blob: 52c7ff5c3c36019086646e255861ccd53aaaf9bc [file] [edit]
// Copyright 2017 Google LLC
//
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file or at
// https://developers.google.com/open-source/licenses/bsd
// This is a generated file (see the discoveryapis_generator project).
// ignore_for_file: camel_case_types
// ignore_for_file: comment_references
// ignore_for_file: deprecated_member_use_from_same_package
// ignore_for_file: doc_directive_unknown
// ignore_for_file: lines_longer_than_80_chars
// ignore_for_file: non_constant_identifier_names
// ignore_for_file: prefer_interpolation_to_compose_strings
// ignore_for_file: unintended_html_in_doc_comment
// ignore_for_file: unnecessary_brace_in_string_interps
// ignore_for_file: unnecessary_lambdas
// ignore_for_file: unnecessary_string_interpolations
/// Cloud Key Management Service (KMS) API - v1
///
/// Manages keys and performs cryptographic operations in a central cloud
/// service, for direct use by other cloud resources and applications.
///
/// For more information, see <https://cloud.google.com/kms/>
///
/// Create an instance of [CloudKMSApi] to access these resources:
///
/// - [FoldersResource]
/// - [OrganizationsResource]
/// - [ProjectsResource]
/// - [ProjectsLocationsResource]
/// - [ProjectsLocationsEkmConfigResource]
/// - [ProjectsLocationsEkmConnectionsResource]
/// - [ProjectsLocationsKeyHandlesResource]
/// - [ProjectsLocationsKeyRingsResource]
/// - [ProjectsLocationsKeyRingsCryptoKeysResource]
/// - [ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsResource]
/// - [ProjectsLocationsKeyRingsImportJobsResource]
/// - [ProjectsLocationsOperationsResource]
/// - [ProjectsLocationsRetiredResourcesResource]
/// - [ProjectsLocationsSingleTenantHsmInstancesResource]
/// - [ProjectsLocationsSingleTenantHsmInstancesProposalsResource]
library;
import 'dart:async' as async;
import 'dart:convert' as convert;
import 'dart:core' as core;
import 'package:_discoveryapis_commons/_discoveryapis_commons.dart' as commons;
import 'package:http/http.dart' as http;
import '../shared.dart';
import '../src/user_agent.dart';
export 'package:_discoveryapis_commons/_discoveryapis_commons.dart'
show ApiRequestError, DetailedApiRequestError;
/// Manages keys and performs cryptographic operations in a central cloud
/// service, for direct use by other cloud resources and applications.
class CloudKMSApi {
/// See, edit, configure, and delete your Google Cloud data and see the email
/// address for your Google Account.
static const cloudPlatformScope =
'https://www.googleapis.com/auth/cloud-platform';
/// View and manage your keys and secrets stored in Cloud Key Management
/// Service
static const cloudkmsScope = 'https://www.googleapis.com/auth/cloudkms';
final commons.ApiRequester _requester;
FoldersResource get folders => FoldersResource(_requester);
OrganizationsResource get organizations => OrganizationsResource(_requester);
ProjectsResource get projects => ProjectsResource(_requester);
CloudKMSApi(
http.Client client, {
core.String rootUrl = 'https://cloudkms.googleapis.com/',
core.String servicePath = '',
}) : _requester = commons.ApiRequester(
client,
rootUrl,
servicePath,
requestHeaders,
);
}
class FoldersResource {
final commons.ApiRequester _requester;
FoldersResource(commons.ApiRequester client) : _requester = client;
/// Returns the AutokeyConfig for a folder or project.
///
/// Request parameters:
///
/// [name] - Required. Name of the AutokeyConfig resource, e.g.
/// `folders/{FOLDER_NUMBER}/autokeyConfig` or
/// `projects/{PROJECT_NUMBER}/autokeyConfig`.
/// Value must have pattern `^folders/\[^/\]+/autokeyConfig$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [AutokeyConfig].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<AutokeyConfig> getAutokeyConfig(
core.String name, {
core.String? $fields,
}) async {
final queryParams_ = <core.String, core.List<core.String>>{
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$name');
final response_ = await _requester.request(
url_,
'GET',
queryParams: queryParams_,
);
return AutokeyConfig.fromJson(
response_ as core.Map<core.String, core.dynamic>,
);
}
/// Gets the KeyAccessJustificationsPolicyConfig for a given organization,
/// folder, or project.
///
/// Request parameters:
///
/// [name] - Required. Specifies the name of the
/// KeyAccessJustificationsPolicyConfig to get.
/// Value must have pattern `^folders/\[^/\]+/kajPolicyConfig$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [KeyAccessJustificationsPolicyConfig].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<KeyAccessJustificationsPolicyConfig> getKajPolicyConfig(
core.String name, {
core.String? $fields,
}) async {
final queryParams_ = <core.String, core.List<core.String>>{
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$name');
final response_ = await _requester.request(
url_,
'GET',
queryParams: queryParams_,
);
return KeyAccessJustificationsPolicyConfig.fromJson(
response_ as core.Map<core.String, core.dynamic>,
);
}
/// Updates the AutokeyConfig for a folder or a project.
///
/// The caller must have both `cloudkms.autokeyConfigs.update` permission on
/// the parent folder and `cloudkms.cryptoKeys.setIamPolicy` permission on the
/// provided key project. A KeyHandle creation in the folder's descendant
/// projects will use this configuration to determine where to create the
/// resulting CryptoKey.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [name] - Identifier. Name of the AutokeyConfig resource, e.g.
/// `folders/{FOLDER_NUMBER}/autokeyConfig` or
/// `projects/{PROJECT_NUMBER}/autokeyConfig`.
/// Value must have pattern `^folders/\[^/\]+/autokeyConfig$`.
///
/// [updateMask] - Required. Masks which fields of the AutokeyConfig to
/// update, e.g. `keyProject`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [AutokeyConfig].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<AutokeyConfig> updateAutokeyConfig(
AutokeyConfig request,
core.String name, {
core.String? updateMask,
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
'updateMask': ?updateMask == null ? null : [updateMask],
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$name');
final response_ = await _requester.request(
url_,
'PATCH',
body: body_,
queryParams: queryParams_,
);
return AutokeyConfig.fromJson(
response_ as core.Map<core.String, core.dynamic>,
);
}
/// Updates the KeyAccessJustificationsPolicyConfig for a given organization,
/// folder, or project.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [name] - Identifier. Represents the resource name for this
/// KeyAccessJustificationsPolicyConfig in the format of
/// "{organizations|folders|projects} / * /kajPolicyConfig".
/// Value must have pattern `^folders/\[^/\]+/kajPolicyConfig$`.
///
/// [updateMask] - Optional. Specifies the list of fields to update.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [KeyAccessJustificationsPolicyConfig].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<KeyAccessJustificationsPolicyConfig> updateKajPolicyConfig(
KeyAccessJustificationsPolicyConfig request,
core.String name, {
core.String? updateMask,
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
'updateMask': ?updateMask == null ? null : [updateMask],
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$name');
final response_ = await _requester.request(
url_,
'PATCH',
body: body_,
queryParams: queryParams_,
);
return KeyAccessJustificationsPolicyConfig.fromJson(
response_ as core.Map<core.String, core.dynamic>,
);
}
}
class OrganizationsResource {
final commons.ApiRequester _requester;
OrganizationsResource(commons.ApiRequester client) : _requester = client;
/// Gets the KeyAccessJustificationsPolicyConfig for a given organization,
/// folder, or project.
///
/// Request parameters:
///
/// [name] - Required. Specifies the name of the
/// KeyAccessJustificationsPolicyConfig to get.
/// Value must have pattern `^organizations/\[^/\]+/kajPolicyConfig$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [KeyAccessJustificationsPolicyConfig].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<KeyAccessJustificationsPolicyConfig> getKajPolicyConfig(
core.String name, {
core.String? $fields,
}) async {
final queryParams_ = <core.String, core.List<core.String>>{
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$name');
final response_ = await _requester.request(
url_,
'GET',
queryParams: queryParams_,
);
return KeyAccessJustificationsPolicyConfig.fromJson(
response_ as core.Map<core.String, core.dynamic>,
);
}
/// Updates the KeyAccessJustificationsPolicyConfig for a given organization,
/// folder, or project.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [name] - Identifier. Represents the resource name for this
/// KeyAccessJustificationsPolicyConfig in the format of
/// "{organizations|folders|projects} / * /kajPolicyConfig".
/// Value must have pattern `^organizations/\[^/\]+/kajPolicyConfig$`.
///
/// [updateMask] - Optional. Specifies the list of fields to update.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [KeyAccessJustificationsPolicyConfig].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<KeyAccessJustificationsPolicyConfig> updateKajPolicyConfig(
KeyAccessJustificationsPolicyConfig request,
core.String name, {
core.String? updateMask,
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
'updateMask': ?updateMask == null ? null : [updateMask],
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$name');
final response_ = await _requester.request(
url_,
'PATCH',
body: body_,
queryParams: queryParams_,
);
return KeyAccessJustificationsPolicyConfig.fromJson(
response_ as core.Map<core.String, core.dynamic>,
);
}
}
class ProjectsResource {
final commons.ApiRequester _requester;
ProjectsLocationsResource get locations =>
ProjectsLocationsResource(_requester);
ProjectsResource(commons.ApiRequester client) : _requester = client;
/// Returns the AutokeyConfig for a folder or project.
///
/// Request parameters:
///
/// [name] - Required. Name of the AutokeyConfig resource, e.g.
/// `folders/{FOLDER_NUMBER}/autokeyConfig` or
/// `projects/{PROJECT_NUMBER}/autokeyConfig`.
/// Value must have pattern `^projects/\[^/\]+/autokeyConfig$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [AutokeyConfig].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<AutokeyConfig> getAutokeyConfig(
core.String name, {
core.String? $fields,
}) async {
final queryParams_ = <core.String, core.List<core.String>>{
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$name');
final response_ = await _requester.request(
url_,
'GET',
queryParams: queryParams_,
);
return AutokeyConfig.fromJson(
response_ as core.Map<core.String, core.dynamic>,
);
}
/// Gets the KeyAccessJustificationsPolicyConfig for a given organization,
/// folder, or project.
///
/// Request parameters:
///
/// [name] - Required. Specifies the name of the
/// KeyAccessJustificationsPolicyConfig to get.
/// Value must have pattern `^projects/\[^/\]+/kajPolicyConfig$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [KeyAccessJustificationsPolicyConfig].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<KeyAccessJustificationsPolicyConfig> getKajPolicyConfig(
core.String name, {
core.String? $fields,
}) async {
final queryParams_ = <core.String, core.List<core.String>>{
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$name');
final response_ = await _requester.request(
url_,
'GET',
queryParams: queryParams_,
);
return KeyAccessJustificationsPolicyConfig.fromJson(
response_ as core.Map<core.String, core.dynamic>,
);
}
/// Returns the effective Cloud KMS Autokey configuration for a given project.
