.api.ResourceDescriptor.style: array expected"); + message.style = []; + for (var i = 0; i < object.style.length; ++i) + switch (object.style[i]) { + default: + case "STYLE_UNSPECIFIED": + case 0: + message.style[i] = 0; + break; + case "DECLARATIVE_FRIENDLY": + case 1: + message.style[i] = 1; + break; + } } return message; }; /** - * Creates a plain object from a HttpRule message. Also converts values to other types if specified. + * Creates a plain object from a ResourceDescriptor message. Also converts values to other types if specified. * @function toObject - * @memberof google.api.HttpRule + * @memberof google.api.ResourceDescriptor * @static - * @param {google.api.HttpRule} message HttpRule + * @param {google.api.ResourceDescriptor} message ResourceDescriptor * @param {$protobuf.IConversionOptions} [options] Conversion options * @returns {Object.} Plain object */ - HttpRule.toObject = function toObject(message, options) { + ResourceDescriptor.toObject = function toObject(message, options) { if (!options) options = {}; var object = {}; - if (options.arrays || options.defaults) - object.additionalBindings = []; - if (options.defaults) { - object.selector = ""; - object.body = ""; - object.responseBody = ""; - } - if (message.selector != null && message.hasOwnProperty("selector")) - object.selector = message.selector; - if (message.get != null && message.hasOwnProperty("get")) { - object.get = message.get; - if (options.oneofs) - object.pattern = "get"; - } - if (message.put != null && message.hasOwnProperty("put")) { - object.put = message.put; - if (options.oneofs) - object.pattern = "put"; - } - if (message.post != null && message.hasOwnProperty("post")) { - object.post = message.post; - if (options.oneofs) - object.pattern = "post"; - } - if (message["delete"] != null && message.hasOwnProperty("delete")) { - object["delete"] = message["delete"]; - if (options.oneofs) - object.pattern = "delete"; + if (options.arrays || options.defaults) { + object.pattern = []; + object.style = []; } - if (message.patch != null && message.hasOwnProperty("patch")) { - object.patch = message.patch; - if (options.oneofs) - object.pattern = "patch"; + if (options.defaults) { + object.type = ""; + object.nameField = ""; + object.history = options.enums === String ? "HISTORY_UNSPECIFIED" : 0; + object.plural = ""; + object.singular = ""; } - if (message.body != null && message.hasOwnProperty("body")) - object.body = message.body; - if (message.custom != null && message.hasOwnProperty("custom")) { - object.custom = $root.google.api.CustomHttpPattern.toObject(message.custom, options); - if (options.oneofs) - object.pattern = "custom"; + if (message.type != null && message.hasOwnProperty("type")) + object.type = message.type; + if (message.pattern && message.pattern.length) { + object.pattern = []; + for (var j = 0; j < message.pattern.length; ++j) + object.pattern[j] = message.pattern[j]; } - if (message.additionalBindings && message.additionalBindings.length) { - object.additionalBindings = []; - for (var j = 0; j < message.additionalBindings.length; ++j) - object.additionalBindings[j] = $root.google.api.HttpRule.toObject(message.additionalBindings[j], options); + if (message.nameField != null && message.hasOwnProperty("nameField")) + object.nameField = message.nameField; + if (message.history != null && message.hasOwnProperty("history")) + object.history = options.enums === String ? $root.google.api.ResourceDescriptor.History[message.history] : message.history; + if (message.plural != null && message.hasOwnProperty("plural")) + object.plural = message.plural; + if (message.singular != null && message.hasOwnProperty("singular")) + object.singular = message.singular; + if (message.style && message.style.length) { + object.style = []; + for (var j = 0; j < message.style.length; ++j) + object.style[j] = options.enums === String ? $root.google.api.ResourceDescriptor.Style[message.style[j]] : message.style[j]; } - if (message.responseBody != null && message.hasOwnProperty("responseBody")) - object.responseBody = message.responseBody; return object; }; /** - * Converts this HttpRule to JSON. + * Converts this ResourceDescriptor to JSON. * @function toJSON - * @memberof google.api.HttpRule + * @memberof google.api.ResourceDescriptor * @instance * @returns {Object.} JSON object */ - HttpRule.prototype.toJSON = function toJSON() { + ResourceDescriptor.prototype.toJSON = function toJSON() { return this.constructor.toObject(this, $protobuf.util.toJSONOptions); }; - return HttpRule; + /** + * History enum. + * @name google.api.ResourceDescriptor.History + * @enum {number} + * @property {number} HISTORY_UNSPECIFIED=0 HISTORY_UNSPECIFIED value + * @property {number} ORIGINALLY_SINGLE_PATTERN=1 ORIGINALLY_SINGLE_PATTERN value + * @property {number} FUTURE_MULTI_PATTERN=2 FUTURE_MULTI_PATTERN value + */ + ResourceDescriptor.History = (function() { + var valuesById = {}, values = Object.create(valuesById); + values[valuesById[0] = "HISTORY_UNSPECIFIED"] = 0; + values[valuesById[1] = "ORIGINALLY_SINGLE_PATTERN"] = 1; + values[valuesById[2] = "FUTURE_MULTI_PATTERN"] = 2; + return values; + })(); + + /** + * Style enum. + * @name google.api.ResourceDescriptor.Style + * @enum {number} + * @property {number} STYLE_UNSPECIFIED=0 STYLE_UNSPECIFIED value + * @property {number} DECLARATIVE_FRIENDLY=1 DECLARATIVE_FRIENDLY value + */ + ResourceDescriptor.Style = (function() { + var valuesById = {}, values = Object.create(valuesById); + values[valuesById[0] = "STYLE_UNSPECIFIED"] = 0; + values[valuesById[1] = "DECLARATIVE_FRIENDLY"] = 1; + return values; + })(); + + return ResourceDescriptor; })(); - api.CustomHttpPattern = (function() { + api.ResourceReference = (function() { /** - * Properties of a CustomHttpPattern. + * Properties of a ResourceReference. * @memberof google.api - * @interface ICustomHttpPattern - * @property {string|null} [kind] CustomHttpPattern kind - * @property {string|null} [path] CustomHttpPattern path + * @interface IResourceReference + * @property {string|null} [type] ResourceReference type + * @property {string|null} [childType] ResourceReference childType */ /** - * Constructs a new CustomHttpPattern. + * Constructs a new ResourceReference. * @memberof google.api - * @classdesc Represents a CustomHttpPattern. - * @implements ICustomHttpPattern + * @classdesc Represents a ResourceReference. + * @implements IResourceReference * @constructor - * @param {google.api.ICustomHttpPattern=} [properties] Properties to set + * @param {google.api.IResourceReference=} [properties] Properties to set */ - function CustomHttpPattern(properties) { + function ResourceReference(properties) { if (properties) for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i) if (properties[keys[i]] != null) @@ -15920,88 +18627,88 @@ } /** - * CustomHttpPattern kind. - * @member {string} kind - * @memberof google.api.CustomHttpPattern + * ResourceReference type. + * @member {string} type + * @memberof google.api.ResourceReference * @instance */ - CustomHttpPattern.prototype.kind = ""; + ResourceReference.prototype.type = ""; /** - * CustomHttpPattern path. - * @member {string} path - * @memberof google.api.CustomHttpPattern + * ResourceReference childType. + * @member {string} childType + * @memberof google.api.ResourceReference * @instance */ - CustomHttpPattern.prototype.path = ""; + ResourceReference.prototype.childType = ""; /** - * Creates a new CustomHttpPattern instance using the specified properties. + * Creates a new ResourceReference instance using the specified properties. * @function create - * @memberof google.api.CustomHttpPattern + * @memberof google.api.ResourceReference * @static - * @param {google.api.ICustomHttpPattern=} [properties] Properties to set - * @returns {google.api.CustomHttpPattern} CustomHttpPattern instance + * @param {google.api.IResourceReference=} [properties] Properties to set + * @returns {google.api.ResourceReference} ResourceReference instance */ - CustomHttpPattern.create = function create(properties) { - return new CustomHttpPattern(properties); + ResourceReference.create = function create(properties) { + return new ResourceReference(properties); }; /** - * Encodes the specified CustomHttpPattern message. Does not implicitly {@link google.api.CustomHttpPattern.verify|verify} messages. + * Encodes the specified ResourceReference message. Does not implicitly {@link google.api.ResourceReference.verify|verify} messages. * @function encode - * @memberof google.api.CustomHttpPattern + * @memberof google.api.ResourceReference * @static - * @param {google.api.ICustomHttpPattern} message CustomHttpPattern message or plain object to encode + * @param {google.api.IResourceReference} message ResourceReference message or plain object to encode * @param {$protobuf.Writer} [writer] Writer to encode to * @returns {$protobuf.Writer} Writer */ - CustomHttpPattern.encode = function encode(message, writer) { + ResourceReference.encode = function encode(message, writer) { if (!writer) writer = $Writer.create(); - if (message.kind != null && Object.hasOwnProperty.call(message, "kind")) - writer.uint32(/* id 1, wireType 2 =*/10).string(message.kind); - if (message.path != null && Object.hasOwnProperty.call(message, "path")) - writer.uint32(/* id 2, wireType 2 =*/18).string(message.path); + if (message.type != null && Object.hasOwnProperty.call(message, "type")) + writer.uint32(/* id 1, wireType 2 =*/10).string(message.type); + if (message.childType != null && Object.hasOwnProperty.call(message, "childType")) + writer.uint32(/* id 2, wireType 2 =*/18).string(message.childType); return writer; }; /** - * Encodes the specified CustomHttpPattern message, length delimited. Does not implicitly {@link google.api.CustomHttpPattern.verify|verify} messages. + * Encodes the specified ResourceReference message, length delimited. Does not implicitly {@link google.api.ResourceReference.verify|verify} messages. * @function encodeDelimited - * @memberof google.api.CustomHttpPattern + * @memberof google.api.ResourceReference * @static - * @param {google.api.ICustomHttpPattern} message CustomHttpPattern message or plain object to encode + * @param {google.api.IResourceReference} message ResourceReference message or plain object to encode * @param {$protobuf.Writer} [writer] Writer to encode to * @returns {$protobuf.Writer} Writer */ - CustomHttpPattern.encodeDelimited = function encodeDelimited(message, writer) { + ResourceReference.encodeDelimited = function encodeDelimited(message, writer) { return this.encode(message, writer).ldelim(); }; /** - * Decodes a CustomHttpPattern message from the specified reader or buffer. + * Decodes a ResourceReference message from the specified reader or buffer. * @function decode - * @memberof google.api.CustomHttpPattern + * @memberof google.api.ResourceReference * @static * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from * @param {number} [length] Message length if known beforehand - * @returns {google.api.CustomHttpPattern} CustomHttpPattern + * @returns {google.api.ResourceReference} ResourceReference * @throws {Error} If the payload is not a reader or valid buffer * @throws {$protobuf.util.ProtocolError} If required fields are missing */ - CustomHttpPattern.decode = function decode(reader, length) { + ResourceReference.decode = function decode(reader, length) { if (!(reader instanceof $Reader)) reader = $Reader.create(reader); - var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.api.CustomHttpPattern(); + var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.api.ResourceReference(); while (reader.pos < end) { var tag = reader.uint32(); switch (tag >>> 3) { case 1: - message.kind = reader.string(); + message.type = reader.string(); break; case 2: - message.path = reader.string(); + message.childType = reader.string(); break; default: reader.skipType(tag & 7); @@ -16012,96 +18719,96 @@ }; /** - * Decodes a CustomHttpPattern message from the specified reader or buffer, length delimited. + * Decodes a ResourceReference message from the specified reader or buffer, length delimited. * @function decodeDelimited - * @memberof google.api.CustomHttpPattern + * @memberof google.api.ResourceReference * @static * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from - * @returns {google.api.CustomHttpPattern} CustomHttpPattern + * @returns {google.api.ResourceReference} ResourceReference * @throws {Error} If the payload is not a reader or valid buffer * @throws {$protobuf.util.ProtocolError} If required fields are missing */ - CustomHttpPattern.decodeDelimited = function decodeDelimited(reader) { + ResourceReference.decodeDelimited = function decodeDelimited(reader) { if (!(reader instanceof $Reader)) reader = new $Reader(reader); return this.decode(reader, reader.uint32()); }; /** - * Verifies a CustomHttpPattern message. + * Verifies a ResourceReference message. * @function verify - * @memberof google.api.CustomHttpPattern + * @memberof google.api.ResourceReference * @static * @param {Object.} message Plain object to verify * @returns {string|null} `null` if valid, otherwise the reason why it is not */ - CustomHttpPattern.verify = function verify(message) { + ResourceReference.verify = function verify(message) { if (typeof message !== "object" || message === null) return "object expected"; - if (message.kind != null && message.hasOwnProperty("kind")) - if (!$util.isString(message.kind)) - return "kind: string expected"; - if (message.path != null && message.hasOwnProperty("path")) - if (!$util.isString(message.path)) - return "path: string expected"; + if (message.type != null && message.hasOwnProperty("type")) + if (!$util.isString(message.type)) + return "type: string expected"; + if (message.childType != null && message.hasOwnProperty("childType")) + if (!$util.isString(message.childType)) + return "childType: string expected"; return null; }; /** - * Creates a CustomHttpPattern message from a plain object. Also converts values to their respective internal types. + * Creates a ResourceReference message from a plain object. Also converts values to their respective internal types. * @function fromObject - * @memberof google.api.CustomHttpPattern + * @memberof google.api.ResourceReference * @static * @param {Object.} object Plain object - * @returns {google.api.CustomHttpPattern} CustomHttpPattern + * @returns {google.api.ResourceReference} ResourceReference */ - CustomHttpPattern.fromObject = function fromObject(object) { - if (object instanceof $root.google.api.CustomHttpPattern) + ResourceReference.fromObject = function fromObject(object) { + if (object instanceof $root.google.api.ResourceReference) return object; - var message = new $root.google.api.CustomHttpPattern(); - if (object.kind != null) - message.kind = String(object.kind); - if (object.path != null) - message.path = String(object.path); + var message = new $root.google.api.ResourceReference(); + if (object.type != null) + message.type = String(object.type); + if (object.childType != null) + message.childType = String(object.childType); return message; }; /** - * Creates a plain object from a CustomHttpPattern message. Also converts values to other types if specified. + * Creates a plain object from a ResourceReference message. Also converts values to other types if specified. * @function toObject - * @memberof google.api.CustomHttpPattern + * @memberof google.api.ResourceReference * @static - * @param {google.api.CustomHttpPattern} message CustomHttpPattern + * @param {google.api.ResourceReference} message ResourceReference * @param {$protobuf.IConversionOptions} [options] Conversion options * @returns {Object.} Plain object */ - CustomHttpPattern.toObject = function toObject(message, options) { + ResourceReference.toObject = function toObject(message, options) { if (!options) options = {}; var object = {}; if (options.defaults) { - object.kind = ""; - object.path = ""; + object.type = ""; + object.childType = ""; } - if (message.kind != null && message.hasOwnProperty("kind")) - object.kind = message.kind; - if (message.path != null && message.hasOwnProperty("path")) - object.path = message.path; + if (message.type != null && message.hasOwnProperty("type")) + object.type = message.type; + if (message.childType != null && message.hasOwnProperty("childType")) + object.childType = message.childType; return object; }; /** - * Converts this CustomHttpPattern to JSON. + * Converts this ResourceReference to JSON. * @function toJSON - * @memberof google.api.CustomHttpPattern + * @memberof google.api.ResourceReference * @instance * @returns {Object.} JSON object */ - CustomHttpPattern.prototype.toJSON = function toJSON() { + ResourceReference.prototype.toJSON = function toJSON() { return this.constructor.toObject(this, $protobuf.util.toJSONOptions); }; - return CustomHttpPattern; + return ResourceReference; })(); return api; @@ -24782,44 +27489,247 @@ if (message.end != null && message.hasOwnProperty("end")) object.end = message.end; return object; - }; + }; + + /** + * Converts this Annotation to JSON. + * @function toJSON + * @memberof google.protobuf.GeneratedCodeInfo.Annotation + * @instance + * @returns {Object.} JSON object + */ + Annotation.prototype.toJSON = function toJSON() { + return this.constructor.toObject(this, $protobuf.util.toJSONOptions); + }; + + return Annotation; + })(); + + return GeneratedCodeInfo; + })(); + + protobuf.FieldMask = (function() { + + /** + * Properties of a FieldMask. + * @memberof google.protobuf + * @interface IFieldMask + * @property {Array.|null} [paths] FieldMask paths + */ + + /** + * Constructs a new FieldMask. + * @memberof google.protobuf + * @classdesc Represents a FieldMask. + * @implements IFieldMask + * @constructor + * @param {google.protobuf.IFieldMask=} [properties] Properties to set + */ + function FieldMask(properties) { + this.paths = []; + if (properties) + for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i) + if (properties[keys[i]] != null) + this[keys[i]] = properties[keys[i]]; + } + + /** + * FieldMask paths. + * @member {Array.} paths + * @memberof google.protobuf.FieldMask + * @instance + */ + FieldMask.prototype.paths = $util.emptyArray; + + /** + * Creates a new FieldMask instance using the specified properties. + * @function create + * @memberof google.protobuf.FieldMask + * @static + * @param {google.protobuf.IFieldMask=} [properties] Properties to set + * @returns {google.protobuf.FieldMask} FieldMask instance + */ + FieldMask.create = function create(properties) { + return new FieldMask(properties); + }; + + /** + * Encodes the specified FieldMask message. Does not implicitly {@link google.protobuf.FieldMask.verify|verify} messages. + * @function encode + * @memberof google.protobuf.FieldMask + * @static + * @param {google.protobuf.IFieldMask} message FieldMask message or plain object to encode + * @param {$protobuf.Writer} [writer] Writer to encode to + * @returns {$protobuf.Writer} Writer + */ + FieldMask.encode = function encode(message, writer) { + if (!writer) + writer = $Writer.create(); + if (message.paths != null && message.paths.length) + for (var i = 0; i < message.paths.length; ++i) + writer.uint32(/* id 1, wireType 2 =*/10).string(message.paths[i]); + return writer; + }; + + /** + * Encodes the specified FieldMask message, length delimited. Does not implicitly {@link google.protobuf.FieldMask.verify|verify} messages. + * @function encodeDelimited + * @memberof google.protobuf.FieldMask + * @static + * @param {google.protobuf.IFieldMask} message FieldMask message or plain object to encode + * @param {$protobuf.Writer} [writer] Writer to encode to + * @returns {$protobuf.Writer} Writer + */ + FieldMask.encodeDelimited = function encodeDelimited(message, writer) { + return this.encode(message, writer).ldelim(); + }; + + /** + * Decodes a FieldMask message from the specified reader or buffer. + * @function decode + * @memberof google.protobuf.FieldMask + * @static + * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from + * @param {number} [length] Message length if known beforehand + * @returns {google.protobuf.FieldMask} FieldMask + * @throws {Error} If the payload is not a reader or valid buffer + * @throws {$protobuf.util.ProtocolError} If required fields are missing + */ + FieldMask.decode = function decode(reader, length) { + if (!(reader instanceof $Reader)) + reader = $Reader.create(reader); + var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.protobuf.FieldMask(); + while (reader.pos < end) { + var tag = reader.uint32(); + switch (tag >>> 3) { + case 1: + if (!(message.paths && message.paths.length)) + message.paths = []; + message.paths.push(reader.string()); + break; + default: + reader.skipType(tag & 7); + break; + } + } + return message; + }; + + /** + * Decodes a FieldMask message from the specified reader or buffer, length delimited. + * @function decodeDelimited + * @memberof google.protobuf.FieldMask + * @static + * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from + * @returns {google.protobuf.FieldMask} FieldMask + * @throws {Error} If the payload is not a reader or valid buffer + * @throws {$protobuf.util.ProtocolError} If required fields are missing + */ + FieldMask.decodeDelimited = function decodeDelimited(reader) { + if (!(reader instanceof $Reader)) + reader = new $Reader(reader); + return this.decode(reader, reader.uint32()); + }; + + /** + * Verifies a FieldMask message. + * @function verify + * @memberof google.protobuf.FieldMask + * @static + * @param {Object.} message Plain object to verify + * @returns {string|null} `null` if valid, otherwise the reason why it is not + */ + FieldMask.verify = function verify(message) { + if (typeof message !== "object" || message === null) + return "object expected"; + if (message.paths != null && message.hasOwnProperty("paths")) { + if (!Array.isArray(message.paths)) + return "paths: array expected"; + for (var i = 0; i < message.paths.length; ++i) + if (!$util.isString(message.paths[i])) + return "paths: string[] expected"; + } + return null; + }; + + /** + * Creates a FieldMask message from a plain object. Also converts values to their respective internal types. + * @function fromObject + * @memberof google.protobuf.FieldMask + * @static + * @param {Object.} object Plain object + * @returns {google.protobuf.FieldMask} FieldMask + */ + FieldMask.fromObject = function fromObject(object) { + if (object instanceof $root.google.protobuf.FieldMask) + return object; + var message = new $root.google.protobuf.FieldMask(); + if (object.paths) { + if (!Array.isArray(object.paths)) + throw TypeError(".google.protobuf.FieldMask.paths: array expected"); + message.paths = []; + for (var i = 0; i < object.paths.length; ++i) + message.paths[i] = String(object.paths[i]); + } + return message; + }; - /** - * Converts this Annotation to JSON. - * @function toJSON - * @memberof google.protobuf.GeneratedCodeInfo.Annotation - * @instance - * @returns {Object.} JSON object - */ - Annotation.prototype.toJSON = function toJSON() { - return this.constructor.toObject(this, $protobuf.util.toJSONOptions); - }; + /** + * Creates a plain object from a FieldMask message. Also converts values to other types if specified. + * @function toObject + * @memberof google.protobuf.FieldMask + * @static + * @param {google.protobuf.FieldMask} message FieldMask + * @param {$protobuf.IConversionOptions} [options] Conversion options + * @returns {Object.} Plain object + */ + FieldMask.toObject = function toObject(message, options) { + if (!options) + options = {}; + var object = {}; + if (options.arrays || options.defaults) + object.paths = []; + if (message.paths && message.paths.length) { + object.paths = []; + for (var j = 0; j < message.paths.length; ++j) + object.paths[j] = message.paths[j]; + } + return object; + }; - return Annotation; - })(); + /** + * Converts this FieldMask to JSON. + * @function toJSON + * @memberof google.protobuf.FieldMask + * @instance + * @returns {Object.} JSON object + */ + FieldMask.prototype.toJSON = function toJSON() { + return this.constructor.toObject(this, $protobuf.util.toJSONOptions); + }; - return GeneratedCodeInfo; + return FieldMask; })(); - protobuf.Duration = (function() { + protobuf.Timestamp = (function() { /** - * Properties of a Duration. + * Properties of a Timestamp. * @memberof google.protobuf - * @interface IDuration - * @property {number|Long|null} [seconds] Duration seconds - * @property {number|null} [nanos] Duration nanos + * @interface ITimestamp + * @property {number|Long|null} [seconds] Timestamp seconds + * @property {number|null} [nanos] Timestamp nanos */ /** - * Constructs a new Duration. + * Constructs a new Timestamp. * @memberof google.protobuf - * @classdesc Represents a Duration. - * @implements IDuration + * @classdesc Represents a Timestamp. + * @implements ITimestamp * @constructor - * @param {google.protobuf.IDuration=} [properties] Properties to set + * @param {google.protobuf.ITimestamp=} [properties] Properties to set */ - function Duration(properties) { + function Timestamp(properties) { if (properties) for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i) if (properties[keys[i]] != null) @@ -24827,43 +27737,43 @@ } /** - * Duration seconds. + * Timestamp seconds. * @member {number|Long} seconds - * @memberof google.protobuf.Duration + * @memberof google.protobuf.Timestamp * @instance */ - Duration.prototype.seconds = $util.Long ? $util.Long.fromBits(0,0,false) : 0; + Timestamp.prototype.seconds = $util.Long ? $util.Long.fromBits(0,0,false) : 0; /** - * Duration nanos. + * Timestamp nanos. * @member {number} nanos - * @memberof google.protobuf.Duration + * @memberof google.protobuf.Timestamp * @instance */ - Duration.prototype.nanos = 0; + Timestamp.prototype.nanos = 0; /** - * Creates a new Duration instance using the specified properties. + * Creates a new Timestamp instance using the specified properties. * @function create - * @memberof google.protobuf.Duration + * @memberof google.protobuf.Timestamp * @static - * @param {google.protobuf.IDuration=} [properties] Properties to set - * @returns {google.protobuf.Duration} Duration instance + * @param {google.protobuf.ITimestamp=} [properties] Properties to set + * @returns {google.protobuf.Timestamp} Timestamp instance */ - Duration.create = function create(properties) { - return new Duration(properties); + Timestamp.create = function create(properties) { + return new Timestamp(properties); }; /** - * Encodes the specified Duration message. Does not implicitly {@link google.protobuf.Duration.verify|verify} messages. + * Encodes the specified Timestamp message. Does not implicitly {@link google.protobuf.Timestamp.verify|verify} messages. * @function encode - * @memberof google.protobuf.Duration + * @memberof google.protobuf.Timestamp * @static - * @param {google.protobuf.IDuration} message Duration message or plain object to encode + * @param {google.protobuf.ITimestamp} message Timestamp message or plain object to encode * @param {$protobuf.Writer} [writer] Writer to encode to * @returns {$protobuf.Writer} Writer */ - Duration.encode = function encode(message, writer) { + Timestamp.encode = function encode(message, writer) { if (!writer) writer = $Writer.create(); if (message.seconds != null && Object.hasOwnProperty.call(message, "seconds")) @@ -24874,33 +27784,33 @@ }; /** - * Encodes the specified Duration message, length delimited. Does not implicitly {@link google.protobuf.Duration.verify|verify} messages. + * Encodes the specified Timestamp message, length delimited. Does not implicitly {@link google.protobuf.Timestamp.verify|verify} messages. * @function encodeDelimited - * @memberof google.protobuf.Duration + * @memberof google.protobuf.Timestamp * @static - * @param {google.protobuf.IDuration} message Duration message or plain object to encode + * @param {google.protobuf.ITimestamp} message Timestamp message or plain object to encode * @param {$protobuf.Writer} [writer] Writer to encode to * @returns {$protobuf.Writer} Writer */ - Duration.encodeDelimited = function encodeDelimited(message, writer) { + Timestamp.encodeDelimited = function encodeDelimited(message, writer) { return this.encode(message, writer).ldelim(); }; /** - * Decodes a Duration message from the specified reader or buffer. + * Decodes a Timestamp message from the specified reader or buffer. * @function decode - * @memberof google.protobuf.Duration + * @memberof google.protobuf.Timestamp * @static * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from * @param {number} [length] Message length if known beforehand - * @returns {google.protobuf.Duration} Duration + * @returns {google.protobuf.Timestamp} Timestamp * @throws {Error} If the payload is not a reader or valid buffer * @throws {$protobuf.util.ProtocolError} If required fields are missing */ - Duration.decode = function decode(reader, length) { + Timestamp.decode = function decode(reader, length) { if (!(reader instanceof $Reader)) reader = $Reader.create(reader); - var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.protobuf.Duration(); + var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.protobuf.Timestamp(); while (reader.pos < end) { var tag = reader.uint32(); switch (tag >>> 3) { @@ -24919,30 +27829,30 @@ }; /** - * Decodes a Duration message from the specified reader or buffer, length delimited. + * Decodes a Timestamp message from the specified reader or buffer, length delimited. * @function decodeDelimited - * @memberof google.protobuf.Duration + * @memberof google.protobuf.Timestamp * @static * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from - * @returns {google.protobuf.Duration} Duration + * @returns {google.protobuf.Timestamp} Timestamp * @throws {Error} If the payload is not a reader or valid buffer * @throws {$protobuf.util.ProtocolError} If required fields are missing */ - Duration.decodeDelimited = function decodeDelimited(reader) { + Timestamp.decodeDelimited = function decodeDelimited(reader) { if (!(reader instanceof $Reader)) reader = new $Reader(reader); return this.decode(reader, reader.uint32()); }; /** - * Verifies a Duration message. + * Verifies a Timestamp message. * @function verify - * @memberof google.protobuf.Duration + * @memberof google.protobuf.Timestamp * @static * @param {Object.} message Plain object to verify * @returns {string|null} `null` if valid, otherwise the reason why it is not */ - Duration.verify = function verify(message) { + Timestamp.verify = function verify(message) { if (typeof message !== "object" || message === null) return "object expected"; if (message.seconds != null && message.hasOwnProperty("seconds")) @@ -24955,17 +27865,17 @@ }; /** - * Creates a Duration message from a plain object. Also converts values to their respective internal types. + * Creates a Timestamp message from a plain object. Also converts values to their respective internal types. * @function fromObject - * @memberof google.protobuf.Duration + * @memberof google.protobuf.Timestamp * @static * @param {Object.} object Plain object - * @returns {google.protobuf.Duration} Duration + * @returns {google.protobuf.Timestamp} Timestamp */ - Duration.fromObject = function fromObject(object) { - if (object instanceof $root.google.protobuf.Duration) + Timestamp.fromObject = function fromObject(object) { + if (object instanceof $root.google.protobuf.Timestamp) return object; - var message = new $root.google.protobuf.Duration(); + var message = new $root.google.protobuf.Timestamp(); if (object.seconds != null) if ($util.Long) (message.seconds = $util.Long.fromValue(object.seconds)).unsigned = false; @@ -24981,15 +27891,15 @@ }; /** - * Creates a plain object from a Duration message. Also converts values to other types if specified. + * Creates a plain object from a Timestamp message. Also converts values to other types if specified. * @function toObject - * @memberof google.protobuf.Duration + * @memberof google.protobuf.Timestamp * @static - * @param {google.protobuf.Duration} message Duration + * @param {google.protobuf.Timestamp} message Timestamp * @param {$protobuf.IConversionOptions} [options] Conversion options * @returns {Object.} Plain object */ - Duration.toObject = function toObject(message, options) { + Timestamp.toObject = function toObject(message, options) { if (!options) options = {}; var object = {}; @@ -25012,38 +27922,38 @@ }; /** - * Converts this Duration to JSON. + * Converts this Timestamp to JSON. * @function toJSON - * @memberof google.protobuf.Duration + * @memberof google.protobuf.Timestamp * @instance * @returns {Object.} JSON object */ - Duration.prototype.toJSON = function toJSON() { + Timestamp.prototype.toJSON = function toJSON() { return this.constructor.toObject(this, $protobuf.util.toJSONOptions); }; - return Duration; + return Timestamp; })(); - protobuf.Timestamp = (function() { + protobuf.Duration = (function() { /** - * Properties of a Timestamp. + * Properties of a Duration. * @memberof google.protobuf - * @interface ITimestamp - * @property {number|Long|null} [seconds] Timestamp seconds - * @property {number|null} [nanos] Timestamp nanos + * @interface IDuration + * @property {number|Long|null} [seconds] Duration seconds + * @property {number|null} [nanos] Duration nanos */ /** - * Constructs a new Timestamp. + * Constructs a new Duration. * @memberof google.protobuf - * @classdesc Represents a Timestamp. - * @implements ITimestamp + * @classdesc Represents a Duration. + * @implements IDuration * @constructor - * @param {google.protobuf.ITimestamp=} [properties] Properties to set + * @param {google.protobuf.IDuration=} [properties] Properties to set */ - function Timestamp(properties) { + function Duration(properties) { if (properties) for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i) if (properties[keys[i]] != null) @@ -25051,43 +27961,43 @@ } /** - * Timestamp seconds. + * Duration seconds. * @member {number|Long} seconds - * @memberof google.protobuf.Timestamp + * @memberof google.protobuf.Duration * @instance */ - Timestamp.prototype.seconds = $util.Long ? $util.Long.fromBits(0,0,false) : 0; + Duration.prototype.seconds = $util.Long ? $util.Long.fromBits(0,0,false) : 0; /** - * Timestamp nanos. + * Duration nanos. * @member {number} nanos - * @memberof google.protobuf.Timestamp + * @memberof google.protobuf.Duration * @instance */ - Timestamp.prototype.nanos = 0; + Duration.prototype.nanos = 0; /** - * Creates a new Timestamp instance using the specified properties. + * Creates a new Duration instance using the specified properties. * @function create - * @memberof google.protobuf.Timestamp + * @memberof google.protobuf.Duration * @static - * @param {google.protobuf.ITimestamp=} [properties] Properties to set - * @returns {google.protobuf.Timestamp} Timestamp instance + * @param {google.protobuf.IDuration=} [properties] Properties to set + * @returns {google.protobuf.Duration} Duration instance */ - Timestamp.create = function create(properties) { - return new Timestamp(properties); + Duration.create = function create(properties) { + return new Duration(properties); }; /** - * Encodes the specified Timestamp message. Does not implicitly {@link google.protobuf.Timestamp.verify|verify} messages. + * Encodes the specified Duration message. Does not implicitly {@link google.protobuf.Duration.verify|verify} messages. * @function encode - * @memberof google.protobuf.Timestamp + * @memberof google.protobuf.Duration * @static - * @param {google.protobuf.ITimestamp} message Timestamp message or plain object to encode + * @param {google.protobuf.IDuration} message Duration message or plain object to encode * @param {$protobuf.Writer} [writer] Writer to encode to * @returns {$protobuf.Writer} Writer */ - Timestamp.encode = function encode(message, writer) { + Duration.encode = function encode(message, writer) { if (!writer) writer = $Writer.create(); if (message.seconds != null && Object.hasOwnProperty.call(message, "seconds")) @@ -25098,33 +28008,33 @@ }; /** - * Encodes the specified Timestamp message, length delimited. Does not implicitly {@link google.protobuf.Timestamp.verify|verify} messages. + * Encodes the specified Duration message, length delimited. Does not implicitly {@link google.protobuf.Duration.verify|verify} messages. * @function encodeDelimited - * @memberof google.protobuf.Timestamp + * @memberof google.protobuf.Duration * @static - * @param {google.protobuf.ITimestamp} message Timestamp message or plain object to encode + * @param {google.protobuf.IDuration} message Duration message or plain object to encode * @param {$protobuf.Writer} [writer] Writer to encode to * @returns {$protobuf.Writer} Writer */ - Timestamp.encodeDelimited = function encodeDelimited(message, writer) { + Duration.encodeDelimited = function encodeDelimited(message, writer) { return this.encode(message, writer).ldelim(); }; /** - * Decodes a Timestamp message from the specified reader or buffer. + * Decodes a Duration message from the specified reader or buffer. * @function decode - * @memberof google.protobuf.Timestamp + * @memberof google.protobuf.Duration * @static * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from * @param {number} [length] Message length if known beforehand - * @returns {google.protobuf.Timestamp} Timestamp + * @returns {google.protobuf.Duration} Duration * @throws {Error} If the payload is not a reader or valid buffer * @throws {$protobuf.util.ProtocolError} If required fields are missing */ - Timestamp.decode = function decode(reader, length) { + Duration.decode = function decode(reader, length) { if (!(reader instanceof $Reader)) reader = $Reader.create(reader); - var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.protobuf.Timestamp(); + var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.protobuf.Duration(); while (reader.pos < end) { var tag = reader.uint32(); switch (tag >>> 3) { @@ -25143,30 +28053,30 @@ }; /** - * Decodes a Timestamp message from the specified reader or buffer, length delimited. + * Decodes a Duration message from the specified reader or buffer, length delimited. * @function decodeDelimited - * @memberof google.protobuf.Timestamp + * @memberof google.protobuf.Duration * @static * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from - * @returns {google.protobuf.Timestamp} Timestamp + * @returns {google.protobuf.Duration} Duration * @throws {Error} If the payload is not a reader or valid buffer * @throws {$protobuf.util.ProtocolError} If required fields are missing */ - Timestamp.decodeDelimited = function decodeDelimited(reader) { + Duration.decodeDelimited = function decodeDelimited(reader) { if (!(reader instanceof $Reader)) reader = new $Reader(reader); return this.decode(reader, reader.uint32()); }; /** - * Verifies a Timestamp message. + * Verifies a Duration message. * @function verify - * @memberof google.protobuf.Timestamp + * @memberof google.protobuf.Duration * @static * @param {Object.} message Plain object to verify * @returns {string|null} `null` if valid, otherwise the reason why it is not */ - Timestamp.verify = function verify(message) { + Duration.verify = function verify(message) { if (typeof message !== "object" || message === null) return "object expected"; if (message.seconds != null && message.hasOwnProperty("seconds")) @@ -25179,17 +28089,17 @@ }; /** - * Creates a Timestamp message from a plain object. Also converts values to their respective internal types. + * Creates a Duration message from a plain object. Also converts values to their respective internal types. * @function fromObject - * @memberof google.protobuf.Timestamp + * @memberof google.protobuf.Duration * @static * @param {Object.} object Plain object - * @returns {google.protobuf.Timestamp} Timestamp + * @returns {google.protobuf.Duration} Duration */ - Timestamp.fromObject = function fromObject(object) { - if (object instanceof $root.google.protobuf.Timestamp) + Duration.fromObject = function fromObject(object) { + if (object instanceof $root.google.protobuf.Duration) return object; - var message = new $root.google.protobuf.Timestamp(); + var message = new $root.google.protobuf.Duration(); if (object.seconds != null) if ($util.Long) (message.seconds = $util.Long.fromValue(object.seconds)).unsigned = false; @@ -25205,15 +28115,15 @@ }; /** - * Creates a plain object from a Timestamp message. Also converts values to other types if specified. + * Creates a plain object from a Duration message. Also converts values to other types if specified. * @function toObject - * @memberof google.protobuf.Timestamp + * @memberof google.protobuf.Duration * @static - * @param {google.protobuf.Timestamp} message Timestamp + * @param {google.protobuf.Duration} message Duration * @param {$protobuf.IConversionOptions} [options] Conversion options * @returns {Object.} Plain object */ - Timestamp.toObject = function toObject(message, options) { + Duration.toObject = function toObject(message, options) { if (!options) options = {}; var object = {}; @@ -25236,17 +28146,17 @@ }; /** - * Converts this Timestamp to JSON. + * Converts this Duration to JSON. * @function toJSON - * @memberof google.protobuf.Timestamp + * @memberof google.protobuf.Duration * @instance * @returns {Object.} JSON object */ - Timestamp.prototype.toJSON = function toJSON() { + Duration.prototype.toJSON = function toJSON() { return this.constructor.toObject(this, $protobuf.util.toJSONOptions); }; - return Timestamp; + return Duration; })(); protobuf.DoubleValue = (function() { @@ -26969,209 +29879,6 @@ return BytesValue; })(); - protobuf.FieldMask = (function() { - - /** - * Properties of a FieldMask. - * @memberof google.protobuf - * @interface IFieldMask - * @property {Array.|null} [paths] FieldMask paths - */ - - /** - * Constructs a new FieldMask. - * @memberof google.protobuf - * @classdesc Represents a FieldMask. - * @implements IFieldMask - * @constructor - * @param {google.protobuf.IFieldMask=} [properties] Properties to set - */ - function FieldMask(properties) { - this.paths = []; - if (properties) - for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i) - if (properties[keys[i]] != null) - this[keys[i]] = properties[keys[i]]; - } - - /** - * FieldMask paths. - * @member {Array.} paths - * @memberof google.protobuf.FieldMask - * @instance - */ - FieldMask.prototype.paths = $util.emptyArray; - - /** - * Creates a new FieldMask instance using the specified properties. - * @function create - * @memberof google.protobuf.FieldMask - * @static - * @param {google.protobuf.IFieldMask=} [properties] Properties to set - * @returns {google.protobuf.FieldMask} FieldMask instance - */ - FieldMask.create = function create(properties) { - return new FieldMask(properties); - }; - - /** - * Encodes the specified FieldMask message. Does not implicitly {@link google.protobuf.FieldMask.verify|verify} messages. - * @function encode - * @memberof google.protobuf.FieldMask - * @static - * @param {google.protobuf.IFieldMask} message FieldMask message or plain object to encode - * @param {$protobuf.Writer} [writer] Writer to encode to - * @returns {$protobuf.Writer} Writer - */ - FieldMask.encode = function encode(message, writer) { - if (!writer) - writer = $Writer.create(); - if (message.paths != null && message.paths.length) - for (var i = 0; i < message.paths.length; ++i) - writer.uint32(/* id 1, wireType 2 =*/10).string(message.paths[i]); - return writer; - }; - - /** - * Encodes the specified FieldMask message, length delimited. Does not implicitly {@link google.protobuf.FieldMask.verify|verify} messages. - * @function encodeDelimited - * @memberof google.protobuf.FieldMask - * @static - * @param {google.protobuf.IFieldMask} message FieldMask message or plain object to encode - * @param {$protobuf.Writer} [writer] Writer to encode to - * @returns {$protobuf.Writer} Writer - */ - FieldMask.encodeDelimited = function encodeDelimited(message, writer) { - return this.encode(message, writer).ldelim(); - }; - - /** - * Decodes a FieldMask message from the specified reader or buffer. - * @function decode - * @memberof google.protobuf.FieldMask - * @static - * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from - * @param {number} [length] Message length if known beforehand - * @returns {google.protobuf.FieldMask} FieldMask - * @throws {Error} If the payload is not a reader or valid buffer - * @throws {$protobuf.util.ProtocolError} If required fields are missing - */ - FieldMask.decode = function decode(reader, length) { - if (!(reader instanceof $Reader)) - reader = $Reader.create(reader); - var end = length === undefined ? reader.len : reader.pos + length, message = new $root.google.protobuf.FieldMask(); - while (reader.pos < end) { - var tag = reader.uint32(); - switch (tag >>> 3) { - case 1: - if (!(message.paths && message.paths.length)) - message.paths = []; - message.paths.push(reader.string()); - break; - default: - reader.skipType(tag & 7); - break; - } - } - return message; - }; - - /** - * Decodes a FieldMask message from the specified reader or buffer, length delimited. - * @function decodeDelimited - * @memberof google.protobuf.FieldMask - * @static - * @param {$protobuf.Reader|Uint8Array} reader Reader or buffer to decode from - * @returns {google.protobuf.FieldMask} FieldMask - * @throws {Error} If the payload is not a reader or valid buffer - * @throws {$protobuf.util.ProtocolError} If required fields are missing - */ - FieldMask.decodeDelimited = function decodeDelimited(reader) { - if (!(reader instanceof $Reader)) - reader = new $Reader(reader); - return this.decode(reader, reader.uint32()); - }; - - /** - * Verifies a FieldMask message. - * @function verify - * @memberof google.protobuf.FieldMask - * @static - * @param {Object.} message Plain object to verify - * @returns {string|null} `null` if valid, otherwise the reason why it is not - */ - FieldMask.verify = function verify(message) { - if (typeof message !== "object" || message === null) - return "object expected"; - if (message.paths != null && message.hasOwnProperty("paths")) { - if (!Array.isArray(message.paths)) - return "paths: array expected"; - for (var i = 0; i < message.paths.length; ++i) - if (!$util.isString(message.paths[i])) - return "paths: string[] expected"; - } - return null; - }; - - /** - * Creates a FieldMask message from a plain object. Also converts values to their respective internal types. - * @function fromObject - * @memberof google.protobuf.FieldMask - * @static - * @param {Object.} object Plain object - * @returns {google.protobuf.FieldMask} FieldMask - */ - FieldMask.fromObject = function fromObject(object) { - if (object instanceof $root.google.protobuf.FieldMask) - return object; - var message = new $root.google.protobuf.FieldMask(); - if (object.paths) { - if (!Array.isArray(object.paths)) - throw TypeError(".google.protobuf.FieldMask.paths: array expected"); - message.paths = []; - for (var i = 0; i < object.paths.length; ++i) - message.paths[i] = String(object.paths[i]); - } - return message; - }; - - /** - * Creates a plain object from a FieldMask message. Also converts values to other types if specified. - * @function toObject - * @memberof google.protobuf.FieldMask - * @static - * @param {google.protobuf.FieldMask} message FieldMask - * @param {$protobuf.IConversionOptions} [options] Conversion options - * @returns {Object.} Plain object - */ - FieldMask.toObject = function toObject(message, options) { - if (!options) - options = {}; - var object = {}; - if (options.arrays || options.defaults) - object.paths = []; - if (message.paths && message.paths.length) { - object.paths = []; - for (var j = 0; j < message.paths.length; ++j) - object.paths[j] = message.paths[j]; - } - return object; - }; - - /** - * Converts this FieldMask to JSON. - * @function toJSON - * @memberof google.protobuf.FieldMask - * @instance - * @returns {Object.} JSON object - */ - FieldMask.prototype.toJSON = function toJSON() { - return this.constructor.toObject(this, $protobuf.util.toJSONOptions); - }; - - return FieldMask; - })(); - return protobuf; })(); diff --git a/protos/protos.json b/protos/protos.json index 4c18b5a2..40beb2c1 100644 --- a/protos/protos.json +++ b/protos/protos.json @@ -14,9 +14,343 @@ "java_multiple_files": true, "java_outer_classname": "KmsProto", "java_package": "com.google.cloud.kms.v1", - "php_namespace": "Google\\Cloud\\Kms\\V1" + "php_namespace": "Google\\Cloud\\Kms\\V1", + "(google.api.resource_definition).type": "servicedirectory.googleapis.com/Service", + "(google.api.resource_definition).pattern": "projects/{project}/locations/{location}/namespaces/{namespace}/services/{service}" }, "nested": { + "EkmService": { + "options": { + "(google.api.default_host)": "cloudkms.googleapis.com", + "(google.api.oauth_scopes)": "https://www.googleapis.com/auth/cloud-platform,https://www.googleapis.com/auth/cloudkms" + }, + "methods": { + "ListEkmConnections": { + "requestType": "ListEkmConnectionsRequest", + "responseType": "ListEkmConnectionsResponse", + "options": { + "(google.api.http).get": "/v1/{parent=projects/*/locations/*}/ekmConnections", + "(google.api.method_signature)": "parent" + }, + "parsedOptions": [ + { + "(google.api.http)": { + "get": "/v1/{parent=projects/*/locations/*}/ekmConnections" + } + }, + { + "(google.api.method_signature)": "parent" + } + ] + }, + "GetEkmConnection": { + "requestType": "GetEkmConnectionRequest", + "responseType": "EkmConnection", + "options": { + "(google.api.http).get": "/v1/{name=projects/*/locations/*/ekmConnections/*}", + "(google.api.method_signature)": "name" + }, + "parsedOptions": [ + { + "(google.api.http)": { + "get": "/v1/{name=projects/*/locations/*/ekmConnections/*}" + } + }, + { + "(google.api.method_signature)": "name" + } + ] + }, + "CreateEkmConnection": { + "requestType": "CreateEkmConnectionRequest", + "responseType": "EkmConnection", + "options": { + "(google.api.http).post": "/v1/{parent=projects/*/locations/*}/ekmConnections", + "(google.api.http).body": "ekm_connection", + "(google.api.method_signature)": "parent,ekm_connection_id,ekm_connection" + }, + "parsedOptions": [ + { + "(google.api.http)": { + "post": "/v1/{parent=projects/*/locations/*}/ekmConnections", + "body": "ekm_connection" + } + }, + { + "(google.api.method_signature)": "parent,ekm_connection_id,ekm_connection" + } + ] + }, + "UpdateEkmConnection": { + "requestType": "UpdateEkmConnectionRequest", + "responseType": "EkmConnection", + "options": { + "(google.api.http).patch": "/v1/{ekm_connection.name=projects/*/locations/*/ekmConnections/*}", + "(google.api.http).body": "ekm_connection", + "(google.api.method_signature)": "ekm_connection,update_mask" + }, + "parsedOptions": [ + { + "(google.api.http)": { + "patch": "/v1/{ekm_connection.name=projects/*/locations/*/ekmConnections/*}", + "body": "ekm_connection" + } + }, + { + "(google.api.method_signature)": "ekm_connection,update_mask" + } + ] + } + } + }, + "ListEkmConnectionsRequest": { + "fields": { + "parent": { + "type": "string", + "id": 1, + "options": { + "(google.api.field_behavior)": "REQUIRED", + "(google.api.resource_reference).type": "locations.googleapis.com/Location" + } + }, + "pageSize": { + "type": "int32", + "id": 2, + "options": { + "(google.api.field_behavior)": "OPTIONAL" + } + }, + "pageToken": { + "type": "string", + "id": 3, + "options": { + "(google.api.field_behavior)": "OPTIONAL" + } + }, + "filter": { + "type": "string", + "id": 4, + "options": { + "(google.api.field_behavior)": "OPTIONAL" + } + }, + "orderBy": { + "type": "string", + "id": 5, + "options": { + "(google.api.field_behavior)": "OPTIONAL" + } + } + } + }, + "ListEkmConnectionsResponse": { + "fields": { + "ekmConnections": { + "rule": "repeated", + "type": "EkmConnection", + "id": 1 + }, + "nextPageToken": { + "type": "string", + "id": 2 + }, + "totalSize": { + "type": "int32", + "id": 3 + } + } + }, + "GetEkmConnectionRequest": { + "fields": { + "name": { + "type": "string", + "id": 1, + "options": { + "(google.api.field_behavior)": "REQUIRED", + "(google.api.resource_reference).type": "cloudkms.googleapis.com/EkmConnection" + } + } + } + }, + "CreateEkmConnectionRequest": { + "fields": { + "parent": { + "type": "string", + "id": 1, + "options": { + "(google.api.field_behavior)": "REQUIRED", + "(google.api.resource_reference).type": "locations.googleapis.com/Location" + } + }, + "ekmConnectionId": { + "type": "string", + "id": 2, + "options": { + "(google.api.field_behavior)": "REQUIRED" + } + }, + "ekmConnection": { + "type": "EkmConnection", + "id": 3, + "options": { + "(google.api.field_behavior)": "REQUIRED" + } + } + } + }, + "UpdateEkmConnectionRequest": { + "fields": { + "ekmConnection": { + "type": "EkmConnection", + "id": 1, + "options": { + "(google.api.field_behavior)": "REQUIRED" + } + }, + "updateMask": { + "type": "google.protobuf.FieldMask", + "id": 2, + "options": { + "(google.api.field_behavior)": "REQUIRED" + } + } + } + }, + "Certificate": { + "fields": { + "rawDer": { + "type": "bytes", + "id": 1, + "options": { + "(google.api.field_behavior)": "REQUIRED" + } + }, + "parsed": { + "type": "bool", + "id": 2, + "options": { + "(google.api.field_behavior)": "OUTPUT_ONLY" + } + }, + "issuer": { + "type": "string", + "id": 3, + "options": { + "(google.api.field_behavior)": "OUTPUT_ONLY" + } + }, + "subject": { + "type": "string", + "id": 4, + "options": { + "(google.api.field_behavior)": "OUTPUT_ONLY" + } + }, + "subjectAlternativeDnsNames": { + "rule": "repeated", + "type": "string", + "id": 5, + "options": { + "(google.api.field_behavior)": "OUTPUT_ONLY" + } + }, + "notBeforeTime": { + "type": "google.protobuf.Timestamp", + "id": 6, + "options": { + "(google.api.field_behavior)": "OUTPUT_ONLY" + } + }, + "notAfterTime": { + "type": "google.protobuf.Timestamp", + "id": 7, + "options": { + "(google.api.field_behavior)": "OUTPUT_ONLY" + } + }, + "serialNumber": { + "type": "string", + "id": 8, + "options": { + "(google.api.field_behavior)": "OUTPUT_ONLY" + } + }, + "sha256Fingerprint": { + "type": "string", + "id": 9, + "options": { + "(google.api.field_behavior)": "OUTPUT_ONLY" + } + } + } + }, + "EkmConnection": { + "options": { + "(google.api.resource).type": "cloudkms.googleapis.com/EkmConnection", + "(google.api.resource).pattern": "projects/{project}/locations/{location}/ekmConnections/{ekm_connection}" + }, + "fields": { + "name": { + "type": "string", + "id": 1, + "options": { + "(google.api.field_behavior)": "OUTPUT_ONLY" + } + }, + "createTime": { + "type": "google.protobuf.Timestamp", + "id": 2, + "options": { + "(google.api.field_behavior)": "OUTPUT_ONLY" + } + }, + "serviceResolvers": { + "rule": "repeated", + "type": "ServiceResolver", + "id": 3 + }, + "etag": { + "type": "string", + "id": 5 + } + }, + "nested": { + "ServiceResolver": { + "fields": { + "serviceDirectoryService": { + "type": "string", + "id": 1, + "options": { + "(google.api.field_behavior)": "REQUIRED", + "(google.api.resource_reference).type": "servicedirectory.googleapis.com/Service" + } + }, + "endpointFilter": { + "type": "string", + "id": 2, + "options": { + "(google.api.field_behavior)": "OPTIONAL" + } + }, + "hostname": { + "type": "string", + "id": 3, + "options": { + "(google.api.field_behavior)": "REQUIRED" + } + }, + "serverCertificates": { + "rule": "repeated", + "type": "Certificate", + "id": 4, + "options": { + "(google.api.field_behavior)": "REQUIRED" + } + } + } + } + } + }, "KeyRing": { "options": { "(google.api.resource).type": "cloudkms.googleapis.com/KeyRing", @@ -110,6 +444,14 @@ "options": { "(google.api.field_behavior)": "IMMUTABLE" } + }, + "cryptoKeyBackend": { + "type": "string", + "id": 15, + "options": { + "(google.api.field_behavior)": "IMMUTABLE", + "(google.api.resource_reference).type": "*" + } } }, "nested": { @@ -154,6 +496,13 @@ "options": { "(google.api.field_behavior)": "OUTPUT_ONLY" } + }, + "certChains": { + "type": "CertificateChains", + "id": 6, + "options": { + "(google.api.field_behavior)": "OUTPUT_ONLY" + } } }, "nested": { @@ -163,6 +512,25 @@ "CAVIUM_V1_COMPRESSED": 3, "CAVIUM_V2_COMPRESSED": 4 } + }, + "CertificateChains": { + "fields": { + "caviumCerts": { + "rule": "repeated", + "type": "string", + "id": 1 + }, + "googleCardCerts": { + "rule": "repeated", + "type": "string", + "id": 2 + }, + "googlePartitionCerts": { + "rule": "repeated", + "type": "string", + "id": 3 + } + } } } }, @@ -421,14 +789,6 @@ } }, "nested": { - "WrappingPublicKey": { - "fields": { - "pem": { - "type": "string", - "id": 1 - } - } - }, "ImportMethod": { "values": { "IMPORT_METHOD_UNSPECIFIED": 0, @@ -443,25 +803,38 @@ "ACTIVE": 2, "EXPIRED": 3 } + }, + "WrappingPublicKey": { + "fields": { + "pem": { + "type": "string", + "id": 1 + } + } } } }, - "ProtectionLevel": { - "values": { - "PROTECTION_LEVEL_UNSPECIFIED": 0, - "SOFTWARE": 1, - "HSM": 2, - "EXTERNAL": 3 - } - }, "ExternalProtectionLevelOptions": { "fields": { "externalKeyUri": { "type": "string", "id": 1 + }, + "ekmConnectionKeyPath": { + "type": "string", + "id": 2 } } }, + "ProtectionLevel": { + "values": { + "PROTECTION_LEVEL_UNSPECIFIED": 0, + "SOFTWARE": 1, + "HSM": 2, + "EXTERNAL": 3, + "EXTERNAL_VPC": 4 + } + }, "KeyManagementService": { "options": { "(google.api.default_host)": "cloudkms.googleapis.com", @@ -1924,107 +2297,12 @@ "options": { "go_package": "google.golang.org/genproto/googleapis/api/annotations;annotations", "java_multiple_files": true, - "java_outer_classname": "ClientProto", + "java_outer_classname": "ResourceProto", "java_package": "com.google.api", "objc_class_prefix": "GAPI", "cc_enable_arenas": true }, "nested": { - "fieldBehavior": { - "rule": "repeated", - "type": "google.api.FieldBehavior", - "id": 1052, - "extend": "google.protobuf.FieldOptions" - }, - "FieldBehavior": { - "values": { - "FIELD_BEHAVIOR_UNSPECIFIED": 0, - "OPTIONAL": 1, - "REQUIRED": 2, - "OUTPUT_ONLY": 3, - "INPUT_ONLY": 4, - "IMMUTABLE": 5, - "UNORDERED_LIST": 6, - "NON_EMPTY_DEFAULT": 7 - } - }, - "resourceReference": { - "type": "google.api.ResourceReference", - "id": 1055, - "extend": "google.protobuf.FieldOptions" - }, - "resourceDefinition": { - "rule": "repeated", - "type": "google.api.ResourceDescriptor", - "id": 1053, - "extend": "google.protobuf.FileOptions" - }, - "resource": { - "type": "google.api.ResourceDescriptor", - "id": 1053, - "extend": "google.protobuf.MessageOptions" - }, - "ResourceDescriptor": { - "fields": { - "type": { - "type": "string", - "id": 1 - }, - "pattern": { - "rule": "repeated", - "type": "string", - "id": 2 - }, - "nameField": { - "type": "string", - "id": 3 - }, - "history": { - "type": "History", - "id": 4 - }, - "plural": { - "type": "string", - "id": 5 - }, - "singular": { - "type": "string", - "id": 6 - }, - "style": { - "rule": "repeated", - "type": "Style", - "id": 10 - } - }, - "nested": { - "History": { - "values": { - "HISTORY_UNSPECIFIED": 0, - "ORIGINALLY_SINGLE_PATTERN": 1, - "FUTURE_MULTI_PATTERN": 2 - } - }, - "Style": { - "values": { - "STYLE_UNSPECIFIED": 0, - "DECLARATIVE_FRIENDLY": 1 - } - } - } - }, - "ResourceReference": { - "fields": { - "type": { - "type": "string", - "id": 1 - }, - "childType": { - "type": "string", - "id": 2 - } - } - }, "http": { "type": "HttpRule", "id": 72295728, @@ -2127,6 +2405,101 @@ "type": "string", "id": 1050, "extend": "google.protobuf.ServiceOptions" + }, + "fieldBehavior": { + "rule": "repeated", + "type": "google.api.FieldBehavior", + "id": 1052, + "extend": "google.protobuf.FieldOptions" + }, + "FieldBehavior": { + "values": { + "FIELD_BEHAVIOR_UNSPECIFIED": 0, + "OPTIONAL": 1, + "REQUIRED": 2, + "OUTPUT_ONLY": 3, + "INPUT_ONLY": 4, + "IMMUTABLE": 5, + "UNORDERED_LIST": 6, + "NON_EMPTY_DEFAULT": 7 + } + }, + "resourceReference": { + "type": "google.api.ResourceReference", + "id": 1055, + "extend": "google.protobuf.FieldOptions" + }, + "resourceDefinition": { + "rule": "repeated", + "type": "google.api.ResourceDescriptor", + "id": 1053, + "extend": "google.protobuf.FileOptions" + }, + "resource": { + "type": "google.api.ResourceDescriptor", + "id": 1053, + "extend": "google.protobuf.MessageOptions" + }, + "ResourceDescriptor": { + "fields": { + "type": { + "type": "string", + "id": 1 + }, + "pattern": { + "rule": "repeated", + "type": "string", + "id": 2 + }, + "nameField": { + "type": "string", + "id": 3 + }, + "history": { + "type": "History", + "id": 4 + }, + "plural": { + "type": "string", + "id": 5 + }, + "singular": { + "type": "string", + "id": 6 + }, + "style": { + "rule": "repeated", + "type": "Style", + "id": 10 + } + }, + "nested": { + "History": { + "values": { + "HISTORY_UNSPECIFIED": 0, + "ORIGINALLY_SINGLE_PATTERN": 1, + "FUTURE_MULTI_PATTERN": 2 + } + }, + "Style": { + "values": { + "STYLE_UNSPECIFIED": 0, + "DECLARATIVE_FRIENDLY": 1 + } + } + } + }, + "ResourceReference": { + "fields": { + "type": { + "type": "string", + "id": 1 + }, + "childType": { + "type": "string", + "id": 2 + } + } } } }, @@ -3037,7 +3410,16 @@ } } }, - "Duration": { + "FieldMask": { + "fields": { + "paths": { + "rule": "repeated", + "type": "string", + "id": 1 + } + } + }, + "Timestamp": { "fields": { "seconds": { "type": "int64", @@ -3049,7 +3431,7 @@ } } }, - "Timestamp": { + "Duration": { "fields": { "seconds": { "type": "int64", @@ -3132,15 +3514,6 @@ "id": 1 } } - }, - "FieldMask": { - "fields": { - "paths": { - "rule": "repeated", - "type": "string", - "id": 1 - } - } } } } diff --git a/samples/generated/v1/ekm_service.create_ekm_connection.js b/samples/generated/v1/ekm_service.create_ekm_connection.js new file mode 100644 index 00000000..e9ff2068 --- /dev/null +++ b/samples/generated/v1/ekm_service.create_ekm_connection.js @@ -0,0 +1,67 @@ +// Copyright 2021 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + + +'use strict'; + +function main(parent, ekmConnectionId, ekmConnection) { + // [START cloudkms_v1_generated_EkmService_CreateEkmConnection_async] + /** + * TODO(developer): Uncomment these variables before running the sample. + */ + /** + * Required. The resource name of the location associated with the + * EkmConnection google.cloud.kms.v1.EkmConnection, in the format + * `projects/* /locations/*`. + */ + // const parent = 'abc123' + /** + * Required. It must be unique within a location and match the regular + * expression `[a-zA-Z0-9_-]{1,63}`. + */ + // const ekmConnectionId = 'abc123' + /** + * Required. An EkmConnection google.cloud.kms.v1.EkmConnection with + * initial field values. + */ + // const ekmConnection = {} + + // Imports the Kms library + const {EkmServiceClient} = require('@google-cloud/kms').v1; + + // Instantiates a client + const kmsClient = new EkmServiceClient(); + + async function callCreateEkmConnection() { + // Construct request + const request = { + parent, + ekmConnectionId, + ekmConnection, + }; + + // Run request + const response = await kmsClient.createEkmConnection(request); + console.log(response); + } + + callCreateEkmConnection(); + // [END cloudkms_v1_generated_EkmService_CreateEkmConnection_async] +} + +process.on('unhandledRejection', err => { + console.error(err.message); + process.exitCode = 1; +}); +main(...process.argv.slice(2)); diff --git a/samples/generated/v1/ekm_service.get_ekm_connection.js b/samples/generated/v1/ekm_service.get_ekm_connection.js new file mode 100644 index 00000000..034bc14c --- /dev/null +++ b/samples/generated/v1/ekm_service.get_ekm_connection.js @@ -0,0 +1,54 @@ +// Copyright 2021 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + + +'use strict'; + +function main(name) { + // [START cloudkms_v1_generated_EkmService_GetEkmConnection_async] + /** + * TODO(developer): Uncomment these variables before running the sample. + */ + /** + * Required. The name google.cloud.kms.v1.EkmConnection.name of the + * EkmConnection google.cloud.kms.v1.EkmConnection to get. + */ + // const name = 'abc123' + + // Imports the Kms library + const {EkmServiceClient} = require('@google-cloud/kms').v1; + + // Instantiates a client + const kmsClient = new EkmServiceClient(); + + async function callGetEkmConnection() { + // Construct request + const request = { + name, + }; + + // Run request + const response = await kmsClient.getEkmConnection(request); + console.log(response); + } + + callGetEkmConnection(); + // [END cloudkms_v1_generated_EkmService_GetEkmConnection_async] +} + +process.on('unhandledRejection', err => { + console.error(err.message); + process.exitCode = 1; +}); +main(...process.argv.slice(2)); diff --git a/samples/generated/v1/ekm_service.list_ekm_connections.js b/samples/generated/v1/ekm_service.list_ekm_connections.js new file mode 100644 index 00000000..1c6517f1 --- /dev/null +++ b/samples/generated/v1/ekm_service.list_ekm_connections.js @@ -0,0 +1,86 @@ +// Copyright 2021 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + + +'use strict'; + +function main(parent) { + // [START cloudkms_v1_generated_EkmService_ListEkmConnections_async] + /** + * TODO(developer): Uncomment these variables before running the sample. + */ + /** + * Required. The resource name of the location associated with the + * EkmConnections google.cloud.kms.v1.EkmConnection to list, in the format + * `projects/* /locations/*`. + */ + // const parent = 'abc123' + /** + * Optional. Optional limit on the number of + * EkmConnections google.cloud.kms.v1.EkmConnection to include in the + * response. Further EkmConnections google.cloud.kms.v1.EkmConnection can + * subsequently be obtained by including the + * ListEkmConnectionsResponse.next_page_token google.cloud.kms.v1.ListEkmConnectionsResponse.next_page_token + * in a subsequent request. If unspecified, the server will pick an + * appropriate default. + */ + // const pageSize = 1234 + /** + * Optional. Optional pagination token, returned earlier via + * ListEkmConnectionsResponse.next_page_token google.cloud.kms.v1.ListEkmConnectionsResponse.next_page_token. + */ + // const pageToken = 'abc123' + /** + * Optional. Only include resources that match the filter in the response. For + * more information, see + * Sorting and filtering list + * results (https://cloud.google.com/kms/docs/sorting-and-filtering). + */ + // const filter = 'abc123' + /** + * Optional. Specify how the results should be sorted. If not specified, the + * results will be sorted in the default order. For more information, see + * Sorting and filtering list + * results (https://cloud.google.com/kms/docs/sorting-and-filtering). + */ + // const orderBy = 'abc123' + + // Imports the Kms library + const {EkmServiceClient} = require('@google-cloud/kms').v1; + + // Instantiates a client + const kmsClient = new EkmServiceClient(); + + async function callListEkmConnections() { + // Construct request + const request = { + parent, + }; + + // Run request + const iterable = await kmsClient.listEkmConnectionsAsync(request); + for await (const response of iterable) { + console.log(response); + } + } + + callListEkmConnections(); + // [END cloudkms_v1_generated_EkmService_ListEkmConnections_async] +} + +process.on('unhandledRejection', err => { + console.error(err.message); + process.exitCode = 1; +}); +main(...process.argv.slice(2)); diff --git a/samples/generated/v1/ekm_service.update_ekm_connection.js b/samples/generated/v1/ekm_service.update_ekm_connection.js new file mode 100644 index 00000000..75640fb4 --- /dev/null +++ b/samples/generated/v1/ekm_service.update_ekm_connection.js @@ -0,0 +1,59 @@ +// Copyright 2021 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + + +'use strict'; + +function main(ekmConnection, updateMask) { + // [START cloudkms_v1_generated_EkmService_UpdateEkmConnection_async] + /** + * TODO(developer): Uncomment these variables before running the sample. + */ + /** + * Required. EkmConnection google.cloud.kms.v1.EkmConnection with updated + * values. + */ + // const ekmConnection = {} + /** + * Required. List of fields to be updated in this request. + */ + // const updateMask = {} + + // Imports the Kms library + const {EkmServiceClient} = require('@google-cloud/kms').v1; + + // Instantiates a client + const kmsClient = new EkmServiceClient(); + + async function callUpdateEkmConnection() { + // Construct request + const request = { + ekmConnection, + updateMask, + }; + + // Run request + const response = await kmsClient.updateEkmConnection(request); + console.log(response); + } + + callUpdateEkmConnection(); + // [END cloudkms_v1_generated_EkmService_UpdateEkmConnection_async] +} + +process.on('unhandledRejection', err => { + console.error(err.message); + process.exitCode = 1; +}); +main(...process.argv.slice(2)); diff --git a/samples/generated/v1/key_management_service.asymmetric_decrypt.js b/samples/generated/v1/key_management_service.asymmetric_decrypt.js index a7ec8e16..77d4ff33 100644 --- a/samples/generated/v1/key_management_service.asymmetric_decrypt.js +++ b/samples/generated/v1/key_management_service.asymmetric_decrypt.js @@ -21,29 +21,37 @@ function main(name, ciphertext) { * TODO(developer): Uncomment these variables before running the sample. */ /** - * Required. The resource name of the CryptoKeyVersion google.cloud.kms.v1.CryptoKeyVersion to use for + * Required. The resource name of the + * CryptoKeyVersion google.cloud.kms.v1.CryptoKeyVersion to use for * decryption. */ // const name = 'abc123' /** - * Required. The data encrypted with the named CryptoKeyVersion google.cloud.kms.v1.CryptoKeyVersion's public - * key using OAEP. + * Required. The data encrypted with the named + * CryptoKeyVersion google.cloud.kms.v1.CryptoKeyVersion's public key using + * OAEP. */ // const ciphertext = 'Buffer.from('string')' /** - * Optional. An optional CRC32C checksum of the AsymmetricDecryptRequest.ciphertext google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext. - * If specified, KeyManagementService google.cloud.kms.v1.KeyManagementService will verify the integrity of the - * received AsymmetricDecryptRequest.ciphertext google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext using this checksum. - * KeyManagementService google.cloud.kms.v1.KeyManagementService will report an error if the checksum verification - * fails. If you receive a checksum error, your client should verify that - * CRC32C(AsymmetricDecryptRequest.ciphertext google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext) is equal to - * AsymmetricDecryptRequest.ciphertext_crc32c google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext_crc32c, and if so, perform a - * limited number of retries. A persistent mismatch may indicate an issue in - * your computation of the CRC32C checksum. - * Note: This field is defined as int64 for reasons of compatibility across - * different languages. However, it is a non-negative integer, which will - * never exceed 2^32-1, and can be safely downconverted to uint32 in languages - * that support this type. + * Optional. An optional CRC32C checksum of the + * AsymmetricDecryptRequest.ciphertext google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext. + * If specified, + * KeyManagementService google.cloud.kms.v1.KeyManagementService will + * verify the integrity of the received + * AsymmetricDecryptRequest.ciphertext google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext + * using this checksum. + * KeyManagementService google.cloud.kms.v1.KeyManagementService will + * report an error if the checksum verification fails. If you receive a + * checksum error, your client should verify that + * CRC32C(AsymmetricDecryptRequest.ciphertext google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext) + * is equal to + * AsymmetricDecryptRequest.ciphertext_crc32c google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext_crc32c, + * and if so, perform a limited number of retries. A persistent mismatch may + * indicate an issue in your computation of the CRC32C checksum. Note: This + * field is defined as int64 for reasons of compatibility across different + * languages. However, it is a non-negative integer, which will never exceed + * 2^32-1, and can be safely downconverted to uint32 in languages that support + * this type. */ // const ciphertextCrc32c = {} diff --git a/samples/generated/v1/key_management_service.asymmetric_sign.js b/samples/generated/v1/key_management_service.asymmetric_sign.js index cfad5830..8b99db7b 100644 --- a/samples/generated/v1/key_management_service.asymmetric_sign.js +++ b/samples/generated/v1/key_management_service.asymmetric_sign.js @@ -21,51 +21,69 @@ function main(name) { * TODO(developer): Uncomment these variables before running the sample. */ /** - * Required. The resource name of the CryptoKeyVersion google.cloud.kms.v1.CryptoKeyVersion to use for signing. + * Required. The resource name of the + * CryptoKeyVersion google.cloud.kms.v1.CryptoKeyVersion to use for + * signing. */ // const name = 'abc123' /** * Optional. The digest of the data to sign. The digest must be produced with * the same digest algorithm as specified by the key version's * algorithm google.cloud.kms.v1.CryptoKeyVersion.algorithm. + * This field may not be supplied if + * AsymmetricSignRequest.data google.cloud.kms.v1.AsymmetricSignRequest.data + * is supplied. */ // const digest = {} /** - * Optional. An optional CRC32C checksum of the AsymmetricSignRequest.digest google.cloud.kms.v1.AsymmetricSignRequest.digest. If - * specified, KeyManagementService google.cloud.kms.v1.KeyManagementService will verify the integrity of the - * received AsymmetricSignRequest.digest google.cloud.kms.v1.AsymmetricSignRequest.digest using this checksum. - * KeyManagementService google.cloud.kms.v1.KeyManagementService will report an error if the checksum verification - * fails. If you receive a checksum error, your client should verify that - * CRC32C(AsymmetricSignRequest.digest google.cloud.kms.v1.AsymmetricSignRequest.digest) is equal to - * AsymmetricSignRequest.digest_crc32c google.cloud.kms.v1.AsymmetricSignRequest.digest_crc32c, and if so, perform a limited - * number of retries. A persistent mismatch may indicate an issue in your - * computation of the CRC32C checksum. - * Note: This field is defined as int64 for reasons of compatibility across - * different languages. However, it is a non-negative integer, which will - * never exceed 2^32-1, and can be safely downconverted to uint32 in languages - * that support this type. + * Optional. An optional CRC32C checksum of the + * AsymmetricSignRequest.digest google.cloud.kms.v1.AsymmetricSignRequest.digest. + * If specified, + * KeyManagementService google.cloud.kms.v1.KeyManagementService will + * verify the integrity of the received + * AsymmetricSignRequest.digest google.cloud.kms.v1.AsymmetricSignRequest.digest + * using this checksum. + * KeyManagementService google.cloud.kms.v1.KeyManagementService will + * report an error if the checksum verification fails. If you receive a + * checksum error, your client should verify that + * CRC32C(AsymmetricSignRequest.digest google.cloud.kms.v1.AsymmetricSignRequest.digest) + * is equal to + * AsymmetricSignRequest.digest_crc32c google.cloud.kms.v1.AsymmetricSignRequest.digest_crc32c, + * and if so, perform a limited number of retries. A persistent mismatch may + * indicate an issue in your computation of the CRC32C checksum. Note: This + * field is defined as int64 for reasons of compatibility across different + * languages. However, it is a non-negative integer, which will never exceed + * 2^32-1, and can be safely downconverted to uint32 in languages that support + * this type. */ // const digestCrc32c = {} /** - * Optional. This field will only be honored for RAW_PKCS1 keys. - * The data to sign. A digest is computed over the data that will be signed, - * PKCS #1 padding is applied to the digest directly and then encrypted. + * Optional. The data to sign. + * It can't be supplied if + * AsymmetricSignRequest.digest google.cloud.kms.v1.AsymmetricSignRequest.digest + * is supplied. */ // const data = 'Buffer.from('string')' /** - * Optional. An optional CRC32C checksum of the AsymmetricSignRequest.data google.cloud.kms.v1.AsymmetricSignRequest.data. If - * specified, KeyManagementService google.cloud.kms.v1.KeyManagementService will verify the integrity of the - * received AsymmetricSignRequest.data google.cloud.kms.v1.AsymmetricSignRequest.data using this checksum. - * KeyManagementService google.cloud.kms.v1.KeyManagementService will report an error if the checksum verification - * fails. If you receive a checksum error, your client should verify that - * CRC32C(AsymmetricSignRequest.data google.cloud.kms.v1.AsymmetricSignRequest.data) is equal to - * AsymmetricSignRequest.data_crc32c google.cloud.kms.v1.AsymmetricSignRequest.data_crc32c, and if so, perform a limited - * number of retries. A persistent mismatch may indicate an issue in your - * computation of the CRC32C checksum. - * Note: This field is defined as int64 for reasons of compatibility across - * different languages. However, it is a non-negative integer, which will - * never exceed 2^32-1, and can be safely downconverted to uint32 in languages - * that support this type. + * Optional. An optional CRC32C checksum of the + * AsymmetricSignRequest.data google.cloud.kms.v1.AsymmetricSignRequest.data. + * If specified, + * KeyManagementService google.cloud.kms.v1.KeyManagementService will + * verify the integrity of the received + * AsymmetricSignRequest.data google.cloud.kms.v1.AsymmetricSignRequest.data + * using this checksum. + * KeyManagementService google.cloud.kms.v1.KeyManagementService will + * report an error if the checksum verification fails. If you receive a + * checksum error, your client should verify that + * CRC32C(AsymmetricSignRequest.data google.cloud.kms.v1.AsymmetricSignRequest.data) + * is equal to + * AsymmetricSignRequest.data_crc32c google.cloud.kms.v1.AsymmetricSignRequest.data_crc32c, + * and if so, perform a limited number of retries. A persistent mismatch may + * indicate an issue in your computation of the CRC32C checksum. Note: This + * field is defined as int64 for reasons of compatibility across different + * languages. However, it is a non-negative integer, which will never exceed + * 2^32-1, and can be safely downconverted to uint32 in languages that support + * this type. */ // const dataCrc32c = {} diff --git a/samples/generated/v1/key_management_service.create_crypto_key.js b/samples/generated/v1/key_management_service.create_crypto_key.js index 40d1048a..1ba5c7b4 100644 --- a/samples/generated/v1/key_management_service.create_crypto_key.js +++ b/samples/generated/v1/key_management_service.create_crypto_key.js @@ -21,8 +21,8 @@ function main(parent, cryptoKeyId, cryptoKey) { * TODO(developer): Uncomment these variables before running the sample. */ /** - * Required. The name google.cloud.kms.v1.KeyRing.name of the KeyRing associated with the - * CryptoKeys google.cloud.kms.v1.CryptoKey. + * Required. The name google.cloud.kms.v1.KeyRing.name of the KeyRing + * associated with the CryptoKeys google.cloud.kms.v1.CryptoKey. */ // const parent = 'abc123' /** @@ -31,13 +31,17 @@ function main(parent, cryptoKeyId, cryptoKey) { */ // const cryptoKeyId = 'abc123' /** - * Required. A CryptoKey google.cloud.kms.v1.CryptoKey with initial field values. + * Required. A CryptoKey