///
/// Request parameters:
///
/// [parent] - Required. Name of the resource project to the show effective
/// Cloud KMS Autokey configuration for. This may be helpful for interrogating
/// the effect of nested folder configurations on a given resource project.
/// Value must have pattern `^projects/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [ShowEffectiveAutokeyConfigResponse].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<ShowEffectiveAutokeyConfigResponse> showEffectiveAutokeyConfig(
core.String parent, {
core.String? $fields,
}) async {
final queryParams_ = <core.String, core.List<core.String>>{
'fields': ?$fields == null ? null : [$fields],
};
final url_ =
'v1/' + core.Uri.encodeFull('$parent') + ':showEffectiveAutokeyConfig';
final response_ = await _requester.request(
url_,
'GET',
queryParams: queryParams_,
);
return ShowEffectiveAutokeyConfigResponse.fromJson(
response_ as core.Map<core.String, core.dynamic>,
);
}
/// Returns the KeyAccessJustificationsEnrollmentConfig of the resource
/// closest to the given project in hierarchy.
///
/// Request parameters:
///
/// [project] - Required. Specifies the number or id of the project to get the
/// effective KeyAccessJustificationsEnrollmentConfig for.
/// Value must have pattern `^projects/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a
/// [ShowEffectiveKeyAccessJustificationsEnrollmentConfigResponse].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<ShowEffectiveKeyAccessJustificationsEnrollmentConfigResponse>
showEffectiveKeyAccessJustificationsEnrollmentConfig(
core.String project, {
core.String? $fields,
}) async {
final queryParams_ = <core.String, core.List<core.String>>{
'fields': ?$fields == null ? null : [$fields],
};
final url_ =
'v1/' +
core.Uri.encodeFull('$project') +
':showEffectiveKeyAccessJustificationsEnrollmentConfig';
final response_ = await _requester.request(
url_,
'GET',
queryParams: queryParams_,
);
return ShowEffectiveKeyAccessJustificationsEnrollmentConfigResponse.fromJson(
response_ as core.Map<core.String, core.dynamic>,
);
}
/// Returns the KeyAccessJustificationsPolicyConfig of the resource closest to
/// the given project in hierarchy.
///
/// Request parameters:
///
/// [project] - Required. Specifies the number or id of the project to get the
/// effective KeyAccessJustificationsPolicyConfig. In the format of
/// "projects/{|}"
/// Value must have pattern `^projects/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a
/// [ShowEffectiveKeyAccessJustificationsPolicyConfigResponse].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<ShowEffectiveKeyAccessJustificationsPolicyConfigResponse>
showEffectiveKeyAccessJustificationsPolicyConfig(
core.String project, {
core.String? $fields,
}) async {
final queryParams_ = <core.String, core.List<core.String>>{
'fields': ?$fields == null ? null : [$fields],
};
final url_ =
'v1/' +
core.Uri.encodeFull('$project') +
':showEffectiveKeyAccessJustificationsPolicyConfig';
final response_ = await _requester.request(
url_,
'GET',
queryParams: queryParams_,
);
return ShowEffectiveKeyAccessJustificationsPolicyConfigResponse.fromJson(
response_ as core.Map<core.String, core.dynamic>,
);
}
/// Updates the AutokeyConfig for a folder or a project.
///
/// The caller must have both `cloudkms.autokeyConfigs.update` permission on
/// the parent folder and `cloudkms.cryptoKeys.setIamPolicy` permission on the
/// provided key project. A KeyHandle creation in the folder's descendant
/// projects will use this configuration to determine where to create the
/// resulting CryptoKey.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [name] - Identifier. Name of the AutokeyConfig resource, e.g.
/// `folders/{FOLDER_NUMBER}/autokeyConfig` or
/// `projects/{PROJECT_NUMBER}/autokeyConfig`.
/// Value must have pattern `^projects/\[^/\]+/autokeyConfig$`.
///
/// [updateMask] - Required. Masks which fields of the AutokeyConfig to
/// update, e.g. `keyProject`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [AutokeyConfig].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<AutokeyConfig> updateAutokeyConfig(
AutokeyConfig request,
core.String name, {
core.String? updateMask,
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
'updateMask': ?updateMask == null ? null : [updateMask],
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$name');
final response_ = await _requester.request(
url_,
'PATCH',
body: body_,
queryParams: queryParams_,
);
return AutokeyConfig.fromJson(
response_ as core.Map<core.String, core.dynamic>,
);
}
/// Updates the KeyAccessJustificationsPolicyConfig for a given organization,
/// folder, or project.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [name] - Identifier. Represents the resource name for this
/// KeyAccessJustificationsPolicyConfig in the format of
/// "{organizations|folders|projects} / * /kajPolicyConfig".
/// Value must have pattern `^projects/\[^/\]+/kajPolicyConfig$`.
///
/// [updateMask] - Optional. Specifies the list of fields to update.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [KeyAccessJustificationsPolicyConfig].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<KeyAccessJustificationsPolicyConfig> updateKajPolicyConfig(
KeyAccessJustificationsPolicyConfig request,
core.String name, {
core.String? updateMask,
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
'updateMask': ?updateMask == null ? null : [updateMask],
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$name');
final response_ = await _requester.request(
url_,
'PATCH',
body: body_,
queryParams: queryParams_,
);
return KeyAccessJustificationsPolicyConfig.fromJson(
response_ as core.Map<core.String, core.dynamic>,
);
}
}
class ProjectsLocationsResource {
final commons.ApiRequester _requester;
ProjectsLocationsEkmConfigResource get ekmConfig =>
ProjectsLocationsEkmConfigResource(_requester);
ProjectsLocationsEkmConnectionsResource get ekmConnections =>
ProjectsLocationsEkmConnectionsResource(_requester);
ProjectsLocationsKeyHandlesResource get keyHandles =>
ProjectsLocationsKeyHandlesResource(_requester);
ProjectsLocationsKeyRingsResource get keyRings =>
ProjectsLocationsKeyRingsResource(_requester);
ProjectsLocationsOperationsResource get operations =>
ProjectsLocationsOperationsResource(_requester);
ProjectsLocationsRetiredResourcesResource get retiredResources =>
ProjectsLocationsRetiredResourcesResource(_requester);
ProjectsLocationsSingleTenantHsmInstancesResource
get singleTenantHsmInstances =>
ProjectsLocationsSingleTenantHsmInstancesResource(_requester);
ProjectsLocationsResource(commons.ApiRequester client) : _requester = client;
/// Generate random bytes using the Cloud KMS randomness source in the
/// provided location.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [location] - The project-specific location in which to generate random
/// bytes. For example, "projects/my-project/locations/us-central1".
/// Value must have pattern `^projects/\[^/\]+/locations/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [GenerateRandomBytesResponse].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<GenerateRandomBytesResponse> generateRandomBytes(
GenerateRandomBytesRequest request,
core.String location, {
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
'fields': ?$fields == null ? null : [$fields],
};
final url_ =
'v1/' + core.Uri.encodeFull('$location') + ':generateRandomBytes';
final response_ = await _requester.request(
url_,
'POST',
body: body_,
queryParams: queryParams_,
);
return GenerateRandomBytesResponse.fromJson(
response_ as core.Map<core.String, core.dynamic>,
);
}
/// Gets information about a location.
///
/// Request parameters:
///
/// [name] - Resource name for the location.
/// Value must have pattern `^projects/\[^/\]+/locations/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [Location].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<Location> get(core.String name, {core.String? $fields}) async {
final queryParams_ = <core.String, core.List<core.String>>{
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$name');
final response_ = await _requester.request(
url_,
'GET',
queryParams: queryParams_,
);
return Location.fromJson(response_ as core.Map<core.String, core.dynamic>);
}
/// Returns the EkmConfig singleton resource for a given project and location.
///
/// Request parameters:
///
/// [name] - Required. The name of the EkmConfig to get.
/// Value must have pattern `^projects/\[^/\]+/locations/\[^/\]+/ekmConfig$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [EkmConfig].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<EkmConfig> getEkmConfig(
core.String name, {
core.String? $fields,
}) async {
final queryParams_ = <core.String, core.List<core.String>>{
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$name');
final response_ = await _requester.request(
url_,
'GET',
queryParams: queryParams_,
);
return EkmConfig.fromJson(response_ as core.Map<core.String, core.dynamic>);
}
/// Lists information about the supported locations for this service.
///
/// This method lists locations based on the resource scope provided in the
/// \[ListLocationsRequest.name\] field: * **Global locations**: If `name` is
/// empty, the method lists the public locations available to all projects. *
/// **Project-specific locations**: If `name` follows the format
/// `projects/{project}`, the method lists locations visible to that specific
/// project. This includes public, private, or other project-specific
/// locations enabled for the project. For gRPC and client library
/// implementations, the resource name is passed as the `name` field. For
/// direct service calls, the resource name is incorporated into the request
/// path based on the specific service implementation and version.
///
/// Request parameters:
///
/// [name] - The resource that owns the locations collection, if applicable.
/// Value must have pattern `^projects/\[^/\]+$`.
///
/// [extraLocationTypes] - Optional. Do not use this field. It is unsupported
/// and is ignored unless explicitly documented otherwise. This is primarily
/// for internal usage.
///
/// [filter] - A filter to narrow down results to a preferred subset. The
/// filtering language accepts strings like `"displayName=tokyo"`, and is
/// documented in more detail in \[AIP-160\](https://google.aip.dev/160).
///
/// [pageSize] - The maximum number of results to return. If not set, the
/// service selects a default.
///
/// [pageToken] - A page token received from the `next_page_token` field in
/// the response. Send that page token to receive the subsequent page.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [ListLocationsResponse].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<ListLocationsResponse> list(
core.String name, {
core.List<core.String>? extraLocationTypes,
core.String? filter,
core.int? pageSize,
core.String? pageToken,
core.String? $fields,
}) async {
final queryParams_ = <core.String, core.List<core.String>>{
'extraLocationTypes': ?extraLocationTypes,
'filter': ?filter == null ? null : [filter],
'pageSize': ?pageSize == null ? null : ['${pageSize}'],
'pageToken': ?pageToken == null ? null : [pageToken],
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$name') + '/locations';
final response_ = await _requester.request(
url_,
'GET',
queryParams: queryParams_,
);
return ListLocationsResponse.fromJson(
response_ as core.Map<core.String, core.dynamic>,
);
}
/// Updates the EkmConfig singleton resource for a given project and location.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [name] - Output only. The resource name for the EkmConfig in the format
/// `projects / * /locations / * /ekmConfig`.
/// Value must have pattern `^projects/\[^/\]+/locations/\[^/\]+/ekmConfig$`.
///
/// [updateMask] - Required. List of fields to be updated in this request.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [EkmConfig].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<EkmConfig> updateEkmConfig(
EkmConfig request,
core.String name, {
core.String? updateMask,
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
'updateMask': ?updateMask == null ? null : [updateMask],
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$name');
final response_ = await _requester.request(
url_,
'PATCH',
body: body_,
queryParams: queryParams_,
);
return EkmConfig.fromJson(response_ as core.Map<core.String, core.dynamic>);
}
}
class ProjectsLocationsEkmConfigResource {
final commons.ApiRequester _requester;
ProjectsLocationsEkmConfigResource(commons.ApiRequester client)
: _requester = client;
/// Gets the access control policy for a resource.