google.cloud.kms.v1.CryptoKey with initial field + * values. */ // const cryptoKey = {} /** - * If set to true, the request will create a CryptoKey google.cloud.kms.v1.CryptoKey without any - * CryptoKeyVersions google.cloud.kms.v1.CryptoKeyVersion. You must manually call - * CreateCryptoKeyVersion google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion or + * If set to true, the request will create a + * CryptoKey google.cloud.kms.v1.CryptoKey without any + * CryptoKeyVersions google.cloud.kms.v1.CryptoKeyVersion. You must + * manually call + * CreateCryptoKeyVersion google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion + * or * ImportCryptoKeyVersion google.cloud.kms.v1.KeyManagementService.ImportCryptoKeyVersion * before you can use this CryptoKey google.cloud.kms.v1.CryptoKey. */ diff --git a/samples/generated/v1/key_management_service.create_crypto_key_version.js b/samples/generated/v1/key_management_service.create_crypto_key_version.js index 71310f19..01705109 100644 --- a/samples/generated/v1/key_management_service.create_crypto_key_version.js +++ b/samples/generated/v1/key_management_service.create_crypto_key_version.js @@ -21,12 +21,14 @@ function main(parent, cryptoKeyVersion) { * TODO(developer): Uncomment these variables before running the sample. */ /** - * Required. The name google.cloud.kms.v1.CryptoKey.name of the CryptoKey google.cloud.kms.v1.CryptoKey associated with - * the CryptoKeyVersions google.cloud.kms.v1.CryptoKeyVersion. + * Required. The name google.cloud.kms.v1.CryptoKey.name of the + * CryptoKey google.cloud.kms.v1.CryptoKey associated with the + * CryptoKeyVersions google.cloud.kms.v1.CryptoKeyVersion. */ // const parent = 'abc123' /** - * Required. A CryptoKeyVersion google.cloud.kms.v1.CryptoKeyVersion with initial field values. + * Required. A CryptoKeyVersion google.cloud.kms.v1.CryptoKeyVersion with + * initial field values. */ // const cryptoKeyVersion = {} diff --git a/samples/generated/v1/key_management_service.create_import_job.js b/samples/generated/v1/key_management_service.create_import_job.js index a9212806..2e018d3a 100644 --- a/samples/generated/v1/key_management_service.create_import_job.js +++ b/samples/generated/v1/key_management_service.create_import_job.js @@ -21,7 +21,8 @@ function main(parent, importJobId, importJob) { * TODO(developer): Uncomment these variables before running the sample. */ /** - * Required. The name google.cloud.kms.v1.KeyRing.name of the KeyRing google.cloud.kms.v1.KeyRing associated with the + * Required. The name google.cloud.kms.v1.KeyRing.name of the + * KeyRing google.cloud.kms.v1.KeyRing associated with the * ImportJobs google.cloud.kms.v1.ImportJob. */ // const parent = 'abc123' @@ -31,7 +32,8 @@ function main(parent, importJobId, importJob) { */ // const importJobId = 'abc123' /** - * Required. An ImportJob google.cloud.kms.v1.ImportJob with initial field values. + * Required. An ImportJob google.cloud.kms.v1.ImportJob with initial field + * values. */ // const importJob = {} diff --git a/samples/generated/v1/key_management_service.create_key_ring.js b/samples/generated/v1/key_management_service.create_key_ring.js index 2035bc40..704ca16b 100644 --- a/samples/generated/v1/key_management_service.create_key_ring.js +++ b/samples/generated/v1/key_management_service.create_key_ring.js @@ -22,7 +22,8 @@ function main(parent, keyRingId, keyRing) { */ /** * Required. The resource name of the location associated with the - * KeyRings google.cloud.kms.v1.KeyRing, in the format `projects/* /locations/*`. + * KeyRings google.cloud.kms.v1.KeyRing, in the format + * `projects/* /locations/*`. */ // const parent = 'abc123' /** @@ -31,7 +32,8 @@ function main(parent, keyRingId, keyRing) { */ // const keyRingId = 'abc123' /** - * Required. A KeyRing google.cloud.kms.v1.KeyRing with initial field values. + * Required. A KeyRing google.cloud.kms.v1.KeyRing with initial field + * values. */ // const keyRing = {} diff --git a/samples/generated/v1/key_management_service.decrypt.js b/samples/generated/v1/key_management_service.decrypt.js index 8e9c5595..a541d7ce 100644 --- a/samples/generated/v1/key_management_service.decrypt.js +++ b/samples/generated/v1/key_management_service.decrypt.js @@ -21,8 +21,9 @@ function main(name, ciphertext) { * TODO(developer): Uncomment these variables before running the sample. */ /** - * Required. The resource name of the CryptoKey google.cloud.kms.v1.CryptoKey to use for decryption. - * The server will choose the appropriate version. + * Required. The resource name of the + * CryptoKey google.cloud.kms.v1.CryptoKey to use for decryption. The + * server will choose the appropriate version. */ // const name = 'abc123' /** @@ -36,36 +37,47 @@ function main(name, ciphertext) { */ // const additionalAuthenticatedData = 'Buffer.from('string')' /** - * Optional. An optional CRC32C checksum of the DecryptRequest.ciphertext google.cloud.kms.v1.DecryptRequest.ciphertext. If - * specified, KeyManagementService google.cloud.kms.v1.KeyManagementService will verify the integrity of the - * received DecryptRequest.ciphertext google.cloud.kms.v1.DecryptRequest.ciphertext using this checksum. - * KeyManagementService google.cloud.kms.v1.KeyManagementService will report an error if the checksum verification - * fails. If you receive a checksum error, your client should verify that - * CRC32C(DecryptRequest.ciphertext google.cloud.kms.v1.DecryptRequest.ciphertext) is equal to - * DecryptRequest.ciphertext_crc32c google.cloud.kms.v1.DecryptRequest.ciphertext_crc32c, and if so, perform a limited number - * of retries. A persistent mismatch may indicate an issue in your computation - * of the CRC32C checksum. - * Note: This field is defined as int64 for reasons of compatibility across - * different languages. However, it is a non-negative integer, which will - * never exceed 2^32-1, and can be safely downconverted to uint32 in languages - * that support this type. + * Optional. An optional CRC32C checksum of the + * DecryptRequest.ciphertext google.cloud.kms.v1.DecryptRequest.ciphertext. + * If specified, + * KeyManagementService google.cloud.kms.v1.KeyManagementService will + * verify the integrity of the received + * DecryptRequest.ciphertext google.cloud.kms.v1.DecryptRequest.ciphertext + * using this checksum. + * KeyManagementService google.cloud.kms.v1.KeyManagementService will + * report an error if the checksum verification fails. If you receive a + * checksum error, your client should verify that + * CRC32C(DecryptRequest.ciphertext google.cloud.kms.v1.DecryptRequest.ciphertext) + * is equal to + * DecryptRequest.ciphertext_crc32c google.cloud.kms.v1.DecryptRequest.ciphertext_crc32c, + * and if so, perform a limited number of retries. A persistent mismatch may + * indicate an issue in your computation of the CRC32C checksum. Note: This + * field is defined as int64 for reasons of compatibility across different + * languages. However, it is a non-negative integer, which will never exceed + * 2^32-1, and can be safely downconverted to uint32 in languages that support + * this type. */ // const ciphertextCrc32c = {} /** * Optional. An optional CRC32C checksum of the - * DecryptRequest.additional_authenticated_data google.cloud.kms.v1.DecryptRequest.additional_authenticated_data. If specified, - * KeyManagementService google.cloud.kms.v1.KeyManagementService will verify the integrity of the received - * DecryptRequest.additional_authenticated_data google.cloud.kms.v1.DecryptRequest.additional_authenticated_data using this checksum. - * KeyManagementService google.cloud.kms.v1.KeyManagementService will report an error if the checksum verification - * fails. If you receive a checksum error, your client should verify that - * CRC32C(DecryptRequest.additional_authenticated_data google.cloud.kms.v1.DecryptRequest.additional_authenticated_data) is equal to - * DecryptRequest.additional_authenticated_data_crc32c google.cloud.kms.v1.DecryptRequest.additional_authenticated_data_crc32c, and if so, perform - * a limited number of retries. A persistent mismatch may indicate an issue in - * your computation of the CRC32C checksum. - * Note: This field is defined as int64 for reasons of compatibility across - * different languages. However, it is a non-negative integer, which will - * never exceed 2^32-1, and can be safely downconverted to uint32 in languages - * that support this type. + * DecryptRequest.additional_authenticated_data google.cloud.kms.v1.DecryptRequest.additional_authenticated_data. + * If specified, + * KeyManagementService google.cloud.kms.v1.KeyManagementService will + * verify the integrity of the received + * DecryptRequest.additional_authenticated_data google.cloud.kms.v1.DecryptRequest.additional_authenticated_data + * using this checksum. + * KeyManagementService google.cloud.kms.v1.KeyManagementService will + * report an error if the checksum verification fails. If you receive a + * checksum error, your client should verify that + * CRC32C(DecryptRequest.additional_authenticated_data google.cloud.kms.v1.DecryptRequest.additional_authenticated_data) + * is equal to + * DecryptRequest.additional_authenticated_data_crc32c google.cloud.kms.v1.DecryptRequest.additional_authenticated_data_crc32c, + * and if so, perform a limited number of retries. A persistent mismatch may + * indicate an issue in your computation of the CRC32C checksum. Note: This + * field is defined as int64 for reasons of compatibility across different + * languages. However, it is a non-negative integer, which will never exceed + * 2^32-1, and can be safely downconverted to uint32 in languages that support + * this type. */ // const additionalAuthenticatedDataCrc32c = {} diff --git a/samples/generated/v1/key_management_service.destroy_crypto_key_version.js b/samples/generated/v1/key_management_service.destroy_crypto_key_version.js index e86f46d4..ce8e8303 100644 --- a/samples/generated/v1/key_management_service.destroy_crypto_key_version.js +++ b/samples/generated/v1/key_management_service.destroy_crypto_key_version.js @@ -21,7 +21,8 @@ function main(name) { * TODO(developer): Uncomment these variables before running the sample. */ /** - * Required. The resource name of the CryptoKeyVersion google.cloud.kms.v1.CryptoKeyVersion to destroy. + * Required. The resource name of the + * CryptoKeyVersion google.cloud.kms.v1.CryptoKeyVersion to destroy. */ // const name = 'abc123' diff --git a/samples/generated/v1/key_management_service.encrypt.js b/samples/generated/v1/key_management_service.encrypt.js index 07062bf3..24ff57ac 100644 --- a/samples/generated/v1/key_management_service.encrypt.js +++ b/samples/generated/v1/key_management_service.encrypt.js @@ -21,64 +21,80 @@ function main(name, plaintext) { * TODO(developer): Uncomment these variables before running the sample. */ /** - * Required. The resource name of the CryptoKey google.cloud.kms.v1.CryptoKey or CryptoKeyVersion google.cloud.kms.v1.CryptoKeyVersion - * to use for encryption. - * If a CryptoKey google.cloud.kms.v1.CryptoKey is specified, the server will use its - * primary version google.cloud.kms.v1.CryptoKey.primary. + * Required. The resource name of the + * CryptoKey google.cloud.kms.v1.CryptoKey or + * CryptoKeyVersion google.cloud.kms.v1.CryptoKeyVersion to use for + * encryption. + * If a CryptoKey google.cloud.kms.v1.CryptoKey is specified, the server + * will use its primary version google.cloud.kms.v1.CryptoKey.primary. */ // const name = 'abc123' /** * Required. The data to encrypt. Must be no larger than 64KiB. * The maximum size depends on the key version's - * protection_level google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level. For - * SOFTWARE google.cloud.kms.v1.ProtectionLevel.SOFTWARE keys, the plaintext must be no larger - * than 64KiB. For HSM google.cloud.kms.v1.ProtectionLevel.HSM keys, the combined length of the - * plaintext and additional_authenticated_data fields must be no larger than - * 8KiB. + * protection_level google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level. + * For SOFTWARE google.cloud.kms.v1.ProtectionLevel.SOFTWARE keys, the + * plaintext must be no larger than 64KiB. For + * HSM google.cloud.kms.v1.ProtectionLevel.HSM keys, the combined length of + * the plaintext and additional_authenticated_data fields must be no larger + * than 8KiB. */ // const plaintext = 'Buffer.from('string')' /** - * Optional. Optional data that, if specified, must also be provided during decryption - * through DecryptRequest.additional_authenticated_data google.cloud.kms.v1.DecryptRequest.additional_authenticated_data. + * Optional. Optional data that, if specified, must also be provided during + * decryption through + * DecryptRequest.additional_authenticated_data google.cloud.kms.v1.DecryptRequest.additional_authenticated_data. * The maximum size depends on the key version's - * protection_level google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level. For - * SOFTWARE google.cloud.kms.v1.ProtectionLevel.SOFTWARE keys, the AAD must be no larger than - * 64KiB. For HSM google.cloud.kms.v1.ProtectionLevel.HSM keys, the combined length of the - * plaintext and additional_authenticated_data fields must be no larger than - * 8KiB. + * protection_level google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level. + * For SOFTWARE google.cloud.kms.v1.ProtectionLevel.SOFTWARE keys, the AAD + * must be no larger than 64KiB. For + * HSM google.cloud.kms.v1.ProtectionLevel.HSM keys, the combined length of + * the plaintext and additional_authenticated_data fields must be no larger + * than 8KiB. */ // const additionalAuthenticatedData = 'Buffer.from('string')' /** - * Optional. An optional CRC32C checksum of the EncryptRequest.plaintext google.cloud.kms.v1.EncryptRequest.plaintext. If - * specified, KeyManagementService google.cloud.kms.v1.KeyManagementService will verify the integrity of the - * received EncryptRequest.plaintext google.cloud.kms.v1.EncryptRequest.plaintext using this checksum. - * KeyManagementService google.cloud.kms.v1.KeyManagementService will report an error if the checksum verification - * fails. If you receive a checksum error, your client should verify that - * CRC32C(EncryptRequest.plaintext google.cloud.kms.v1.EncryptRequest.plaintext) is equal to - * EncryptRequest.plaintext_crc32c google.cloud.kms.v1.EncryptRequest.plaintext_crc32c, and if so, perform a limited number of - * retries. A persistent mismatch may indicate an issue in your computation of - * the CRC32C checksum. - * Note: This field is defined as int64 for reasons of compatibility across - * different languages. However, it is a non-negative integer, which will - * never exceed 2^32-1, and can be safely downconverted to uint32 in languages - * that support this type. + * Optional. An optional CRC32C checksum of the + * EncryptRequest.plaintext google.cloud.kms.v1.EncryptRequest.plaintext. + * If specified, + * KeyManagementService google.cloud.kms.v1.KeyManagementService will + * verify the integrity of the received + * EncryptRequest.plaintext google.cloud.kms.v1.EncryptRequest.plaintext + * using this checksum. + * KeyManagementService google.cloud.kms.v1.KeyManagementService will + * report an error if the checksum verification fails. If you receive a + * checksum error, your client should verify that + * CRC32C(EncryptRequest.plaintext google.cloud.kms.v1.EncryptRequest.plaintext) + * is equal to + * EncryptRequest.plaintext_crc32c google.cloud.kms.v1.EncryptRequest.plaintext_crc32c, + * and if so, perform a limited number of retries. A persistent mismatch may + * indicate an issue in your computation of the CRC32C checksum. Note: This + * field is defined as int64 for reasons of compatibility across different + * languages. However, it is a non-negative integer, which will never exceed + * 2^32-1, and can be safely downconverted to uint32 in languages that support + * this type. */ // const plaintextCrc32c = {} /** * Optional. An optional CRC32C checksum of the - * EncryptRequest.additional_authenticated_data google.cloud.kms.v1.EncryptRequest.additional_authenticated_data. If specified, - * KeyManagementService google.cloud.kms.v1.KeyManagementService will verify the integrity of the received - * EncryptRequest.additional_authenticated_data google.cloud.kms.v1.EncryptRequest.additional_authenticated_data using this checksum. - * KeyManagementService google.cloud.kms.v1.KeyManagementService will report an error if the checksum verification - * fails. If you receive a checksum error, your client should verify that - * CRC32C(EncryptRequest.additional_authenticated_data google.cloud.kms.v1.EncryptRequest.additional_authenticated_data) is equal to - * EncryptRequest.additional_authenticated_data_crc32c google.cloud.kms.v1.EncryptRequest.additional_authenticated_data_crc32c, and if so, perform - * a limited number of retries. A persistent mismatch may indicate an issue in - * your computation of the CRC32C checksum. - * Note: This field is defined as int64 for reasons of compatibility across - * different languages. However, it is a non-negative integer, which will - * never exceed 2^32-1, and can be safely downconverted to uint32 in languages - * that support this type. + * EncryptRequest.additional_authenticated_data google.cloud.kms.v1.EncryptRequest.additional_authenticated_data. + * If specified, + * KeyManagementService google.cloud.kms.v1.KeyManagementService will + * verify the integrity of the received + * EncryptRequest.additional_authenticated_data google.cloud.kms.v1.EncryptRequest.additional_authenticated_data + * using this checksum. + * KeyManagementService google.cloud.kms.v1.KeyManagementService will + * report an error if the checksum verification fails. If you receive a + * checksum error, your client should verify that + * CRC32C(EncryptRequest.additional_authenticated_data google.cloud.kms.v1.EncryptRequest.additional_authenticated_data) + * is equal to + * EncryptRequest.additional_authenticated_data_crc32c google.cloud.kms.v1.EncryptRequest.additional_authenticated_data_crc32c, + * and if so, perform a limited number of retries. A persistent mismatch may + * indicate an issue in your computation of the CRC32C checksum. Note: This + * field is defined as int64 for reasons of compatibility across different + * languages. However, it is a non-negative integer, which will never exceed + * 2^32-1, and can be safely downconverted to uint32 in languages that support + * this type. */ // const additionalAuthenticatedDataCrc32c = {} diff --git a/samples/generated/v1/key_management_service.generate_random_bytes.js b/samples/generated/v1/key_management_service.generate_random_bytes.js index f76b2cf3..281e4075 100644 --- a/samples/generated/v1/key_management_service.generate_random_bytes.js +++ b/samples/generated/v1/key_management_service.generate_random_bytes.js @@ -31,8 +31,10 @@ function main() { */ // const lengthBytes = 1234 /** - * The ProtectionLevel google.cloud.kms.v1.ProtectionLevel to use when generating the random data. Defaults to - * SOFTWARE google.cloud.kms.v1.ProtectionLevel.SOFTWARE. + * The ProtectionLevel google.cloud.kms.v1.ProtectionLevel to use when + * generating the random data. Currently, only + * HSM google.cloud.kms.v1.ProtectionLevel.HSM protection level is + * supported. */ // const protectionLevel = {} diff --git a/samples/generated/v1/key_management_service.get_crypto_key.js b/samples/generated/v1/key_management_service.get_crypto_key.js index 21501a8c..9b5925b8 100644 --- a/samples/generated/v1/key_management_service.get_crypto_key.js +++ b/samples/generated/v1/key_management_service.get_crypto_key.js @@ -21,7 +21,8 @@ function main(name) { * TODO(developer): Uncomment these variables before running the sample. */ /** - * Required. The name google.cloud.kms.v1.CryptoKey.name of the CryptoKey google.cloud.kms.v1.CryptoKey to get. + * Required. The name google.cloud.kms.v1.CryptoKey.name of the + * CryptoKey google.cloud.kms.v1.CryptoKey to get. */ // const name = 'abc123' diff --git a/samples/generated/v1/key_management_service.get_crypto_key_version.js b/samples/generated/v1/key_management_service.get_crypto_key_version.js index 8376be70..24b690c2 100644 --- a/samples/generated/v1/key_management_service.get_crypto_key_version.js +++ b/samples/generated/v1/key_management_service.get_crypto_key_version.js @@ -21,7 +21,8 @@ function main(name) { * TODO(developer): Uncomment these variables before running the sample. */ /** - * Required. The name google.cloud.kms.v1.CryptoKeyVersion.name of the CryptoKeyVersion google.cloud.kms.v1.CryptoKeyVersion to get. + * Required. The name google.cloud.kms.v1.CryptoKeyVersion.name of the + * CryptoKeyVersion google.cloud.kms.v1.CryptoKeyVersion to get. */ // const name = 'abc123' diff --git a/samples/generated/v1/key_management_service.get_import_job.js b/samples/generated/v1/key_management_service.get_import_job.js index b537109b..b7499ad1 100644 --- a/samples/generated/v1/key_management_service.get_import_job.js +++ b/samples/generated/v1/key_management_service.get_import_job.js @@ -21,7 +21,8 @@ function main(name) { * TODO(developer): Uncomment these variables before running the sample. */ /** - * Required. The name google.cloud.kms.v1.ImportJob.name of the ImportJob google.cloud.kms.v1.ImportJob to get. + * Required. The name google.cloud.kms.v1.ImportJob.name of the + * ImportJob google.cloud.kms.v1.ImportJob to get. */ // const name = 'abc123' diff --git a/samples/generated/v1/key_management_service.get_key_ring.js b/samples/generated/v1/key_management_service.get_key_ring.js index 335202a7..f454a7b8 100644 --- a/samples/generated/v1/key_management_service.get_key_ring.js +++ b/samples/generated/v1/key_management_service.get_key_ring.js @@ -21,7 +21,8 @@ function main(name) { * TODO(developer): Uncomment these variables before running the sample. */ /** - * Required. The name google.cloud.kms.v1.KeyRing.name of the KeyRing google.cloud.kms.v1.KeyRing to get. + * Required. The name google.cloud.kms.v1.KeyRing.name of the + * KeyRing google.cloud.kms.v1.KeyRing to get. */ // const name = 'abc123' diff --git a/samples/generated/v1/key_management_service.get_public_key.js b/samples/generated/v1/key_management_service.get_public_key.js index c8ffbad4..1d254da3 100644 --- a/samples/generated/v1/key_management_service.get_public_key.js +++ b/samples/generated/v1/key_management_service.get_public_key.js @@ -21,8 +21,8 @@ function main(name) { * TODO(developer): Uncomment these variables before running the sample. */ /** - * Required. The name google.cloud.kms.v1.CryptoKeyVersion.name of the CryptoKeyVersion google.cloud.kms.v1.CryptoKeyVersion public key to - * get. + * Required. The name google.cloud.kms.v1.CryptoKeyVersion.name of the + * CryptoKeyVersion google.cloud.kms.v1.CryptoKeyVersion public key to get. */ // const name = 'abc123' diff --git a/samples/generated/v1/key_management_service.import_crypto_key_version.js b/samples/generated/v1/key_management_service.import_crypto_key_version.js index 4819da5c..5d936ab6 100644 --- a/samples/generated/v1/key_management_service.import_crypto_key_version.js +++ b/samples/generated/v1/key_management_service.import_crypto_key_version.js @@ -21,38 +21,46 @@ function main(parent, algorithm, importJob) { * TODO(developer): Uncomment these variables before running the sample. */ /** - * Required. The name google.cloud.kms.v1.CryptoKey.name of the CryptoKey google.cloud.kms.v1.CryptoKey to be imported into. + * Required. The name google.cloud.kms.v1.CryptoKey.name of the + * CryptoKey google.cloud.kms.v1.CryptoKey to be imported into. * The create permission is only required on this key when creating a new * CryptoKeyVersion google.cloud.kms.v1.CryptoKeyVersion. */ // const parent = 'abc123' /** - * Optional. The optional name google.cloud.kms.v1.CryptoKeyVersion.name of an existing - * CryptoKeyVersion google.cloud.kms.v1.CryptoKeyVersion to target for an import operation. - * If this field is not present, a new CryptoKeyVersion google.cloud.kms.v1.CryptoKeyVersion containing the + * Optional. The optional name google.cloud.kms.v1.CryptoKeyVersion.name of + * an existing CryptoKeyVersion google.cloud.kms.v1.CryptoKeyVersion to + * target for an import operation. If this field is not present, a new + * CryptoKeyVersion google.cloud.kms.v1.CryptoKeyVersion containing the * supplied key material is created. * If this field is present, the supplied key material is imported into - * the existing CryptoKeyVersion google.cloud.kms.v1.CryptoKeyVersion. To import into an existing - * CryptoKeyVersion google.cloud.kms.v1.CryptoKeyVersion, the CryptoKeyVersion google.cloud.kms.v1.CryptoKeyVersion must be a child of - * ImportCryptoKeyVersionRequest.parent google.cloud.kms.v1.ImportCryptoKeyVersionRequest.parent, have been previously created via - * ImportCryptoKeyVersion , and be in - * DESTROYED google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED or + * the existing CryptoKeyVersion google.cloud.kms.v1.CryptoKeyVersion. To + * import into an existing + * CryptoKeyVersion google.cloud.kms.v1.CryptoKeyVersion, the + * CryptoKeyVersion google.cloud.kms.v1.CryptoKeyVersion must be a child of + * ImportCryptoKeyVersionRequest.parent google.cloud.kms.v1.ImportCryptoKeyVersionRequest.parent, + * have been previously created via ImportCryptoKeyVersion , and be in + * DESTROYED google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED + * or * IMPORT_FAILED google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.IMPORT_FAILED * state. The key material and algorithm must match the previous - * CryptoKeyVersion google.cloud.kms.v1.CryptoKeyVersion exactly if the CryptoKeyVersion google.cloud.kms.v1.CryptoKeyVersion has ever contained + * CryptoKeyVersion google.cloud.kms.v1.CryptoKeyVersion exactly if the + * CryptoKeyVersion google.cloud.kms.v1.CryptoKeyVersion has ever contained * key material. */ // const cryptoKeyVersion = 'abc123' /** - * Required. The algorithm google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm of - * the key being imported. This does not need to match the - * version_template google.cloud.kms.v1.CryptoKey.version_template of the CryptoKey google.cloud.kms.v1.CryptoKey this - * version imports into. + * Required. The + * algorithm google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm + * of the key being imported. This does not need to match the + * version_template google.cloud.kms.v1.CryptoKey.version_template of the + * CryptoKey google.cloud.kms.v1.CryptoKey this version imports into. */ // const algorithm = {} /** - * Required. The name google.cloud.kms.v1.ImportJob.name of the ImportJob google.cloud.kms.v1.ImportJob that was used to - * wrap this key material. + * Required. The name google.cloud.kms.v1.ImportJob.name of the + * ImportJob google.cloud.kms.v1.ImportJob that was used to wrap this key + * material. */ // const importJob = 'abc123' /** @@ -63,8 +71,9 @@ function main(parent, algorithm, importJob) { * This field contains the concatenation of two wrapped keys: *
      *
    1. An ephemeral AES-256 wrapping key wrapped with the - * public_key google.cloud.kms.v1.ImportJob.public_key using RSAES-OAEP with SHA-1, - * MGF1 with SHA-1, and an empty label. + * public_key google.cloud.kms.v1.ImportJob.public_key using + * RSAES-OAEP with SHA-1/SHA-256, MGF1 with SHA-1/SHA-256, and an + * empty label. *
    2. *
    3. The key to be imported, wrapped with the ephemeral AES-256 key * using AES-KWP (RFC 5649). diff --git a/samples/generated/v1/key_management_service.list_crypto_key_versions.js b/samples/generated/v1/key_management_service.list_crypto_key_versions.js index 461b0be2..766a9930 100644 --- a/samples/generated/v1/key_management_service.list_crypto_key_versions.js +++ b/samples/generated/v1/key_management_service.list_crypto_key_versions.js @@ -21,16 +21,19 @@ function main(parent) { * TODO(developer): Uncomment these variables before running the sample. */ /** - * Required. The resource name of the CryptoKey google.cloud.kms.v1.CryptoKey to list, in the format + * Required. The resource name of the + * CryptoKey google.cloud.kms.v1.CryptoKey to list, in the format * `projects/* /locations/* /keyRings/* /cryptoKeys/*`. */ // const parent = 'abc123' /** - * Optional. Optional limit on the number of CryptoKeyVersions google.cloud.kms.v1.CryptoKeyVersion to - * include in the response. Further CryptoKeyVersions google.cloud.kms.v1.CryptoKeyVersion can - * subsequently be obtained by including the - * ListCryptoKeyVersionsResponse.next_page_token google.cloud.kms.v1.ListCryptoKeyVersionsResponse.next_page_token in a subsequent request. - * If unspecified, the server will pick an appropriate default. + * Optional. Optional limit on the number of + * CryptoKeyVersions google.cloud.kms.v1.CryptoKeyVersion to include in the + * response. Further CryptoKeyVersions google.cloud.kms.v1.CryptoKeyVersion + * can subsequently be obtained by including the + * ListCryptoKeyVersionsResponse.next_page_token google.cloud.kms.v1.ListCryptoKeyVersionsResponse.next_page_token + * in a subsequent request. If unspecified, the server will pick an + * appropriate default. */ // const pageSize = 1234 /** diff --git a/samples/generated/v1/key_management_service.list_crypto_keys.js b/samples/generated/v1/key_management_service.list_crypto_keys.js index 0a342da0..f3ecd49b 100644 --- a/samples/generated/v1/key_management_service.list_crypto_keys.js +++ b/samples/generated/v1/key_management_service.list_crypto_keys.js @@ -21,15 +21,18 @@ function main(parent) { * TODO(developer): Uncomment these variables before running the sample. */ /** - * Required. The resource name of the KeyRing google.cloud.kms.v1.KeyRing to list, in the format - * `projects/* /locations/* /keyRings/*`. + * Required. The resource name of the KeyRing google.cloud.kms.v1.KeyRing + * to list, in the format `projects/* /locations/* /keyRings/*`. */ // const parent = 'abc123' /** - * Optional. Optional limit on the number of CryptoKeys google.cloud.kms.v1.CryptoKey to include in the - * response. Further CryptoKeys google.cloud.kms.v1.CryptoKey can subsequently be obtained by - * including the ListCryptoKeysResponse.next_page_token google.cloud.kms.v1.ListCryptoKeysResponse.next_page_token in a subsequent - * request. If unspecified, the server will pick an appropriate default. + * Optional. Optional limit on the number of + * CryptoKeys google.cloud.kms.v1.CryptoKey to include in the response. + * Further CryptoKeys google.cloud.kms.v1.CryptoKey can subsequently be + * obtained by including the + * ListCryptoKeysResponse.next_page_token google.cloud.kms.v1.ListCryptoKeysResponse.next_page_token + * in a subsequent request. If unspecified, the server will pick an + * appropriate default. */ // const pageSize = 1234 /** diff --git a/samples/generated/v1/key_management_service.list_import_jobs.js b/samples/generated/v1/key_management_service.list_import_jobs.js index cfdbbf7b..38d222fb 100644 --- a/samples/generated/v1/key_management_service.list_import_jobs.js +++ b/samples/generated/v1/key_management_service.list_import_jobs.js @@ -21,15 +21,18 @@ function main(parent) { * TODO(developer): Uncomment these variables before running the sample. */ /** - * Required. The resource name of the KeyRing google.cloud.kms.v1.KeyRing to list, in the format - * `projects/* /locations/* /keyRings/*`. + * Required. The resource name of the KeyRing google.cloud.kms.v1.KeyRing + * to list, in the format `projects/* /locations/* /keyRings/*`. */ // const parent = 'abc123' /** - * Optional. Optional limit on the number of ImportJobs google.cloud.kms.v1.ImportJob to include in the - * response. Further ImportJobs google.cloud.kms.v1.ImportJob can subsequently be obtained by - * including the ListImportJobsResponse.next_page_token google.cloud.kms.v1.ListImportJobsResponse.next_page_token in a subsequent - * request. If unspecified, the server will pick an appropriate default. + * Optional. Optional limit on the number of + * ImportJobs google.cloud.kms.v1.ImportJob to include in the response. + * Further ImportJobs google.cloud.kms.v1.ImportJob can subsequently be + * obtained by including the + * ListImportJobsResponse.next_page_token google.cloud.kms.v1.ListImportJobsResponse.next_page_token + * in a subsequent request. If unspecified, the server will pick an + * appropriate default. */ // const pageSize = 1234 /** diff --git a/samples/generated/v1/key_management_service.list_key_rings.js b/samples/generated/v1/key_management_service.list_key_rings.js index e203219b..6a98231d 100644 --- a/samples/generated/v1/key_management_service.list_key_rings.js +++ b/samples/generated/v1/key_management_service.list_key_rings.js @@ -22,14 +22,18 @@ function main(parent) { */ /** * Required. The resource name of the location associated with the - * KeyRings google.cloud.kms.v1.KeyRing, in the format `projects/* /locations/*`. + * KeyRings google.cloud.kms.v1.KeyRing, in the format + * `projects/* /locations/*`. */ // const parent = 'abc123' /** - * Optional. Optional limit on the number of KeyRings google.cloud.kms.v1.KeyRing to include in the - * response. Further KeyRings google.cloud.kms.v1.KeyRing can subsequently be obtained by - * including the ListKeyRingsResponse.next_page_token google.cloud.kms.v1.ListKeyRingsResponse.next_page_token in a subsequent - * request. If unspecified, the server will pick an appropriate default. + * Optional. Optional limit on the number of + * KeyRings google.cloud.kms.v1.KeyRing to include in the response. Further + * KeyRings google.cloud.kms.v1.KeyRing can subsequently be obtained by + * including the + * ListKeyRingsResponse.next_page_token google.cloud.kms.v1.ListKeyRingsResponse.next_page_token + * in a subsequent request. If unspecified, the server will pick an + * appropriate default. */ // const pageSize = 1234 /** diff --git a/samples/generated/v1/key_management_service.mac_sign.js b/samples/generated/v1/key_management_service.mac_sign.js index 7a991005..d31a8dc3 100644 --- a/samples/generated/v1/key_management_service.mac_sign.js +++ b/samples/generated/v1/key_management_service.mac_sign.js @@ -21,28 +21,34 @@ function main(name, data) { * TODO(developer): Uncomment these variables before running the sample. */ /** - * Required. The resource name of the CryptoKeyVersion google.cloud.kms.v1.CryptoKeyVersion to use for signing. + * Required. The resource name of the + * CryptoKeyVersion google.cloud.kms.v1.CryptoKeyVersion to use for + * signing. */ // const name = 'abc123' /** - * Required. The data to sign. The MAC tag is computed over this data field based on - * the specific algorithm. + * Required. The data to sign. The MAC tag is computed over this data field + * based on the specific algorithm. */ // const data = 'Buffer.from('string')' /** - * Optional. An optional CRC32C checksum of the MacSignRequest.data google.cloud.kms.v1.MacSignRequest.data. If - * specified, KeyManagementService google.cloud.kms.v1.KeyManagementService will verify the integrity of the - * received MacSignRequest.data google.cloud.kms.v1.MacSignRequest.data using this checksum. - * KeyManagementService google.cloud.kms.v1.KeyManagementService will report an error if the checksum verification - * fails. If you receive a checksum error, your client should verify that - * CRC32C(MacSignRequest.data google.cloud.kms.v1.MacSignRequest.data) is equal to - * MacSignRequest.data_crc32c google.cloud.kms.v1.MacSignRequest.data_crc32c, and if so, perform a limited - * number of retries. A persistent mismatch may indicate an issue in your - * computation of the CRC32C checksum. - * Note: This field is defined as int64 for reasons of compatibility across - * different languages. However, it is a non-negative integer, which will - * never exceed 2^32-1, and can be safely downconverted to uint32 in languages - * that support this type. + * Optional. An optional CRC32C checksum of the + * MacSignRequest.data google.cloud.kms.v1.MacSignRequest.data. If + * specified, KeyManagementService google.cloud.kms.v1.KeyManagementService + * will verify the integrity of the received + * MacSignRequest.data google.cloud.kms.v1.MacSignRequest.data using this + * checksum. KeyManagementService google.cloud.kms.v1.KeyManagementService + * will report an error if the checksum verification fails. If you receive a + * checksum error, your client should verify that + * CRC32C(MacSignRequest.data google.cloud.kms.v1.MacSignRequest.data) is + * equal to + * MacSignRequest.data_crc32c google.cloud.kms.v1.MacSignRequest.data_crc32c, + * and if so, perform a limited number of retries. A persistent mismatch may + * indicate an issue in your computation of the CRC32C checksum. Note: This + * field is defined as int64 for reasons of compatibility across different + * languages. However, it is a non-negative integer, which will never exceed + * 2^32-1, and can be safely downconverted to uint32 in languages that support + * this type. */ // const dataCrc32c = {} diff --git a/samples/generated/v1/key_management_service.mac_verify.js b/samples/generated/v1/key_management_service.mac_verify.js index 10d261f1..c180c0ad 100644 --- a/samples/generated/v1/key_management_service.mac_verify.js +++ b/samples/generated/v1/key_management_service.mac_verify.js @@ -21,28 +21,36 @@ function main(name, data, mac) { * TODO(developer): Uncomment these variables before running the sample. */ /** - * Required. The resource name of the CryptoKeyVersion google.cloud.kms.v1.CryptoKeyVersion to use for verification. + * Required. The resource name of the + * CryptoKeyVersion google.cloud.kms.v1.CryptoKeyVersion to use for + * verification. */ // const name = 'abc123' /** - * Required. The data used previously as a MacSignRequest.data google.cloud.kms.v1.MacSignRequest.data to generate the MAC - * tag. + * Required. The data used previously as a + * MacSignRequest.data google.cloud.kms.v1.MacSignRequest.data to generate + * the MAC tag. */ // const data = 'Buffer.from('string')' /** - * Optional. An optional CRC32C checksum of the MacVerifyRequest.data google.cloud.kms.v1.MacVerifyRequest.data. If - * specified, KeyManagementService google.cloud.kms.v1.KeyManagementService will verify the integrity of the - * received MacVerifyRequest.data google.cloud.kms.v1.MacVerifyRequest.data using this checksum. - * KeyManagementService google.cloud.kms.v1.KeyManagementService will report an error if the checksum verification - * fails. If you receive a checksum error, your client should verify that - * CRC32C(MacVerifyRequest.data google.cloud.kms.v1.MacVerifyRequest.data) is equal to - * MacVerifyRequest.data_crc32c google.cloud.kms.v1.MacVerifyRequest.data_crc32c, and if so, perform a limited - * number of retries. A persistent mismatch may indicate an issue in your - * computation of the CRC32C checksum. - * Note: This field is defined as int64 for reasons of compatibility across - * different languages. However, it is a non-negative integer, which will - * never exceed 2^32-1, and can be safely downconverted to uint32 in languages - * that support this type. + * Optional. An optional CRC32C checksum of the + * MacVerifyRequest.data google.cloud.kms.v1.MacVerifyRequest.data. If + * specified, KeyManagementService google.cloud.kms.v1.KeyManagementService + * will verify the integrity of the received + * MacVerifyRequest.data google.cloud.kms.v1.MacVerifyRequest.data using + * this checksum. + * KeyManagementService google.cloud.kms.v1.KeyManagementService will + * report an error if the checksum verification fails. If you receive a + * checksum error, your client should verify that + * CRC32C(MacVerifyRequest.data google.cloud.kms.v1.MacVerifyRequest.data) + * is equal to + * MacVerifyRequest.data_crc32c google.cloud.kms.v1.MacVerifyRequest.data_crc32c, + * and if so, perform a limited number of retries. A persistent mismatch may + * indicate an issue in your computation of the CRC32C checksum. Note: This + * field is defined as int64 for reasons of compatibility across different + * languages. However, it is a non-negative integer, which will never exceed + * 2^32-1, and can be safely downconverted to uint32 in languages that support + * this type. */ // const dataCrc32c = {} /** @@ -50,19 +58,22 @@ function main(name, data, mac) { */ // const mac = 'Buffer.from('string')' /** - * Optional. An optional CRC32C checksum of the MacVerifyRequest.mac google.cloud.kms.v1.MacVerifyRequest.mac. If - * specified, KeyManagementService google.cloud.kms.v1.KeyManagementService will verify the integrity of the - * received MacVerifyRequest.mac google.cloud.kms.v1.MacVerifyRequest.mac using this checksum. - * KeyManagementService google.cloud.kms.v1.KeyManagementService will report an error if the checksum verification - * fails. If you receive a checksum error, your client should verify that + * Optional. An optional CRC32C checksum of the + * MacVerifyRequest.mac google.cloud.kms.v1.MacVerifyRequest.mac. If + * specified, KeyManagementService google.cloud.kms.v1.KeyManagementService + * will verify the integrity of the received + * MacVerifyRequest.mac google.cloud.kms.v1.MacVerifyRequest.mac using this + * checksum. KeyManagementService google.cloud.kms.v1.KeyManagementService + * will report an error if the checksum verification fails. If you receive a + * checksum error, your client should verify that * CRC32C(MacVerifyRequest.tag ) is equal to - * MacVerifyRequest.mac_crc32c google.cloud.kms.v1.MacVerifyRequest.mac_crc32c, and if so, perform a limited - * number of retries. A persistent mismatch may indicate an issue in your - * computation of the CRC32C checksum. - * Note: This field is defined as int64 for reasons of compatibility across - * different languages. However, it is a non-negative integer, which will - * never exceed 2^32-1, and can be safely downconverted to uint32 in languages - * that support this type. + * MacVerifyRequest.mac_crc32c google.cloud.kms.v1.MacVerifyRequest.mac_crc32c, + * and if so, perform a limited number of retries. A persistent mismatch may + * indicate an issue in your computation of the CRC32C checksum. Note: This + * field is defined as int64 for reasons of compatibility across different + * languages. However, it is a non-negative integer, which will never exceed + * 2^32-1, and can be safely downconverted to uint32 in languages that support + * this type. */ // const macCrc32c = {} diff --git a/samples/generated/v1/key_management_service.restore_crypto_key_version.js b/samples/generated/v1/key_management_service.restore_crypto_key_version.js index 292a0d58..b368aa55 100644 --- a/samples/generated/v1/key_management_service.restore_crypto_key_version.js +++ b/samples/generated/v1/key_management_service.restore_crypto_key_version.js @@ -21,7 +21,8 @@ function main(name) { * TODO(developer): Uncomment these variables before running the sample. */ /** - * Required. The resource name of the CryptoKeyVersion google.cloud.kms.v1.CryptoKeyVersion to restore. + * Required. The resource name of the + * CryptoKeyVersion google.cloud.kms.v1.CryptoKeyVersion to restore. */ // const name = 'abc123' diff --git a/samples/generated/v1/key_management_service.update_crypto_key_primary_version.js b/samples/generated/v1/key_management_service.update_crypto_key_primary_version.js index df374cf9..8f6af0a7 100644 --- a/samples/generated/v1/key_management_service.update_crypto_key_primary_version.js +++ b/samples/generated/v1/key_management_service.update_crypto_key_primary_version.js @@ -21,11 +21,13 @@ function main(name, cryptoKeyVersionId) { * TODO(developer): Uncomment these variables before running the sample. */ /** - * Required. The resource name of the CryptoKey google.cloud.kms.v1.CryptoKey to update. + * Required. The resource name of the + * CryptoKey google.cloud.kms.v1.CryptoKey to update. */ // const name = 'abc123' /** - * Required. The id of the child CryptoKeyVersion google.cloud.kms.v1.CryptoKeyVersion to use as primary. + * Required. The id of the child + * CryptoKeyVersion google.cloud.kms.v1.CryptoKeyVersion to use as primary. */ // const cryptoKeyVersionId = 'abc123' diff --git a/samples/generated/v1/key_management_service.update_crypto_key_version.js b/samples/generated/v1/key_management_service.update_crypto_key_version.js index ace6bc15..eebec6b5 100644 --- a/samples/generated/v1/key_management_service.update_crypto_key_version.js +++ b/samples/generated/v1/key_management_service.update_crypto_key_version.js @@ -21,7 +21,8 @@ function main(cryptoKeyVersion, updateMask) { * TODO(developer): Uncomment these variables before running the sample. */ /** - * Required. CryptoKeyVersion google.cloud.kms.v1.CryptoKeyVersion with updated values. + * Required. CryptoKeyVersion google.cloud.kms.v1.CryptoKeyVersion with + * updated values. */ // const cryptoKeyVersion = {} /** diff --git a/src/index.ts b/src/index.ts index d51ca7b7..b853722f 100644 --- a/src/index.ts +++ b/src/index.ts @@ -18,10 +18,12 @@ import * as v1 from './v1'; +const EkmServiceClient = v1.EkmServiceClient; +type EkmServiceClient = v1.EkmServiceClient; const KeyManagementServiceClient = v1.KeyManagementServiceClient; type KeyManagementServiceClient = v1.KeyManagementServiceClient; -export {v1, KeyManagementServiceClient}; -export default {v1, KeyManagementServiceClient}; +export {v1, EkmServiceClient, KeyManagementServiceClient}; +export default {v1, EkmServiceClient, KeyManagementServiceClient}; import * as protos from '../protos/protos'; export {protos}; diff --git a/src/v1/ekm_service_client.ts b/src/v1/ekm_service_client.ts new file mode 100644 index 00000000..b01e5d05 --- /dev/null +++ b/src/v1/ekm_service_client.ts @@ -0,0 +1,1475 @@ +// Copyright 2022 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// ** This file is automatically generated by gapic-generator-typescript. ** +// ** https://github.com/googleapis/gapic-generator-typescript ** +// ** All changes to this file may be overwritten. ** + +/* global window */ +import * as gax from 'google-gax'; +import { + Callback, + CallOptions, + Descriptors, + ClientOptions, + PaginationCallback, + GaxCall, + IamClient, + IamProtos, +} from 'google-gax'; + +import {Transform} from 'stream'; +import {RequestType} from 'google-gax/build/src/apitypes'; +import * as protos from '../../protos/protos'; +import jsonProtos = require('../../protos/protos.json'); +/** + * Client JSON configuration object, loaded from + * `src/v1/ekm_service_client_config.json`. + * This file defines retry strategy and timeouts for all API methods in this library. + */ +import * as gapicConfig from './ekm_service_client_config.json'; + +const version = require('../../../package.json').version; + +/** + * Google Cloud Key Management EKM Service + * + * Manages external cryptographic keys and operations using those keys. + * Implements a REST model with the following objects: + * * {@link google.cloud.kms.v1.EkmConnection|EkmConnection} + * @class + * @memberof v1 + */ +export class EkmServiceClient { + private _terminated = false; + private _opts: ClientOptions; + private _providedCustomServicePath: boolean; + private _gaxModule: typeof gax | typeof gax.fallback; + private _gaxGrpc: gax.GrpcClient | gax.fallback.GrpcClient; + private _protos: {}; + private _defaults: {[method: string]: gax.CallSettings}; + auth: gax.GoogleAuth; + descriptors: Descriptors = { + page: {}, + stream: {}, + longrunning: {}, + batching: {}, + }; + warn: (code: string, message: string, warnType?: string) => void; + innerApiCalls: {[name: string]: Function}; + iamClient: IamClient; + pathTemplates: {[name: string]: gax.PathTemplate}; + ekmServiceStub?: Promise<{[name: string]: Function}>; + + /** + * Construct an instance of EkmServiceClient. + * + * @param {object} [options] - The configuration object. + * The options accepted by the constructor are described in detail + * in [this document](https://github.com/googleapis/gax-nodejs/blob/master/client-libraries.md#creating-the-client-instance). + * The common options are: + * @param {object} [options.credentials] - Credentials object. + * @param {string} [options.credentials.client_email] + * @param {string} [options.credentials.private_key] + * @param {string} [options.email] - Account email address. Required when + * using a .pem or .p12 keyFilename. + * @param {string} [options.keyFilename] - Full path to the a .json, .pem, or + * .p12 key downloaded from the Google Developers Console. If you provide + * a path to a JSON file, the projectId option below is not necessary. + * NOTE: .pem and .p12 require you to specify options.email as well. + * @param {number} [options.port] - The port on which to connect to + * the remote host. + * @param {string} [options.projectId] - The project ID from the Google + * Developer's Console, e.g. 'grape-spaceship-123'. We will also check + * the environment variable GCLOUD_PROJECT for your project ID. If your + * app is running in an environment which supports + * {@link https://developers.google.com/identity/protocols/application-default-credentials Application Default Credentials}, + * your project ID will be detected automatically. + * @param {string} [options.apiEndpoint] - The domain name of the + * API remote host. + * @param {gax.ClientConfig} [options.clientConfig] - Client configuration override. + * Follows the structure of {@link gapicConfig}. + * @param {boolean} [options.fallback] - Use HTTP fallback mode. + * In fallback mode, a special browser-compatible transport implementation is used + * instead of gRPC transport. In browser context (if the `window` object is defined) + * the fallback mode is enabled automatically; set `options.fallback` to `false` + * if you need to override this behavior. + */ + constructor(opts?: ClientOptions) { + // Ensure that options include all the required fields. + const staticMembers = this.constructor as typeof EkmServiceClient; + const servicePath = + opts?.servicePath || opts?.apiEndpoint || staticMembers.servicePath; + this._providedCustomServicePath = !!( + opts?.servicePath || opts?.apiEndpoint + ); + const port = opts?.port || staticMembers.port; + const clientConfig = opts?.clientConfig ?? {}; + const fallback = + opts?.fallback ?? + (typeof window !== 'undefined' && typeof window?.fetch === 'function'); + opts = Object.assign({servicePath, port, clientConfig, fallback}, opts); + + // If scopes are unset in options and we're connecting to a non-default endpoint, set scopes just in case. + if (servicePath !== staticMembers.servicePath && !('scopes' in opts)) { + opts['scopes'] = staticMembers.scopes; + } + + // Choose either gRPC or proto-over-HTTP implementation of google-gax. + this._gaxModule = opts.fallback ? gax.fallback : gax; + + // Create a `gaxGrpc` object, with any grpc-specific options sent to the client. + this._gaxGrpc = new this._gaxModule.GrpcClient(opts); + + // Save options to use in initialize() method. + this._opts = opts; + + // Save the auth object to the client, for use by other methods. + this.auth = this._gaxGrpc.auth as gax.GoogleAuth; + + // Set useJWTAccessWithScope on the auth object. + this.auth.useJWTAccessWithScope = true; + + // Set defaultServicePath on the auth object. + this.auth.defaultServicePath = staticMembers.servicePath; + + // Set the default scopes in auth client if needed. + if (servicePath === staticMembers.servicePath) { + this.auth.defaultScopes = staticMembers.scopes; + } + this.iamClient = new IamClient(this._gaxGrpc, opts); + + // Determine the client header string. + const clientHeader = [`gax/${this._gaxModule.version}`, `gapic/${version}`]; + if (typeof process !== 'undefined' && 'versions' in process) { + clientHeader.push(`gl-node/${process.versions.node}`); + } else { + clientHeader.push(`gl-web/${this._gaxModule.version}`); + } + if (!opts.fallback) { + clientHeader.push(`grpc/${this._gaxGrpc.grpcVersion}`); + } else if (opts.fallback === 'rest') { + clientHeader.push(`rest/${this._gaxGrpc.grpcVersion}`); + } + if (opts.libName && opts.libVersion) { + clientHeader.push(`${opts.libName}/${opts.libVersion}`); + } + // Load the applicable protos. + this._protos = this._gaxGrpc.loadProtoJSON(jsonProtos); + + // This API contains "path templates"; forward-slash-separated + // identifiers to uniquely identify resources within the API. + // Create useful helper objects for these. + this.pathTemplates = { + cryptoKeyPathTemplate: new this._gaxModule.PathTemplate( + 'projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}' + ), + cryptoKeyVersionPathTemplate: new this._gaxModule.PathTemplate( + 'projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}/cryptoKeyVersions/{crypto_key_version}' + ), + ekmConnectionPathTemplate: new this._gaxModule.PathTemplate( + 'projects/{project}/locations/{location}/ekmConnections/{ekm_connection}' + ), + importJobPathTemplate: new this._gaxModule.PathTemplate( + 'projects/{project}/locations/{location}/keyRings/{key_ring}/importJobs/{import_job}' + ), + keyRingPathTemplate: new this._gaxModule.PathTemplate( + 'projects/{project}/locations/{location}/keyRings/{key_ring}' + ), + locationPathTemplate: new this._gaxModule.PathTemplate( + 'projects/{project}/locations/{location}' + ), + publicKeyPathTemplate: new this._gaxModule.PathTemplate( + 'projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}/cryptoKeyVersions/{crypto_key_version}/publicKey' + ), + }; + + // Some of the methods on this service return "paged" results, + // (e.g. 50 results at a time, with tokens to get subsequent + // pages). Denote the keys used for pagination and results. + this.descriptors.page = { + listEkmConnections: new this._gaxModule.PageDescriptor( + 'pageToken', + 'nextPageToken', + 'ekmConnections' + ), + }; + + // Put together the default options sent with requests. + this._defaults = this._gaxGrpc.constructSettings( + 'google.cloud.kms.v1.EkmService', + gapicConfig as gax.ClientConfig, + opts.clientConfig || {}, + {'x-goog-api-client': clientHeader.join(' ')} + ); + + // Set up a dictionary of "inner API calls"; the core implementation + // of calling the API is handled in `google-gax`, with this code + // merely providing the destination and request information. + this.innerApiCalls = {}; + + // Add a warn function to the client constructor so it can be easily tested. + this.warn = gax.warn; + } + + /** + * Initialize the client. + * Performs asynchronous operations (such as authentication) and prepares the client. + * This function will be called automatically when any class method is called for the + * first time, but if you need to initialize it before calling an actual method, + * feel free to call initialize() directly. + * + * You can await on this method if you want to make sure the client is initialized. + * + * @returns {Promise} A promise that resolves to an authenticated service stub. + */ + initialize() { + // If the client stub promise is already initialized, return immediately. + if (this.ekmServiceStub) { + return this.ekmServiceStub; + } + + // Put together the "service stub" for + // google.cloud.kms.v1.EkmService. + this.ekmServiceStub = this._gaxGrpc.createStub( + this._opts.fallback + ? (this._protos as protobuf.Root).lookupService( + 'google.cloud.kms.v1.EkmService' + ) + : // eslint-disable-next-line @typescript-eslint/no-explicit-any + (this._protos as any).google.cloud.kms.v1.EkmService, + this._opts, + this._providedCustomServicePath + ) as Promise<{[method: string]: Function}>; + + // Iterate over each of the methods that the service provides + // and create an API call method for each. + const ekmServiceStubMethods = [ + 'listEkmConnections', + 'getEkmConnection', + 'createEkmConnection', + 'updateEkmConnection', + ]; + for (const methodName of ekmServiceStubMethods) { + const callPromise = this.ekmServiceStub.then( + stub => + (...args: Array<{}>) => { + if (this._terminated) { + return Promise.reject('The client has already been closed.'); + } + const func = stub[methodName]; + return func.apply(stub, args); + }, + (err: Error | null | undefined) => () => { + throw err; + } + ); + + const descriptor = this.descriptors.page[methodName] || undefined; + const apiCall = this._gaxModule.createApiCall( + callPromise, + this._defaults[methodName], + descriptor + ); + + this.innerApiCalls[methodName] = apiCall; + } + + return this.ekmServiceStub; + } + + /** + * The DNS address for this API service. + * @returns {string} The DNS address for this service. + */ + static get servicePath() { + return 'cloudkms.googleapis.com'; + } + + /** + * The DNS address for this API service - same as servicePath(), + * exists for compatibility reasons. + * @returns {string} The DNS address for this service. + */ + static get apiEndpoint() { + return 'cloudkms.googleapis.com'; + } + + /** + * The port for this API service. + * @returns {number} The default port for this service. + */ + static get port() { + return 443; + } + + /** + * The scopes needed to make gRPC calls for every method defined + * in this service. + * @returns {string[]} List of default scopes. + */ + static get scopes() { + return [ + 'https://www.googleapis.com/auth/cloud-platform', + 'https://www.googleapis.com/auth/cloudkms', + ]; + } + + getProjectId(): Promise; + getProjectId(callback: Callback): void; + /** + * Return the project ID used by this class. + * @returns {Promise} A promise that resolves to string containing the project ID. + */ + getProjectId( + callback?: Callback + ): Promise | void { + if (callback) { + this.auth.getProjectId(callback); + return; + } + return this.auth.getProjectId(); + } + + // ------------------- + // -- Service calls -- + // ------------------- + /** + * Returns metadata for a given + * {@link google.cloud.kms.v1.EkmConnection|EkmConnection}. + * + * @param {Object} request + * The request object that will be sent. + * @param {string} request.name + * Required. The {@link google.cloud.kms.v1.EkmConnection.name|name} of the + * {@link google.cloud.kms.v1.EkmConnection|EkmConnection} to get. + * @param {object} [options] + * Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html|CallOptions} for more details. + * @returns {Promise} - The promise which resolves to an array. + * The first element of the array is an object representing [EkmConnection]{@link google.cloud.kms.v1.EkmConnection}. + * Please see the + * [documentation](https://github.com/googleapis/gax-nodejs/blob/master/client-libraries.md#regular-methods) + * for more details and examples. + * @example include:samples/generated/v1/ekm_service.get_ekm_connection.js + * region_tag:cloudkms_v1_generated_EkmService_GetEkmConnection_async + */ + getEkmConnection( + request?: protos.google.cloud.kms.v1.IGetEkmConnectionRequest, + options?: CallOptions + ): Promise< + [ + protos.google.cloud.kms.v1.IEkmConnection, + protos.google.cloud.kms.v1.IGetEkmConnectionRequest | undefined, + {} | undefined + ] + >; + getEkmConnection( + request: protos.google.cloud.kms.v1.IGetEkmConnectionRequest, + options: CallOptions, + callback: Callback< + protos.google.cloud.kms.v1.IEkmConnection, + protos.google.cloud.kms.v1.IGetEkmConnectionRequest | null | undefined, + {} | null | undefined + > + ): void; + getEkmConnection( + request: protos.google.cloud.kms.v1.IGetEkmConnectionRequest, + callback: Callback< + protos.google.cloud.kms.v1.IEkmConnection, + protos.google.cloud.kms.v1.IGetEkmConnectionRequest | null | undefined, + {} | null | undefined + > + ): void; + getEkmConnection( + request?: protos.google.cloud.kms.v1.IGetEkmConnectionRequest, + optionsOrCallback?: + | CallOptions + | Callback< + protos.google.cloud.kms.v1.IEkmConnection, + | protos.google.cloud.kms.v1.IGetEkmConnectionRequest + | null + | undefined, + {} | null | undefined + >, + callback?: Callback< + protos.google.cloud.kms.v1.IEkmConnection, + protos.google.cloud.kms.v1.IGetEkmConnectionRequest | null | undefined, + {} | null | undefined + > + ): Promise< + [ + protos.google.cloud.kms.v1.IEkmConnection, + protos.google.cloud.kms.v1.IGetEkmConnectionRequest | undefined, + {} | undefined + ] + > | void { + request = request || {}; + let options: CallOptions; + if (typeof optionsOrCallback === 'function' && callback === undefined) { + callback = optionsOrCallback; + options = {}; + } else { + options = optionsOrCallback as CallOptions; + } + options = options || {}; + options.otherArgs = options.otherArgs || {}; + options.otherArgs.headers = options.otherArgs.headers || {}; + options.otherArgs.headers['x-goog-request-params'] = + gax.routingHeader.fromParams({ + name: request.name || '', + }); + this.initialize(); + return this.innerApiCalls.getEkmConnection(request, options, callback); + } + /** + * Creates a new {@link google.cloud.kms.v1.EkmConnection|EkmConnection} in a given + * Project and Location. + * + * @param {Object} request + * The request object that will be sent. + * @param {string} request.parent + * Required. The resource name of the location associated with the + * {@link google.cloud.kms.v1.EkmConnection|EkmConnection}, in the format + * `projects/* /locations/*`. + * @param {string} request.ekmConnectionId + * Required. It must be unique within a location and match the regular + * expression `[a-zA-Z0-9_-]{1,63}`. + * @param {google.cloud.kms.v1.EkmConnection} request.ekmConnection + * Required. An {@link google.cloud.kms.v1.EkmConnection|EkmConnection} with + * initial field values. + * @param {object} [options] + * Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html|CallOptions} for more details. + * @returns {Promise} - The promise which resolves to an array. + * The first element of the array is an object representing [EkmConnection]{@link google.cloud.kms.v1.EkmConnection}. + * Please see the + * [documentation](https://github.com/googleapis/gax-nodejs/blob/master/client-libraries.md#regular-methods) + * for more details and examples. + * @example include:samples/generated/v1/ekm_service.create_ekm_connection.js + * region_tag:cloudkms_v1_generated_EkmService_CreateEkmConnection_async + */ + createEkmConnection( + request?: protos.google.cloud.kms.v1.ICreateEkmConnectionRequest, + options?: CallOptions + ): Promise< + [ + protos.google.cloud.kms.v1.IEkmConnection, + protos.google.cloud.kms.v1.ICreateEkmConnectionRequest | undefined, + {} | undefined + ] + >; + createEkmConnection( + request: protos.google.cloud.kms.v1.ICreateEkmConnectionRequest, + options: CallOptions, + callback: Callback< + protos.google.cloud.kms.v1.IEkmConnection, + protos.google.cloud.kms.v1.ICreateEkmConnectionRequest | null | undefined, + {} | null | undefined + > + ): void; + createEkmConnection( + request: protos.google.cloud.kms.v1.ICreateEkmConnectionRequest, + callback: Callback< + protos.google.cloud.kms.v1.IEkmConnection, + protos.google.cloud.kms.v1.ICreateEkmConnectionRequest | null | undefined, + {} | null | undefined + > + ): void; + createEkmConnection( + request?: protos.google.cloud.kms.v1.ICreateEkmConnectionRequest, + optionsOrCallback?: + | CallOptions + | Callback< + protos.google.cloud.kms.v1.IEkmConnection, + | protos.google.cloud.kms.v1.ICreateEkmConnectionRequest + | null + | undefined, + {} | null | undefined + >, + callback?: Callback< + protos.google.cloud.kms.v1.IEkmConnection, + protos.google.cloud.kms.v1.ICreateEkmConnectionRequest | null | undefined, + {} | null | undefined + > + ): Promise< + [ + protos.google.cloud.kms.v1.IEkmConnection, + protos.google.cloud.kms.v1.ICreateEkmConnectionRequest | undefined, + {} | undefined + ] + > | void { + request = request || {}; + let options: CallOptions; + if (typeof optionsOrCallback === 'function' && callback === undefined) { + callback = optionsOrCallback; + options = {}; + } else { + options = optionsOrCallback as CallOptions; + } + options = options || {}; + options.otherArgs = options.otherArgs || {}; + options.otherArgs.headers = options.otherArgs.headers || {}; + options.otherArgs.headers['x-goog-request-params'] = + gax.routingHeader.fromParams({ + parent: request.parent || '', + }); + this.initialize(); + return this.innerApiCalls.createEkmConnection(request, options, callback); + } + /** + * Updates an {@link google.cloud.kms.v1.EkmConnection|EkmConnection}'s metadata. + * + * @param {Object} request + * The request object that will be sent. + * @param {google.cloud.kms.v1.EkmConnection} request.ekmConnection + * Required. {@link google.cloud.kms.v1.EkmConnection|EkmConnection} with updated + * values. + * @param {google.protobuf.FieldMask} request.updateMask + * Required. List of fields to be updated in this request. + * @param {object} [options] + * Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html|CallOptions} for more details. + * @returns {Promise} - The promise which resolves to an array. + * The first element of the array is an object representing [EkmConnection]{@link google.cloud.kms.v1.EkmConnection}. + * Please see the + * [documentation](https://github.com/googleapis/gax-nodejs/blob/master/client-libraries.md#regular-methods) + * for more details and examples. + * @example include:samples/generated/v1/ekm_service.update_ekm_connection.js + * region_tag:cloudkms_v1_generated_EkmService_UpdateEkmConnection_async + */ + updateEkmConnection( + request?: protos.google.cloud.kms.v1.IUpdateEkmConnectionRequest, + options?: CallOptions + ): Promise< + [ + protos.google.cloud.kms.v1.IEkmConnection, + protos.google.cloud.kms.v1.IUpdateEkmConnectionRequest | undefined, + {} | undefined + ] + >; + updateEkmConnection( + request: protos.google.cloud.kms.v1.IUpdateEkmConnectionRequest, + options: CallOptions, + callback: Callback< + protos.google.cloud.kms.v1.IEkmConnection, + protos.google.cloud.kms.v1.IUpdateEkmConnectionRequest | null | undefined, + {} | null | undefined + > + ): void; + updateEkmConnection( + request: protos.google.cloud.kms.v1.IUpdateEkmConnectionRequest, + callback: Callback< + protos.google.cloud.kms.v1.IEkmConnection, + protos.google.cloud.kms.v1.IUpdateEkmConnectionRequest | null | undefined, + {} | null | undefined + > + ): void; + updateEkmConnection( + request?: protos.google.cloud.kms.v1.IUpdateEkmConnectionRequest, + optionsOrCallback?: + | CallOptions + | Callback< + protos.google.cloud.kms.v1.IEkmConnection, + | protos.google.cloud.kms.v1.IUpdateEkmConnectionRequest + | null + | undefined, + {} | null | undefined + >, + callback?: Callback< + protos.google.cloud.kms.v1.IEkmConnection, + protos.google.cloud.kms.v1.IUpdateEkmConnectionRequest | null | undefined, + {} | null | undefined + > + ): Promise< + [ + protos.google.cloud.kms.v1.IEkmConnection, + protos.google.cloud.kms.v1.IUpdateEkmConnectionRequest | undefined, + {} | undefined + ] + > | void { + request = request || {}; + let options: CallOptions; + if (typeof optionsOrCallback === 'function' && callback === undefined) { + callback = optionsOrCallback; + options = {}; + } else { + options = optionsOrCallback as CallOptions; + } + options = options || {}; + options.otherArgs = options.otherArgs || {}; + options.otherArgs.headers = options.otherArgs.headers || {}; + options.otherArgs.headers['x-goog-request-params'] = + gax.routingHeader.fromParams({ + 'ekm_connection.name': request.ekmConnection!.name || '', + }); + this.initialize(); + return this.innerApiCalls.updateEkmConnection(request, options, callback); + } + + /** + * Lists {@link google.cloud.kms.v1.EkmConnection|EkmConnections}. + * + * @param {Object} request + * The request object that will be sent. + * @param {string} request.parent + * Required. The resource name of the location associated with the + * {@link google.cloud.kms.v1.EkmConnection|EkmConnections} to list, in the format + * `projects/* /locations/*`. + * @param {number} [request.pageSize] + * Optional. Optional limit on the number of + * {@link google.cloud.kms.v1.EkmConnection|EkmConnections} to include in the + * response. Further {@link google.cloud.kms.v1.EkmConnection|EkmConnections} can + * subsequently be obtained by including the + * {@link google.cloud.kms.v1.ListEkmConnectionsResponse.next_page_token|ListEkmConnectionsResponse.next_page_token} + * in a subsequent request. If unspecified, the server will pick an + * appropriate default. + * @param {string} [request.pageToken] + * Optional. Optional pagination token, returned earlier via + * {@link google.cloud.kms.v1.ListEkmConnectionsResponse.next_page_token|ListEkmConnectionsResponse.next_page_token}. + * @param {string} [request.filter] + * Optional. Only include resources that match the filter in the response. For + * more information, see + * [Sorting and filtering list + * results](https://cloud.google.com/kms/docs/sorting-and-filtering). + * @param {string} [request.orderBy] + * Optional. Specify how the results should be sorted. If not specified, the + * results will be sorted in the default order. For more information, see + * [Sorting and filtering list + * results](https://cloud.google.com/kms/docs/sorting-and-filtering). + * @param {object} [options] + * Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html|CallOptions} for more details. + * @returns {Promise} - The promise which resolves to an array. + * The first element of the array is Array of [EkmConnection]{@link google.cloud.kms.v1.EkmConnection}. + * The client library will perform auto-pagination by default: it will call the API as many + * times as needed and will merge results from all the pages into this array. + * Note that it can affect your quota. + * We recommend using `listEkmConnectionsAsync()` + * method described below for async iteration which you can stop as needed. + * Please see the + * [documentation](https://github.com/googleapis/gax-nodejs/blob/master/client-libraries.md#auto-pagination) + * for more details and examples. + */ + listEkmConnections( + request?: protos.google.cloud.kms.v1.IListEkmConnectionsRequest, + options?: CallOptions + ): Promise< + [ + protos.google.cloud.kms.v1.IEkmConnection[], + protos.google.cloud.kms.v1.IListEkmConnectionsRequest | null, + protos.google.cloud.kms.v1.IListEkmConnectionsResponse + ] + >; + listEkmConnections( + request: protos.google.cloud.kms.v1.IListEkmConnectionsRequest, + options: CallOptions, + callback: PaginationCallback< + protos.google.cloud.kms.v1.IListEkmConnectionsRequest, + protos.google.cloud.kms.v1.IListEkmConnectionsResponse | null | undefined, + protos.google.cloud.kms.v1.IEkmConnection + > + ): void; + listEkmConnections( + request: protos.google.cloud.kms.v1.IListEkmConnectionsRequest, + callback: PaginationCallback< + protos.google.cloud.kms.v1.IListEkmConnectionsRequest, + protos.google.cloud.kms.v1.IListEkmConnectionsResponse | null | undefined, + protos.google.cloud.kms.v1.IEkmConnection + > + ): void; + listEkmConnections( + request?: protos.google.cloud.kms.v1.IListEkmConnectionsRequest, + optionsOrCallback?: + | CallOptions + | PaginationCallback< + protos.google.cloud.kms.v1.IListEkmConnectionsRequest, + | protos.google.cloud.kms.v1.IListEkmConnectionsResponse + | null + | undefined, + protos.google.cloud.kms.v1.IEkmConnection + >, + callback?: PaginationCallback< + protos.google.cloud.kms.v1.IListEkmConnectionsRequest, + protos.google.cloud.kms.v1.IListEkmConnectionsResponse | null | undefined, + protos.google.cloud.kms.v1.IEkmConnection + > + ): Promise< + [ + protos.google.cloud.kms.v1.IEkmConnection[], + protos.google.cloud.kms.v1.IListEkmConnectionsRequest | null, + protos.google.cloud.kms.v1.IListEkmConnectionsResponse + ] + > | void { + request = request || {}; + let options: CallOptions; + if (typeof optionsOrCallback === 'function' && callback === undefined) { + callback = optionsOrCallback; + options = {}; + } else { + options = optionsOrCallback as CallOptions; + } + options = options || {}; + options.otherArgs = options.otherArgs || {}; + options.otherArgs.headers = options.otherArgs.headers || {}; + options.otherArgs.headers['x-goog-request-params'] = + gax.routingHeader.fromParams({ + parent: request.parent || '', + }); + this.initialize(); + return this.innerApiCalls.listEkmConnections(request, options, callback); + } + + /** + * Equivalent to `method.name.toCamelCase()`, but returns a NodeJS Stream object. + * @param {Object} request + * The request object that will be sent. + * @param {string} request.parent + * Required. The resource name of the location associated with the + * {@link google.cloud.kms.v1.EkmConnection|EkmConnections} to list, in the format + * `projects/* /locations/*`. + * @param {number} [request.pageSize] + * Optional. Optional limit on the number of + * {@link google.cloud.kms.v1.EkmConnection|EkmConnections} to include in the + * response. Further {@link google.cloud.kms.v1.EkmConnection|EkmConnections} can + * subsequently be obtained by including the + * {@link google.cloud.kms.v1.ListEkmConnectionsResponse.next_page_token|ListEkmConnectionsResponse.next_page_token} + * in a subsequent request. If unspecified, the server will pick an + * appropriate default. + * @param {string} [request.pageToken] + * Optional. Optional pagination token, returned earlier via + * {@link google.cloud.kms.v1.ListEkmConnectionsResponse.next_page_token|ListEkmConnectionsResponse.next_page_token}. + * @param {string} [request.filter] + * Optional. Only include resources that match the filter in the response. For + * more information, see + * [Sorting and filtering list + * results](https://cloud.google.com/kms/docs/sorting-and-filtering). + * @param {string} [request.orderBy] + * Optional. Specify how the results should be sorted. If not specified, the + * results will be sorted in the default order. For more information, see + * [Sorting and filtering list + * results](https://cloud.google.com/kms/docs/sorting-and-filtering). + * @param {object} [options] + * Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html|CallOptions} for more details. + * @returns {Stream} + * An object stream which emits an object representing [EkmConnection]{@link google.cloud.kms.v1.EkmConnection} on 'data' event. + * The client library will perform auto-pagination by default: it will call the API as many + * times as needed. Note that it can affect your quota. + * We recommend using `listEkmConnectionsAsync()` + * method described below for async iteration which you can stop as needed. + * Please see the + * [documentation](https://github.com/googleapis/gax-nodejs/blob/master/client-libraries.md#auto-pagination) + * for more details and examples. + */ + listEkmConnectionsStream( + request?: protos.google.cloud.kms.v1.IListEkmConnectionsRequest, + options?: CallOptions + ): Transform { + request = request || {}; + options = options || {}; + options.otherArgs = options.otherArgs || {}; + options.otherArgs.headers = options.otherArgs.headers || {}; + options.otherArgs.headers['x-goog-request-params'] = + gax.routingHeader.fromParams({ + parent: request.parent || '', + }); + const defaultCallSettings = this._defaults['listEkmConnections']; + const callSettings = defaultCallSettings.merge(options); + this.initialize(); + return this.descriptors.page.listEkmConnections.createStream( + this.innerApiCalls.listEkmConnections as gax.GaxCall, + request, + callSettings + ); + } + + /** + * Equivalent to `listEkmConnections`, but returns an iterable object. + * + * `for`-`await`-`of` syntax is used with the iterable to get response elements on-demand. + * @param {Object} request + * The request object that will be sent. + * @param {string} request.parent + * Required. The resource name of the location associated with the + * {@link google.cloud.kms.v1.EkmConnection|EkmConnections} to list, in the format + * `projects/* /locations/*`. + * @param {number} [request.pageSize] + * Optional. Optional limit on the number of + * {@link google.cloud.kms.v1.EkmConnection|EkmConnections} to include in the + * response. Further {@link google.cloud.kms.v1.EkmConnection|EkmConnections} can + * subsequently be obtained by including the + * {@link google.cloud.kms.v1.ListEkmConnectionsResponse.next_page_token|ListEkmConnectionsResponse.next_page_token} + * in a subsequent request. If unspecified, the server will pick an + * appropriate default. + * @param {string} [request.pageToken] + * Optional. Optional pagination token, returned earlier via + * {@link google.cloud.kms.v1.ListEkmConnectionsResponse.next_page_token|ListEkmConnectionsResponse.next_page_token}. + * @param {string} [request.filter] + * Optional. Only include resources that match the filter in the response. For + * more information, see + * [Sorting and filtering list + * results](https://cloud.google.com/kms/docs/sorting-and-filtering). + * @param {string} [request.orderBy] + * Optional. Specify how the results should be sorted. If not specified, the + * results will be sorted in the default order. For more information, see + * [Sorting and filtering list + * results](https://cloud.google.com/kms/docs/sorting-and-filtering). + * @param {object} [options] + * Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html|CallOptions} for more details. + * @returns {Object} + * An iterable Object that allows [async iteration](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Iteration_protocols). + * When you iterate the returned iterable, each element will be an object representing + * [EkmConnection]{@link google.cloud.kms.v1.EkmConnection}. The API will be called under the hood as needed, once per the page, + * so you can stop the iteration when you don't need more results. + * Please see the + * [documentation](https://github.com/googleapis/gax-nodejs/blob/master/client-libraries.md#auto-pagination) + * for more details and examples. + * @example include:samples/generated/v1/ekm_service.list_ekm_connections.js + * region_tag:cloudkms_v1_generated_EkmService_ListEkmConnections_async + */ + listEkmConnectionsAsync( + request?: protos.google.cloud.kms.v1.IListEkmConnectionsRequest, + options?: CallOptions + ): AsyncIterable { + request = request || {}; + options = options || {}; + options.otherArgs = options.otherArgs || {}; + options.otherArgs.headers = options.otherArgs.headers || {}; + options.otherArgs.headers['x-goog-request-params'] = + gax.routingHeader.fromParams({ + parent: request.parent || '', + }); + const defaultCallSettings = this._defaults['listEkmConnections']; + const callSettings = defaultCallSettings.merge(options); + this.initialize(); + return this.descriptors.page.listEkmConnections.asyncIterate( + this.innerApiCalls['listEkmConnections'] as GaxCall, + request as unknown as RequestType, + callSettings + ) as AsyncIterable; + } + /** + * Gets the access control policy for a resource. Returns an empty policy + * if the resource exists and does not have a policy set. + * + * @param {Object} request + * The request object that will be sent. + * @param {string} request.resource + * REQUIRED: The resource for which the policy is being requested. + * See the operation documentation for the appropriate value for this field. + * @param {Object} [request.options] + * OPTIONAL: A `GetPolicyOptions` object for specifying options to + * `GetIamPolicy`. This field is only used by Cloud IAM. + * + * This object should have the same structure as [GetPolicyOptions]{@link google.iam.v1.GetPolicyOptions} + * @param {Object} [options] + * Optional parameters. You can override the default settings for this call, e.g, timeout, + * retries, paginations, etc. See [gax.CallOptions]{@link https://googleapis.github.io/gax-nodejs/interfaces/CallOptions.html} for the details. + * @param {function(?Error, ?Object)} [callback] + * The function which will be called with the result of the API call. + * + * The second parameter to the callback is an object representing [Policy]{@link google.iam.v1.Policy}. + * @returns {Promise} - The promise which resolves to an array. + * The first element of the array is an object representing [Policy]{@link google.iam.v1.Policy}. + * The promise has a method named "cancel" which cancels the ongoing API call. + */ + getIamPolicy( + request: IamProtos.google.iam.v1.GetIamPolicyRequest, + options?: + | gax.CallOptions + | Callback< + IamProtos.google.iam.v1.Policy, + IamProtos.google.iam.v1.GetIamPolicyRequest | null | undefined, + {} | null | undefined + >, + callback?: Callback< + IamProtos.google.iam.v1.Policy, + IamProtos.google.iam.v1.GetIamPolicyRequest | null | undefined, + {} | null | undefined + > + ): Promise { + return this.iamClient.getIamPolicy(request, options, callback); + } + + /** + * Returns permissions that a caller has on the specified resource. If the + * resource does not exist, this will return an empty set of + * permissions, not a NOT_FOUND error. + * + * Note: This operation is designed to be used for building + * permission-aware UIs and command-line tools, not for authorization + * checking. This operation may "fail open" without warning. + * + * @param {Object} request + * The request object that will be sent. + * @param {string} request.resource + * REQUIRED: The resource for which the policy detail is being requested. + * See the operation documentation for the appropriate value for this field. + * @param {string[]} request.permissions + * The set of permissions to check for the `resource`. Permissions with + * wildcards (such as '*' or 'storage.