///
/// Returns an empty policy if the resource exists and does not have a policy
/// set.
///
/// Request parameters:
///
/// [resource] - REQUIRED: The resource for which the policy is being
/// requested. See
/// [Resource names](https://cloud.google.com/apis/design/resource_names) for
/// the appropriate value for this field.
/// Value must have pattern `^projects/\[^/\]+/locations/\[^/\]+/ekmConfig$`.
///
/// [options_requestedPolicyVersion] - Optional. The maximum policy version
/// that will be used to format the policy. Valid values are 0, 1, and 3.
/// Requests specifying an invalid value will be rejected. Requests for
/// policies with any conditional role bindings must specify version 3.
/// Policies with no conditional role bindings may specify any valid value or
/// leave the field unset. The policy in the response might use the policy
/// version that you specified, or it might use a lower policy version. For
/// example, if you specify version 3, but the policy has no conditional role
/// bindings, the response uses version 1. To learn which resources support
/// conditions in their IAM policies, see the
/// [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [Policy].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<Policy> getIamPolicy(
core.String resource, {
core.int? options_requestedPolicyVersion,
core.String? $fields,
}) async {
final queryParams_ = <core.String, core.List<core.String>>{
'options.requestedPolicyVersion': ?options_requestedPolicyVersion == null
? null
: ['${options_requestedPolicyVersion}'],
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$resource') + ':getIamPolicy';
final response_ = await _requester.request(
url_,
'GET',
queryParams: queryParams_,
);
return Policy.fromJson(response_ as core.Map<core.String, core.dynamic>);
}
/// Sets the access control policy on the specified resource.
///
/// Replaces any existing policy. Can return `NOT_FOUND`, `INVALID_ARGUMENT`,
/// and `PERMISSION_DENIED` errors.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [resource] - REQUIRED: The resource for which the policy is being
/// specified. See
/// [Resource names](https://cloud.google.com/apis/design/resource_names) for
/// the appropriate value for this field.
/// Value must have pattern `^projects/\[^/\]+/locations/\[^/\]+/ekmConfig$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [Policy].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<Policy> setIamPolicy(
SetIamPolicyRequest request,
core.String resource, {
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$resource') + ':setIamPolicy';
final response_ = await _requester.request(
url_,
'POST',
body: body_,
queryParams: queryParams_,
);
return Policy.fromJson(response_ as core.Map<core.String, core.dynamic>);
}
/// Returns permissions that a caller has on the specified resource.
///
/// If the resource does not exist, this will return an empty set of
/// permissions, not a `NOT_FOUND` error. Note: This operation is designed to
/// be used for building permission-aware UIs and command-line tools, not for
/// authorization checking. This operation may "fail open" without warning.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [resource] - REQUIRED: The resource for which the policy detail is being
/// requested. See
/// [Resource names](https://cloud.google.com/apis/design/resource_names) for
/// the appropriate value for this field.
/// Value must have pattern `^projects/\[^/\]+/locations/\[^/\]+/ekmConfig$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [TestIamPermissionsResponse].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<TestIamPermissionsResponse> testIamPermissions(
TestIamPermissionsRequest request,
core.String resource, {
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
'fields': ?$fields == null ? null : [$fields],
};
final url_ =
'v1/' + core.Uri.encodeFull('$resource') + ':testIamPermissions';
final response_ = await _requester.request(
url_,
'POST',
body: body_,
queryParams: queryParams_,
);
return TestIamPermissionsResponse.fromJson(
response_ as core.Map<core.String, core.dynamic>,
);
}
}
class ProjectsLocationsEkmConnectionsResource {
final commons.ApiRequester _requester;
ProjectsLocationsEkmConnectionsResource(commons.ApiRequester client)
: _requester = client;
/// Creates a new EkmConnection in a given Project and Location.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [parent] - Required. The resource name of the location associated with the
/// EkmConnection, in the format `projects / * /locations / * `.
/// Value must have pattern `^projects/\[^/\]+/locations/\[^/\]+$`.
///
/// [ekmConnectionId] - Required. It must be unique within a location and
/// match the regular expression `[a-zA-Z0-9_-]{1,63}`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [EkmConnection].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<EkmConnection> create(
EkmConnection request,
core.String parent, {
core.String? ekmConnectionId,
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
'ekmConnectionId': ?ekmConnectionId == null ? null : [ekmConnectionId],
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$parent') + '/ekmConnections';
final response_ = await _requester.request(
url_,
'POST',
body: body_,
queryParams: queryParams_,
);
return EkmConnection.fromJson(
response_ as core.Map<core.String, core.dynamic>,
);
}
/// Returns metadata for a given EkmConnection.
///
/// Request parameters:
///
/// [name] - Required. The name of the EkmConnection to get.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/ekmConnections/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [EkmConnection].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<EkmConnection> get(
core.String name, {
core.String? $fields,
}) async {
final queryParams_ = <core.String, core.List<core.String>>{
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$name');
final response_ = await _requester.request(
url_,
'GET',
queryParams: queryParams_,
);
return EkmConnection.fromJson(
response_ as core.Map<core.String, core.dynamic>,
);
}
/// Gets the access control policy for a resource.
///
/// Returns an empty policy if the resource exists and does not have a policy
/// set.
///
/// Request parameters:
///
/// [resource] - REQUIRED: The resource for which the policy is being
/// requested. See
/// [Resource names](https://cloud.google.com/apis/design/resource_names) for
/// the appropriate value for this field.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/ekmConnections/\[^/\]+$`.
///
/// [options_requestedPolicyVersion] - Optional. The maximum policy version
/// that will be used to format the policy. Valid values are 0, 1, and 3.
/// Requests specifying an invalid value will be rejected. Requests for
/// policies with any conditional role bindings must specify version 3.
/// Policies with no conditional role bindings may specify any valid value or
/// leave the field unset. The policy in the response might use the policy
/// version that you specified, or it might use a lower policy version. For
/// example, if you specify version 3, but the policy has no conditional role
/// bindings, the response uses version 1. To learn which resources support
/// conditions in their IAM policies, see the
/// [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [Policy].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<Policy> getIamPolicy(
core.String resource, {
core.int? options_requestedPolicyVersion,
core.String? $fields,
}) async {
final queryParams_ = <core.String, core.List<core.String>>{
'options.requestedPolicyVersion': ?options_requestedPolicyVersion == null
? null
: ['${options_requestedPolicyVersion}'],
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$resource') + ':getIamPolicy';
final response_ = await _requester.request(
url_,
'GET',
queryParams: queryParams_,
);
return Policy.fromJson(response_ as core.Map<core.String, core.dynamic>);
}
/// Lists EkmConnections.
///
/// Request parameters:
///
/// [parent] - Required. The resource name of the location associated with the
/// EkmConnections to list, in the format `projects / * /locations / * `.
/// Value must have pattern `^projects/\[^/\]+/locations/\[^/\]+$`.
///
/// [filter] - Optional. Only include resources that match the filter in the
/// response. For more information, see
/// [Sorting and filtering list results](https://cloud.google.com/kms/docs/sorting-and-filtering).
///
/// [orderBy] - Optional. Specify how the results should be sorted. If not
/// specified, the results will be sorted in the default order. For more
/// information, see
/// [Sorting and filtering list results](https://cloud.google.com/kms/docs/sorting-and-filtering).
///
/// [pageSize] - Optional. Optional limit on the number of EkmConnections to
/// include in the response. Further EkmConnections can subsequently be
/// obtained by including the ListEkmConnectionsResponse.next_page_token in a
/// subsequent request. If unspecified, the server will pick an appropriate
/// default.
///
/// [pageToken] - Optional. Optional pagination token, returned earlier via
/// ListEkmConnectionsResponse.next_page_token.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [ListEkmConnectionsResponse].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<ListEkmConnectionsResponse> list(
core.String parent, {
core.String? filter,
core.String? orderBy,
core.int? pageSize,
core.String? pageToken,
core.String? $fields,
}) async {
final queryParams_ = <core.String, core.List<core.String>>{
'filter': ?filter == null ? null : [filter],
'orderBy': ?orderBy == null ? null : [orderBy],
'pageSize': ?pageSize == null ? null : ['${pageSize}'],
'pageToken': ?pageToken == null ? null : [pageToken],
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$parent') + '/ekmConnections';
final response_ = await _requester.request(
url_,
'GET',
queryParams: queryParams_,
);
return ListEkmConnectionsResponse.fromJson(
response_ as core.Map<core.String, core.dynamic>,
);
}
/// Updates an EkmConnection's metadata.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [name] - Output only. The resource name for the EkmConnection in the
/// format `projects / * /locations / * /ekmConnections / * `.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/ekmConnections/\[^/\]+$`.
///
/// [updateMask] - Required. List of fields to be updated in this request.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [EkmConnection].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<EkmConnection> patch(
EkmConnection request,
core.String name, {
core.String? updateMask,
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
'updateMask': ?updateMask == null ? null : [updateMask],
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$name');
final response_ = await _requester.request(
url_,
'PATCH',
body: body_,
queryParams: queryParams_,
);
return EkmConnection.fromJson(
response_ as core.Map<core.String, core.dynamic>,
);
}
/// Sets the access control policy on the specified resource.
///
/// Replaces any existing policy. Can return `NOT_FOUND`, `INVALID_ARGUMENT`,
/// and `PERMISSION_DENIED` errors.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [resource] - REQUIRED: The resource for which the policy is being
/// specified. See
/// [Resource names](https://cloud.google.com/apis/design/resource_names) for
/// the appropriate value for this field.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/ekmConnections/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [Policy].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<Policy> setIamPolicy(
SetIamPolicyRequest request,
core.String resource, {
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$resource') + ':setIamPolicy';
final response_ = await _requester.request(
url_,
'POST',
body: body_,
queryParams: queryParams_,
);
return Policy.fromJson(response_ as core.Map<core.String, core.dynamic>);
}
/// Returns permissions that a caller has on the specified resource.
///
/// If the resource does not exist, this will return an empty set of
/// permissions, not a `NOT_FOUND` error. Note: This operation is designed to
/// be used for building permission-aware UIs and command-line tools, not for
/// authorization checking. This operation may "fail open" without warning.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [resource] - REQUIRED: The resource for which the policy detail is being
/// requested. See
/// [Resource names](https://cloud.google.com/apis/design/resource_names) for
/// the appropriate value for this field.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/ekmConnections/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [TestIamPermissionsResponse].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<TestIamPermissionsResponse> testIamPermissions(
TestIamPermissionsRequest request,
core.String resource, {
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
'fields': ?$fields == null ? null : [$fields],
};
final url_ =
'v1/' + core.Uri.encodeFull('$resource') + ':testIamPermissions';
final response_ = await _requester.request(
url_,
'POST',
body: body_,
queryParams: queryParams_,
);
return TestIamPermissionsResponse.fromJson(
response_ as core.Map<core.String, core.dynamic>,
);
}
/// Verifies that Cloud KMS can successfully connect to the external key
/// manager specified by an EkmConnection.
///
/// If there is an error connecting to the EKM, this method returns a
/// FAILED_PRECONDITION status containing structured information as described
/// at https://cloud.google.com/kms/docs/reference/ekm_errors.
///
/// Request parameters:
///
/// [name] - Required. The name of the EkmConnection to verify.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/ekmConnections/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [VerifyConnectivityResponse].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<VerifyConnectivityResponse> verifyConnectivity(
core.String name, {
core.String? $fields,
}) async {
final queryParams_ = <core.String, core.List<core.String>>{
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$name') + ':verifyConnectivity';
final response_ = await _requester.request(
url_,
'GET',
queryParams: queryParams_,
);
return VerifyConnectivityResponse.fromJson(
response_ as core.Map<core.String, core.dynamic>,
);
}
}
class ProjectsLocationsKeyHandlesResource {
final commons.ApiRequester _requester;
ProjectsLocationsKeyHandlesResource(commons.ApiRequester client)
: _requester = client;
/// Creates a new KeyHandle, triggering the provisioning of a new CryptoKey
/// for CMEK use with the given resource type in the configured key project
/// and the same location.
///
/// GetOperation should be used to resolve the resulting long-running
/// operation and get the resulting KeyHandle and CryptoKey.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [parent] - Required. Name of the resource project and location to create
/// the KeyHandle in, e.g. `projects/{PROJECT_ID}/locations/{LOCATION}`.
/// Value must have pattern `^projects/\[^/\]+/locations/\[^/\]+$`.
///
/// [keyHandleId] - Optional. Id of the KeyHandle. Must be unique to the
/// resource project and location. If not provided by the caller, a new UUID
/// is used.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [Operation].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<Operation> create(
KeyHandle request,
core.String parent, {
core.String? keyHandleId,
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
'keyHandleId': ?keyHandleId == null ? null : [keyHandleId],
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$parent') + '/keyHandles';
final response_ = await _requester.request(
url_,
'POST',
body: body_,
queryParams: queryParams_,
);
return Operation.fromJson(response_ as core.Map<core.String, core.dynamic>);
}
/// Returns the KeyHandle.
///
/// Request parameters:
///
/// [name] - Required. Name of the KeyHandle resource, e.g.
/// `projects/{PROJECT_ID}/locations/{LOCATION}/keyHandles/{KEY_HANDLE_ID}`.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/keyHandles/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [KeyHandle].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<KeyHandle> get(core.String name, {core.String? $fields}) async {
final queryParams_ = <core.String, core.List<core.String>>{
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$name');
final response_ = await _requester.request(
url_,
'GET',
queryParams: queryParams_,
);
return KeyHandle.fromJson(response_ as core.Map<core.String, core.dynamic>);
}
/// Lists KeyHandles.
///
/// Request parameters:
///
/// [parent] - Required. Name of the resource project and location from which
/// to list KeyHandles, e.g. `projects/{PROJECT_ID}/locations/{LOCATION}`.
/// Value must have pattern `^projects/\[^/\]+/locations/\[^/\]+$`.
///
/// [filter] - Optional. Filter to apply when listing KeyHandles, e.g.
/// `resource_type_selector="{SERVICE}.googleapis.com/{TYPE}"`.
///
/// [pageSize] - Optional. Optional limit on the number of KeyHandles to
/// include in the response. The service may return fewer than this value.
/// Further KeyHandles can subsequently be obtained by including the
/// ListKeyHandlesResponse.next_page_token in a subsequent request. If
/// unspecified, at most 100 KeyHandles will be returned.
///
/// [pageToken] - Optional. Optional pagination token, returned earlier via
/// ListKeyHandlesResponse.next_page_token.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [ListKeyHandlesResponse].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<ListKeyHandlesResponse> list(
core.String parent, {
core.String? filter,
core.int? pageSize,
core.String? pageToken,
core.String? $fields,
}) async {
final queryParams_ = <core.String, core.List<core.String>>{
'filter': ?filter == null ? null : [filter],
'pageSize': ?pageSize == null ? null : ['${pageSize}'],
'pageToken': ?pageToken == null ? null : [pageToken],
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$parent') + '/keyHandles';
final response_ = await _requester.request(
url_,
'GET',
queryParams: queryParams_,
);
return ListKeyHandlesResponse.fromJson(
response_ as core.Map<core.String, core.dynamic>,
);
}
}
class ProjectsLocationsKeyRingsResource {
final commons.ApiRequester _requester;
ProjectsLocationsKeyRingsCryptoKeysResource get cryptoKeys =>
ProjectsLocationsKeyRingsCryptoKeysResource(_requester);
ProjectsLocationsKeyRingsImportJobsResource get importJobs =>
ProjectsLocationsKeyRingsImportJobsResource(_requester);
ProjectsLocationsKeyRingsResource(commons.ApiRequester client)
: _requester = client;
/// Create a new KeyRing in a given Project and Location.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [parent] - Required. The resource name of the location associated with the
/// KeyRings, in the format `projects / * /locations / * `.
/// Value must have pattern `^projects/\[^/\]+/locations/\[^/\]+$`.
///
/// [keyRingId] - Required. It must be unique within a location and match the
/// regular expression `[a-zA-Z0-9_-]{1,63}`
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [KeyRing].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<KeyRing> create(
KeyRing request,
core.String parent, {
core.String? keyRingId,
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
'keyRingId': ?keyRingId == null ? null : [keyRingId],
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$parent') + '/keyRings';
final response_ = await _requester.request(
url_,
'POST',
body: body_,
queryParams: queryParams_,
);
return KeyRing.fromJson(response_ as core.Map<core.String, core.dynamic>);
}
/// Returns metadata for a given KeyRing.
///
/// Request parameters:
///
/// [name] - Required. The name of the KeyRing to get.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [KeyRing].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<KeyRing> get(core.String name, {core.String? $fields}) async {
final queryParams_ = <core.String, core.List<core.String>>{
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$name');
final response_ = await _requester.request(
url_,
'GET',
queryParams: queryParams_,
);
return KeyRing.fromJson(response_ as core.Map<core.String, core.dynamic>);
}
/// Gets the access control policy for a resource.
///
/// Returns an empty policy if the resource exists and does not have a policy
/// set.
///
/// Request parameters:
///
/// [resource] - REQUIRED: The resource for which the policy is being
/// requested. See
/// [Resource names](https://cloud.google.com/apis/design/resource_names) for
/// the appropriate value for this field.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+$`.
///
/// [options_requestedPolicyVersion] - Optional. The maximum policy version
/// that will be used to format the policy. Valid values are 0, 1, and 3.
/// Requests specifying an invalid value will be rejected. Requests for
/// policies with any conditional role bindings must specify version 3.
/// Policies with no conditional role bindings may specify any valid value or
/// leave the field unset. The policy in the response might use the policy
/// version that you specified, or it might use a lower policy version. For
/// example, if you specify version 3, but the policy has no conditional role
/// bindings, the response uses version 1. To learn which resources support
/// conditions in their IAM policies, see the
/// [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [Policy].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<Policy> getIamPolicy(
core.String resource, {
core.int? options_requestedPolicyVersion,
core.String? $fields,
}) async {
final queryParams_ = <core.String, core.List<core.String>>{
'options.requestedPolicyVersion': ?options_requestedPolicyVersion == null
? null
: ['${options_requestedPolicyVersion}'],
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$resource') + ':getIamPolicy';
final response_ = await _requester.request(
url_,
'GET',
queryParams: queryParams_,
);
return Policy.fromJson(response_ as core.Map<core.String, core.dynamic>);
}
/// Lists KeyRings.
///
/// Request parameters:
///
/// [parent] - Required. The resource name of the location associated with the
/// KeyRings, in the format `projects / * /locations / * `.
/// Value must have pattern `^projects/\[^/\]+/locations/\[^/\]+$`.
///
/// [filter] - Optional. Only include resources that match the filter in the
/// response. For more information, see
/// [Sorting and filtering list results](https://cloud.google.com/kms/docs/sorting-and-filtering).
///
/// [orderBy] - Optional. Specify how the results should be sorted. If not
/// specified, the results will be sorted in the default order. For more
/// information, see
/// [Sorting and filtering list results](https://cloud.google.com/kms/docs/sorting-and-filtering).
///
/// [pageSize] - Optional. Optional limit on the number of KeyRings to include
/// in the response. Further KeyRings can subsequently be obtained by
/// including the ListKeyRingsResponse.next_page_token in a subsequent
/// request. If unspecified, the server will pick an appropriate default.
///
/// [pageToken] - Optional. Optional pagination token, returned earlier via
/// ListKeyRingsResponse.next_page_token.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [ListKeyRingsResponse].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<ListKeyRingsResponse> list(
core.String parent, {
core.String? filter,
core.String? orderBy,
core.int? pageSize,
core.String? pageToken,
core.String? $fields,
}) async {
final queryParams_ = <core.String, core.List<core.String>>{
'filter': ?filter == null ? null : [filter],
'orderBy': ?orderBy == null ? null : [orderBy],
'pageSize': ?pageSize == null ? null : ['${pageSize}'],
'pageToken': ?pageToken == null ? null : [pageToken],
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$parent') + '/keyRings';
final response_ = await _requester.request(
url_,
'GET',
queryParams: queryParams_,
);
return ListKeyRingsResponse.fromJson(
response_ as core.Map<core.String, core.dynamic>,
);
}
/// Sets the access control policy on the specified resource.
///
/// Replaces any existing policy. Can return `NOT_FOUND`, `INVALID_ARGUMENT`,
/// and `PERMISSION_DENIED` errors.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [resource] - REQUIRED: The resource for which the policy is being
/// specified. See
/// [Resource names](https://cloud.google.com/apis/design/resource_names) for
/// the appropriate value for this field.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [Policy].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<Policy> setIamPolicy(
SetIamPolicyRequest request,
core.String resource, {
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$resource') + ':setIamPolicy';
final response_ = await _requester.request(
url_,
'POST',
body: body_,
queryParams: queryParams_,
);
return Policy.fromJson(response_ as core.Map<core.String, core.dynamic>);
}
/// Returns permissions that a caller has on the specified resource.
///
/// If the resource does not exist, this will return an empty set of
/// permissions, not a `NOT_FOUND` error. Note: This operation is designed to
/// be used for building permission-aware UIs and command-line tools, not for
/// authorization checking. This operation may "fail open" without warning.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [resource] - REQUIRED: The resource for which the policy detail is being
/// requested. See
/// [Resource names](https://cloud.google.com/apis/design/resource_names) for
/// the appropriate value for this field.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [TestIamPermissionsResponse].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<TestIamPermissionsResponse> testIamPermissions(
TestIamPermissionsRequest request,
core.String resource, {
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
'fields': ?$fields == null ? null : [$fields],
};
final url_ =
'v1/' + core.Uri.encodeFull('$resource') + ':testIamPermissions';
final response_ = await _requester.request(
url_,
'POST',
body: body_,
queryParams: queryParams_,
);
return TestIamPermissionsResponse.fromJson(
response_ as core.Map<core.String, core.dynamic>,
);
}
}
class ProjectsLocationsKeyRingsCryptoKeysResource {
final commons.ApiRequester _requester;
ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsResource
get cryptoKeyVersions =>
ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsResource(_requester);
ProjectsLocationsKeyRingsCryptoKeysResource(commons.ApiRequester client)
: _requester = client;
/// Create a new CryptoKey within a KeyRing.