*') are not allowed. For more + * information see + * [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions). + * @param {Object} [options] + * Optional parameters. You can override the default settings for this call, e.g, timeout, + * retries, paginations, etc. See [gax.CallOptions]{@link https://googleapis.github.io/gax-nodejs/interfaces/CallOptions.html} for the details. + * @param {function(?Error, ?Object)} [callback] + * The function which will be called with the result of the API call. + * + * The second parameter to the callback is an object representing [TestIamPermissionsResponse]{@link google.iam.v1.TestIamPermissionsResponse}. + * @returns {Promise} - The promise which resolves to an array. + * The first element of the array is an object representing [TestIamPermissionsResponse]{@link google.iam.v1.TestIamPermissionsResponse}. + * The promise has a method named "cancel" which cancels the ongoing API call. + */ + setIamPolicy( + request: IamProtos.google.iam.v1.SetIamPolicyRequest, + options?: + | gax.CallOptions + | Callback< + IamProtos.google.iam.v1.Policy, + IamProtos.google.iam.v1.SetIamPolicyRequest | null | undefined, + {} | null | undefined + >, + callback?: Callback< + IamProtos.google.iam.v1.Policy, + IamProtos.google.iam.v1.SetIamPolicyRequest | null | undefined, + {} | null | undefined + > + ): Promise { + return this.iamClient.setIamPolicy(request, options, callback); + } + + /** + * Returns permissions that a caller has on the specified resource. If the + * resource does not exist, this will return an empty set of + * permissions, not a NOT_FOUND error. + * + * Note: This operation is designed to be used for building + * permission-aware UIs and command-line tools, not for authorization + * checking. This operation may "fail open" without warning. + * + * @param {Object} request + * The request object that will be sent. + * @param {string} request.resource + * REQUIRED: The resource for which the policy detail is being requested. + * See the operation documentation for the appropriate value for this field. + * @param {string[]} request.permissions + * The set of permissions to check for the `resource`. Permissions with + * wildcards (such as '*' or 'storage.*') are not allowed. For more + * information see + * [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions). + * @param {Object} [options] + * Optional parameters. You can override the default settings for this call, e.g, timeout, + * retries, paginations, etc. See [gax.CallOptions]{@link https://googleapis.github.io/gax-nodejs/interfaces/CallOptions.html} for the details. + * @param {function(?Error, ?Object)} [callback] + * The function which will be called with the result of the API call. + * + * The second parameter to the callback is an object representing [TestIamPermissionsResponse]{@link google.iam.v1.TestIamPermissionsResponse}. + * @returns {Promise} - The promise which resolves to an array. + * The first element of the array is an object representing [TestIamPermissionsResponse]{@link google.iam.v1.TestIamPermissionsResponse}. + * The promise has a method named "cancel" which cancels the ongoing API call. + * + */ + testIamPermissions( + request: IamProtos.google.iam.v1.TestIamPermissionsRequest, + options?: + | gax.CallOptions + | Callback< + IamProtos.google.iam.v1.TestIamPermissionsResponse, + IamProtos.google.iam.v1.TestIamPermissionsRequest | null | undefined, + {} | null | undefined + >, + callback?: Callback< + IamProtos.google.iam.v1.TestIamPermissionsResponse, + IamProtos.google.iam.v1.TestIamPermissionsRequest | null | undefined, + {} | null | undefined + > + ): Promise { + return this.iamClient.testIamPermissions(request, options, callback); + } + + // -------------------- + // -- Path templates -- + // -------------------- + + /** + * Return a fully-qualified cryptoKey resource name string. + * + * @param {string} project + * @param {string} location + * @param {string} key_ring + * @param {string} crypto_key + * @returns {string} Resource name string. + */ + cryptoKeyPath( + project: string, + location: string, + keyRing: string, + cryptoKey: string + ) { + return this.pathTemplates.cryptoKeyPathTemplate.render({ + project: project, + location: location, + key_ring: keyRing, + crypto_key: cryptoKey, + }); + } + + /** + * Parse the project from CryptoKey resource. + * + * @param {string} cryptoKeyName + * A fully-qualified path representing CryptoKey resource. + * @returns {string} A string representing the project. + */ + matchProjectFromCryptoKeyName(cryptoKeyName: string) { + return this.pathTemplates.cryptoKeyPathTemplate.match(cryptoKeyName) + .project; + } + + /** + * Parse the location from CryptoKey resource. + * + * @param {string} cryptoKeyName + * A fully-qualified path representing CryptoKey resource. + * @returns {string} A string representing the location. + */ + matchLocationFromCryptoKeyName(cryptoKeyName: string) { + return this.pathTemplates.cryptoKeyPathTemplate.match(cryptoKeyName) + .location; + } + + /** + * Parse the key_ring from CryptoKey resource. + * + * @param {string} cryptoKeyName + * A fully-qualified path representing CryptoKey resource. + * @returns {string} A string representing the key_ring. + */ + matchKeyRingFromCryptoKeyName(cryptoKeyName: string) { + return this.pathTemplates.cryptoKeyPathTemplate.match(cryptoKeyName) + .key_ring; + } + + /** + * Parse the crypto_key from CryptoKey resource. + * + * @param {string} cryptoKeyName + * A fully-qualified path representing CryptoKey resource. + * @returns {string} A string representing the crypto_key. + */ + matchCryptoKeyFromCryptoKeyName(cryptoKeyName: string) { + return this.pathTemplates.cryptoKeyPathTemplate.match(cryptoKeyName) + .crypto_key; + } + + /** + * Return a fully-qualified cryptoKeyVersion resource name string. + * + * @param {string} project + * @param {string} location + * @param {string} key_ring + * @param {string} crypto_key + * @param {string} crypto_key_version + * @returns {string} Resource name string. + */ + cryptoKeyVersionPath( + project: string, + location: string, + keyRing: string, + cryptoKey: string, + cryptoKeyVersion: string + ) { + return this.pathTemplates.cryptoKeyVersionPathTemplate.render({ + project: project, + location: location, + key_ring: keyRing, + crypto_key: cryptoKey, + crypto_key_version: cryptoKeyVersion, + }); + } + + /** + * Parse the project from CryptoKeyVersion resource. + * + * @param {string} cryptoKeyVersionName + * A fully-qualified path representing CryptoKeyVersion resource. + * @returns {string} A string representing the project. + */ + matchProjectFromCryptoKeyVersionName(cryptoKeyVersionName: string) { + return this.pathTemplates.cryptoKeyVersionPathTemplate.match( + cryptoKeyVersionName + ).project; + } + + /** + * Parse the location from CryptoKeyVersion resource. + * + * @param {string} cryptoKeyVersionName + * A fully-qualified path representing CryptoKeyVersion resource. + * @returns {string} A string representing the location. + */ + matchLocationFromCryptoKeyVersionName(cryptoKeyVersionName: string) { + return this.pathTemplates.cryptoKeyVersionPathTemplate.match( + cryptoKeyVersionName + ).location; + } + + /** + * Parse the key_ring from CryptoKeyVersion resource. + * + * @param {string} cryptoKeyVersionName + * A fully-qualified path representing CryptoKeyVersion resource. + * @returns {string} A string representing the key_ring. + */ + matchKeyRingFromCryptoKeyVersionName(cryptoKeyVersionName: string) { + return this.pathTemplates.cryptoKeyVersionPathTemplate.match( + cryptoKeyVersionName + ).key_ring; + } + + /** + * Parse the crypto_key from CryptoKeyVersion resource. + * + * @param {string} cryptoKeyVersionName + * A fully-qualified path representing CryptoKeyVersion resource. + * @returns {string} A string representing the crypto_key. + */ + matchCryptoKeyFromCryptoKeyVersionName(cryptoKeyVersionName: string) { + return this.pathTemplates.cryptoKeyVersionPathTemplate.match( + cryptoKeyVersionName + ).crypto_key; + } + + /** + * Parse the crypto_key_version from CryptoKeyVersion resource. + * + * @param {string} cryptoKeyVersionName + * A fully-qualified path representing CryptoKeyVersion resource. + * @returns {string} A string representing the crypto_key_version. + */ + matchCryptoKeyVersionFromCryptoKeyVersionName(cryptoKeyVersionName: string) { + return this.pathTemplates.cryptoKeyVersionPathTemplate.match( + cryptoKeyVersionName + ).crypto_key_version; + } + + /** + * Return a fully-qualified ekmConnection resource name string. + * + * @param {string} project + * @param {string} location + * @param {string} ekm_connection + * @returns {string} Resource name string. + */ + ekmConnectionPath(project: string, location: string, ekmConnection: string) { + return this.pathTemplates.ekmConnectionPathTemplate.render({ + project: project, + location: location, + ekm_connection: ekmConnection, + }); + } + + /** + * Parse the project from EkmConnection resource. + * + * @param {string} ekmConnectionName + * A fully-qualified path representing EkmConnection resource. + * @returns {string} A string representing the project. + */ + matchProjectFromEkmConnectionName(ekmConnectionName: string) { + return this.pathTemplates.ekmConnectionPathTemplate.match(ekmConnectionName) + .project; + } + + /** + * Parse the location from EkmConnection resource. + * + * @param {string} ekmConnectionName + * A fully-qualified path representing EkmConnection resource. + * @returns {string} A string representing the location. + */ + matchLocationFromEkmConnectionName(ekmConnectionName: string) { + return this.pathTemplates.ekmConnectionPathTemplate.match(ekmConnectionName) + .location; + } + + /** + * Parse the ekm_connection from EkmConnection resource. + * + * @param {string} ekmConnectionName + * A fully-qualified path representing EkmConnection resource. + * @returns {string} A string representing the ekm_connection. + */ + matchEkmConnectionFromEkmConnectionName(ekmConnectionName: string) { + return this.pathTemplates.ekmConnectionPathTemplate.match(ekmConnectionName) + .ekm_connection; + } + + /** + * Return a fully-qualified importJob resource name string. + * + * @param {string} project + * @param {string} location + * @param {string} key_ring + * @param {string} import_job + * @returns {string} Resource name string. + */ + importJobPath( + project: string, + location: string, + keyRing: string, + importJob: string + ) { + return this.pathTemplates.importJobPathTemplate.render({ + project: project, + location: location, + key_ring: keyRing, + import_job: importJob, + }); + } + + /** + * Parse the project from ImportJob resource. + * + * @param {string} importJobName + * A fully-qualified path representing ImportJob resource. + * @returns {string} A string representing the project. + */ + matchProjectFromImportJobName(importJobName: string) { + return this.pathTemplates.importJobPathTemplate.match(importJobName) + .project; + } + + /** + * Parse the location from ImportJob resource. + * + * @param {string} importJobName + * A fully-qualified path representing ImportJob resource. + * @returns {string} A string representing the location. + */ + matchLocationFromImportJobName(importJobName: string) { + return this.pathTemplates.importJobPathTemplate.match(importJobName) + .location; + } + + /** + * Parse the key_ring from ImportJob resource. + * + * @param {string} importJobName + * A fully-qualified path representing ImportJob resource. + * @returns {string} A string representing the key_ring. + */ + matchKeyRingFromImportJobName(importJobName: string) { + return this.pathTemplates.importJobPathTemplate.match(importJobName) + .key_ring; + } + + /** + * Parse the import_job from ImportJob resource. + * + * @param {string} importJobName + * A fully-qualified path representing ImportJob resource. + * @returns {string} A string representing the import_job. + */ + matchImportJobFromImportJobName(importJobName: string) { + return this.pathTemplates.importJobPathTemplate.match(importJobName) + .import_job; + } + + /** + * Return a fully-qualified keyRing resource name string. + * + * @param {string} project + * @param {string} location + * @param {string} key_ring + * @returns {string} Resource name string. + */ + keyRingPath(project: string, location: string, keyRing: string) { + return this.pathTemplates.keyRingPathTemplate.render({ + project: project, + location: location, + key_ring: keyRing, + }); + } + + /** + * Parse the project from KeyRing resource. + * + * @param {string} keyRingName + * A fully-qualified path representing KeyRing resource. + * @returns {string} A string representing the project. + */ + matchProjectFromKeyRingName(keyRingName: string) { + return this.pathTemplates.keyRingPathTemplate.match(keyRingName).project; + } + + /** + * Parse the location from KeyRing resource. + * + * @param {string} keyRingName + * A fully-qualified path representing KeyRing resource. + * @returns {string} A string representing the location. + */ + matchLocationFromKeyRingName(keyRingName: string) { + return this.pathTemplates.keyRingPathTemplate.match(keyRingName).location; + } + + /** + * Parse the key_ring from KeyRing resource. + * + * @param {string} keyRingName + * A fully-qualified path representing KeyRing resource. + * @returns {string} A string representing the key_ring. + */ + matchKeyRingFromKeyRingName(keyRingName: string) { + return this.pathTemplates.keyRingPathTemplate.match(keyRingName).key_ring; + } + + /** + * Return a fully-qualified location resource name string. + * + * @param {string} project + * @param {string} location + * @returns {string} Resource name string. + */ + locationPath(project: string, location: string) { + return this.pathTemplates.locationPathTemplate.render({ + project: project, + location: location, + }); + } + + /** + * Parse the project from Location resource. + * + * @param {string} locationName + * A fully-qualified path representing Location resource. + * @returns {string} A string representing the project. + */ + matchProjectFromLocationName(locationName: string) { + return this.pathTemplates.locationPathTemplate.match(locationName).project; + } + + /** + * Parse the location from Location resource. + * + * @param {string} locationName + * A fully-qualified path representing Location resource. + * @returns {string} A string representing the location. + */ + matchLocationFromLocationName(locationName: string) { + return this.pathTemplates.locationPathTemplate.match(locationName).location; + } + + /** + * Return a fully-qualified publicKey resource name string. + * + * @param {string} project + * @param {string} location + * @param {string} key_ring + * @param {string} crypto_key + * @param {string} crypto_key_version + * @returns {string} Resource name string. + */ + publicKeyPath( + project: string, + location: string, + keyRing: string, + cryptoKey: string, + cryptoKeyVersion: string + ) { + return this.pathTemplates.publicKeyPathTemplate.render({ + project: project, + location: location, + key_ring: keyRing, + crypto_key: cryptoKey, + crypto_key_version: cryptoKeyVersion, + }); + } + + /** + * Parse the project from PublicKey resource. + * + * @param {string} publicKeyName + * A fully-qualified path representing PublicKey resource. + * @returns {string} A string representing the project. + */ + matchProjectFromPublicKeyName(publicKeyName: string) { + return this.pathTemplates.publicKeyPathTemplate.match(publicKeyName) + .project; + } + + /** + * Parse the location from PublicKey resource. + * + * @param {string} publicKeyName + * A fully-qualified path representing PublicKey resource. + * @returns {string} A string representing the location. + */ + matchLocationFromPublicKeyName(publicKeyName: string) { + return this.pathTemplates.publicKeyPathTemplate.match(publicKeyName) + .location; + } + + /** + * Parse the key_ring from PublicKey resource. + * + * @param {string} publicKeyName + * A fully-qualified path representing PublicKey resource. + * @returns {string} A string representing the key_ring. + */ + matchKeyRingFromPublicKeyName(publicKeyName: string) { + return this.pathTemplates.publicKeyPathTemplate.match(publicKeyName) + .key_ring; + } + + /** + * Parse the crypto_key from PublicKey resource. + * + * @param {string} publicKeyName + * A fully-qualified path representing PublicKey resource. + * @returns {string} A string representing the crypto_key. + */ + matchCryptoKeyFromPublicKeyName(publicKeyName: string) { + return this.pathTemplates.publicKeyPathTemplate.match(publicKeyName) + .crypto_key; + } + + /** + * Parse the crypto_key_version from PublicKey resource. + * + * @param {string} publicKeyName + * A fully-qualified path representing PublicKey resource. + * @returns {string} A string representing the crypto_key_version. + */ + matchCryptoKeyVersionFromPublicKeyName(publicKeyName: string) { + return this.pathTemplates.publicKeyPathTemplate.match(publicKeyName) + .crypto_key_version; + } + + /** + * Terminate the gRPC channel and close the client. + * + * The client will no longer be usable and all future behavior is undefined. + * @returns {Promise} A promise that resolves when the client is closed. + */ + close(): Promise { + this.initialize(); + if (!this._terminated) { + return this.ekmServiceStub!.then(stub => { + this._terminated = true; + stub.close(); + this.iamClient.close(); + }); + } + return Promise.resolve(); + } +} diff --git a/src/v1/ekm_service_client_config.json b/src/v1/ekm_service_client_config.json new file mode 100644 index 00000000..583df8ce --- /dev/null +++ b/src/v1/ekm_service_client_config.json @@ -0,0 +1,46 @@ +{ + "interfaces": { + "google.cloud.kms.v1.EkmService": { + "retry_codes": { + "non_idempotent": [], + "idempotent": [ + "DEADLINE_EXCEEDED", + "UNAVAILABLE" + ] + }, + "retry_params": { + "default": { + "initial_retry_delay_millis": 100, + "retry_delay_multiplier": 1.3, + "max_retry_delay_millis": 60000, + "initial_rpc_timeout_millis": 60000, + "rpc_timeout_multiplier": 1, + "max_rpc_timeout_millis": 60000, + "total_timeout_millis": 600000 + } + }, + "methods": { + "ListEkmConnections": { + "timeout_millis": 60000, + "retry_codes_name": "idempotent", + "retry_params_name": "default" + }, + "GetEkmConnection": { + "timeout_millis": 60000, + "retry_codes_name": "idempotent", + "retry_params_name": "default" + }, + "CreateEkmConnection": { + "timeout_millis": 60000, + "retry_codes_name": "idempotent", + "retry_params_name": "default" + }, + "UpdateEkmConnection": { + "timeout_millis": 60000, + "retry_codes_name": "idempotent", + "retry_params_name": "default" + } + } + } + } +} diff --git a/src/v1/ekm_service_proto_list.json b/src/v1/ekm_service_proto_list.json new file mode 100644 index 00000000..ad57fc55 --- /dev/null +++ b/src/v1/ekm_service_proto_list.json @@ -0,0 +1,5 @@ +[ + "../../protos/google/cloud/kms/v1/ekm_service.proto", + "../../protos/google/cloud/kms/v1/resources.proto", + "../../protos/google/cloud/kms/v1/service.proto" +] diff --git a/src/v1/gapic_metadata.json b/src/v1/gapic_metadata.json index 2567548f..587790c2 100644 --- a/src/v1/gapic_metadata.json +++ b/src/v1/gapic_metadata.json @@ -5,6 +5,64 @@ "protoPackage": "google.cloud.kms.v1", "libraryPackage": "@google-cloud/kms", "services": { + "EkmService": { + "clients": { + "grpc": { + "libraryClient": "EkmServiceClient", + "rpcs": { + "GetEkmConnection": { + "methods": [ + "getEkmConnection" + ] + }, + "CreateEkmConnection": { + "methods": [ + "createEkmConnection" + ] + }, + "UpdateEkmConnection": { + "methods": [ + "updateEkmConnection" + ] + }, + "ListEkmConnections": { + "methods": [ + "listEkmConnections", + "listEkmConnectionsStream", + "listEkmConnectionsAsync" + ] + } + } + }, + "grpc-fallback": { + "libraryClient": "EkmServiceClient", + "rpcs": { + "GetEkmConnection": { + "methods": [ + "getEkmConnection" + ] + }, + "CreateEkmConnection": { + "methods": [ + "createEkmConnection" + ] + }, + "UpdateEkmConnection": { + "methods": [ + "updateEkmConnection" + ] + }, + "ListEkmConnections": { + "methods": [ + "listEkmConnections", + "listEkmConnectionsStream", + "listEkmConnectionsAsync" + ] + } + } + } + } + }, "KeyManagementService": { "clients": { "grpc": { diff --git a/src/v1/index.ts b/src/v1/index.ts index 99ef9a40..e6c52a03 100644 --- a/src/v1/index.ts +++ b/src/v1/index.ts @@ -16,4 +16,5 @@ // ** https://github.com/googleapis/gapic-generator-typescript ** // ** All changes to this file may be overwritten. ** +export {EkmServiceClient} from './ekm_service_client'; export {KeyManagementServiceClient} from './key_management_service_client'; diff --git a/src/v1/key_management_service_client.ts b/src/v1/key_management_service_client.ts index 2e9dec12..6608458d 100644 --- a/src/v1/key_management_service_client.ts +++ b/src/v1/key_management_service_client.ts @@ -185,6 +185,9 @@ export class KeyManagementServiceClient { cryptoKeyVersionPathTemplate: new this._gaxModule.PathTemplate( 'projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}/cryptoKeyVersions/{crypto_key_version}' ), + ekmConnectionPathTemplate: new this._gaxModule.PathTemplate( + 'projects/{project}/locations/{location}/ekmConnections/{ekm_connection}' + ), importJobPathTemplate: new this._gaxModule.PathTemplate( 'projects/{project}/locations/{location}/keyRings/{key_ring}/importJobs/{import_job}' ), @@ -392,7 +395,8 @@ export class KeyManagementServiceClient { * @param {Object} request * The request object that will be sent. * @param {string} request.name - * Required. The {@link google.cloud.kms.v1.KeyRing.name|name} of the {@link google.cloud.kms.v1.KeyRing|KeyRing} to get. + * Required. The {@link google.cloud.kms.v1.KeyRing.name|name} of the + * {@link google.cloud.kms.v1.KeyRing|KeyRing} to get. * @param {object} [options] * Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html|CallOptions} for more details. * @returns {Promise} - The promise which resolves to an array. @@ -470,13 +474,15 @@ export class KeyManagementServiceClient { return this.innerApiCalls.getKeyRing(request, options, callback); } /** - * Returns metadata for a given {@link google.cloud.kms.v1.CryptoKey|CryptoKey}, as well as its - * {@link google.cloud.kms.v1.CryptoKey.primary|primary} {@link google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion}. + * Returns metadata for a given {@link google.cloud.kms.v1.CryptoKey|CryptoKey}, as + * well as its {@link google.cloud.kms.v1.CryptoKey.primary|primary} + * {@link google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion}. * * @param {Object} request * The request object that will be sent. * @param {string} request.name - * Required. The {@link google.cloud.kms.v1.CryptoKey.name|name} of the {@link google.cloud.kms.v1.CryptoKey|CryptoKey} to get. + * Required. The {@link google.cloud.kms.v1.CryptoKey.name|name} of the + * {@link google.cloud.kms.v1.CryptoKey|CryptoKey} to get. * @param {object} [options] * Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html|CallOptions} for more details. * @returns {Promise} - The promise which resolves to an array. @@ -554,12 +560,14 @@ export class KeyManagementServiceClient { return this.innerApiCalls.getCryptoKey(request, options, callback); } /** - * Returns metadata for a given {@link google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion}. + * Returns metadata for a given + * {@link google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion}. * * @param {Object} request * The request object that will be sent. * @param {string} request.name - * Required. The {@link google.cloud.kms.v1.CryptoKeyVersion.name|name} of the {@link google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion} to get. + * Required. The {@link google.cloud.kms.v1.CryptoKeyVersion.name|name} of the + * {@link google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion} to get. * @param {object} [options] * Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html|CallOptions} for more details. * @returns {Promise} - The promise which resolves to an array. @@ -639,16 +647,18 @@ export class KeyManagementServiceClient { return this.innerApiCalls.getCryptoKeyVersion(request, options, callback); } /** - * Returns the public key for the given {@link google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion}. The + * Returns the public key for the given + * {@link google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion}. The * {@link google.cloud.kms.v1.CryptoKey.purpose|CryptoKey.purpose} must be - * {@link google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN|ASYMMETRIC_SIGN} or + * {@link google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN|ASYMMETRIC_SIGN} + * or * {@link google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_DECRYPT|ASYMMETRIC_DECRYPT}. * * @param {Object} request * The request object that will be sent. * @param {string} request.name - * Required. The {@link google.cloud.kms.v1.CryptoKeyVersion.name|name} of the {@link google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion} public key to - * get. + * Required. The {@link google.cloud.kms.v1.CryptoKeyVersion.name|name} of the + * {@link google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion} public key to get. * @param {object} [options] * Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html|CallOptions} for more details. * @returns {Promise} - The promise which resolves to an array. @@ -731,7 +741,8 @@ export class KeyManagementServiceClient { * @param {Object} request * The request object that will be sent. * @param {string} request.name - * Required. The {@link google.cloud.kms.v1.ImportJob.name|name} of the {@link google.cloud.kms.v1.ImportJob|ImportJob} to get. + * Required. The {@link google.cloud.kms.v1.ImportJob.name|name} of the + * {@link google.cloud.kms.v1.ImportJob|ImportJob} to get. * @param {object} [options] * Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html|CallOptions} for more details. * @returns {Promise} - The promise which resolves to an array. @@ -809,18 +820,21 @@ export class KeyManagementServiceClient { return this.innerApiCalls.getImportJob(request, options, callback); } /** - * Create a new {@link google.cloud.kms.v1.KeyRing|KeyRing} in a given Project and Location. + * Create a new {@link google.cloud.kms.v1.KeyRing|KeyRing} in a given Project and + * Location. * * @param {Object} request * The request object that will be sent. * @param {string} request.parent * Required. The resource name of the location associated with the - * {@link google.cloud.kms.v1.KeyRing|KeyRings}, in the format `projects/* /locations/*`. + * {@link google.cloud.kms.v1.KeyRing|KeyRings}, in the format + * `projects/* /locations/*`. * @param {string} request.keyRingId * Required. It must be unique within a location and match the regular * expression `[a-zA-Z0-9_-]{1,63}` * @param {google.cloud.kms.v1.KeyRing} request.keyRing - * Required. A {@link google.cloud.kms.v1.KeyRing|KeyRing} with initial field values. + * Required. A {@link google.cloud.kms.v1.KeyRing|KeyRing} with initial field + * values. * @param {object} [options] * Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html|CallOptions} for more details. * @returns {Promise} - The promise which resolves to an array. @@ -898,7 +912,8 @@ export class KeyManagementServiceClient { return this.innerApiCalls.createKeyRing(request, options, callback); } /** - * Create a new {@link google.cloud.kms.v1.CryptoKey|CryptoKey} within a {@link google.cloud.kms.v1.KeyRing|KeyRing}. + * Create a new {@link google.cloud.kms.v1.CryptoKey|CryptoKey} within a + * {@link google.cloud.kms.v1.KeyRing|KeyRing}. * * {@link google.cloud.kms.v1.CryptoKey.purpose|CryptoKey.purpose} and * {@link google.cloud.kms.v1.CryptoKeyVersionTemplate.algorithm|CryptoKey.version_template.algorithm} @@ -907,17 +922,21 @@ export class KeyManagementServiceClient { * @param {Object} request * The request object that will be sent. * @param {string} request.parent - * Required. The {@link google.cloud.kms.v1.KeyRing.name|name} of the KeyRing associated with the - * {@link google.cloud.kms.v1.CryptoKey|CryptoKeys}. + * Required. The {@link google.cloud.kms.v1.KeyRing.name|name} of the KeyRing + * associated with the {@link google.cloud.kms.v1.CryptoKey|CryptoKeys}. * @param {string} request.cryptoKeyId * Required. It must be unique within a KeyRing and match the regular * expression `[a-zA-Z0-9_-]{1,63}` * @param {google.cloud.kms.v1.CryptoKey} request.cryptoKey - * Required. A {@link google.cloud.kms.v1.CryptoKey|CryptoKey} with initial field values. + * Required. A {@link google.cloud.kms.v1.CryptoKey|CryptoKey} with initial field + * values. * @param {boolean} request.skipInitialVersionCreation - * If set to true, the request will create a {@link google.cloud.kms.v1.CryptoKey|CryptoKey} without any - * {@link google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersions}. You must manually call - * {@link google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion|CreateCryptoKeyVersion} or + * If set to true, the request will create a + * {@link google.cloud.kms.v1.CryptoKey|CryptoKey} without any + * {@link google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersions}. You must + * manually call + * {@link google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion|CreateCryptoKeyVersion} + * or * {@link google.cloud.kms.v1.KeyManagementService.ImportCryptoKeyVersion|ImportCryptoKeyVersion} * before you can use this {@link google.cloud.kms.v1.CryptoKey|CryptoKey}. * @param {object} [options] @@ -997,7 +1016,8 @@ export class KeyManagementServiceClient { return this.innerApiCalls.createCryptoKey(request, options, callback); } /** - * Create a new {@link google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion} in a {@link google.cloud.kms.v1.CryptoKey|CryptoKey}. + * Create a new {@link google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion} in a + * {@link google.cloud.kms.v1.CryptoKey|CryptoKey}. * * The server will assign the next sequential id. If unset, * {@link google.cloud.kms.v1.CryptoKeyVersion.state|state} will be set to @@ -1006,10 +1026,12 @@ export class KeyManagementServiceClient { * @param {Object} request * The request object that will be sent. * @param {string} request.parent - * Required. The {@link google.cloud.kms.v1.CryptoKey.name|name} of the {@link google.cloud.kms.v1.CryptoKey|CryptoKey} associated with - * the {@link google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersions}. + * Required. The {@link google.cloud.kms.v1.CryptoKey.name|name} of the + * {@link google.cloud.kms.v1.CryptoKey|CryptoKey} associated with the + * {@link google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersions}. * @param {google.cloud.kms.v1.CryptoKeyVersion} request.cryptoKeyVersion - * Required. A {@link google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion} with initial field values. + * Required. A {@link google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion} with + * initial field values. * @param {object} [options] * Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html|CallOptions} for more details. * @returns {Promise} - The promise which resolves to an array. @@ -1099,44 +1121,54 @@ export class KeyManagementServiceClient { ); } /** - * Import wrapped key material into a {@link google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion}. + * Import wrapped key material into a + * {@link google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion}. * - * All requests must specify a {@link google.cloud.kms.v1.CryptoKey|CryptoKey}. If a {@link google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion} is - * additionally specified in the request, key material will be reimported into - * that version. Otherwise, a new version will be created, and will be - * assigned the next sequential id within the {@link google.cloud.kms.v1.CryptoKey|CryptoKey}. + * All requests must specify a {@link google.cloud.kms.v1.CryptoKey|CryptoKey}. If + * a {@link google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion} is additionally + * specified in the request, key material will be reimported into that + * version. Otherwise, a new version will be created, and will be assigned the + * next sequential id within the {@link google.cloud.kms.v1.CryptoKey|CryptoKey}. * * @param {Object} request * The request object that will be sent. * @param {string} request.parent - * Required. The {@link google.cloud.kms.v1.CryptoKey.name|name} of the {@link google.cloud.kms.v1.CryptoKey|CryptoKey} to be imported into. + * Required. The {@link google.cloud.kms.v1.CryptoKey.name|name} of the + * {@link google.cloud.kms.v1.CryptoKey|CryptoKey} to be imported into. * * The create permission is only required on this key when creating a new * {@link google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion}. * @param {string} [request.cryptoKeyVersion] - * Optional. The optional {@link google.cloud.kms.v1.CryptoKeyVersion.name|name} of an existing - * {@link google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion} to target for an import operation. - * If this field is not present, a new {@link google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion} containing the + * Optional. The optional {@link google.cloud.kms.v1.CryptoKeyVersion.name|name} of + * an existing {@link google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion} to + * target for an import operation. If this field is not present, a new + * {@link google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion} containing the * supplied key material is created. * * If this field is present, the supplied key material is imported into - * the existing {@link google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion}. To import into an existing - * {@link google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion}, the {@link google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion} must be a child of - * {@link google.cloud.kms.v1.ImportCryptoKeyVersionRequest.parent|ImportCryptoKeyVersionRequest.parent}, have been previously created via - * {@link |ImportCryptoKeyVersion}, and be in - * {@link google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED|DESTROYED} or + * the existing {@link google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion}. To + * import into an existing + * {@link google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion}, the + * {@link google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion} must be a child of + * {@link google.cloud.kms.v1.ImportCryptoKeyVersionRequest.parent|ImportCryptoKeyVersionRequest.parent}, + * have been previously created via {@link |ImportCryptoKeyVersion}, and be in + * {@link google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED|DESTROYED} + * or * {@link google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.IMPORT_FAILED|IMPORT_FAILED} * state. The key material and algorithm must match the previous - * {@link google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion} exactly if the {@link google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion} has ever contained + * {@link google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion} exactly if the + * {@link google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion} has ever contained * key material. * @param {google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm} request.algorithm - * Required. The {@link google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm|algorithm} of - * the key being imported. This does not need to match the - * {@link google.cloud.kms.v1.CryptoKey.version_template|version_template} of the {@link google.cloud.kms.v1.CryptoKey|CryptoKey} this - * version imports into. + * Required. The + * {@link google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm|algorithm} + * of the key being imported. This does not need to match the + * {@link google.cloud.kms.v1.CryptoKey.version_template|version_template} of the + * {@link google.cloud.kms.v1.CryptoKey|CryptoKey} this version imports into. * @param {string} request.importJob - * Required. The {@link google.cloud.kms.v1.ImportJob.name|name} of the {@link google.cloud.kms.v1.ImportJob|ImportJob} that was used to - * wrap this key material. + * Required. The {@link google.cloud.kms.v1.ImportJob.name|name} of the + * {@link google.cloud.kms.v1.ImportJob|ImportJob} that was used to wrap this key + * material. * @param {Buffer} request.rsaAesWrappedKey * Wrapped key material produced with * {@link google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_3072_SHA1_AES_256|RSA_OAEP_3072_SHA1_AES_256} @@ -1146,8 +1178,9 @@ export class KeyManagementServiceClient { * This field contains the concatenation of two wrapped keys: *
        *
      1. An ephemeral AES-256 wrapping key wrapped with the - * {@link google.cloud.kms.v1.ImportJob.public_key|public_key} using RSAES-OAEP with SHA-1, - * MGF1 with SHA-1, and an empty label. + * {@link google.cloud.kms.v1.ImportJob.public_key|public_key} using + * RSAES-OAEP with SHA-1/SHA-256, MGF1 with SHA-1/SHA-256, and an + * empty label. *
      2. *