///
/// CryptoKey.purpose and CryptoKey.version_template.algorithm are required.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [parent] - Required. The name of the KeyRing associated with the
/// CryptoKeys.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+$`.
///
/// [cryptoKeyId] - Required. It must be unique within a KeyRing and match the
/// regular expression `[a-zA-Z0-9_-]{1,63}`
///
/// [skipInitialVersionCreation] - If set to true, the request will create a
/// CryptoKey without any CryptoKeyVersions. You must manually call
/// CreateCryptoKeyVersion or ImportCryptoKeyVersion before you can use this
/// CryptoKey.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [CryptoKey].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<CryptoKey> create(
CryptoKey request,
core.String parent, {
core.String? cryptoKeyId,
core.bool? skipInitialVersionCreation,
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
'cryptoKeyId': ?cryptoKeyId == null ? null : [cryptoKeyId],
'skipInitialVersionCreation': ?skipInitialVersionCreation == null
? null
: ['${skipInitialVersionCreation}'],
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$parent') + '/cryptoKeys';
final response_ = await _requester.request(
url_,
'POST',
body: body_,
queryParams: queryParams_,
);
return CryptoKey.fromJson(response_ as core.Map<core.String, core.dynamic>);
}
/// Decrypts data that was protected by Encrypt.
///
/// The CryptoKey.purpose must be ENCRYPT_DECRYPT.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [name] - Required. The resource name of the CryptoKey to use for
/// decryption. The server will choose the appropriate version.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+/cryptoKeys/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [DecryptResponse].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<DecryptResponse> decrypt(
DecryptRequest request,
core.String name, {
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$name') + ':decrypt';
final response_ = await _requester.request(
url_,
'POST',
body: body_,
queryParams: queryParams_,
);
return DecryptResponse.fromJson(
response_ as core.Map<core.String, core.dynamic>,
);
}
/// Permanently deletes the given CryptoKey.
///
/// All child CryptoKeyVersions must have been previously deleted using
/// KeyManagementService.DeleteCryptoKeyVersion. The specified crypto key will
/// be immediately and permanently deleted upon calling this method. This
/// action cannot be undone.
///
/// Request parameters:
///
/// [name] - Required. The name of the CryptoKey to delete.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+/cryptoKeys/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [Operation].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<Operation> delete(
core.String name, {
core.String? $fields,
}) async {
final queryParams_ = <core.String, core.List<core.String>>{
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$name');
final response_ = await _requester.request(
url_,
'DELETE',
queryParams: queryParams_,
);
return Operation.fromJson(response_ as core.Map<core.String, core.dynamic>);
}
/// Encrypts data, so that it can only be recovered by a call to Decrypt.
///
/// The CryptoKey.purpose must be ENCRYPT_DECRYPT.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [name] - Required. The resource name of the CryptoKey or CryptoKeyVersion
/// to use for encryption. If a CryptoKey is specified, the server will use
/// its primary version.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+/cryptoKeys/.*$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [EncryptResponse].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<EncryptResponse> encrypt(
EncryptRequest request,
core.String name, {
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$name') + ':encrypt';
final response_ = await _requester.request(
url_,
'POST',
body: body_,
queryParams: queryParams_,
);
return EncryptResponse.fromJson(
response_ as core.Map<core.String, core.dynamic>,
);
}
/// Returns metadata for a given CryptoKey, as well as its primary
/// CryptoKeyVersion.
///
/// Request parameters:
///
/// [name] - Required. The name of the CryptoKey to get.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+/cryptoKeys/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [CryptoKey].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<CryptoKey> get(core.String name, {core.String? $fields}) async {
final queryParams_ = <core.String, core.List<core.String>>{
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$name');
final response_ = await _requester.request(
url_,
'GET',
queryParams: queryParams_,
);
return CryptoKey.fromJson(response_ as core.Map<core.String, core.dynamic>);
}
/// Gets the access control policy for a resource.
///
/// Returns an empty policy if the resource exists and does not have a policy
/// set.
///
/// Request parameters:
///
/// [resource] - REQUIRED: The resource for which the policy is being
/// requested. See
/// [Resource names](https://cloud.google.com/apis/design/resource_names) for
/// the appropriate value for this field.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+/cryptoKeys/\[^/\]+$`.
///
/// [options_requestedPolicyVersion] - Optional. The maximum policy version
/// that will be used to format the policy. Valid values are 0, 1, and 3.
/// Requests specifying an invalid value will be rejected. Requests for
/// policies with any conditional role bindings must specify version 3.
/// Policies with no conditional role bindings may specify any valid value or
/// leave the field unset. The policy in the response might use the policy
/// version that you specified, or it might use a lower policy version. For
/// example, if you specify version 3, but the policy has no conditional role
/// bindings, the response uses version 1. To learn which resources support
/// conditions in their IAM policies, see the
/// [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [Policy].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<Policy> getIamPolicy(
core.String resource, {
core.int? options_requestedPolicyVersion,
core.String? $fields,
}) async {
final queryParams_ = <core.String, core.List<core.String>>{
'options.requestedPolicyVersion': ?options_requestedPolicyVersion == null
? null
: ['${options_requestedPolicyVersion}'],
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$resource') + ':getIamPolicy';
final response_ = await _requester.request(
url_,
'GET',
queryParams: queryParams_,
);
return Policy.fromJson(response_ as core.Map<core.String, core.dynamic>);
}
/// Lists CryptoKeys.
///
/// Request parameters:
///
/// [parent] - Required. The resource name of the KeyRing to list, in the
/// format `projects / * /locations / * /keyRings / * `.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+$`.
///
/// [filter] - Optional. Only include resources that match the filter in the
/// response. For more information, see
/// [Sorting and filtering list results](https://cloud.google.com/kms/docs/sorting-and-filtering).
///
/// [orderBy] - Optional. Specify how the results should be sorted. If not
/// specified, the results will be sorted in the default order. For more
/// information, see
/// [Sorting and filtering list results](https://cloud.google.com/kms/docs/sorting-and-filtering).
///
/// [pageSize] - Optional. Optional limit on the number of CryptoKeys to
/// include in the response. Further CryptoKeys can subsequently be obtained
/// by including the ListCryptoKeysResponse.next_page_token in a subsequent
/// request. If unspecified, the server will pick an appropriate default.
///
/// [pageToken] - Optional. Optional pagination token, returned earlier via
/// ListCryptoKeysResponse.next_page_token.
///
/// [versionView] - The fields of the primary version to include in the
/// response.
/// Possible string values are:
/// - "CRYPTO_KEY_VERSION_VIEW_UNSPECIFIED" : Default view for each
/// CryptoKeyVersion. Does not include the attestation field.
/// - "FULL" : Provides all fields in each CryptoKeyVersion, including the
/// attestation.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [ListCryptoKeysResponse].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<ListCryptoKeysResponse> list(
core.String parent, {
core.String? filter,
core.String? orderBy,
core.int? pageSize,
core.String? pageToken,
core.String? versionView,
core.String? $fields,
}) async {
final queryParams_ = <core.String, core.List<core.String>>{
'filter': ?filter == null ? null : [filter],
'orderBy': ?orderBy == null ? null : [orderBy],
'pageSize': ?pageSize == null ? null : ['${pageSize}'],
'pageToken': ?pageToken == null ? null : [pageToken],
'versionView': ?versionView == null ? null : [versionView],
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$parent') + '/cryptoKeys';
final response_ = await _requester.request(
url_,
'GET',
queryParams: queryParams_,
);
return ListCryptoKeysResponse.fromJson(
response_ as core.Map<core.String, core.dynamic>,
);
}
/// Update a CryptoKey.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [name] - Output only. The resource name for this CryptoKey in the format
/// `projects / * /locations / * /keyRings / * /cryptoKeys / * `.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+/cryptoKeys/\[^/\]+$`.
///
/// [updateMask] - Required. List of fields to be updated in this request.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [CryptoKey].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<CryptoKey> patch(
CryptoKey request,
core.String name, {
core.String? updateMask,
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
'updateMask': ?updateMask == null ? null : [updateMask],
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$name');
final response_ = await _requester.request(
url_,
'PATCH',
body: body_,
queryParams: queryParams_,
);
return CryptoKey.fromJson(response_ as core.Map<core.String, core.dynamic>);
}
/// Sets the access control policy on the specified resource.
///
/// Replaces any existing policy. Can return `NOT_FOUND`, `INVALID_ARGUMENT`,
/// and `PERMISSION_DENIED` errors.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [resource] - REQUIRED: The resource for which the policy is being
/// specified. See
/// [Resource names](https://cloud.google.com/apis/design/resource_names) for
/// the appropriate value for this field.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+/cryptoKeys/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [Policy].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<Policy> setIamPolicy(
SetIamPolicyRequest request,
core.String resource, {
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$resource') + ':setIamPolicy';
final response_ = await _requester.request(
url_,
'POST',
body: body_,
queryParams: queryParams_,
);
return Policy.fromJson(response_ as core.Map<core.String, core.dynamic>);
}
/// Returns permissions that a caller has on the specified resource.
///
/// If the resource does not exist, this will return an empty set of
/// permissions, not a `NOT_FOUND` error. Note: This operation is designed to
/// be used for building permission-aware UIs and command-line tools, not for
/// authorization checking. This operation may "fail open" without warning.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [resource] - REQUIRED: The resource for which the policy detail is being
/// requested. See
/// [Resource names](https://cloud.google.com/apis/design/resource_names) for
/// the appropriate value for this field.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+/cryptoKeys/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [TestIamPermissionsResponse].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<TestIamPermissionsResponse> testIamPermissions(
TestIamPermissionsRequest request,
core.String resource, {
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
'fields': ?$fields == null ? null : [$fields],
};
final url_ =
'v1/' + core.Uri.encodeFull('$resource') + ':testIamPermissions';
final response_ = await _requester.request(
url_,
'POST',
body: body_,
queryParams: queryParams_,
);
return TestIamPermissionsResponse.fromJson(
response_ as core.Map<core.String, core.dynamic>,
);
}
/// Update the version of a CryptoKey that will be used in Encrypt.
///
/// Returns an error if called on a key whose purpose is not ENCRYPT_DECRYPT.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [name] - Required. The resource name of the CryptoKey to update.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+/cryptoKeys/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [CryptoKey].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<CryptoKey> updatePrimaryVersion(
UpdateCryptoKeyPrimaryVersionRequest request,
core.String name, {
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$name') + ':updatePrimaryVersion';
final response_ = await _requester.request(
url_,
'POST',
body: body_,
queryParams: queryParams_,
);
return CryptoKey.fromJson(response_ as core.Map<core.String, core.dynamic>);
}
}
class ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsResource {
final commons.ApiRequester _requester;
ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsResource(
commons.ApiRequester client,
) : _requester = client;
/// Decrypts data that was encrypted with a public key retrieved from
/// GetPublicKey corresponding to a CryptoKeyVersion with CryptoKey.purpose
/// ASYMMETRIC_DECRYPT.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [name] - Required. The resource name of the CryptoKeyVersion to use for
/// decryption.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+/cryptoKeys/\[^/\]+/cryptoKeyVersions/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [AsymmetricDecryptResponse].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<AsymmetricDecryptResponse> asymmetricDecrypt(
AsymmetricDecryptRequest request,
core.String name, {
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$name') + ':asymmetricDecrypt';
final response_ = await _requester.request(
url_,
'POST',
body: body_,
queryParams: queryParams_,
);
return AsymmetricDecryptResponse.fromJson(
response_ as core.Map<core.String, core.dynamic>,
);
}
/// Signs data using a CryptoKeyVersion with CryptoKey.purpose
/// ASYMMETRIC_SIGN, producing a signature that can be verified with the
/// public key retrieved from GetPublicKey.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [name] - Required. The resource name of the CryptoKeyVersion to use for
/// signing.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+/cryptoKeys/\[^/\]+/cryptoKeyVersions/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [AsymmetricSignResponse].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<AsymmetricSignResponse> asymmetricSign(
AsymmetricSignRequest request,
core.String name, {
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$name') + ':asymmetricSign';
final response_ = await _requester.request(
url_,
'POST',
body: body_,
queryParams: queryParams_,
);
return AsymmetricSignResponse.fromJson(
response_ as core.Map<core.String, core.dynamic>,
);
}
/// Create a new CryptoKeyVersion in a CryptoKey.
///
/// The server will assign the next sequential id. If unset, state will be set
/// to ENABLED.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [parent] - Required. The name of the CryptoKey associated with the
/// CryptoKeyVersions.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+/cryptoKeys/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [CryptoKeyVersion].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<CryptoKeyVersion> create(
CryptoKeyVersion request,
core.String parent, {
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$parent') + '/cryptoKeyVersions';
final response_ = await _requester.request(
url_,
'POST',
body: body_,
queryParams: queryParams_,
);
return CryptoKeyVersion.fromJson(
response_ as core.Map<core.String, core.dynamic>,
);
}
/// Decapsulates data that was encapsulated with a public key retrieved from
/// GetPublicKey corresponding to a CryptoKeyVersion with CryptoKey.purpose
/// KEY_ENCAPSULATION.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [name] - Required. The resource name of the CryptoKeyVersion to use for
/// decapsulation.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+/cryptoKeys/\[^/\]+/cryptoKeyVersions/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [DecapsulateResponse].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<DecapsulateResponse> decapsulate(
DecapsulateRequest request,
core.String name, {
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$name') + ':decapsulate';
final response_ = await _requester.request(
url_,
'POST',
body: body_,
queryParams: queryParams_,
);
return DecapsulateResponse.fromJson(
response_ as core.Map<core.String, core.dynamic>,
);
}
/// Permanently deletes the given CryptoKeyVersion.
///
/// Only possible if the version has not been previously imported and if its
/// state is one of DESTROYED, IMPORT_FAILED, or GENERATION_FAILED.
/// Successfully imported CryptoKeyVersions cannot be deleted at this time.
/// The specified version will be immediately and permanently deleted upon
/// calling this method. This action cannot be undone.
///
/// Request parameters:
///
/// [name] - Required. The name of the CryptoKeyVersion to delete.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+/cryptoKeys/\[^/\]+/cryptoKeyVersions/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [Operation].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<Operation> delete(
core.String name, {
core.String? $fields,
}) async {
final queryParams_ = <core.String, core.List<core.String>>{
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$name');
final response_ = await _requester.request(
url_,
'DELETE',
queryParams: queryParams_,
);
return Operation.fromJson(response_ as core.Map<core.String, core.dynamic>);
}
/// Schedule a CryptoKeyVersion for destruction.
///
/// Upon calling this method, CryptoKeyVersion.state will be set to
/// DESTROY_SCHEDULED, and destroy_time will be set to the time
/// destroy_scheduled_duration in the future. At that time, the state will
/// automatically change to DESTROYED, and the key material will be
/// irrevocably destroyed. Before the destroy_time is reached,
/// RestoreCryptoKeyVersion may be called to reverse the process.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [name] - Required. The resource name of the CryptoKeyVersion to destroy.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+/cryptoKeys/\[^/\]+/cryptoKeyVersions/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [CryptoKeyVersion].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<CryptoKeyVersion> destroy(
DestroyCryptoKeyVersionRequest request,
core.String name, {
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$name') + ':destroy';
final response_ = await _requester.request(
url_,
'POST',
body: body_,
queryParams: queryParams_,
);
return CryptoKeyVersion.fromJson(
response_ as core.Map<core.String, core.dynamic>,
);
}
/// Returns metadata for a given CryptoKeyVersion.
///
/// Request parameters:
///
/// [name] - Required. The name of the CryptoKeyVersion to get.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+/cryptoKeys/\[^/\]+/cryptoKeyVersions/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [CryptoKeyVersion].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<CryptoKeyVersion> get(
core.String name, {
core.String? $fields,
}) async {
final queryParams_ = <core.String, core.List<core.String>>{
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$name');
final response_ = await _requester.request(
url_,
'GET',
queryParams: queryParams_,
);
return CryptoKeyVersion.fromJson(
response_ as core.Map<core.String, core.dynamic>,
);
}
/// Returns the public key for the given CryptoKeyVersion.
///
/// The CryptoKey.purpose must be ASYMMETRIC_SIGN or ASYMMETRIC_DECRYPT.
///
/// Request parameters:
///
/// [name] - Required. The name of the CryptoKeyVersion public key to get.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+/cryptoKeys/\[^/\]+/cryptoKeyVersions/\[^/\]+$`.
///
/// [publicKeyFormat] - Optional. The PublicKey format specified by the user.
/// This field is required for PQC algorithms. If specified, the public key
/// will be exported through the public_key field in the requested format.
/// Otherwise, the pem field will be populated for non-PQC algorithms, and an
/// error will be returned for PQC algorithms.
/// Possible string values are:
/// - "PUBLIC_KEY_FORMAT_UNSPECIFIED" : If the public_key_format field is not
/// specified: - For PQC algorithms, an error will be returned. - For non-PQC
/// algorithms, the default format is PEM, and the field pem will be
/// populated. Otherwise, the public key will be exported through the
/// public_key field in the requested format.
/// - "PEM" : The returned public key will be encoded in PEM format. See the
/// [RFC7468](https://tools.ietf.org/html/rfc7468) sections for
/// [General Considerations](https://tools.ietf.org/html/rfc7468#section-2)
/// and
/// [Textual Encoding of Subject Public Key Info](https://tools.ietf.org/html/rfc7468#section-13)
/// for more information.
/// - "DER" : The returned public key will be encoded in DER format (the
/// PrivateKeyInfo structure from RFC 5208).
/// - "NIST_PQC" : This is supported only for PQC algorithms. The key material
/// is returned in the format defined by NIST PQC standards (FIPS 203, FIPS
/// 204, and FIPS 205).
/// - "XWING_RAW_BYTES" : The returned public key is in raw bytes format
/// defined in its standard
/// https://datatracker.ietf.org/doc/draft-connolly-cfrg-xwing-kem.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [PublicKey].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<PublicKey> getPublicKey(
core.String name, {
core.String? publicKeyFormat,
core.String? $fields,
}) async {
final queryParams_ = <core.String, core.List<core.String>>{
'publicKeyFormat': ?publicKeyFormat == null ? null : [publicKeyFormat],
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$name') + '/publicKey';
final response_ = await _requester.request(
url_,
'GET',
queryParams: queryParams_,
);
return PublicKey.fromJson(response_ as core.Map<core.String, core.dynamic>);
}
/// Import wrapped key material into a CryptoKeyVersion.
///
/// All requests must specify a CryptoKey. If a CryptoKeyVersion is
/// additionally specified in the request, key material will be reimported
/// into that version. Otherwise, a new version will be created, and will be
/// assigned the next sequential id within the CryptoKey.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [parent] - Required. The name of the CryptoKey to be imported into. The
/// create permission is only required on this key when creating a new
/// CryptoKeyVersion.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+/cryptoKeys/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [CryptoKeyVersion].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<CryptoKeyVersion> import(
ImportCryptoKeyVersionRequest request,
core.String parent, {
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
'fields': ?$fields == null ? null : [$fields],
};
final url_ =
'v1/' + core.Uri.encodeFull('$parent') + '/cryptoKeyVersions:import';
final response_ = await _requester.request(
url_,
'POST',
body: body_,
queryParams: queryParams_,
);
return CryptoKeyVersion.fromJson(
response_ as core.Map<core.String, core.dynamic>,
);
}
/// Lists CryptoKeyVersions.
///
/// Request parameters:
///
/// [parent] - Required. The resource name of the CryptoKey to list, in the
/// format `projects / * /locations / * /keyRings / * /cryptoKeys / * `.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+/cryptoKeys/\[^/\]+$`.
///
/// [filter] - Optional. Only include resources that match the filter in the
/// response. For more information, see
/// [Sorting and filtering list results](https://cloud.google.com/kms/docs/sorting-and-filtering).
///
/// [orderBy] - Optional. Specify how the results should be sorted. If not
/// specified, the results will be sorted in the default order. For more
/// information, see
/// [Sorting and filtering list results](https://cloud.google.com/kms/docs/sorting-and-filtering).
///
/// [pageSize] - Optional. Optional limit on the number of CryptoKeyVersions
/// to include in the response. Further CryptoKeyVersions can subsequently be
/// obtained by including the ListCryptoKeyVersionsResponse.next_page_token in
/// a subsequent request. If unspecified, the server will pick an appropriate
/// default.
///
/// [pageToken] - Optional. Optional pagination token, returned earlier via
/// ListCryptoKeyVersionsResponse.next_page_token.
///
/// [view] - The fields to include in the response.
/// Possible string values are:
/// - "CRYPTO_KEY_VERSION_VIEW_UNSPECIFIED" : Default view for each
/// CryptoKeyVersion. Does not include the attestation field.