      3. The key to be imported, wrapped with the ephemeral AES-256 key * using AES-KWP (RFC 5649). @@ -1250,20 +1283,24 @@ export class KeyManagementServiceClient { ); } /** - * Create a new {@link google.cloud.kms.v1.ImportJob|ImportJob} within a {@link google.cloud.kms.v1.KeyRing|KeyRing}. + * Create a new {@link google.cloud.kms.v1.ImportJob|ImportJob} within a + * {@link google.cloud.kms.v1.KeyRing|KeyRing}. * - * {@link google.cloud.kms.v1.ImportJob.import_method|ImportJob.import_method} is required. + * {@link google.cloud.kms.v1.ImportJob.import_method|ImportJob.import_method} is + * required. * * @param {Object} request * The request object that will be sent. * @param {string} request.parent - * Required. The {@link google.cloud.kms.v1.KeyRing.name|name} of the {@link google.cloud.kms.v1.KeyRing|KeyRing} associated with the + * Required. The {@link google.cloud.kms.v1.KeyRing.name|name} of the + * {@link google.cloud.kms.v1.KeyRing|KeyRing} associated with the * {@link google.cloud.kms.v1.ImportJob|ImportJobs}. * @param {string} request.importJobId * Required. It must be unique within a KeyRing and match the regular * expression `[a-zA-Z0-9_-]{1,63}` * @param {google.cloud.kms.v1.ImportJob} request.importJob - * Required. An {@link google.cloud.kms.v1.ImportJob|ImportJob} with initial field values. + * Required. An {@link google.cloud.kms.v1.ImportJob|ImportJob} with initial field + * values. * @param {object} [options] * Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html|CallOptions} for more details. * @returns {Promise} - The promise which resolves to an array. @@ -1426,18 +1463,24 @@ export class KeyManagementServiceClient { return this.innerApiCalls.updateCryptoKey(request, options, callback); } /** - * Update a {@link google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion}'s metadata. + * Update a {@link google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion}'s + * metadata. * * {@link google.cloud.kms.v1.CryptoKeyVersion.state|state} may be changed between - * {@link google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED|ENABLED} and - * {@link google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED|DISABLED} using this - * method. See {@link google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion|DestroyCryptoKeyVersion} and {@link google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion|RestoreCryptoKeyVersion} to - * move between other states. + * {@link google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED|ENABLED} + * and + * {@link google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED|DISABLED} + * using this method. See + * {@link google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion|DestroyCryptoKeyVersion} + * and + * {@link google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion|RestoreCryptoKeyVersion} + * to move between other states. * * @param {Object} request * The request object that will be sent. * @param {google.cloud.kms.v1.CryptoKeyVersion} request.cryptoKeyVersion - * Required. {@link google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion} with updated values. + * Required. {@link google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion} with + * updated values. * @param {google.protobuf.FieldMask} request.updateMask * Required. List of fields to be updated in this request. * @param {object} [options] @@ -1529,7 +1572,9 @@ export class KeyManagementServiceClient { ); } /** - * Update the version of a {@link google.cloud.kms.v1.CryptoKey|CryptoKey} that will be used in {@link google.cloud.kms.v1.KeyManagementService.Encrypt|Encrypt}. + * Update the version of a {@link google.cloud.kms.v1.CryptoKey|CryptoKey} that + * will be used in + * {@link google.cloud.kms.v1.KeyManagementService.Encrypt|Encrypt}. * * Returns an error if called on a key whose purpose is not * {@link google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT|ENCRYPT_DECRYPT}. @@ -1537,9 +1582,11 @@ export class KeyManagementServiceClient { * @param {Object} request * The request object that will be sent. * @param {string} request.name - * Required. The resource name of the {@link google.cloud.kms.v1.CryptoKey|CryptoKey} to update. + * Required. The resource name of the + * {@link google.cloud.kms.v1.CryptoKey|CryptoKey} to update. * @param {string} request.cryptoKeyVersionId - * Required. The id of the child {@link google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion} to use as primary. + * Required. The id of the child + * {@link google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion} to use as primary. * @param {object} [options] * Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html|CallOptions} for more details. * @returns {Promise} - The promise which resolves to an array. @@ -1635,24 +1682,33 @@ export class KeyManagementServiceClient { ); } /** - * Schedule a {@link google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion} for destruction. + * Schedule a {@link google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion} for + * destruction. * - * Upon calling this method, {@link google.cloud.kms.v1.CryptoKeyVersion.state|CryptoKeyVersion.state} will be set to + * Upon calling this method, + * {@link google.cloud.kms.v1.CryptoKeyVersion.state|CryptoKeyVersion.state} will + * be set to * {@link google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED|DESTROY_SCHEDULED}, - * and {@link google.cloud.kms.v1.CryptoKeyVersion.destroy_time|destroy_time} will be set to the time - * {@link google.cloud.kms.v1.CryptoKey.destroy_scheduled_duration|destroy_scheduled_duration} in the - * future. At that time, the {@link google.cloud.kms.v1.CryptoKeyVersion.state|state} will - * automatically change to - * {@link google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED|DESTROYED}, and the key - * material will be irrevocably destroyed. + * and {@link google.cloud.kms.v1.CryptoKeyVersion.destroy_time|destroy_time} will + * be set to the time + * {@link google.cloud.kms.v1.CryptoKey.destroy_scheduled_duration|destroy_scheduled_duration} + * in the future. At that time, the + * {@link google.cloud.kms.v1.CryptoKeyVersion.state|state} will automatically + * change to + * {@link google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED|DESTROYED}, + * and the key material will be irrevocably destroyed. * - * Before the {@link google.cloud.kms.v1.CryptoKeyVersion.destroy_time|destroy_time} is reached, - * {@link google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion|RestoreCryptoKeyVersion} may be called to reverse the process. + * Before the + * {@link google.cloud.kms.v1.CryptoKeyVersion.destroy_time|destroy_time} is + * reached, + * {@link google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion|RestoreCryptoKeyVersion} + * may be called to reverse the process. * * @param {Object} request * The request object that will be sent. * @param {string} request.name - * Required. The resource name of the {@link google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion} to destroy. + * Required. The resource name of the + * {@link google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion} to destroy. * @param {object} [options] * Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html|CallOptions} for more details. * @returns {Promise} - The promise which resolves to an array. @@ -1746,14 +1802,17 @@ export class KeyManagementServiceClient { * {@link google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED|DESTROY_SCHEDULED} * state. * - * Upon restoration of the CryptoKeyVersion, {@link google.cloud.kms.v1.CryptoKeyVersion.state|state} - * will be set to {@link google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED|DISABLED}, - * and {@link google.cloud.kms.v1.CryptoKeyVersion.destroy_time|destroy_time} will be cleared. + * Upon restoration of the CryptoKeyVersion, + * {@link google.cloud.kms.v1.CryptoKeyVersion.state|state} will be set to + * {@link google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED|DISABLED}, + * and {@link google.cloud.kms.v1.CryptoKeyVersion.destroy_time|destroy_time} will + * be cleared. * * @param {Object} request * The request object that will be sent. * @param {string} request.name - * Required. The resource name of the {@link google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion} to restore. + * Required. The resource name of the + * {@link google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion} to restore. * @param {object} [options] * Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html|CallOptions} for more details. * @returns {Promise} - The promise which resolves to an array. @@ -1843,66 +1902,83 @@ export class KeyManagementServiceClient { ); } /** - * Encrypts data, so that it can only be recovered by a call to {@link google.cloud.kms.v1.KeyManagementService.Decrypt|Decrypt}. - * The {@link google.cloud.kms.v1.CryptoKey.purpose|CryptoKey.purpose} must be + * Encrypts data, so that it can only be recovered by a call to + * {@link google.cloud.kms.v1.KeyManagementService.Decrypt|Decrypt}. The + * {@link google.cloud.kms.v1.CryptoKey.purpose|CryptoKey.purpose} must be * {@link google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT|ENCRYPT_DECRYPT}. * * @param {Object} request * The request object that will be sent. * @param {string} request.name - * Required. The resource name of the {@link google.cloud.kms.v1.CryptoKey|CryptoKey} or {@link google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion} - * to use for encryption. + * Required. The resource name of the + * {@link google.cloud.kms.v1.CryptoKey|CryptoKey} or + * {@link google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion} to use for + * encryption. * - * If a {@link google.cloud.kms.v1.CryptoKey|CryptoKey} is specified, the server will use its - * {@link google.cloud.kms.v1.CryptoKey.primary|primary version}. + * If a {@link google.cloud.kms.v1.CryptoKey|CryptoKey} is specified, the server + * will use its {@link google.cloud.kms.v1.CryptoKey.primary|primary version}. * @param {Buffer} request.plaintext * Required. The data to encrypt. Must be no larger than 64KiB. * * The maximum size depends on the key version's - * {@link google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level|protection_level}. For - * {@link google.cloud.kms.v1.ProtectionLevel.SOFTWARE|SOFTWARE} keys, the plaintext must be no larger - * than 64KiB. For {@link google.cloud.kms.v1.ProtectionLevel.HSM|HSM} keys, the combined length of the - * plaintext and additional_authenticated_data fields must be no larger than - * 8KiB. + * {@link google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level|protection_level}. + * For {@link google.cloud.kms.v1.ProtectionLevel.SOFTWARE|SOFTWARE} keys, the + * plaintext must be no larger than 64KiB. For + * {@link google.cloud.kms.v1.ProtectionLevel.HSM|HSM} keys, the combined length of + * the plaintext and additional_authenticated_data fields must be no larger + * than 8KiB. * @param {Buffer} [request.additionalAuthenticatedData] - * Optional. Optional data that, if specified, must also be provided during decryption - * through {@link google.cloud.kms.v1.DecryptRequest.additional_authenticated_data|DecryptRequest.additional_authenticated_data}. + * Optional. Optional data that, if specified, must also be provided during + * decryption through + * {@link google.cloud.kms.v1.DecryptRequest.additional_authenticated_data|DecryptRequest.additional_authenticated_data}. * * The maximum size depends on the key version's - * {@link google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level|protection_level}. For - * {@link google.cloud.kms.v1.ProtectionLevel.SOFTWARE|SOFTWARE} keys, the AAD must be no larger than - * 64KiB. For {@link google.cloud.kms.v1.ProtectionLevel.HSM|HSM} keys, the combined length of the - * plaintext and additional_authenticated_data fields must be no larger than - * 8KiB. + * {@link google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level|protection_level}. + * For {@link google.cloud.kms.v1.ProtectionLevel.SOFTWARE|SOFTWARE} keys, the AAD + * must be no larger than 64KiB. For + * {@link google.cloud.kms.v1.ProtectionLevel.HSM|HSM} keys, the combined length of + * the plaintext and additional_authenticated_data fields must be no larger + * than 8KiB. * @param {google.protobuf.Int64Value} [request.plaintextCrc32c] - * Optional. An optional CRC32C checksum of the {@link google.cloud.kms.v1.EncryptRequest.plaintext|EncryptRequest.plaintext}. If - * specified, {@link google.cloud.kms.v1.KeyManagementService|KeyManagementService} will verify the integrity of the - * received {@link google.cloud.kms.v1.EncryptRequest.plaintext|EncryptRequest.plaintext} using this checksum. - * {@link google.cloud.kms.v1.KeyManagementService|KeyManagementService} will report an error if the checksum verification - * fails. If you receive a checksum error, your client should verify that - * CRC32C({@link google.cloud.kms.v1.EncryptRequest.plaintext|EncryptRequest.plaintext}) is equal to - * {@link google.cloud.kms.v1.EncryptRequest.plaintext_crc32c|EncryptRequest.plaintext_crc32c}, and if so, perform a limited number of - * retries. A persistent mismatch may indicate an issue in your computation of - * the CRC32C checksum. - * Note: This field is defined as int64 for reasons of compatibility across - * different languages. However, it is a non-negative integer, which will - * never exceed 2^32-1, and can be safely downconverted to uint32 in languages - * that support this type. + * Optional. An optional CRC32C checksum of the + * {@link google.cloud.kms.v1.EncryptRequest.plaintext|EncryptRequest.plaintext}. + * If specified, + * {@link google.cloud.kms.v1.KeyManagementService|KeyManagementService} will + * verify the integrity of the received + * {@link google.cloud.kms.v1.EncryptRequest.plaintext|EncryptRequest.plaintext} + * using this checksum. + * {@link google.cloud.kms.v1.KeyManagementService|KeyManagementService} will + * report an error if the checksum verification fails. If you receive a + * checksum error, your client should verify that + * CRC32C({@link google.cloud.kms.v1.EncryptRequest.plaintext|EncryptRequest.plaintext}) + * is equal to + * {@link google.cloud.kms.v1.EncryptRequest.plaintext_crc32c|EncryptRequest.plaintext_crc32c}, + * and if so, perform a limited number of retries. A persistent mismatch may + * indicate an issue in your computation of the CRC32C checksum. Note: This + * field is defined as int64 for reasons of compatibility across different + * languages. However, it is a non-negative integer, which will never exceed + * 2^32-1, and can be safely downconverted to uint32 in languages that support + * this type. * @param {google.protobuf.Int64Value} [request.additionalAuthenticatedDataCrc32c] * Optional. An optional CRC32C checksum of the - * {@link google.cloud.kms.v1.EncryptRequest.additional_authenticated_data|EncryptRequest.additional_authenticated_data}. If specified, - * {@link google.cloud.kms.v1.KeyManagementService|KeyManagementService} will verify the integrity of the received - * {@link google.cloud.kms.v1.EncryptRequest.additional_authenticated_data|EncryptRequest.additional_authenticated_data} using this checksum. - * {@link google.cloud.kms.v1.KeyManagementService|KeyManagementService} will report an error if the checksum verification - * fails. If you receive a checksum error, your client should verify that - * CRC32C({@link google.cloud.kms.v1.EncryptRequest.additional_authenticated_data|EncryptRequest.additional_authenticated_data}) is equal to - * {@link google.cloud.kms.v1.EncryptRequest.additional_authenticated_data_crc32c|EncryptRequest.additional_authenticated_data_crc32c}, and if so, perform - * a limited number of retries. A persistent mismatch may indicate an issue in - * your computation of the CRC32C checksum. - * Note: This field is defined as int64 for reasons of compatibility across - * different languages. However, it is a non-negative integer, which will - * never exceed 2^32-1, and can be safely downconverted to uint32 in languages - * that support this type. + * {@link google.cloud.kms.v1.EncryptRequest.additional_authenticated_data|EncryptRequest.additional_authenticated_data}. + * If specified, + * {@link google.cloud.kms.v1.KeyManagementService|KeyManagementService} will + * verify the integrity of the received + * {@link google.cloud.kms.v1.EncryptRequest.additional_authenticated_data|EncryptRequest.additional_authenticated_data} + * using this checksum. + * {@link google.cloud.kms.v1.KeyManagementService|KeyManagementService} will + * report an error if the checksum verification fails. If you receive a + * checksum error, your client should verify that + * CRC32C({@link google.cloud.kms.v1.EncryptRequest.additional_authenticated_data|EncryptRequest.additional_authenticated_data}) + * is equal to + * {@link google.cloud.kms.v1.EncryptRequest.additional_authenticated_data_crc32c|EncryptRequest.additional_authenticated_data_crc32c}, + * and if so, perform a limited number of retries. A persistent mismatch may + * indicate an issue in your computation of the CRC32C checksum. Note: This + * field is defined as int64 for reasons of compatibility across different + * languages. However, it is a non-negative integer, which will never exceed + * 2^32-1, and can be safely downconverted to uint32 in languages that support + * this type. * @param {object} [options] * Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html|CallOptions} for more details. * @returns {Promise} - The promise which resolves to an array. @@ -1980,14 +2056,17 @@ export class KeyManagementServiceClient { return this.innerApiCalls.encrypt(request, options, callback); } /** - * Decrypts data that was protected by {@link google.cloud.kms.v1.KeyManagementService.Encrypt|Encrypt}. The {@link google.cloud.kms.v1.CryptoKey.purpose|CryptoKey.purpose} - * must be {@link google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT|ENCRYPT_DECRYPT}. + * Decrypts data that was protected by + * {@link google.cloud.kms.v1.KeyManagementService.Encrypt|Encrypt}. The + * {@link google.cloud.kms.v1.CryptoKey.purpose|CryptoKey.purpose} must be + * {@link google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT|ENCRYPT_DECRYPT}. * * @param {Object} request * The request object that will be sent. * @param {string} request.name - * Required. The resource name of the {@link google.cloud.kms.v1.CryptoKey|CryptoKey} to use for decryption. - * The server will choose the appropriate version. + * Required. The resource name of the + * {@link google.cloud.kms.v1.CryptoKey|CryptoKey} to use for decryption. The + * server will choose the appropriate version. * @param {Buffer} request.ciphertext * Required. The encrypted data originally returned in * {@link google.cloud.kms.v1.EncryptResponse.ciphertext|EncryptResponse.ciphertext}. @@ -1995,34 +2074,45 @@ export class KeyManagementServiceClient { * Optional. Optional data that must match the data originally supplied in * {@link google.cloud.kms.v1.EncryptRequest.additional_authenticated_data|EncryptRequest.additional_authenticated_data}. * @param {google.protobuf.Int64Value} [request.ciphertextCrc32c] - * Optional. An optional CRC32C checksum of the {@link google.cloud.kms.v1.DecryptRequest.ciphertext|DecryptRequest.ciphertext}. If - * specified, {@link google.cloud.kms.v1.KeyManagementService|KeyManagementService} will verify the integrity of the - * received {@link google.cloud.kms.v1.DecryptRequest.ciphertext|DecryptRequest.ciphertext} using this checksum. - * {@link google.cloud.kms.v1.KeyManagementService|KeyManagementService} will report an error if the checksum verification - * fails. If you receive a checksum error, your client should verify that - * CRC32C({@link google.cloud.kms.v1.DecryptRequest.ciphertext|DecryptRequest.ciphertext}) is equal to - * {@link google.cloud.kms.v1.DecryptRequest.ciphertext_crc32c|DecryptRequest.ciphertext_crc32c}, and if so, perform a limited number - * of retries. A persistent mismatch may indicate an issue in your computation - * of the CRC32C checksum. - * Note: This field is defined as int64 for reasons of compatibility across - * different languages. However, it is a non-negative integer, which will - * never exceed 2^32-1, and can be safely downconverted to uint32 in languages - * that support this type. + * Optional. An optional CRC32C checksum of the + * {@link google.cloud.kms.v1.DecryptRequest.ciphertext|DecryptRequest.ciphertext}. + * If specified, + * {@link google.cloud.kms.v1.KeyManagementService|KeyManagementService} will + * verify the integrity of the received + * {@link google.cloud.kms.v1.DecryptRequest.ciphertext|DecryptRequest.ciphertext} + * using this checksum. + * {@link google.cloud.kms.v1.KeyManagementService|KeyManagementService} will + * report an error if the checksum verification fails. If you receive a + * checksum error, your client should verify that + * CRC32C({@link google.cloud.kms.v1.DecryptRequest.ciphertext|DecryptRequest.ciphertext}) + * is equal to + * {@link google.cloud.kms.v1.DecryptRequest.ciphertext_crc32c|DecryptRequest.ciphertext_crc32c}, + * and if so, perform a limited number of retries. A persistent mismatch may + * indicate an issue in your computation of the CRC32C checksum. Note: This + * field is defined as int64 for reasons of compatibility across different + * languages. However, it is a non-negative integer, which will never exceed + * 2^32-1, and can be safely downconverted to uint32 in languages that support + * this type. * @param {google.protobuf.Int64Value} [request.additionalAuthenticatedDataCrc32c] * Optional. An optional CRC32C checksum of the - * {@link google.cloud.kms.v1.DecryptRequest.additional_authenticated_data|DecryptRequest.additional_authenticated_data}. If specified, - * {@link google.cloud.kms.v1.KeyManagementService|KeyManagementService} will verify the integrity of the received - * {@link google.cloud.kms.v1.DecryptRequest.additional_authenticated_data|DecryptRequest.additional_authenticated_data} using this checksum. - * {@link google.cloud.kms.v1.KeyManagementService|KeyManagementService} will report an error if the checksum verification - * fails. If you receive a checksum error, your client should verify that - * CRC32C({@link google.cloud.kms.v1.DecryptRequest.additional_authenticated_data|DecryptRequest.additional_authenticated_data}) is equal to - * {@link google.cloud.kms.v1.DecryptRequest.additional_authenticated_data_crc32c|DecryptRequest.additional_authenticated_data_crc32c}, and if so, perform - * a limited number of retries. A persistent mismatch may indicate an issue in - * your computation of the CRC32C checksum. - * Note: This field is defined as int64 for reasons of compatibility across - * different languages. However, it is a non-negative integer, which will - * never exceed 2^32-1, and can be safely downconverted to uint32 in languages - * that support this type. + * {@link google.cloud.kms.v1.DecryptRequest.additional_authenticated_data|DecryptRequest.additional_authenticated_data}. + * If specified, + * {@link google.cloud.kms.v1.KeyManagementService|KeyManagementService} will + * verify the integrity of the received + * {@link google.cloud.kms.v1.DecryptRequest.additional_authenticated_data|DecryptRequest.additional_authenticated_data} + * using this checksum. + * {@link google.cloud.kms.v1.KeyManagementService|KeyManagementService} will + * report an error if the checksum verification fails. If you receive a + * checksum error, your client should verify that + * CRC32C({@link google.cloud.kms.v1.DecryptRequest.additional_authenticated_data|DecryptRequest.additional_authenticated_data}) + * is equal to + * {@link google.cloud.kms.v1.DecryptRequest.additional_authenticated_data_crc32c|DecryptRequest.additional_authenticated_data_crc32c}, + * and if so, perform a limited number of retries. A persistent mismatch may + * indicate an issue in your computation of the CRC32C checksum. Note: This + * field is defined as int64 for reasons of compatibility across different + * languages. However, it is a non-negative integer, which will never exceed + * 2^32-1, and can be safely downconverted to uint32 in languages that support + * this type. * @param {object} [options] * Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html|CallOptions} for more details. * @returns {Promise} - The promise which resolves to an array. @@ -2100,50 +2190,71 @@ export class KeyManagementServiceClient { return this.innerApiCalls.decrypt(request, options, callback); } /** - * Signs data using a {@link google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion} with {@link google.cloud.kms.v1.CryptoKey.purpose|CryptoKey.purpose} + * Signs data using a {@link google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion} + * with {@link google.cloud.kms.v1.CryptoKey.purpose|CryptoKey.purpose} * ASYMMETRIC_SIGN, producing a signature that can be verified with the public - * key retrieved from {@link google.cloud.kms.v1.KeyManagementService.GetPublicKey|GetPublicKey}. + * key retrieved from + * {@link google.cloud.kms.v1.KeyManagementService.GetPublicKey|GetPublicKey}. * * @param {Object} request * The request object that will be sent. * @param {string} request.name - * Required. The resource name of the {@link google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion} to use for signing. + * Required. The resource name of the + * {@link google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion} to use for + * signing. * @param {google.cloud.kms.v1.Digest} [request.digest] * Optional. The digest of the data to sign. The digest must be produced with * the same digest algorithm as specified by the key version's * {@link google.cloud.kms.v1.CryptoKeyVersion.algorithm|algorithm}. + * + * This field may not be supplied if + * {@link google.cloud.kms.v1.AsymmetricSignRequest.data|AsymmetricSignRequest.data} + * is supplied. * @param {google.protobuf.Int64Value} [request.digestCrc32c] - * Optional. An optional CRC32C checksum of the {@link google.cloud.kms.v1.AsymmetricSignRequest.digest|AsymmetricSignRequest.digest}. If - * specified, {@link google.cloud.kms.v1.KeyManagementService|KeyManagementService} will verify the integrity of the - * received {@link google.cloud.kms.v1.AsymmetricSignRequest.digest|AsymmetricSignRequest.digest} using this checksum. - * {@link google.cloud.kms.v1.KeyManagementService|KeyManagementService} will report an error if the checksum verification - * fails. If you receive a checksum error, your client should verify that - * CRC32C({@link google.cloud.kms.v1.AsymmetricSignRequest.digest|AsymmetricSignRequest.digest}) is equal to - * {@link google.cloud.kms.v1.AsymmetricSignRequest.digest_crc32c|AsymmetricSignRequest.digest_crc32c}, and if so, perform a limited - * number of retries. A persistent mismatch may indicate an issue in your - * computation of the CRC32C checksum. - * Note: This field is defined as int64 for reasons of compatibility across - * different languages. However, it is a non-negative integer, which will - * never exceed 2^32-1, and can be safely downconverted to uint32 in languages - * that support this type. + * Optional. An optional CRC32C checksum of the + * {@link google.cloud.kms.v1.AsymmetricSignRequest.digest|AsymmetricSignRequest.digest}. + * If specified, + * {@link google.cloud.kms.v1.KeyManagementService|KeyManagementService} will + * verify the integrity of the received + * {@link google.cloud.kms.v1.AsymmetricSignRequest.digest|AsymmetricSignRequest.digest} + * using this checksum. + * {@link google.cloud.kms.v1.KeyManagementService|KeyManagementService} will + * report an error if the checksum verification fails. If you receive a + * checksum error, your client should verify that + * CRC32C({@link google.cloud.kms.v1.AsymmetricSignRequest.digest|AsymmetricSignRequest.digest}) + * is equal to + * {@link google.cloud.kms.v1.AsymmetricSignRequest.digest_crc32c|AsymmetricSignRequest.digest_crc32c}, + * and if so, perform a limited number of retries. A persistent mismatch may + * indicate an issue in your computation of the CRC32C checksum. Note: This + * field is defined as int64 for reasons of compatibility across different + * languages. However, it is a non-negative integer, which will never exceed + * 2^32-1, and can be safely downconverted to uint32 in languages that support + * this type. * @param {Buffer} [request.data] - * Optional. This field will only be honored for RAW_PKCS1 keys. - * The data to sign. A digest is computed over the data that will be signed, - * PKCS #1 padding is applied to the digest directly and then encrypted. + * Optional. The data to sign. + * It can't be supplied if + * {@link google.cloud.kms.v1.AsymmetricSignRequest.digest|AsymmetricSignRequest.digest} + * is supplied. * @param {google.protobuf.Int64Value} [request.dataCrc32c] - * Optional. An optional CRC32C checksum of the {@link google.cloud.kms.v1.AsymmetricSignRequest.data|AsymmetricSignRequest.data}. If - * specified, {@link google.cloud.kms.v1.KeyManagementService|KeyManagementService} will verify the integrity of the - * received {@link google.cloud.kms.v1.AsymmetricSignRequest.data|AsymmetricSignRequest.data} using this checksum. - * {@link google.cloud.kms.v1.KeyManagementService|KeyManagementService} will report an error if the checksum verification - * fails. If you receive a checksum error, your client should verify that - * CRC32C({@link google.cloud.kms.v1.AsymmetricSignRequest.data|AsymmetricSignRequest.data}) is equal to - * {@link google.cloud.kms.v1.AsymmetricSignRequest.data_crc32c|AsymmetricSignRequest.data_crc32c}, and if so, perform a limited - * number of retries. A persistent mismatch may indicate an issue in your - * computation of the CRC32C checksum. - * Note: This field is defined as int64 for reasons of compatibility across - * different languages. However, it is a non-negative integer, which will - * never exceed 2^32-1, and can be safely downconverted to uint32 in languages - * that support this type. + * Optional. An optional CRC32C checksum of the + * {@link google.cloud.kms.v1.AsymmetricSignRequest.data|AsymmetricSignRequest.data}. + * If specified, + * {@link google.cloud.kms.v1.KeyManagementService|KeyManagementService} will + * verify the integrity of the received + * {@link google.cloud.kms.v1.AsymmetricSignRequest.data|AsymmetricSignRequest.data} + * using this checksum. + * {@link google.cloud.kms.v1.KeyManagementService|KeyManagementService} will + * report an error if the checksum verification fails. If you receive a + * checksum error, your client should verify that + * CRC32C({@link google.cloud.kms.v1.AsymmetricSignRequest.data|AsymmetricSignRequest.data}) + * is equal to + * {@link google.cloud.kms.v1.AsymmetricSignRequest.data_crc32c|AsymmetricSignRequest.data_crc32c}, + * and if so, perform a limited number of retries. A persistent mismatch may + * indicate an issue in your computation of the CRC32C checksum. Note: This + * field is defined as int64 for reasons of compatibility across different + * languages. However, it is a non-negative integer, which will never exceed + * 2^32-1, and can be safely downconverted to uint32 in languages that support + * this type. * @param {object} [options] * Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html|CallOptions} for more details. * @returns {Promise} - The promise which resolves to an array. @@ -2222,31 +2333,41 @@ export class KeyManagementServiceClient { } /** * Decrypts data that was encrypted with a public key retrieved from - * {@link google.cloud.kms.v1.KeyManagementService.GetPublicKey|GetPublicKey} corresponding to a {@link google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion} with - * {@link google.cloud.kms.v1.CryptoKey.purpose|CryptoKey.purpose} ASYMMETRIC_DECRYPT. + * {@link google.cloud.kms.v1.KeyManagementService.GetPublicKey|GetPublicKey} + * corresponding to a {@link google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion} + * with {@link google.cloud.kms.v1.CryptoKey.purpose|CryptoKey.purpose} + * ASYMMETRIC_DECRYPT. * * @param {Object} request * The request object that will be sent. * @param {string} request.name - * Required. The resource name of the {@link google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion} to use for + * Required. The resource name of the + * {@link google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion} to use for * decryption. * @param {Buffer} request.ciphertext - * Required. The data encrypted with the named {@link google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion}'s public - * key using OAEP. + * Required. The data encrypted with the named + * {@link google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion}'s public key using + * OAEP. * @param {google.protobuf.Int64Value} [request.ciphertextCrc32c] - * Optional. An optional CRC32C checksum of the {@link google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext|AsymmetricDecryptRequest.ciphertext}. - * If specified, {@link google.cloud.kms.v1.KeyManagementService|KeyManagementService} will verify the integrity of the - * received {@link google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext|AsymmetricDecryptRequest.ciphertext} using this checksum. - * {@link google.cloud.kms.v1.KeyManagementService|KeyManagementService} will report an error if the checksum verification - * fails. If you receive a checksum error, your client should verify that - * CRC32C({@link google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext|AsymmetricDecryptRequest.ciphertext}) is equal to - * {@link google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext_crc32c|AsymmetricDecryptRequest.ciphertext_crc32c}, and if so, perform a - * limited number of retries. A persistent mismatch may indicate an issue in - * your computation of the CRC32C checksum. - * Note: This field is defined as int64 for reasons of compatibility across - * different languages. However, it is a non-negative integer, which will - * never exceed 2^32-1, and can be safely downconverted to uint32 in languages - * that support this type. + * Optional. An optional CRC32C checksum of the + * {@link google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext|AsymmetricDecryptRequest.ciphertext}. + * If specified, + * {@link google.cloud.kms.v1.KeyManagementService|KeyManagementService} will + * verify the integrity of the received + * {@link google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext|AsymmetricDecryptRequest.ciphertext} + * using this checksum. + * {@link google.cloud.kms.v1.KeyManagementService|KeyManagementService} will + * report an error if the checksum verification fails. If you receive a + * checksum error, your client should verify that + * CRC32C({@link google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext|AsymmetricDecryptRequest.ciphertext}) + * is equal to + * {@link google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext_crc32c|AsymmetricDecryptRequest.ciphertext_crc32c}, + * and if so, perform a limited number of retries. A persistent mismatch may + * indicate an issue in your computation of the CRC32C checksum. Note: This + * field is defined as int64 for reasons of compatibility across different + * languages. However, it is a non-negative integer, which will never exceed + * 2^32-1, and can be safely downconverted to uint32 in languages that support + * this type. * @param {object} [options] * Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html|CallOptions} for more details. * @returns {Promise} - The promise which resolves to an array. @@ -2326,31 +2447,37 @@ export class KeyManagementServiceClient { return this.innerApiCalls.asymmetricDecrypt(request, options, callback); } /** - * Signs data using a {@link google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion} with {@link google.cloud.kms.v1.CryptoKey.purpose|CryptoKey.purpose} - * MAC, producing a tag that can be verified by another source with the - * same key. + * Signs data using a {@link google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion} + * with {@link google.cloud.kms.v1.CryptoKey.purpose|CryptoKey.purpose} MAC, + * producing a tag that can be verified by another source with the same key. * * @param {Object} request * The request object that will be sent. * @param {string} request.name - * Required. The resource name of the {@link google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion} to use for signing. + * Required. The resource name of the + * {@link google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion} to use for + * signing. * @param {Buffer} request.data - * Required. The data to sign. The MAC tag is computed over this data field based on - * the specific algorithm. + * Required. The data to sign. The MAC tag is computed over this data field + * based on the specific algorithm. * @param {google.protobuf.Int64Value} [request.dataCrc32c] - * Optional. An optional CRC32C checksum of the {@link google.cloud.kms.v1.MacSignRequest.data|MacSignRequest.data}. If - * specified, {@link google.cloud.kms.v1.KeyManagementService|KeyManagementService} will verify the integrity of the - * received {@link google.cloud.kms.v1.MacSignRequest.data|MacSignRequest.data} using this checksum. - * {@link google.cloud.kms.v1.KeyManagementService|KeyManagementService} will report an error if the checksum verification - * fails. If you receive a checksum error, your client should verify that - * CRC32C({@link google.cloud.kms.v1.MacSignRequest.data|MacSignRequest.data}) is equal to - * {@link google.cloud.kms.v1.MacSignRequest.data_crc32c|MacSignRequest.data_crc32c}, and if so, perform a limited - * number of retries. A persistent mismatch may indicate an issue in your - * computation of the CRC32C checksum. - * Note: This field is defined as int64 for reasons of compatibility across - * different languages. However, it is a non-negative integer, which will - * never exceed 2^32-1, and can be safely downconverted to uint32 in languages - * that support this type. + * Optional. An optional CRC32C checksum of the + * {@link google.cloud.kms.v1.MacSignRequest.data|MacSignRequest.data}. If + * specified, {@link google.cloud.kms.v1.KeyManagementService|KeyManagementService} + * will verify the integrity of the received + * {@link google.cloud.kms.v1.MacSignRequest.data|MacSignRequest.data} using this + * checksum. {@link google.cloud.kms.v1.KeyManagementService|KeyManagementService} + * will report an error if the checksum verification fails. If you receive a + * checksum error, your client should verify that + * CRC32C({@link google.cloud.kms.v1.MacSignRequest.data|MacSignRequest.data}) is + * equal to + * {@link google.cloud.kms.v1.MacSignRequest.data_crc32c|MacSignRequest.data_crc32c}, + * and if so, perform a limited number of retries. A persistent mismatch may + * indicate an issue in your computation of the CRC32C checksum. Note: This + * field is defined as int64 for reasons of compatibility across different + * languages. However, it is a non-negative integer, which will never exceed + * 2^32-1, and can be safely downconverted to uint32 in languages that support + * this type. * @param {object} [options] * Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html|CallOptions} for more details. * @returns {Promise} - The promise which resolves to an array. @@ -2428,47 +2555,59 @@ export class KeyManagementServiceClient { return this.innerApiCalls.macSign(request, options, callback); } /** - * Verifies MAC tag using a {@link google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion} with {@link google.cloud.kms.v1.CryptoKey.purpose|CryptoKey.purpose} - * MAC, and returns a response that indicates whether or not the verification - * was successful. + * Verifies MAC tag using a + * {@link google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion} with + * {@link google.cloud.kms.v1.CryptoKey.purpose|CryptoKey.purpose} MAC, and returns + * a response that indicates whether or not the verification was successful. * * @param {Object} request * The request object that will be sent. * @param {string} request.name - * Required. The resource name of the {@link google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion} to use for verification. + * Required. The resource name of the + * {@link google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion} to use for + * verification. * @param {Buffer} request.data - * Required. The data used previously as a {@link google.cloud.kms.v1.MacSignRequest.data|MacSignRequest.data} to generate the MAC - * tag. + * Required. The data used previously as a + * {@link google.cloud.kms.v1.MacSignRequest.data|MacSignRequest.data} to generate + * the MAC tag. * @param {google.protobuf.Int64Value} [request.dataCrc32c] - * Optional. An optional CRC32C checksum of the {@link google.cloud.kms.v1.MacVerifyRequest.data|MacVerifyRequest.data}. If - * specified, {@link google.cloud.kms.v1.KeyManagementService|KeyManagementService} will verify the integrity of the - * received {@link google.cloud.kms.v1.MacVerifyRequest.data|MacVerifyRequest.data} using this checksum. - * {@link google.cloud.kms.v1.KeyManagementService|KeyManagementService} will report an error if the checksum verification - * fails. If you receive a checksum error, your client should verify that - * CRC32C({@link google.cloud.kms.v1.MacVerifyRequest.data|MacVerifyRequest.data}) is equal to - * {@link google.cloud.kms.v1.MacVerifyRequest.data_crc32c|MacVerifyRequest.data_crc32c}, and if so, perform a limited - * number of retries. A persistent mismatch may indicate an issue in your - * computation of the CRC32C checksum. - * Note: This field is defined as int64 for reasons of compatibility across - * different languages. However, it is a non-negative integer, which will - * never exceed 2^32-1, and can be safely downconverted to uint32 in languages - * that support this type. + * Optional. An optional CRC32C checksum of the + * {@link google.cloud.kms.v1.MacVerifyRequest.data|MacVerifyRequest.data}. If + * specified, {@link google.cloud.kms.v1.KeyManagementService|KeyManagementService} + * will verify the integrity of the received + * {@link google.cloud.kms.v1.MacVerifyRequest.data|MacVerifyRequest.data} using + * this checksum. + * {@link google.cloud.kms.v1.KeyManagementService|KeyManagementService} will + * report an error if the checksum verification fails. If you receive a + * checksum error, your client should verify that + * CRC32C({@link google.cloud.kms.v1.MacVerifyRequest.data|MacVerifyRequest.data}) + * is equal to + * {@link google.cloud.kms.v1.MacVerifyRequest.data_crc32c|MacVerifyRequest.data_crc32c}, + * and if so, perform a limited number of retries. A persistent mismatch may + * indicate an issue in your computation of the CRC32C checksum. Note: This + * field is defined as int64 for reasons of compatibility across different + * languages. However, it is a non-negative integer, which will never exceed + * 2^32-1, and can be safely downconverted to uint32 in languages that support + * this type. * @param {Buffer} request.mac * Required. The signature to verify. * @param {google.protobuf.Int64Value} [request.macCrc32c] - * Optional. An optional CRC32C checksum of the {@link google.cloud.kms.v1.MacVerifyRequest.mac|MacVerifyRequest.mac}. If - * specified, {@link google.cloud.kms.v1.KeyManagementService|KeyManagementService} will verify the integrity of the - * received {@link google.cloud.kms.v1.MacVerifyRequest.mac|MacVerifyRequest.mac} using this checksum. - * {@link google.cloud.kms.v1.KeyManagementService|KeyManagementService} will report an error if the checksum verification - * fails. If you receive a checksum error, your client should verify that + * Optional. An optional CRC32C checksum of the + * {@link google.cloud.kms.v1.MacVerifyRequest.mac|MacVerifyRequest.mac}. If + * specified, {@link google.cloud.kms.v1.KeyManagementService|KeyManagementService} + * will verify the integrity of the received + * {@link google.cloud.kms.v1.MacVerifyRequest.mac|MacVerifyRequest.mac} using this + * checksum. {@link google.cloud.kms.v1.KeyManagementService|KeyManagementService} + * will report an error if the checksum verification fails. If you receive a + * checksum error, your client should verify that * CRC32C({@link |MacVerifyRequest.tag}) is equal to - * {@link google.cloud.kms.v1.MacVerifyRequest.mac_crc32c|MacVerifyRequest.mac_crc32c}, and if so, perform a limited - * number of retries. A persistent mismatch may indicate an issue in your - * computation of the CRC32C checksum. - * Note: This field is defined as int64 for reasons of compatibility across - * different languages. However, it is a non-negative integer, which will - * never exceed 2^32-1, and can be safely downconverted to uint32 in languages - * that support this type. + * {@link google.cloud.kms.v1.MacVerifyRequest.mac_crc32c|MacVerifyRequest.mac_crc32c}, + * and if so, perform a limited number of retries. A persistent mismatch may + * indicate an issue in your computation of the CRC32C checksum. Note: This + * field is defined as int64 for reasons of compatibility across different + * languages. However, it is a non-negative integer, which will never exceed + * 2^32-1, and can be safely downconverted to uint32 in languages that support + * this type. * @param {object} [options] * Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html|CallOptions} for more details. * @returns {Promise} - The promise which resolves to an array. @@ -2558,8 +2697,10 @@ export class KeyManagementServiceClient { * The length in bytes of the amount of randomness to retrieve. Minimum 8 * bytes, maximum 1024 bytes. * @param {google.cloud.kms.v1.ProtectionLevel} request.protectionLevel - * The {@link google.cloud.kms.v1.ProtectionLevel|ProtectionLevel} to use when generating the random data. Defaults to - * {@link google.cloud.kms.v1.ProtectionLevel.SOFTWARE|SOFTWARE}. + * The {@link google.cloud.kms.v1.ProtectionLevel|ProtectionLevel} to use when + * generating the random data. Currently, only + * {@link google.cloud.kms.v1.ProtectionLevel.HSM|HSM} protection level is + * supported. * @param {object} [options] * Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html|CallOptions} for more details. * @returns {Promise} - The promise which resolves to an array. @@ -2646,12 +2787,16 @@ export class KeyManagementServiceClient { * The request object that will be sent. * @param {string} request.parent * Required. The resource name of the location associated with the - * {@link google.cloud.kms.v1.KeyRing|KeyRings}, in the format `projects/* /locations/*`. + * {@link google.cloud.kms.v1.KeyRing|KeyRings}, in the format + * `projects/* /locations/*`. * @param {number} [request.pageSize] - * Optional. Optional limit on the number of {@link google.cloud.kms.v1.KeyRing|KeyRings} to include in the - * response. Further {@link google.cloud.kms.v1.KeyRing|KeyRings} can subsequently be obtained by - * including the {@link google.cloud.kms.v1.ListKeyRingsResponse.next_page_token|ListKeyRingsResponse.next_page_token} in a subsequent - * request. If unspecified, the server will pick an appropriate default. + * Optional. Optional limit on the number of + * {@link google.cloud.kms.v1.KeyRing|KeyRings} to include in the response. Further + * {@link google.cloud.kms.v1.KeyRing|KeyRings} can subsequently be obtained by + * including the + * {@link google.cloud.kms.v1.ListKeyRingsResponse.next_page_token|ListKeyRingsResponse.next_page_token} + * in a subsequent request. If unspecified, the server will pick an + * appropriate default. * @param {string} [request.pageToken] * Optional. Optional pagination token, returned earlier via * {@link google.cloud.kms.v1.ListKeyRingsResponse.next_page_token|ListKeyRingsResponse.next_page_token}. @@ -2751,12 +2896,16 @@ export class KeyManagementServiceClient { * The request object that will be sent. * @param {string} request.parent * Required. The resource name of the location associated with the - * {@link google.cloud.kms.v1.KeyRing|KeyRings}, in the format `projects/* /locations/*`. + * {@link google.cloud.kms.v1.KeyRing|KeyRings}, in the format + * `projects/* /locations/*`. * @param {number} [request.pageSize] - * Optional. Optional limit on the number of {@link google.cloud.kms.v1.KeyRing|KeyRings} to include in the - * response. Further {@link google.cloud.kms.v1.KeyRing|KeyRings} can subsequently be obtained by - * including the {@link google.cloud.kms.v1.ListKeyRingsResponse.next_page_token|ListKeyRingsResponse.next_page_token} in a subsequent - * request. If unspecified, the server will pick an appropriate default. + * Optional. Optional limit on the number of + * {@link google.cloud.kms.v1.KeyRing|KeyRings} to include in the response. Further + * {@link google.cloud.kms.v1.KeyRing|KeyRings} can subsequently be obtained by + * including the + * {@link google.cloud.kms.v1.ListKeyRingsResponse.next_page_token|ListKeyRingsResponse.next_page_token} + * in a subsequent request. If unspecified, the server will pick an + * appropriate default. * @param {string} [request.pageToken] * Optional. Optional pagination token, returned earlier via * {@link google.cloud.kms.v1.ListKeyRingsResponse.next_page_token|ListKeyRingsResponse.next_page_token}. @@ -2812,12 +2961,16 @@ export class KeyManagementServiceClient { * The request object that will be sent. * @param {string} request.parent * Required. The resource name of the location associated with the - * {@link google.cloud.kms.v1.KeyRing|KeyRings}, in the format `projects/* /locations/*`. + * {@link google.cloud.kms.v1.KeyRing|KeyRings}, in the format + * `projects/* /locations/*`. * @param {number} [request.pageSize] - * Optional. Optional limit on the number of {@link google.cloud.kms.v1.KeyRing|KeyRings} to include in the - * response. Further {@link google.cloud.kms.v1.KeyRing|KeyRings} can subsequently be obtained by - * including the {@link google.cloud.kms.v1.ListKeyRingsResponse.next_page_token|ListKeyRingsResponse.next_page_token} in a subsequent - * request. If unspecified, the server will pick an appropriate default. + * Optional. Optional limit on the number of + * {@link google.cloud.kms.v1.KeyRing|KeyRings} to include in the response. Further + * {@link google.cloud.kms.v1.KeyRing|KeyRings} can subsequently be obtained by + * including the + * {@link google.cloud.kms.v1.ListKeyRingsResponse.next_page_token|ListKeyRingsResponse.next_page_token} + * in a subsequent request. If unspecified, the server will pick an + * appropriate default. * @param {string} [request.pageToken] * Optional. Optional pagination token, returned earlier via * {@link google.cloud.kms.v1.ListKeyRingsResponse.next_page_token|ListKeyRingsResponse.next_page_token}. @@ -2871,13 +3024,16 @@ export class KeyManagementServiceClient { * @param {Object} request * The request object that will be sent. * @param {string} request.parent - * Required. The resource name of the {@link google.cloud.kms.v1.KeyRing|KeyRing} to list, in the format - * `projects/* /locations/* /keyRings/*`. + * Required. The resource name of the {@link google.cloud.kms.v1.KeyRing|KeyRing} + * to list, in the format `projects/* /locations/* /keyRings/*`. * @param {number} [request.pageSize] - * Optional. Optional limit on the number of {@link google.cloud.kms.v1.CryptoKey|CryptoKeys} to include in the - * response. Further {@link google.cloud.kms.v1.CryptoKey|CryptoKeys} can subsequently be obtained by - * including the {@link google.cloud.kms.v1.ListCryptoKeysResponse.next_page_token|ListCryptoKeysResponse.next_page_token} in a subsequent - * request. If unspecified, the server will pick an appropriate default. + * Optional. Optional limit on the number of + * {@link google.cloud.kms.v1.CryptoKey|CryptoKeys} to include in the response. + * Further {@link google.cloud.kms.v1.CryptoKey|CryptoKeys} can subsequently be + * obtained by including the + * {@link google.cloud.kms.v1.ListCryptoKeysResponse.next_page_token|ListCryptoKeysResponse.next_page_token} + * in a subsequent request. If unspecified, the server will pick an + * appropriate default. * @param {string} [request.pageToken] * Optional. Optional pagination token, returned earlier via * {@link google.cloud.kms.v1.ListCryptoKeysResponse.next_page_token|ListCryptoKeysResponse.next_page_token}. @@ -2978,13 +3134,16 @@ export class KeyManagementServiceClient { * @param {Object} request * The request object that will be sent. * @param {string} request.parent - * Required. The resource name of the {@link google.cloud.kms.v1.KeyRing|KeyRing} to list, in the format - * `projects/* /locations/* /keyRings/*`. + * Required. The resource name of the {@link google.cloud.kms.v1.KeyRing|KeyRing} + * to list, in the format `projects/* /locations/* /keyRings/*`. * @param {number} [request.pageSize] - * Optional. Optional limit on the number of {@link google.cloud.kms.v1.CryptoKey|CryptoKeys} to include in the - * response. Further {@link google.cloud.kms.v1.CryptoKey|CryptoKeys} can subsequently be obtained by - * including the {@link google.cloud.kms.v1.ListCryptoKeysResponse.next_page_token|ListCryptoKeysResponse.next_page_token} in a subsequent - * request. If unspecified, the server will pick an appropriate default. + * Optional. Optional limit on the number of + * {@link google.cloud.kms.v1.CryptoKey|CryptoKeys} to include in the response. + * Further {@link google.cloud.kms.v1.CryptoKey|CryptoKeys} can subsequently be + * obtained by including the + * {@link google.cloud.kms.v1.ListCryptoKeysResponse.next_page_token|ListCryptoKeysResponse.next_page_token} + * in a subsequent request. If unspecified, the server will pick an + * appropriate default. * @param {string} [request.pageToken] * Optional. Optional pagination token, returned earlier via * {@link google.cloud.kms.v1.ListCryptoKeysResponse.next_page_token|ListCryptoKeysResponse.next_page_token}. @@ -3041,13 +3200,16 @@ export class KeyManagementServiceClient { * @param {Object} request * The request object that will be sent. * @param {string} request.parent - * Required. The resource name of the {@link google.cloud.kms.v1.KeyRing|KeyRing} to list, in the format - * `projects/* /locations/* /keyRings/*`. + * Required. The resource name of the {@link google.cloud.kms.v1.KeyRing|KeyRing} + * to list, in the format `projects/* /locations/* /keyRings/*`. * @param {number} [request.pageSize] - * Optional. Optional limit on the number of {@link google.cloud.kms.v1.CryptoKey|CryptoKeys} to include in the - * response. Further {@link google.cloud.kms.v1.CryptoKey|CryptoKeys} can subsequently be obtained by - * including the {@link google.cloud.kms.v1.ListCryptoKeysResponse.next_page_token|ListCryptoKeysResponse.next_page_token} in a subsequent - * request. If unspecified, the server will pick an appropriate default. + * Optional. Optional limit on the number of + * {@link google.cloud.kms.v1.CryptoKey|CryptoKeys} to include in the response. + * Further {@link google.cloud.kms.v1.CryptoKey|CryptoKeys} can subsequently be + * obtained by including the + * {@link google.cloud.kms.v1.ListCryptoKeysResponse.next_page_token|ListCryptoKeysResponse.next_page_token} + * in a subsequent request. If unspecified, the server will pick an + * appropriate default. * @param {string} [request.pageToken] * Optional. Optional pagination token, returned earlier via * {@link google.cloud.kms.v1.ListCryptoKeysResponse.next_page_token|ListCryptoKeysResponse.next_page_token}. @@ -3103,14 +3265,17 @@ export class KeyManagementServiceClient { * @param {Object} request * The request object that will be sent. * @param {string} request.parent - * Required. The resource name of the {@link google.cloud.kms.v1.CryptoKey|CryptoKey} to list, in the format + * Required. The resource name of the + * {@link google.cloud.kms.v1.CryptoKey|CryptoKey} to list, in the format * `projects/* /locations/* /keyRings/* /cryptoKeys/*`. * @param {number} [request.pageSize] - * Optional. Optional limit on the number of {@link google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersions} to - * include in the response. Further {@link google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersions} can - * subsequently be obtained by including the - * {@link google.cloud.kms.v1.ListCryptoKeyVersionsResponse.next_page_token|ListCryptoKeyVersionsResponse.next_page_token} in a subsequent request. - * If unspecified, the server will pick an appropriate default. + * Optional. Optional limit on the number of + * {@link google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersions} to include in the + * response. Further {@link google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersions} + * can subsequently be obtained by including the + * {@link google.cloud.kms.v1.ListCryptoKeyVersionsResponse.next_page_token|ListCryptoKeyVersionsResponse.next_page_token} + * in a subsequent request. If unspecified, the server will pick an + * appropriate default. * @param {string} [request.pageToken] * Optional. Optional pagination token, returned earlier via * {@link google.cloud.kms.v1.ListCryptoKeyVersionsResponse.next_page_token|ListCryptoKeyVersionsResponse.next_page_token}. @@ -3219,14 +3384,17 @@ export class KeyManagementServiceClient { * @param {Object} request * The request object that will be sent. * @param {string} request.parent - * Required. The resource name of the {@link google.cloud.kms.v1.CryptoKey|CryptoKey} to list, in the format + * Required. The resource name of the + * {@link google.cloud.kms.v1.CryptoKey|CryptoKey} to list, in the format * `projects/* /locations/* /keyRings/* /cryptoKeys/*`. * @param {number} [request.pageSize] - * Optional. Optional limit on the number of {@link google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersions} to - * include in the response. Further {@link google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersions} can - * subsequently be obtained by including the - * {@link google.cloud.kms.v1.ListCryptoKeyVersionsResponse.next_page_token|ListCryptoKeyVersionsResponse.next_page_token} in a subsequent request. - * If unspecified, the server will pick an appropriate default. + * Optional. Optional limit on the number of + * {@link google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersions} to include in the + * response. Further {@link google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersions} + * can subsequently be obtained by including the + * {@link google.cloud.kms.v1.ListCryptoKeyVersionsResponse.next_page_token|ListCryptoKeyVersionsResponse.next_page_token} + * in a subsequent request. If unspecified, the server will pick an + * appropriate default. * @param {string} [request.pageToken] * Optional. Optional pagination token, returned earlier via * {@link google.cloud.kms.v1.ListCryptoKeyVersionsResponse.next_page_token|ListCryptoKeyVersionsResponse.next_page_token}. @@ -3283,14 +3451,17 @@ export class KeyManagementServiceClient { * @param {Object} request * The request object that will be sent. * @param {string} request.parent - * Required. The resource name of the {@link google.cloud.kms.v1.CryptoKey|CryptoKey} to list, in the format + * Required. The resource name of the + * {@link google.cloud.kms.v1.CryptoKey|CryptoKey} to list, in the format * `projects/* /locations/* /keyRings/* /cryptoKeys/*`. * @param {number} [request.pageSize] - * Optional. Optional limit on the number of {@link google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersions} to - * include in the response. Further {@link google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersions} can - * subsequently be obtained by including the - * {@link google.cloud.kms.v1.ListCryptoKeyVersionsResponse.next_page_token|ListCryptoKeyVersionsResponse.next_page_token} in a subsequent request. - * If unspecified, the server will pick an appropriate default. + * Optional. Optional limit on the number of + * {@link google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersions} to include in the + * response. Further {@link google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersions} + * can subsequently be obtained by including the + * {@link google.cloud.kms.v1.ListCryptoKeyVersionsResponse.next_page_token|ListCryptoKeyVersionsResponse.next_page_token} + * in a subsequent request. If unspecified, the server will pick an + * appropriate default. * @param {string} [request.pageToken] * Optional. Optional pagination token, returned earlier via * {@link google.cloud.kms.v1.ListCryptoKeyVersionsResponse.next_page_token|ListCryptoKeyVersionsResponse.next_page_token}. @@ -3346,13 +3517,16 @@ export class KeyManagementServiceClient { * @param {Object} request * The request object that will be sent. * @param {string} request.parent - * Required. The resource name of the {@link google.cloud.kms.v1.KeyRing|KeyRing} to list, in the format - * `projects/* /locations/* /keyRings/*`. + * Required. The resource name of the {@link google.cloud.kms.v1.KeyRing|KeyRing} + * to list, in the format `projects/* /locations/* /keyRings/*`. * @param {number} [request.pageSize] - * Optional. Optional limit on the number of {@link google.cloud.kms.v1.ImportJob|ImportJobs} to include in the - * response. Further {@link google.cloud.kms.v1.ImportJob|ImportJobs} can subsequently be obtained by - * including the {@link google.cloud.kms.v1.ListImportJobsResponse.next_page_token|ListImportJobsResponse.next_page_token} in a subsequent - * request. If unspecified, the server will pick an appropriate default. + * Optional. Optional limit on the number of + * {@link google.cloud.kms.v1.ImportJob|ImportJobs} to include in the response. + * Further {@link google.cloud.kms.v1.ImportJob|ImportJobs} can subsequently be + * obtained by including the + * {@link google.cloud.kms.v1.ListImportJobsResponse.next_page_token|ListImportJobsResponse.next_page_token} + * in a subsequent request. If unspecified, the server will pick an + * appropriate default. * @param {string} [request.pageToken] * Optional. Optional pagination token, returned earlier via * {@link google.cloud.kms.v1.ListImportJobsResponse.next_page_token|ListImportJobsResponse.next_page_token}. @@ -3451,13 +3625,16 @@ export class KeyManagementServiceClient { * @param {Object} request * The request object that will be sent. * @param {string} request.parent - * Required. The resource name of the {@link google.cloud.kms.v1.KeyRing|KeyRing} to list, in the format - * `projects/* /locations/* /keyRings/*`. + * Required. The resource name of the {@link google.cloud.kms.v1.KeyRing|KeyRing} + * to list, in the format `projects/* /locations/* /keyRings/*`. * @param {number} [request.pageSize] - * Optional. Optional limit on the number of {@link google.cloud.kms.v1.ImportJob|ImportJobs} to include in the - * response. Further {@link google.cloud.kms.v1.ImportJob|ImportJobs} can subsequently be obtained by - * including the {@link google.cloud.kms.v1.ListImportJobsResponse.next_page_token|ListImportJobsResponse.next_page_token} in a subsequent - * request. If unspecified, the server will pick an appropriate default. + * Optional. Optional limit on the number of + * {@link google.cloud.kms.v1.ImportJob|ImportJobs} to include in the response. + * Further {@link google.cloud.kms.v1.ImportJob|ImportJobs} can subsequently be + * obtained by including the + * {@link google.cloud.kms.v1.ListImportJobsResponse.next_page_token|ListImportJobsResponse.next_page_token} + * in a subsequent request. If unspecified, the server will pick an + * appropriate default. * @param {string} [request.pageToken] * Optional. Optional pagination token, returned earlier via * {@link google.cloud.kms.v1.ListImportJobsResponse.next_page_token|ListImportJobsResponse.next_page_token}. @@ -3512,13 +3689,16 @@ export class KeyManagementServiceClient { * @param {Object} request * The request object that will be sent. * @param {string} request.parent - * Required. The resource name of the {@link google.cloud.kms.v1.KeyRing|KeyRing} to list, in the format - * `projects/* /locations/* /keyRings/*`. + * Required. The resource name of the {@link google.cloud.kms.v1.KeyRing|KeyRing} + * to list, in the format `projects/* /locations/* /keyRings/*`. * @param {number} [request.pageSize] - * Optional. Optional limit on the number of {@link google.cloud.kms.v1.ImportJob|ImportJobs} to include in the - * response. Further {@link google.cloud.kms.v1.ImportJob|ImportJobs} can subsequently be obtained by - * including the {@link google.cloud.kms.v1.ListImportJobsResponse.next_page_token|ListImportJobsResponse.next_page_token} in a subsequent - * request. If unspecified, the server will pick an appropriate default. + * Optional. Optional limit on the number of + * {@link google.cloud.kms.v1.ImportJob|ImportJobs} to include in the response. + * Further {@link google.cloud.kms.v1.ImportJob|ImportJobs} can subsequently be + * obtained by including the + * {@link google.cloud.kms.v1.ListImportJobsResponse.next_page_token|ListImportJobsResponse.next_page_token} + * in a subsequent request. If unspecified, the server will pick an + * appropriate default. * @param {string} [request.pageToken] * Optional. Optional pagination token, returned earlier via * {@link google.cloud.kms.v1.ListImportJobsResponse.next_page_token|ListImportJobsResponse.next_page_token}. @@ -3872,6 +4052,58 @@ export class KeyManagementServiceClient { ).crypto_key_version; } + /** + * Return a fully-qualified ekmConnection resource name string. + * + * @param {string} project + * @param {string} location + * @param {string} ekm_connection + * @returns {string} Resource name string. + */ + ekmConnectionPath(project: string, location: string, ekmConnection: string) { + return this.pathTemplates.ekmConnectionPathTemplate.render({ + project: project, + location: location, + ekm_connection: ekmConnection, + }); + } + + /** + * Parse the project from EkmConnection resource. + * + * @param {string} ekmConnectionName + * A fully-qualified path representing EkmConnection resource. + * @returns {string} A string representing the project. + */ + matchProjectFromEkmConnectionName(ekmConnectionName: string) { + return this.pathTemplates.ekmConnectionPathTemplate.match(ekmConnectionName) + .project; + } + + /** + * Parse the location from EkmConnection resource. + * + * @param {string} ekmConnectionName + * A fully-qualified path representing EkmConnection resource. + * @returns {string} A string representing the location. + */ + matchLocationFromEkmConnectionName(ekmConnectionName: string) { + return this.pathTemplates.ekmConnectionPathTemplate.match(ekmConnectionName) + .location; + } + + /** + * Parse the ekm_connection from EkmConnection resource. + * + * @param {string} ekmConnectionName + * A fully-qualified path representing EkmConnection resource. + * @returns {string} A string representing the ekm_connection. + */ + matchEkmConnectionFromEkmConnectionName(ekmConnectionName: string) { + return this.pathTemplates.ekmConnectionPathTemplate.match(ekmConnectionName) + .ekm_connection; + } + /** * Return a fully-qualified importJob resource name string. * diff --git a/src/v1/key_management_service_proto_list.json b/src/v1/key_management_service_proto_list.json index b7e20599..ad57fc55 100644 --- a/src/v1/key_management_service_proto_list.json +++ b/src/v1/key_management_service_proto_list.json @@ -1,4 +1,5 @@ [ + "../../protos/google/cloud/kms/v1/ekm_service.proto", "../../protos/google/cloud/kms/v1/resources.proto", "../../protos/google/cloud/kms/v1/service.proto" ] diff --git a/system-test/fixtures/sample/src/index.js b/system-test/fixtures/sample/src/index.js index bd66bdd1..cc5a0983 100644 --- a/system-test/fixtures/sample/src/index.js +++ b/system-test/fixtures/sample/src/index.js @@ -20,6 +20,7 @@ const kms = require('@google-cloud/kms'); function main() { + const ekmServiceClient = new kms.EkmServiceClient(); const keyManagementServiceClient = new kms.KeyManagementServiceClient(); } diff --git a/system-test/fixtures/sample/src/index.ts b/system-test/fixtures/sample/src/index.ts index b894a243..afdd4f93 100644 --- a/system-test/fixtures/sample/src/index.ts +++ b/system-test/fixtures/sample/src/index.ts @@ -16,9 +16,12 @@ // ** https://github.com/googleapis/gapic-generator-typescript ** // ** All changes to this file may be overwritten. ** -import {KeyManagementServiceClient} from '@google-cloud/kms'; +import {EkmServiceClient, KeyManagementServiceClient} from '@google-cloud/kms'; // check that the client class type name can be used +function doStuffWithEkmServiceClient(client: EkmServiceClient) { + client.close(); +} function doStuffWithKeyManagementServiceClient( client: KeyManagementServiceClient ) { @@ -26,6 +29,9 @@ function doStuffWithKeyManagementServiceClient( } function main() { + // check that the client instance can be created + const ekmServiceClient = new EkmServiceClient(); + doStuffWithEkmServiceClient(ekmServiceClient); // check that the client instance can be created const keyManagementServiceClient = new KeyManagementServiceClient(); doStuffWithKeyManagementServiceClient(keyManagementServiceClient); diff --git a/test/gapic_ekm_service_v1.ts b/test/gapic_ekm_service_v1.ts new file mode 100644 index 00000000..344ea37c --- /dev/null +++ b/test/gapic_ekm_service_v1.ts @@ -0,0 +1,1650 @@ +// Copyright 2022 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// ** This file is automatically generated by gapic-generator-typescript. ** +// ** https://github.com/googleapis/gapic-generator-typescript ** +// ** All changes to this file may be overwritten. ** + +import * as protos from '../protos/protos'; +import * as assert from 'assert'; +import * as sinon from 'sinon'; +import {SinonStub} from 'sinon'; +import {describe, it} from 'mocha'; +import * as ekmserviceModule from '../src'; + +import {PassThrough} from 'stream'; + +import {protobuf, IamProtos} from 'google-gax'; + +function generateSampleMessage(instance: T) { + const filledObject = ( + instance.constructor as typeof protobuf.Message + ).toObject(instance as protobuf.Message, {defaults: true}); + return (instance.constructor as typeof protobuf.Message).fromObject( + filledObject + ) as T; +} + +function stubSimpleCall(response?: ResponseType, error?: Error) { + return error + ? sinon.stub().rejects(error) + : sinon.stub().resolves([response]); +} + +function stubSimpleCallWithCallback( + response?: ResponseType, + error?: Error +) { + return error + ? sinon.stub().callsArgWith(2, error) + : sinon.stub().callsArgWith(2, null, response); +} + +function stubPageStreamingCall( + responses?: ResponseType[], + error?: Error +) { + const pagingStub = sinon.stub(); + if (responses) { + for (let i = 0; i < responses.length; ++i) { + pagingStub.onCall(i).callsArgWith(2, null, responses[i]); + } + } + const transformStub = error + ? sinon.stub().callsArgWith(2, error) + : pagingStub; + const mockStream = new PassThrough({ + objectMode: true, + transform: transformStub, + }); + // trigger as many responses as needed + if (responses) { + for (let i = 0; i < responses.length; ++i) { + setImmediate(() => { + mockStream.write({}); + }); + } + setImmediate(() => { + mockStream.end(); + }); + } else { + setImmediate(() => { + mockStream.write({}); + }); + setImmediate(() => { + mockStream.end(); + }); + } + return sinon.stub().returns(mockStream); +} + +function stubAsyncIterationCall( + responses?: ResponseType[], + error?: Error +) { + let counter = 0; + const asyncIterable = { + [Symbol.asyncIterator]() { + return { + async next() { + if (error) { + return Promise.reject(error); + } + if (counter >= responses!.length) { + return Promise.resolve({done: true, value: undefined}); + } + return Promise.resolve({done: false, value: responses![counter++]}); + }, + }; + }, + }; + return sinon.stub().returns(asyncIterable); +} + +describe('v1.EkmServiceClient', () => { + it('has servicePath', () => { + const servicePath = ekmserviceModule.v1.EkmServiceClient.servicePath; + assert(servicePath); + }); + + it('has apiEndpoint', () => { + const apiEndpoint = ekmserviceModule.v1.EkmServiceClient.apiEndpoint; + assert(apiEndpoint); + }); + + it('has port', () => { + const port = ekmserviceModule.v1.EkmServiceClient.port; + assert(port); + assert(typeof port === 'number'); + }); + + it('should create a client with no option', () => { + const client = new ekmserviceModule.v1.EkmServiceClient(); + assert(client); + }); + + it('should create a client with gRPC fallback', () => { + const client = new ekmserviceModule.v1.EkmServiceClient({ + fallback: true, + }); + assert(client); + }); + + it('has initialize method and supports deferred initialization', async () => { + const client = new ekmserviceModule.v1.EkmServiceClient({ + credentials: {client_email: 'bogus', private_key: 'bogus'}, + projectId: 'bogus', + }); + assert.strictEqual(client.ekmServiceStub, undefined); + await client.initialize(); + assert(client.ekmServiceStub); + }); + + it('has close method', () => { + const client = new ekmserviceModule.v1.EkmServiceClient({ + credentials: {client_email: 'bogus', private_key: 'bogus'}, + projectId: 'bogus', + }); + client.close(); + }); + + it('has getProjectId method', async () => { + const fakeProjectId = 'fake-project-id'; + const client = new ekmserviceModule.v1.EkmServiceClient({ + credentials: {client_email: 'bogus', private_key: 'bogus'}, + projectId: 'bogus', + }); + client.auth.getProjectId = sinon.stub().resolves(fakeProjectId); + const result = await client.getProjectId(); + assert.strictEqual(result, fakeProjectId); + assert((client.auth.getProjectId as SinonStub).calledWithExactly()); + }); + + it('has getProjectId method with callback', async () => { + const fakeProjectId = 'fake-project-id'; + const client = new ekmserviceModule.v1.EkmServiceClient({ + credentials: {client_email: 'bogus', private_key: 'bogus'}, + projectId: 'bogus', + }); + client.auth.getProjectId = sinon + .stub() + .callsArgWith(0, null, fakeProjectId); + const promise = new Promise((resolve, reject) => { + client.getProjectId((err?: Error | null, projectId?: string | null) => { + if (err) { + reject(err); + } else { + resolve(projectId); + } + }); + }); + const result = await promise; + assert.strictEqual(result, fakeProjectId); + }); + + describe('getEkmConnection', () => { + it('invokes getEkmConnection without error', async () => { + const client = new ekmserviceModule.v1.EkmServiceClient({ + credentials: {client_email: 'bogus', private_key: 'bogus'}, + projectId: 'bogus', + }); + client.initialize(); + const request = generateSampleMessage( + new protos.google.cloud.kms.v1.GetEkmConnectionRequest() + ); + request.name = ''; + const expectedHeaderRequestParams = 'name='; + const expectedOptions = { + otherArgs: { + headers: { + 'x-goog-request-params': expectedHeaderRequestParams, + }, + }, + }; + const expectedResponse = generateSampleMessage( + new protos.google.cloud.kms.v1.EkmConnection() + ); + client.innerApiCalls.getEkmConnection = stubSimpleCall(expectedResponse); + const [response] = await client.getEkmConnection(request); + assert.deepStrictEqual(response, expectedResponse); + assert( + (client.innerApiCalls.getEkmConnection as SinonStub) + .getCall(0) + .calledWith(request, expectedOptions, undefined) + ); + }); + + it('invokes getEkmConnection without error using callback', async () => { + const client = new ekmserviceModule.v1.EkmServiceClient({ + credentials: {client_email: 'bogus', private_key: 'bogus'}, + projectId: 'bogus', + }); + client.initialize(); + const request = generateSampleMessage( + new protos.google.cloud.kms.v1.GetEkmConnectionRequest() + ); + request.name = ''; + const expectedHeaderRequestParams = 'name='; + const expectedOptions = { + otherArgs: { + headers: { + 'x-goog-request-params': expectedHeaderRequestParams, + }, + }, + }; + const expectedResponse = generateSampleMessage( + new protos.google.cloud.kms.v1.EkmConnection() + ); + client.innerApiCalls.getEkmConnection = + stubSimpleCallWithCallback(expectedResponse); + const promise = new Promise((resolve, reject) => { + client.getEkmConnection( + request, + ( + err?: Error | null, + result?: protos.google.cloud.kms.v1.IEkmConnection | null + ) => { + if (err) { + reject(err); + } else { + resolve(result); + } + } + ); + }); + const response = await promise; + assert.deepStrictEqual(response, expectedResponse); + assert( + (client.innerApiCalls.getEkmConnection as SinonStub) + .getCall(0) + .calledWith(request, expectedOptions /*, callback defined above */) + ); + }); + + it('invokes getEkmConnection with error', async () => { + const client = new ekmserviceModule.v1.EkmServiceClient({ + credentials: {client_email: 'bogus', private_key: 'bogus'}, + projectId: 'bogus', + }); + client.initialize(); + const request = generateSampleMessage( + new protos.google.cloud.kms.v1.GetEkmConnectionRequest() + ); + request.name = ''; + const expectedHeaderRequestParams = 'name='; + const expectedOptions = { + otherArgs: { + headers: { + 'x-goog-request-params': expectedHeaderRequestParams, + }, + }, + }; + const expectedError = new Error('expected'); + client.innerApiCalls.getEkmConnection = stubSimpleCall( + undefined, + expectedError + ); + await assert.rejects(client.getEkmConnection(request), expectedError); + assert( + (client.innerApiCalls.getEkmConnection as SinonStub) + .getCall(0) + .calledWith(request, expectedOptions, undefined) + ); + }); + }); + + describe('createEkmConnection', () => { + it('invokes createEkmConnection without error', async () => { + const client = new ekmserviceModule.v1.EkmServiceClient({ + credentials: {client_email: 'bogus', private_key: 'bogus'}, + projectId: 'bogus', + }); + client.initialize(); + const request = generateSampleMessage( + new protos.google.cloud.kms.v1.CreateEkmConnectionRequest() + ); + request.parent = ''; + const expectedHeaderRequestParams = 'parent='; + const expectedOptions = { + otherArgs: { + headers: { + 'x-goog-request-params': expectedHeaderRequestParams, + }, + }, + }; + const expectedResponse = generateSampleMessage( + new protos.google.cloud.kms.v1.EkmConnection() + ); + client.innerApiCalls.createEkmConnection = + stubSimpleCall(expectedResponse); + const [response] = await client.createEkmConnection(request); + assert.deepStrictEqual(response, expectedResponse); + assert( + (client.innerApiCalls.createEkmConnection as SinonStub) + .getCall(0) + .calledWith(request, expectedOptions, undefined) + ); + }); + + it('invokes createEkmConnection without error using callback', async () => { + const client = new ekmserviceModule.v1.EkmServiceClient({ + credentials: {client_email: 'bogus', private_key: 'bogus'}, + projectId: 'bogus', + }); + client.initialize(); + const request = generateSampleMessage( + new protos.google.cloud.kms.v1.CreateEkmConnectionRequest() + ); + request.parent = ''; + const expectedHeaderRequestParams = 'parent='; + const expectedOptions = { + otherArgs: { + headers: { + 'x-goog-request-params': expectedHeaderRequestParams, + }, + }, + }; + const expectedResponse = generateSampleMessage( + new protos.google.cloud.kms.v1.EkmConnection() + ); + client.innerApiCalls.createEkmConnection = + stubSimpleCallWithCallback(expectedResponse); + const promise = new Promise((resolve, reject) => { + client.createEkmConnection( + request, + ( + err?: Error | null, + result?: protos.google.cloud.kms.v1.IEkmConnection | null + ) => { + if (err) { + reject(err); + } else { + resolve(result); + } + } + ); + }); + const response = await promise; + assert.deepStrictEqual(response, expectedResponse); + assert( + (client.innerApiCalls.createEkmConnection as SinonStub) + .getCall(0) + .calledWith(request, expectedOptions /*, callback defined above */) + ); + }); + + it('invokes createEkmConnection with error', async () => { + const client = new ekmserviceModule.v1.EkmServiceClient({ + credentials: {client_email: 'bogus', private_key: 'bogus'}, + projectId: 'bogus', + }); + client.initialize(); + const request = generateSampleMessage( + new protos.google.cloud.kms.v1.CreateEkmConnectionRequest() + ); + request.parent = ''; + const expectedHeaderRequestParams = 'parent='; + const expectedOptions = { + otherArgs: { + headers: { + 'x-goog-request-params': expectedHeaderRequestParams, + }, + }, + }; + const expectedError = new Error('expected'); + client.innerApiCalls.createEkmConnection = stubSimpleCall( + undefined, + expectedError + ); + await assert.rejects(client.createEkmConnection(request), expectedError); + assert( + (client.innerApiCalls.createEkmConnection as SinonStub) + .getCall(0) + .calledWith(request, expectedOptions, undefined) + ); + }); + }); + + describe('updateEkmConnection', () => { + it('invokes updateEkmConnection without error', async () => { + const client = new ekmserviceModule.v1.EkmServiceClient({ + credentials: {client_email: 'bogus', private_key: 'bogus'}, + projectId: 'bogus', + }); + client.initialize(); + const request = generateSampleMessage( + new protos.google.cloud.kms.v1.UpdateEkmConnectionRequest() + ); + request.ekmConnection = {}; + request.ekmConnection.name = ''; + const expectedHeaderRequestParams = 'ekm_connection.name='; + const expectedOptions = { + otherArgs: { + headers: { + 'x-goog-request-params': expectedHeaderRequestParams, + }, + }, + }; + const expectedResponse = generateSampleMessage( + new protos.google.cloud.kms.v1.EkmConnection() + ); + client.innerApiCalls.updateEkmConnection = + stubSimpleCall(expectedResponse); + const [response] = await client.updateEkmConnection(request); + assert.deepStrictEqual(response, expectedResponse); + assert( + (client.innerApiCalls.updateEkmConnection as SinonStub) + .getCall(0) + .calledWith(request, expectedOptions, undefined) + ); + }); + + it('invokes updateEkmConnection without error using callback', async () => { + const client = new ekmserviceModule.v1.EkmServiceClient({ + credentials: {client_email: 'bogus', private_key: 'bogus'}, + projectId: 'bogus', + }); + client.initialize(); + const request = generateSampleMessage( + new protos.google.cloud.kms.v1.UpdateEkmConnectionRequest() + ); + request.ekmConnection = {}; + request.ekmConnection.name = ''; + const expectedHeaderRequestParams = 'ekm_connection.name='; + const expectedOptions = { + otherArgs: { + headers: { + 'x-goog-request-params': expectedHeaderRequestParams, + }, + }, + }; + const expectedResponse = generateSampleMessage( + new protos.google.cloud.kms.v1.EkmConnection() + ); + client.innerApiCalls.updateEkmConnection = + stubSimpleCallWithCallback(expectedResponse); + const promise = new Promise((resolve, reject) => { + client.updateEkmConnection( + request, + ( + err?: Error | null, + result?: protos.google.cloud.kms.v1.IEkmConnection | null + ) => { + if (err) { + reject(err); + } else { + resolve(result); + } + } + ); + }); + const response = await promise; + assert.deepStrictEqual(response, expectedResponse); + assert( + (client.innerApiCalls.updateEkmConnection as SinonStub) + .getCall(0) + .calledWith(request, expectedOptions /*, callback defined above */) + ); + }); + + it('invokes updateEkmConnection with error', async () => { + const client = new ekmserviceModule.v1.EkmServiceClient({ + credentials: {client_email: 'bogus', private_key: 'bogus'}, + projectId: 'bogus', + }); + client.initialize(); + const request = generateSampleMessage( + new protos.google.cloud.kms.v1.UpdateEkmConnectionRequest() + ); + request.ekmConnection = {}; + request.ekmConnection.name = ''; + const expectedHeaderRequestParams = 'ekm_connection.name='; + const expectedOptions = { + otherArgs: { + headers: { + 'x-goog-request-params': expectedHeaderRequestParams, + }, + }, + }; + const expectedError = new Error('expected'); + client.innerApiCalls.updateEkmConnection = stubSimpleCall( + undefined, + expectedError + ); + await assert.rejects(client.updateEkmConnection(request), expectedError); + assert( + (client.innerApiCalls.updateEkmConnection as SinonStub) + .getCall(0) + .calledWith(request, expectedOptions, undefined) + ); + }); + }); + + describe('listEkmConnections', () => { + it('invokes listEkmConnections without error', async () => { + const client = new ekmserviceModule.v1.EkmServiceClient({ + credentials: {client_email: 'bogus', private_key: 'bogus'}, + projectId: 'bogus', + }); + client.initialize(); + const request = generateSampleMessage( + new protos.google.cloud.kms.v1.ListEkmConnectionsRequest() + ); + request.parent = ''; + const expectedHeaderRequestParams = 'parent='; + const expectedOptions = { + otherArgs: { + headers: { + 'x-goog-request-params': expectedHeaderRequestParams, + }, + }, + }; + const expectedResponse = [ + generateSampleMessage(new protos.google.cloud.kms.v1.EkmConnection()), + generateSampleMessage(new protos.google.cloud.kms.v1.EkmConnection()), + generateSampleMessage(new protos.google.cloud.kms.v1.EkmConnection()), + ]; + client.innerApiCalls.listEkmConnections = + stubSimpleCall(expectedResponse); + const [response] = await client.listEkmConnections(request); + assert.deepStrictEqual(response, expectedResponse); + assert( + (client.innerApiCalls.listEkmConnections as SinonStub) + .getCall(0) + .calledWith(request, expectedOptions, undefined) + ); + }); + + it('invokes listEkmConnections without error using callback', async () => { + const client = new ekmserviceModule.v1.EkmServiceClient({ + credentials: {client_email: 'bogus', private_key: 'bogus'}, + projectId: 'bogus', + }); + client.initialize(); + const request = generateSampleMessage( + new protos.google.cloud.kms.v1.ListEkmConnectionsRequest() + ); + request.parent = ''; + const expectedHeaderRequestParams = 'parent='; + const expectedOptions = { + otherArgs: { + headers: { + 'x-goog-request-params': expectedHeaderRequestParams, + }, + }, + }; + const expectedResponse = [ + generateSampleMessage(new protos.google.cloud.kms.v1.EkmConnection()), + generateSampleMessage(new protos.google.cloud.kms.v1.EkmConnection()), + generateSampleMessage(new protos.google.cloud.kms.v1.EkmConnection()), + ]; + client.innerApiCalls.listEkmConnections = + stubSimpleCallWithCallback(expectedResponse); + const promise = new Promise((resolve, reject) => { + client.listEkmConnections( + request, + ( + err?: Error | null, + result?: protos.google.cloud.kms.v1.IEkmConnection[] | null + ) => { + if (err) { + reject(err); + } else { + resolve(result); + } + } + ); + }); + const response = await promise; + assert.deepStrictEqual(response, expectedResponse); + assert( + (client.innerApiCalls.listEkmConnections as SinonStub) + .getCall(0) + .calledWith(request, expectedOptions /*, callback defined above */) + ); + }); + + it('invokes listEkmConnections with error', async () => { + const client = new ekmserviceModule.v1.EkmServiceClient({ + credentials: {client_email: 'bogus', private_key: 'bogus'}, + projectId: 'bogus', + }); + client.initialize(); + const request = generateSampleMessage( + new protos.google.cloud.kms.v1.ListEkmConnectionsRequest() + ); + request.parent = ''; + const expectedHeaderRequestParams = 'parent='; + const expectedOptions = { + otherArgs: { + headers: { + 'x-goog-request-params': expectedHeaderRequestParams, + }, + }, + }; + const expectedError = new Error('expected'); + client.innerApiCalls.listEkmConnections = stubSimpleCall( + undefined, + expectedError + ); + await assert.rejects(client.listEkmConnections(request), expectedError); + assert( + (client.innerApiCalls.listEkmConnections as SinonStub) + .getCall(0) + .calledWith(request, expectedOptions, undefined) + ); + }); + + it('invokes listEkmConnectionsStream without error', async () => { + const client = new ekmserviceModule.v1.EkmServiceClient({ + credentials: {client_email: 'bogus', private_key: 'bogus'}, + projectId: 'bogus', + }); + client.initialize(); + const request = generateSampleMessage( + new protos.google.cloud.kms.v1.ListEkmConnectionsRequest() + ); + request.parent = ''; + const expectedHeaderRequestParams = 'parent='; + const expectedResponse = [ + generateSampleMessage(new protos.google.cloud.kms.v1.EkmConnection()), + generateSampleMessage(new protos.google.cloud.kms.v1.EkmConnection()), + generateSampleMessage(new protos.google.cloud.kms.v1.EkmConnection()), + ]; + client.descriptors.page.listEkmConnections.createStream = + stubPageStreamingCall(expectedResponse); + const stream = client.listEkmConnectionsStream(request); + const promise = new Promise((resolve, reject) => { + const responses: protos.google.cloud.kms.v1.EkmConnection[] = []; + stream.on( + 'data', + (response: protos.google.cloud.kms.v1.EkmConnection) => { + responses.push(response); + } + ); + stream.on('end', () => { + resolve(responses); + }); + stream.on('error', (err: Error) => { + reject(err); + }); + }); + const responses = await promise; + assert.deepStrictEqual(responses, expectedResponse); + assert( + (client.descriptors.page.listEkmConnections.createStream as SinonStub) + .getCall(0) + .calledWith(client.innerApiCalls.listEkmConnections, request) + ); + assert.strictEqual( + ( + client.descriptors.page.listEkmConnections.createStream as SinonStub + ).getCall(0).args[2].otherArgs.headers['x-goog-request-params'], + expectedHeaderRequestParams + ); + }); + + it('invokes listEkmConnectionsStream with error', async () => { + const client = new ekmserviceModule.v1.EkmServiceClient({ + credentials: {client_email: 'bogus', private_key: 'bogus'}, + projectId: 'bogus', + }); + client.initialize(); + const request = generateSampleMessage( + new protos.google.cloud.kms.v1.ListEkmConnectionsRequest() + ); + request.parent = ''; + const expectedHeaderRequestParams = 'parent='; + const expectedError = new Error('expected'); + client.descriptors.page.listEkmConnections.createStream = + stubPageStreamingCall(undefined, expectedError); + const stream = client.listEkmConnectionsStream(request); + const promise = new Promise((resolve, reject) => { + const responses: protos.google.cloud.kms.v1.EkmConnection[] = []; + stream.on( + 'data', + (response: protos.google.cloud.kms.v1.EkmConnection) => { + responses.push(response); + } + ); + stream.on('end', () => { + resolve(responses); + }); + stream.on('error', (err: Error) => { + reject(err); + }); + }); + await assert.rejects(promise, expectedError); + assert( + (client.descriptors.page.listEkmConnections.createStream as SinonStub) + .getCall(0) + .calledWith(client.innerApiCalls.listEkmConnections, request) + ); + assert.strictEqual( + ( + client.descriptors.page.listEkmConnections.createStream as SinonStub + ).getCall(0).args[2].otherArgs.headers['x-goog-request-params'], + expectedHeaderRequestParams + ); + }); + + it('uses async iteration with listEkmConnections without error', async () => { + const client = new ekmserviceModule.v1.EkmServiceClient({ + credentials: {client_email: 'bogus', private_key: 'bogus'}, + projectId: 'bogus', + }); + client.initialize(); + const request = generateSampleMessage( + new protos.google.cloud.kms.v1.ListEkmConnectionsRequest() + ); + request.parent = ''; + const expectedHeaderRequestParams = 'parent='; + const expectedResponse = [ + generateSampleMessage(new protos.google.cloud.kms.v1.EkmConnection()), + generateSampleMessage(new protos.google.cloud.kms.v1.EkmConnection()), + generateSampleMessage(new protos.google.cloud.kms.v1.EkmConnection()), + ]; + client.descriptors.page.listEkmConnections.asyncIterate = + stubAsyncIterationCall(expectedResponse); + const responses: protos.google.cloud.kms.v1.IEkmConnection[] = []; + const iterable = client.listEkmConnectionsAsync(request); + for await (const resource of iterable) { + responses.push(resource!); + } + assert.deepStrictEqual(responses, expectedResponse); + assert.deepStrictEqual( + ( + client.descriptors.page.listEkmConnections.asyncIterate as SinonStub + ).getCall(0).args[1], + request + ); + assert.strictEqual( + ( + client.descriptors.page.listEkmConnections.asyncIterate as SinonStub + ).getCall(0).args[2].otherArgs.headers['x-goog-request-params'], + expectedHeaderRequestParams + ); + }); + + it('uses async iteration with listEkmConnections with error', async () => { + const client = new ekmserviceModule.v1.EkmServiceClient({ + credentials: {client_email: 'bogus', private_key: 'bogus'}, + projectId: 'bogus', + }); + client.initialize(); + const request = generateSampleMessage( + new protos.google.cloud.kms.v1.ListEkmConnectionsRequest() + ); + request.parent = ''; + const expectedHeaderRequestParams = 'parent='; + const expectedError = new Error('expected'); + client.descriptors.page.listEkmConnections.asyncIterate = + stubAsyncIterationCall(undefined, expectedError); + const iterable = client.listEkmConnectionsAsync(request); + await assert.rejects(async () => { + const responses: protos.google.cloud.kms.v1.IEkmConnection[] = []; + for await (const resource of iterable) { + responses.push(resource!); + } + }); + assert.deepStrictEqual( + ( + client.descriptors.page.listEkmConnections.asyncIterate as SinonStub + ).getCall(0).args[1], + request + ); + assert.strictEqual( + ( + client.descriptors.page.listEkmConnections.asyncIterate as SinonStub + ).getCall(0).args[2].otherArgs.headers['x-goog-request-params'], + expectedHeaderRequestParams + ); + }); + }); + describe('getIamPolicy', () => { + it('invokes getIamPolicy without error', async () => { + const client = new ekmserviceModule.v1.EkmServiceClient({ + credentials: {client_email: 'bogus', private_key: 'bogus'}, + projectId: 'bogus', + }); + client.initialize(); + const request = generateSampleMessage( + new IamProtos.google.iam.v1.GetIamPolicyRequest() + ); + request.resource = ''; + const expectedHeaderRequestParams = 'resource='; + const expectedOptions = { + otherArgs: { + headers: { + 'x-goog-request-params': expectedHeaderRequestParams, + }, + }, + }; + const expectedResponse = generateSampleMessage( + new IamProtos.google.iam.v1.Policy() + ); + client.iamClient.getIamPolicy = stubSimpleCall(expectedResponse); + const response = await client.getIamPolicy(request, expectedOptions); + assert.deepStrictEqual(response, [expectedResponse]); + assert( + (client.iamClient.getIamPolicy as SinonStub) + .getCall(0) + .calledWith(request, expectedOptions, undefined) + ); + }); + it('invokes getIamPolicy without error using callback', async () => { + const client = new ekmserviceModule.v1.EkmServiceClient({ + credentials: {client_email: 'bogus', private_key: 'bogus'}, + projectId: 'bogus', + }); + client.initialize(); + const request = generateSampleMessage( + new IamProtos.google.iam.v1.GetIamPolicyRequest() + ); + request.resource = ''; + const expectedHeaderRequestParams = 'resource='; + const expectedOptions = { + otherArgs: { + headers: { + 'x-goog-request-params': expectedHeaderRequestParams, + }, + }, + }; + const expectedResponse = generateSampleMessage( + new IamProtos.google.iam.v1.Policy() + ); + client.iamClient.getIamPolicy = sinon + .stub() + .callsArgWith(2, null, expectedResponse); + const promise = new Promise((resolve, reject) => { + client.getIamPolicy( + request, + expectedOptions, + ( + err?: Error | null, + result?: IamProtos.google.iam.v1.Policy | null + ) => { + if (err) { + reject(err); + } else { + resolve(result); + } + } + ); + }); + const response = await promise; + assert.deepStrictEqual(response, expectedResponse); + assert((client.iamClient.getIamPolicy as SinonStub).getCall(0)); + }); + it('invokes getIamPolicy with error', async () => { + const client = new ekmserviceModule.v1.EkmServiceClient({ + credentials: {client_email: 'bogus', private_key: 'bogus'}, + projectId: 'bogus', + }); + client.initialize(); + const request = generateSampleMessage( + new IamProtos.google.iam.v1.GetIamPolicyRequest() + ); + request.resource = ''; + const expectedHeaderRequestParams = 'resource='; + const expectedOptions = { + otherArgs: { + headers: { + 'x-goog-request-params': expectedHeaderRequestParams, + }, + }, + }; + const expectedError = new Error('expected'); + client.iamClient.getIamPolicy = stubSimpleCall(undefined, expectedError); + await assert.rejects( + client.getIamPolicy(request, expectedOptions), + expectedError + ); + assert( + (client.iamClient.getIamPolicy as SinonStub) + .getCall(0) + .calledWith(request, expectedOptions, undefined) + ); + }); + }); + describe('setIamPolicy', () => { + it('invokes setIamPolicy without error', async () => { + const client = new ekmserviceModule.v1.EkmServiceClient({ + credentials: {client_email: 'bogus', private_key: 'bogus'}, + projectId: 'bogus', + }); + client.initialize(); + const request = generateSampleMessage( + new IamProtos.google.iam.v1.SetIamPolicyRequest() + ); + request.resource = ''; + const expectedHeaderRequestParams = 'resource='; + const expectedOptions = { + otherArgs: { + headers: { + 'x-goog-request-params': expectedHeaderRequestParams, + }, + }, + }; + const expectedResponse = generateSampleMessage( + new IamProtos.google.iam.v1.Policy() + ); + client.iamClient.setIamPolicy = stubSimpleCall(expectedResponse); + const response = await client.setIamPolicy(request, expectedOptions); + assert.deepStrictEqual(response, [expectedResponse]); + assert( + (client.iamClient.setIamPolicy as SinonStub) + .getCall(0) + .calledWith(request, expectedOptions, undefined) + ); + }); + it('invokes setIamPolicy without error using callback', async () => { + const client = new ekmserviceModule.v1.EkmServiceClient({ + credentials: {client_email: 'bogus', private_key: 'bogus'}, + projectId: 'bogus', + }); + client.initialize(); + const request = generateSampleMessage( + new IamProtos.google.iam.v1.SetIamPolicyRequest() + ); + request.resource = ''; + const expectedHeaderRequestParams = 'resource='; + const expectedOptions = { + otherArgs: { + headers: { + 'x-goog-request-params': expectedHeaderRequestParams, + }, + }, + }; + const expectedResponse = generateSampleMessage( + new IamProtos.google.iam.v1.Policy() + ); + client.iamClient.setIamPolicy = sinon + .stub() + .callsArgWith(2, null, expectedResponse); + const promise = new Promise((resolve, reject) => { + client.setIamPolicy( + request, + expectedOptions, + ( + err?: Error | null, + result?: IamProtos.google.iam.v1.Policy | null + ) => { + if (err) { + reject(err); + } else { + resolve(result); + } + } + ); + }); + const response = await promise; + assert.deepStrictEqual(response, expectedResponse); + assert((client.iamClient.setIamPolicy as SinonStub).getCall(0)); + }); + it('invokes setIamPolicy with error', async () => { + const client = new ekmserviceModule.v1.EkmServiceClient({ + credentials: {client_email: 'bogus', private_key: 'bogus'}, + projectId: 'bogus', + }); + client.initialize(); + const request = generateSampleMessage( + new IamProtos.google.iam.v1.SetIamPolicyRequest() + ); + request.resource = ''; + const expectedHeaderRequestParams = 'resource='; + const expectedOptions = { + otherArgs: { + headers: { + 'x-goog-request-params': expectedHeaderRequestParams, + }, + }, + }; + const expectedError = new Error('expected'); + client.iamClient.setIamPolicy = stubSimpleCall(undefined, expectedError); + await assert.rejects( + client.setIamPolicy(request, expectedOptions), + expectedError + ); + assert( + (client.iamClient.setIamPolicy as SinonStub) + .getCall(0) + .calledWith(request, expectedOptions, undefined) + ); + }); + }); + describe('testIamPermissions', () => { + it('invokes testIamPermissions without error', async () => { + const client = new ekmserviceModule.v1.EkmServiceClient({ + credentials: {client_email: 'bogus', private_key: 'bogus'}, + projectId: 'bogus', + }); + client.initialize(); + const request = generateSampleMessage( + new IamProtos.google.iam.v1.TestIamPermissionsRequest() + ); + request.resource = ''; + const expectedHeaderRequestParams = 'resource='; + const expectedOptions = { + otherArgs: { + headers: { + 'x-goog-request-params': expectedHeaderRequestParams, + }, + }, + }; + const expectedResponse = generateSampleMessage( + new IamProtos.google.iam.v1.TestIamPermissionsResponse() + ); + client.iamClient.testIamPermissions = stubSimpleCall(expectedResponse); + const response = await client.testIamPermissions( + request, + expectedOptions + ); + assert.deepStrictEqual(response, [expectedResponse]); + assert( + (client.iamClient.testIamPermissions as SinonStub) + .getCall(0) + .calledWith(request, expectedOptions, undefined) + ); + }); + it('invokes testIamPermissions without error using callback', async () => { + const client = new ekmserviceModule.v1.EkmServiceClient({ + credentials: {client_email: 'bogus', private_key: 'bogus'}, + projectId: 'bogus', + }); + client.initialize(); + const request = generateSampleMessage( + new IamProtos.google.iam.v1.TestIamPermissionsRequest() + ); + request.resource = ''; + const expectedHeaderRequestParams = 'resource='; + const expectedOptions = { + otherArgs: { + headers: { + 'x-goog-request-params': expectedHeaderRequestParams, + }, + }, + }; + const expectedResponse = generateSampleMessage( + new IamProtos.google.iam.v1.TestIamPermissionsResponse() + ); + client.iamClient.testIamPermissions = sinon + .stub() + .callsArgWith(2, null, expectedResponse); + const promise = new Promise((resolve, reject) => { + client.testIamPermissions( + request, + expectedOptions, + ( + err?: Error | null, + result?: IamProtos.google.iam.v1.TestIamPermissionsResponse | null + ) => { + if (err) { + reject(err); + } else { + resolve(result); + } + } + ); + }); + const response = await promise; + assert.deepStrictEqual(response, expectedResponse); + assert((client.iamClient.testIamPermissions as SinonStub).getCall(0)); + }); + it('invokes testIamPermissions with error', async () => { + const client = new ekmserviceModule.v1.EkmServiceClient({ + credentials: {client_email: 'bogus', private_key: 'bogus'}, + projectId: 'bogus', + }); + client.initialize(); + const request = generateSampleMessage( + new IamProtos.google.iam.v1.TestIamPermissionsRequest() + ); + request.resource = ''; + const expectedHeaderRequestParams = 'resource='; + const expectedOptions = { + otherArgs: { + headers: { + 'x-goog-request-params': expectedHeaderRequestParams, + }, + }, + }; + const expectedError = new Error('expected'); + client.iamClient.testIamPermissions = stubSimpleCall( + undefined, + expectedError + ); + await assert.rejects( + client.testIamPermissions(request, expectedOptions), + expectedError + ); + assert( + (client.iamClient.testIamPermissions as SinonStub) + .getCall(0) + .calledWith(request, expectedOptions, undefined) + ); + }); + }); + + describe('Path templates', () => { + describe('cryptoKey', () => { + const fakePath = '/rendered/path/cryptoKey'; + const expectedParameters = { + project: 'projectValue', + location: 'locationValue', + key_ring: 'keyRingValue', + crypto_key: 'cryptoKeyValue', + }; + const client = new ekmserviceModule.v1.EkmServiceClient({ + credentials: {client_email: 'bogus', private_key: 'bogus'}, + projectId: 'bogus', + }); + client.initialize(); + client.pathTemplates.cryptoKeyPathTemplate.render = sinon + .stub() + .returns(fakePath); + client.pathTemplates.cryptoKeyPathTemplate.match = sinon + .stub() + .returns(expectedParameters); + + it('cryptoKeyPath', () => { + const result = client.cryptoKeyPath( + 'projectValue', + 'locationValue', + 'keyRingValue', + 'cryptoKeyValue' + ); + assert.strictEqual(result, fakePath); + assert( + (client.pathTemplates.cryptoKeyPathTemplate.render as SinonStub) + .getCall(-1) + .calledWith(expectedParameters) + ); + }); + + it('matchProjectFromCryptoKeyName', () => { + const result = client.matchProjectFromCryptoKeyName(fakePath); + assert.strictEqual(result, 'projectValue'); + assert( + (client.pathTemplates.cryptoKeyPathTemplate.match as SinonStub) + .getCall(-1) + .calledWith(fakePath) + ); + }); + + it('matchLocationFromCryptoKeyName', () => { + const result = client.matchLocationFromCryptoKeyName(fakePath); + assert.strictEqual(result, 'locationValue'); + assert( + (client.pathTemplates.cryptoKeyPathTemplate.match as SinonStub) + .getCall(-1) + .calledWith(fakePath) + ); + }); + + it('matchKeyRingFromCryptoKeyName', () => { + const result = client.matchKeyRingFromCryptoKeyName(fakePath); + assert.strictEqual(result, 'keyRingValue'); + assert( + (client.pathTemplates.cryptoKeyPathTemplate.match as SinonStub) + .getCall(-1) + .calledWith(fakePath) + ); + }); + + it('matchCryptoKeyFromCryptoKeyName', () => { + const result = client.matchCryptoKeyFromCryptoKeyName(fakePath); + assert.strictEqual(result, 'cryptoKeyValue'); + assert( + (client.pathTemplates.cryptoKeyPathTemplate.match as SinonStub) + .getCall(-1) + .calledWith(fakePath) + ); + }); + }); + + describe('cryptoKeyVersion', () => { + const fakePath = '/rendered/path/cryptoKeyVersion'; + const expectedParameters = { + project: 'projectValue', + location: 'locationValue', + key_ring: 'keyRingValue', + crypto_key: 'cryptoKeyValue', + crypto_key_version: 'cryptoKeyVersionValue', + }; + const client = new ekmserviceModule.v1.EkmServiceClient({ + credentials: {client_email: 'bogus', private_key: 'bogus'}, + projectId: 'bogus', + }); + client.initialize(); + client.pathTemplates.cryptoKeyVersionPathTemplate.render = sinon + .stub() + .returns(fakePath); + client.pathTemplates.cryptoKeyVersionPathTemplate.match = sinon + .stub() + .returns(expectedParameters); + + it('cryptoKeyVersionPath', () => { + const result = client.cryptoKeyVersionPath( + 'projectValue', + 'locationValue', + 'keyRingValue', + 'cryptoKeyValue', + 'cryptoKeyVersionValue' + ); + assert.strictEqual(result, fakePath); + assert( + ( + client.pathTemplates.cryptoKeyVersionPathTemplate + .render as SinonStub + ) + .getCall(-1) + .calledWith(expectedParameters) + ); + }); + + it('matchProjectFromCryptoKeyVersionName', () => { + const result = client.matchProjectFromCryptoKeyVersionName(fakePath); + assert.strictEqual(result, 'projectValue'); + assert( + (client.pathTemplates.cryptoKeyVersionPathTemplate.match as SinonStub) + .getCall(-1) + .calledWith(fakePath) + ); + }); + + it('matchLocationFromCryptoKeyVersionName', () => { + const result = client.matchLocationFromCryptoKeyVersionName(fakePath); + assert.strictEqual(result, 'locationValue'); + assert( + (client.pathTemplates.cryptoKeyVersionPathTemplate.match as SinonStub) + .getCall(-1) + .calledWith(fakePath) + ); + }); + + it('matchKeyRingFromCryptoKeyVersionName', () => { + const result = client.matchKeyRingFromCryptoKeyVersionName(fakePath); + assert.strictEqual(result, 'keyRingValue'); + assert( + (client.pathTemplates.cryptoKeyVersionPathTemplate.match as SinonStub) + .getCall(-1) + .calledWith(fakePath) + ); + }); + + it('matchCryptoKeyFromCryptoKeyVersionName', () => { + const result = client.matchCryptoKeyFromCryptoKeyVersionName(fakePath); + assert.strictEqual(result, 'cryptoKeyValue'); + assert( + (client.pathTemplates.cryptoKeyVersionPathTemplate.match as SinonStub) + .getCall(-1) + .calledWith(fakePath) + ); + }); + + it('matchCryptoKeyVersionFromCryptoKeyVersionName', () => { + const result = + client.matchCryptoKeyVersionFromCryptoKeyVersionName(fakePath); + assert.strictEqual(result, 'cryptoKeyVersionValue'); + assert( + (client.pathTemplates.cryptoKeyVersionPathTemplate.match as SinonStub) + .getCall(-1) + .calledWith(fakePath) + ); + }); + }); + + describe('ekmConnection', () => { + const fakePath = '/rendered/path/ekmConnection'; + const expectedParameters = { + project: 'projectValue', + location: 'locationValue', + ekm_connection: 'ekmConnectionValue', + }; + const client = new ekmserviceModule.v1.EkmServiceClient({ + credentials: {client_email: 'bogus', private_key: 'bogus'}, + projectId: 'bogus', + }); + client.initialize(); + client.pathTemplates.ekmConnectionPathTemplate.render = sinon + .stub() + .returns(fakePath); + client.pathTemplates.ekmConnectionPathTemplate.match = sinon + .stub() + .returns(expectedParameters); + + it('ekmConnectionPath', () => { + const result = client.ekmConnectionPath( + 'projectValue', + 'locationValue', + 'ekmConnectionValue' + ); + assert.strictEqual(result, fakePath); + assert( + (client.pathTemplates.ekmConnectionPathTemplate.render as SinonStub) + .getCall(-1) + .calledWith(expectedParameters) + ); + }); + + it('matchProjectFromEkmConnectionName', () => { + const result = client.matchProjectFromEkmConnectionName(fakePath); + assert.strictEqual(result, 'projectValue'); + assert( + (client.pathTemplates.ekmConnectionPathTemplate.match as SinonStub) + .getCall(-1) + .calledWith(fakePath) + ); + }); + + it('matchLocationFromEkmConnectionName', () => { + const result = client.matchLocationFromEkmConnectionName(fakePath); + assert.strictEqual(result, 'locationValue'); + assert( + (client.pathTemplates.ekmConnectionPathTemplate.match as SinonStub) + .getCall(-1) + .calledWith(fakePath) + ); + }); + + it('matchEkmConnectionFromEkmConnectionName', () => { + const result = client.matchEkmConnectionFromEkmConnectionName(fakePath); + assert.strictEqual(result, 'ekmConnectionValue'); + assert( + (client.pathTemplates.ekmConnectionPathTemplate.match as SinonStub) + .getCall(-1) + .calledWith(fakePath) + ); + }); + }); + + describe('importJob', () => { + const fakePath = '/rendered/path/importJob'; + const expectedParameters = { + project: 'projectValue', + location: 'locationValue', + key_ring: 'keyRingValue', + import_job: 'importJobValue', + }; + const client = new ekmserviceModule.v1.EkmServiceClient({ + credentials: {client_email: 'bogus', private_key: 'bogus'}, + projectId: 'bogus', + }); + client.initialize(); + client.pathTemplates.importJobPathTemplate.render = sinon + .stub() + .returns(fakePath); + client.pathTemplates.importJobPathTemplate.match = sinon + .stub() + .returns(expectedParameters); + + it('importJobPath', () => { + const result = client.importJobPath( + 'projectValue', + 'locationValue', + 'keyRingValue', + 'importJobValue' + ); + assert.strictEqual(result, fakePath); + assert( + (client.pathTemplates.importJobPathTemplate.render as SinonStub) + .getCall(-1) + .calledWith(expectedParameters) + ); + }); + + it('matchProjectFromImportJobName', () => { + const result = client.matchProjectFromImportJobName(fakePath); + assert.strictEqual(result, 'projectValue'); + assert( + (client.pathTemplates.importJobPathTemplate.match as SinonStub) + .getCall(-1) + .calledWith(fakePath) + ); + }); + + it('matchLocationFromImportJobName', () => { + const result = client.matchLocationFromImportJobName(fakePath); + assert.strictEqual(result, 'locationValue'); + assert( + (client.pathTemplates.importJobPathTemplate.match as SinonStub) + .getCall(-1) + .calledWith(fakePath) + ); + }); + + it('matchKeyRingFromImportJobName', () => { + const result = client.matchKeyRingFromImportJobName(fakePath); + assert.strictEqual(result, 'keyRingValue'); + assert( + (client.pathTemplates.importJobPathTemplate.match as SinonStub) + .getCall(-1) + .calledWith(fakePath) + ); + }); + + it('matchImportJobFromImportJobName', () => { + const result = client.matchImportJobFromImportJobName(fakePath); + assert.strictEqual(result, 'importJobValue'); + assert( + (client.pathTemplates.importJobPathTemplate.match as SinonStub) + .getCall(-1) + .calledWith(fakePath) + ); + }); + }); + + describe('keyRing', () => { + const fakePath = '/rendered/path/keyRing'; + const expectedParameters = { + project: 'projectValue', + location: 'locationValue', + key_ring: 'keyRingValue', + }; + const client = new ekmserviceModule.v1.EkmServiceClient({ + credentials: {client_email: 'bogus', private_key: 'bogus'}, + projectId: 'bogus', + }); + client.initialize(); + client.pathTemplates.keyRingPathTemplate.render = sinon + .stub() + .returns(fakePath); + client.pathTemplates.keyRingPathTemplate.match = sinon + .stub() + .returns(expectedParameters); + + it('keyRingPath', () => { + const result = client.keyRingPath( + 'projectValue', + 'locationValue', + 'keyRingValue' + ); + assert.strictEqual(result, fakePath); + assert( + (client.pathTemplates.keyRingPathTemplate.render as SinonStub) + .getCall(-1) + .calledWith(expectedParameters) + ); + }); + + it('matchProjectFromKeyRingName', () => { + const result = client.matchProjectFromKeyRingName(fakePath); + assert.strictEqual(result, 'projectValue'); + assert( + (client.pathTemplates.keyRingPathTemplate.match as SinonStub) + .getCall(-1) + .calledWith(fakePath) + ); + }); + + it('matchLocationFromKeyRingName', () => { + const result = client.matchLocationFromKeyRingName(fakePath); + assert.strictEqual(result, 'locationValue'); + assert( + (client.pathTemplates.keyRingPathTemplate.match as SinonStub) + .getCall(-1) + .calledWith(fakePath) + ); + }); + + it('matchKeyRingFromKeyRingName', () => { + const result = client.matchKeyRingFromKeyRingName(fakePath); + assert.strictEqual(result, 'keyRingValue'); + assert( + (client.pathTemplates.keyRingPathTemplate.match as SinonStub) + .getCall(-1) + .calledWith(fakePath) + ); + }); + }); + + describe('location', () => { + const fakePath = '/rendered/path/location'; + const expectedParameters = { + project: 'projectValue', + location: 'locationValue', + }; + const client = new ekmserviceModule.v1.EkmServiceClient({ + credentials: {client_email: 'bogus', private_key: 'bogus'}, + projectId: 'bogus', + }); + client.initialize(); + client.pathTemplates.locationPathTemplate.render = sinon + .stub() + .returns(fakePath); + client.pathTemplates.locationPathTemplate.match = sinon + .stub() + .returns(expectedParameters); + + it('locationPath', () => { + const result = client.locationPath('projectValue', 'locationValue'); + assert.strictEqual(result, fakePath); + assert( + (client.pathTemplates.locationPathTemplate.render as SinonStub) + .getCall(-1) + .calledWith(expectedParameters) + ); + }); + + it('matchProjectFromLocationName', () => { + const result = client.matchProjectFromLocationName(fakePath); + assert.strictEqual(result, 'projectValue'); + assert( + (client.pathTemplates.locationPathTemplate.match as SinonStub) + .getCall(-1) + .calledWith(fakePath) + ); + }); + + it('matchLocationFromLocationName', () => { + const result = client.matchLocationFromLocationName(fakePath); + assert.strictEqual(result, 'locationValue'); + assert( + (client.pathTemplates.locationPathTemplate.match as SinonStub) + .getCall(-1) + .calledWith(fakePath) + ); + }); + }); + + describe('publicKey', () => { + const fakePath = '/rendered/path/publicKey'; + const expectedParameters = { + project: 'projectValue', + location: 'locationValue', + key_ring: 'keyRingValue', + crypto_key: 'cryptoKeyValue', + crypto_key_version: 'cryptoKeyVersionValue', + }; + const client = new ekmserviceModule.v1.EkmServiceClient({ + credentials: {client_email: 'bogus', private_key: 'bogus'}, + projectId: 'bogus', + }); + client.initialize(); + client.pathTemplates.publicKeyPathTemplate.render = sinon + .stub() + .returns(fakePath); + client.pathTemplates.publicKeyPathTemplate.match = sinon + .stub() + .returns(expectedParameters); + + it('publicKeyPath', () => { + const result = client.publicKeyPath( + 'projectValue', + 'locationValue', + 'keyRingValue', + 'cryptoKeyValue', + 'cryptoKeyVersionValue' + ); + assert.strictEqual(result, fakePath); + assert( + (client.pathTemplates.publicKeyPathTemplate.render as SinonStub) + .getCall(-1) + .calledWith(expectedParameters) + ); + }); + + it('matchProjectFromPublicKeyName', () => { + const result = client.matchProjectFromPublicKeyName(fakePath); + assert.strictEqual(result, 'projectValue'); + assert( + (client.pathTemplates.publicKeyPathTemplate.match as SinonStub) + .getCall(-1) + .calledWith(fakePath) + ); + }); + + it('matchLocationFromPublicKeyName', () => { + const result = client.matchLocationFromPublicKeyName(fakePath); + assert.strictEqual(result, 'locationValue'); + assert( + (client.pathTemplates.publicKeyPathTemplate.match as SinonStub) + .getCall(-1) + .calledWith(fakePath) + ); + }); + + it('matchKeyRingFromPublicKeyName', () => { + const result = client.matchKeyRingFromPublicKeyName(fakePath); + assert.strictEqual(result, 'keyRingValue'); + assert( + (client.pathTemplates.publicKeyPathTemplate.match as SinonStub) + .getCall(-1) + .calledWith(fakePath) + ); + }); + + it('matchCryptoKeyFromPublicKeyName', () => { + const result = client.matchCryptoKeyFromPublicKeyName(fakePath); + assert.strictEqual(result, 'cryptoKeyValue'); + assert( + (client.pathTemplates.publicKeyPathTemplate.match as SinonStub) + .getCall(-1) + .calledWith(fakePath) + ); + }); + + it('matchCryptoKeyVersionFromPublicKeyName', () => { + const result = client.matchCryptoKeyVersionFromPublicKeyName(fakePath); + assert.strictEqual(result, 'cryptoKeyVersionValue'); + assert( + (client.pathTemplates.publicKeyPathTemplate.match as SinonStub) + .getCall(-1) + .calledWith(fakePath) + ); + }); + }); + }); +}); diff --git a/test/gapic_key_management_service_v1.ts b/test/gapic_key_management_service_v1.ts index 7dc49603..76bb1808 100644 --- a/test/gapic_key_management_service_v1.ts +++ b/test/gapic_key_management_service_v1.ts @@ -4414,6 +4414,71 @@ describe('v1.KeyManagementServiceClient', () => { }); }); + describe('ekmConnection', () => { + const fakePath = '/rendered/path/ekmConnection'; + const expectedParameters = { + project: 'projectValue', + location: 'locationValue', + ekm_connection: 'ekmConnectionValue', + }; + const client = + new keymanagementserviceModule.v1.KeyManagementServiceClient({ + credentials: {client_email: 'bogus', private_key: 'bogus'}, + projectId: 'bogus', + }); + client.initialize(); + client.pathTemplates.ekmConnectionPathTemplate.render = sinon + .stub() + .returns(fakePath); + client.pathTemplates.ekmConnectionPathTemplate.match = sinon + .stub() + .returns(expectedParameters); + + it('ekmConnectionPath', () => { + const result = client.ekmConnectionPath( + 'projectValue', + 'locationValue', + 'ekmConnectionValue' + ); + assert.strictEqual(result, fakePath); + assert( + (client.pathTemplates.ekmConnectionPathTemplate.render as SinonStub) + .getCall(-1) + .calledWith(expectedParameters) + ); + }); + + it('matchProjectFromEkmConnectionName', () => { + const result = client.matchProjectFromEkmConnectionName(fakePath); + assert.strictEqual(result, 'projectValue'); + assert( + (client.pathTemplates.ekmConnectionPathTemplate.match as SinonStub) + .getCall(-1) + .calledWith(fakePath) + ); + }); + + it('matchLocationFromEkmConnectionName', () => { + const result = client.matchLocationFromEkmConnectionName(fakePath); + assert.strictEqual(result, 'locationValue'); + assert( + (client.pathTemplates.ekmConnectionPathTemplate.match as SinonStub) + .getCall(-1) + .calledWith(fakePath) + ); + }); + + it('matchEkmConnectionFromEkmConnectionName', () => { + const result = client.matchEkmConnectionFromEkmConnectionName(fakePath); + assert.strictEqual(result, 'ekmConnectionValue'); + assert( + (client.pathTemplates.ekmConnectionPathTemplate.match as SinonStub) + .getCall(-1) + .calledWith(fakePath) + ); + }); + }); + describe('importJob', () => { const fakePath = '/rendered/path/importJob'; const expectedParameters = { diff --git a/webpack.config.js b/webpack.config.js index cca44edc..93ebb309 100644 --- a/webpack.config.js +++ b/webpack.config.js @@ -17,8 +17,8 @@ const path = require('path'); module.exports = { entry: './src/index.ts', output: { - library: 'KeyManagementService', - filename: './key-management-service.js', + library: 'EkmService', + filename: './ekm-service.js', }, node: { child_process: 'empty',