/// - "FULL" : Provides all fields in each CryptoKeyVersion, including the
/// attestation.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [ListCryptoKeyVersionsResponse].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<ListCryptoKeyVersionsResponse> list(
core.String parent, {
core.String? filter,
core.String? orderBy,
core.int? pageSize,
core.String? pageToken,
core.String? view,
core.String? $fields,
}) async {
final queryParams_ = <core.String, core.List<core.String>>{
'filter': ?filter == null ? null : [filter],
'orderBy': ?orderBy == null ? null : [orderBy],
'pageSize': ?pageSize == null ? null : ['${pageSize}'],
'pageToken': ?pageToken == null ? null : [pageToken],
'view': ?view == null ? null : [view],
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$parent') + '/cryptoKeyVersions';
final response_ = await _requester.request(
url_,
'GET',
queryParams: queryParams_,
);
return ListCryptoKeyVersionsResponse.fromJson(
response_ as core.Map<core.String, core.dynamic>,
);
}
/// Signs data using a CryptoKeyVersion with CryptoKey.purpose MAC, producing
/// a tag that can be verified by another source with the same key.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [name] - Required. The resource name of the CryptoKeyVersion to use for
/// signing.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+/cryptoKeys/\[^/\]+/cryptoKeyVersions/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [MacSignResponse].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<MacSignResponse> macSign(
MacSignRequest request,
core.String name, {
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$name') + ':macSign';
final response_ = await _requester.request(
url_,
'POST',
body: body_,
queryParams: queryParams_,
);
return MacSignResponse.fromJson(
response_ as core.Map<core.String, core.dynamic>,
);
}
/// Verifies MAC tag using a CryptoKeyVersion with CryptoKey.purpose MAC, and
/// returns a response that indicates whether or not the verification was
/// successful.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [name] - Required. The resource name of the CryptoKeyVersion to use for
/// verification.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+/cryptoKeys/\[^/\]+/cryptoKeyVersions/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [MacVerifyResponse].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<MacVerifyResponse> macVerify(
MacVerifyRequest request,
core.String name, {
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$name') + ':macVerify';
final response_ = await _requester.request(
url_,
'POST',
body: body_,
queryParams: queryParams_,
);
return MacVerifyResponse.fromJson(
response_ as core.Map<core.String, core.dynamic>,
);
}
/// Update a CryptoKeyVersion's metadata.
///
/// state may be changed between ENABLED and DISABLED using this method. See
/// DestroyCryptoKeyVersion and RestoreCryptoKeyVersion to move between other
/// states.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [name] - Output only. The resource name for this CryptoKeyVersion in the
/// format `projects / * /locations / * /keyRings / * /cryptoKeys / *
/// /cryptoKeyVersions / * `.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+/cryptoKeys/\[^/\]+/cryptoKeyVersions/\[^/\]+$`.
///
/// [updateMask] - Required. List of fields to be updated in this request.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [CryptoKeyVersion].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<CryptoKeyVersion> patch(
CryptoKeyVersion request,
core.String name, {
core.String? updateMask,
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
'updateMask': ?updateMask == null ? null : [updateMask],
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$name');
final response_ = await _requester.request(
url_,
'PATCH',
body: body_,
queryParams: queryParams_,
);
return CryptoKeyVersion.fromJson(
response_ as core.Map<core.String, core.dynamic>,
);
}
/// Decrypts data that was originally encrypted using a raw cryptographic
/// mechanism.
///
/// The CryptoKey.purpose must be RAW_ENCRYPT_DECRYPT.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [name] - Required. The resource name of the CryptoKeyVersion to use for
/// decryption.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+/cryptoKeys/\[^/\]+/cryptoKeyVersions/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [RawDecryptResponse].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<RawDecryptResponse> rawDecrypt(
RawDecryptRequest request,
core.String name, {
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$name') + ':rawDecrypt';
final response_ = await _requester.request(
url_,
'POST',
body: body_,
queryParams: queryParams_,
);
return RawDecryptResponse.fromJson(
response_ as core.Map<core.String, core.dynamic>,
);
}
/// Encrypts data using portable cryptographic primitives.
///
/// Most users should choose Encrypt and Decrypt rather than their raw
/// counterparts. The CryptoKey.purpose must be RAW_ENCRYPT_DECRYPT.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [name] - Required. The resource name of the CryptoKeyVersion to use for
/// encryption.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+/cryptoKeys/\[^/\]+/cryptoKeyVersions/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [RawEncryptResponse].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<RawEncryptResponse> rawEncrypt(
RawEncryptRequest request,
core.String name, {
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$name') + ':rawEncrypt';
final response_ = await _requester.request(
url_,
'POST',
body: body_,
queryParams: queryParams_,
);
return RawEncryptResponse.fromJson(
response_ as core.Map<core.String, core.dynamic>,
);
}
/// Restore a CryptoKeyVersion in the DESTROY_SCHEDULED state.
///
/// Upon restoration of the CryptoKeyVersion, state will be set to DISABLED,
/// and destroy_time will be cleared.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [name] - Required. The resource name of the CryptoKeyVersion to restore.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+/cryptoKeys/\[^/\]+/cryptoKeyVersions/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [CryptoKeyVersion].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<CryptoKeyVersion> restore(
RestoreCryptoKeyVersionRequest request,
core.String name, {
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$name') + ':restore';
final response_ = await _requester.request(
url_,
'POST',
body: body_,
queryParams: queryParams_,
);
return CryptoKeyVersion.fromJson(
response_ as core.Map<core.String, core.dynamic>,
);
}
}
class ProjectsLocationsKeyRingsImportJobsResource {
final commons.ApiRequester _requester;
ProjectsLocationsKeyRingsImportJobsResource(commons.ApiRequester client)
: _requester = client;
/// Create a new ImportJob within a KeyRing.
///
/// ImportJob.import_method is required.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [parent] - Required. The name of the KeyRing associated with the
/// ImportJobs.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+$`.
///
/// [importJobId] - Required. It must be unique within a KeyRing and match the
/// regular expression `[a-zA-Z0-9_-]{1,63}`
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [ImportJob].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<ImportJob> create(
ImportJob request,
core.String parent, {
core.String? importJobId,
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
'importJobId': ?importJobId == null ? null : [importJobId],
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$parent') + '/importJobs';
final response_ = await _requester.request(
url_,
'POST',
body: body_,
queryParams: queryParams_,
);
return ImportJob.fromJson(response_ as core.Map<core.String, core.dynamic>);
}
/// Returns metadata for a given ImportJob.
///
/// Request parameters:
///
/// [name] - Required. The name of the ImportJob to get.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+/importJobs/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [ImportJob].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<ImportJob> get(core.String name, {core.String? $fields}) async {
final queryParams_ = <core.String, core.List<core.String>>{
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$name');
final response_ = await _requester.request(
url_,
'GET',
queryParams: queryParams_,
);
return ImportJob.fromJson(response_ as core.Map<core.String, core.dynamic>);
}
/// Gets the access control policy for a resource.
///
/// Returns an empty policy if the resource exists and does not have a policy
/// set.
///
/// Request parameters:
///
/// [resource] - REQUIRED: The resource for which the policy is being
/// requested. See
/// [Resource names](https://cloud.google.com/apis/design/resource_names) for
/// the appropriate value for this field.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+/importJobs/\[^/\]+$`.
///
/// [options_requestedPolicyVersion] - Optional. The maximum policy version
/// that will be used to format the policy. Valid values are 0, 1, and 3.
/// Requests specifying an invalid value will be rejected. Requests for
/// policies with any conditional role bindings must specify version 3.
/// Policies with no conditional role bindings may specify any valid value or
/// leave the field unset. The policy in the response might use the policy
/// version that you specified, or it might use a lower policy version. For
/// example, if you specify version 3, but the policy has no conditional role
/// bindings, the response uses version 1. To learn which resources support
/// conditions in their IAM policies, see the
/// [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [Policy].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<Policy> getIamPolicy(
core.String resource, {
core.int? options_requestedPolicyVersion,
core.String? $fields,
}) async {
final queryParams_ = <core.String, core.List<core.String>>{
'options.requestedPolicyVersion': ?options_requestedPolicyVersion == null
? null
: ['${options_requestedPolicyVersion}'],
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$resource') + ':getIamPolicy';
final response_ = await _requester.request(
url_,
'GET',
queryParams: queryParams_,
);
return Policy.fromJson(response_ as core.Map<core.String, core.dynamic>);
}
/// Lists ImportJobs.
///
/// Request parameters:
///
/// [parent] - Required. The resource name of the KeyRing to list, in the
/// format `projects / * /locations / * /keyRings / * `.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+$`.
///
/// [filter] - Optional. Only include resources that match the filter in the
/// response. For more information, see
/// [Sorting and filtering list results](https://cloud.google.com/kms/docs/sorting-and-filtering).
///
/// [orderBy] - Optional. Specify how the results should be sorted. If not
/// specified, the results will be sorted in the default order. For more
/// information, see
/// [Sorting and filtering list results](https://cloud.google.com/kms/docs/sorting-and-filtering).
///
/// [pageSize] - Optional. Optional limit on the number of ImportJobs to
/// include in the response. Further ImportJobs can subsequently be obtained
/// by including the ListImportJobsResponse.next_page_token in a subsequent
/// request. If unspecified, the server will pick an appropriate default.
///
/// [pageToken] - Optional. Optional pagination token, returned earlier via
/// ListImportJobsResponse.next_page_token.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [ListImportJobsResponse].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<ListImportJobsResponse> list(
core.String parent, {
core.String? filter,
core.String? orderBy,
core.int? pageSize,
core.String? pageToken,
core.String? $fields,
}) async {
final queryParams_ = <core.String, core.List<core.String>>{
'filter': ?filter == null ? null : [filter],
'orderBy': ?orderBy == null ? null : [orderBy],
'pageSize': ?pageSize == null ? null : ['${pageSize}'],
'pageToken': ?pageToken == null ? null : [pageToken],
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$parent') + '/importJobs';
final response_ = await _requester.request(
url_,
'GET',
queryParams: queryParams_,
);
return ListImportJobsResponse.fromJson(
response_ as core.Map<core.String, core.dynamic>,
);
}
/// Sets the access control policy on the specified resource.
///
/// Replaces any existing policy. Can return `NOT_FOUND`, `INVALID_ARGUMENT`,
/// and `PERMISSION_DENIED` errors.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [resource] - REQUIRED: The resource for which the policy is being
/// specified. See
/// [Resource names](https://cloud.google.com/apis/design/resource_names) for
/// the appropriate value for this field.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+/importJobs/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [Policy].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<Policy> setIamPolicy(
SetIamPolicyRequest request,
core.String resource, {
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$resource') + ':setIamPolicy';
final response_ = await _requester.request(
url_,
'POST',
body: body_,
queryParams: queryParams_,
);
return Policy.fromJson(response_ as core.Map<core.String, core.dynamic>);
}
/// Returns permissions that a caller has on the specified resource.
///
/// If the resource does not exist, this will return an empty set of
/// permissions, not a `NOT_FOUND` error. Note: This operation is designed to
/// be used for building permission-aware UIs and command-line tools, not for
/// authorization checking. This operation may "fail open" without warning.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [resource] - REQUIRED: The resource for which the policy detail is being
/// requested. See
/// [Resource names](https://cloud.google.com/apis/design/resource_names) for
/// the appropriate value for this field.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+/importJobs/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [TestIamPermissionsResponse].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<TestIamPermissionsResponse> testIamPermissions(
TestIamPermissionsRequest request,
core.String resource, {
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
'fields': ?$fields == null ? null : [$fields],
};
final url_ =
'v1/' + core.Uri.encodeFull('$resource') + ':testIamPermissions';
final response_ = await _requester.request(
url_,
'POST',
body: body_,
queryParams: queryParams_,
);
return TestIamPermissionsResponse.fromJson(
response_ as core.Map<core.String, core.dynamic>,
);
}
}
class ProjectsLocationsOperationsResource {
final commons.ApiRequester _requester;
ProjectsLocationsOperationsResource(commons.ApiRequester client)
: _requester = client;
/// Gets the latest state of a long-running operation.
///
/// Clients can use this method to poll the operation result at intervals as
/// recommended by the API service.
///
/// Request parameters:
///
/// [name] - The name of the operation resource.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/operations/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [Operation].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<Operation> get(core.String name, {core.String? $fields}) async {
final queryParams_ = <core.String, core.List<core.String>>{
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$name');
final response_ = await _requester.request(
url_,
'GET',
queryParams: queryParams_,
);
return Operation.fromJson(response_ as core.Map<core.String, core.dynamic>);
}
}
class ProjectsLocationsRetiredResourcesResource {
final commons.ApiRequester _requester;
ProjectsLocationsRetiredResourcesResource(commons.ApiRequester client)
: _requester = client;
/// Retrieves a specific RetiredResource resource, which represents the record
/// of a deleted CryptoKey.
///
/// Request parameters:
///
/// [name] - Required. The name of the RetiredResource to get.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/retiredResources/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [RetiredResource].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<RetiredResource> get(
core.String name, {
core.String? $fields,
}) async {
final queryParams_ = <core.String, core.List<core.String>>{
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$name');
final response_ = await _requester.request(
url_,
'GET',
queryParams: queryParams_,
);
return RetiredResource.fromJson(
response_ as core.Map<core.String, core.dynamic>,
);
}
/// Lists the RetiredResources which are the records of deleted CryptoKeys.
///
/// RetiredResources prevent the reuse of these resource names after deletion.
///
/// Request parameters:
///
/// [parent] - Required. The project-specific location holding the
/// RetiredResources, in the format `projects / * /locations / * `.
/// Value must have pattern `^projects/\[^/\]+/locations/\[^/\]+$`.
///
/// [pageSize] - Optional. Optional limit on the number of RetiredResources to
/// be included in the response. Further RetiredResources can subsequently be
/// obtained by including the ListRetiredResourcesResponse.next_page_token in
/// a subsequent request. If unspecified, the server will pick an appropriate
/// default.
///
/// [pageToken] - Optional. Optional pagination token, returned earlier via
/// ListRetiredResourcesResponse.next_page_token.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [ListRetiredResourcesResponse].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<ListRetiredResourcesResponse> list(
core.String parent, {
core.int? pageSize,
core.String? pageToken,
core.String? $fields,
}) async {
final queryParams_ = <core.String, core.List<core.String>>{
'pageSize': ?pageSize == null ? null : ['${pageSize}'],
'pageToken': ?pageToken == null ? null : [pageToken],
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$parent') + '/retiredResources';
final response_ = await _requester.request(
url_,
'GET',
queryParams: queryParams_,
);
return ListRetiredResourcesResponse.fromJson(
response_ as core.Map<core.String, core.dynamic>,
);
}
}
class ProjectsLocationsSingleTenantHsmInstancesResource {
final commons.ApiRequester _requester;
ProjectsLocationsSingleTenantHsmInstancesProposalsResource get proposals =>
ProjectsLocationsSingleTenantHsmInstancesProposalsResource(_requester);
ProjectsLocationsSingleTenantHsmInstancesResource(commons.ApiRequester client)
: _requester = client;
/// Creates a new SingleTenantHsmInstance in a given Project and Location.
///
/// User must create a RegisterTwoFactorAuthKeys proposal with this
/// single-tenant HSM instance to finish setup of the instance.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [parent] - Required. The resource name of the location associated with the
/// SingleTenantHsmInstance, in the format `projects / * /locations / * `.
/// Value must have pattern `^projects/\[^/\]+/locations/\[^/\]+$`.
///
/// [singleTenantHsmInstanceId] - Optional. It must be unique within a
/// location and match the regular expression `[a-zA-Z0-9_-]{1,63}`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [Operation].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<Operation> create(
SingleTenantHsmInstance request,
core.String parent, {
core.String? singleTenantHsmInstanceId,
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
'singleTenantHsmInstanceId': ?singleTenantHsmInstanceId == null
? null
: [singleTenantHsmInstanceId],
'fields': ?$fields == null ? null : [$fields],
};
final url_ =
'v1/' + core.Uri.encodeFull('$parent') + '/singleTenantHsmInstances';
final response_ = await _requester.request(
url_,
'POST',
body: body_,
queryParams: queryParams_,
);
return Operation.fromJson(response_ as core.Map<core.String, core.dynamic>);
}
/// Returns metadata for a given SingleTenantHsmInstance.
///
/// Request parameters:
///
/// [name] - Required. The name of the SingleTenantHsmInstance to get.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/singleTenantHsmInstances/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [SingleTenantHsmInstance].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<SingleTenantHsmInstance> get(
core.String name, {
core.String? $fields,
}) async {
final queryParams_ = <core.String, core.List<core.String>>{
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$name');
final response_ = await _requester.request(
url_,
'GET',
queryParams: queryParams_,
);
return SingleTenantHsmInstance.fromJson(
response_ as core.Map<core.String, core.dynamic>,
);
}
/// Lists SingleTenantHsmInstances.
///
/// Request parameters:
///
/// [parent] - Required. The resource name of the location associated with the
/// SingleTenantHsmInstances to list, in the format `projects / * /locations /
/// * `.
/// Value must have pattern `^projects/\[^/\]+/locations/\[^/\]+$`.
///
/// [filter] - Optional. Only include resources that match the filter in the
/// response. For more information, see
/// [Sorting and filtering list results](https://cloud.google.com/kms/docs/sorting-and-filtering).
///
/// [orderBy] - Optional. Specify how the results should be sorted. If not
/// specified, the results will be sorted in the default order. For more
/// information, see
/// [Sorting and filtering list results](https://cloud.google.com/kms/docs/sorting-and-filtering).
///
/// [pageSize] - Optional. Optional limit on the number of
/// SingleTenantHsmInstances to include in the response. Further
/// SingleTenantHsmInstances can subsequently be obtained by including the
/// ListSingleTenantHsmInstancesResponse.next_page_token in a subsequent
/// request. If unspecified, the server will pick an appropriate default.
///
/// [pageToken] - Optional. Optional pagination token, returned earlier via
/// ListSingleTenantHsmInstancesResponse.next_page_token.
///
/// [showDeleted] - Optional. If set to true,
/// HsmManagement.ListSingleTenantHsmInstances will also return
/// SingleTenantHsmInstances in DELETED state.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [ListSingleTenantHsmInstancesResponse].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<ListSingleTenantHsmInstancesResponse> list(
core.String parent, {
core.String? filter,
core.String? orderBy,
core.int? pageSize,
core.String? pageToken,
core.bool? showDeleted,
core.String? $fields,
}) async {
final queryParams_ = <core.String, core.List<core.String>>{
'filter': ?filter == null ? null : [filter],
'orderBy': ?orderBy == null ? null : [orderBy],
'pageSize': ?pageSize == null ? null : ['${pageSize}'],
'pageToken': ?pageToken == null ? null : [pageToken],
'showDeleted': ?showDeleted == null ? null : ['${showDeleted}'],
'fields': ?$fields == null ? null : [$fields],
};
final url_ =
'v1/' + core.Uri.encodeFull('$parent') + '/singleTenantHsmInstances';
final response_ = await _requester.request(
url_,
'GET',
queryParams: queryParams_,
);
return ListSingleTenantHsmInstancesResponse.fromJson(
response_ as core.Map<core.String, core.dynamic>,
);
}
}
class ProjectsLocationsSingleTenantHsmInstancesProposalsResource {
final commons.ApiRequester _requester;
ProjectsLocationsSingleTenantHsmInstancesProposalsResource(
commons.ApiRequester client,
) : _requester = client;
/// Approves a SingleTenantHsmInstanceProposal for a given
/// SingleTenantHsmInstance.
///
/// The proposal must be in the PENDING state.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [name] - Required. The name of the SingleTenantHsmInstanceProposal to
/// approve.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/singleTenantHsmInstances/\[^/\]+/proposals/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [ApproveSingleTenantHsmInstanceProposalResponse].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<ApproveSingleTenantHsmInstanceProposalResponse> approve(
ApproveSingleTenantHsmInstanceProposalRequest request,
core.String name, {
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$name') + ':approve';
final response_ = await _requester.request(
url_,
'POST',
body: body_,
queryParams: queryParams_,
);
return ApproveSingleTenantHsmInstanceProposalResponse.fromJson(
response_ as core.Map<core.String, core.dynamic>,
);
}
/// Creates a new SingleTenantHsmInstanceProposal for a given
/// SingleTenantHsmInstance.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [parent] - Required. The name of the SingleTenantHsmInstance associated
/// with the SingleTenantHsmInstanceProposals.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/singleTenantHsmInstances/\[^/\]+$`.
///
/// [singleTenantHsmInstanceProposalId] - Optional. It must be unique within a
/// location and match the regular expression `[a-zA-Z0-9_-]{1,63}`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [Operation].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<Operation> create(
SingleTenantHsmInstanceProposal request,
core.String parent, {
core.String? singleTenantHsmInstanceProposalId,
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
'singleTenantHsmInstanceProposalId':
?singleTenantHsmInstanceProposalId == null
? null
: [singleTenantHsmInstanceProposalId],
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$parent') + '/proposals';
final response_ = await _requester.request(
url_,
'POST',
body: body_,
queryParams: queryParams_,
);
return Operation.fromJson(response_ as core.Map<core.String, core.dynamic>);
}
/// Deletes a SingleTenantHsmInstanceProposal.
///
/// Request parameters:
///
/// [name] - Required. The name of the SingleTenantHsmInstanceProposal to
/// delete.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/singleTenantHsmInstances/\[^/\]+/proposals/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [Empty].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<Empty> delete(core.String name, {core.String? $fields}) async {
final queryParams_ = <core.String, core.List<core.String>>{
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$name');
final response_ = await _requester.request(
url_,
'DELETE',
queryParams: queryParams_,
);
return Empty.fromJson(response_ as core.Map<core.String, core.dynamic>);
}
/// Executes a SingleTenantHsmInstanceProposal for a given
/// SingleTenantHsmInstance.
///
/// The proposal must be in the APPROVED state.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [name] - Required. The name of the SingleTenantHsmInstanceProposal to
/// execute.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/singleTenantHsmInstances/\[^/\]+/proposals/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [Operation].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<Operation> execute(
ExecuteSingleTenantHsmInstanceProposalRequest request,
core.String name, {
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$name') + ':execute';
final response_ = await _requester.request(
url_,
'POST',
body: body_,
queryParams: queryParams_,
);
return Operation.fromJson(response_ as core.Map<core.String, core.dynamic>);
}
/// Returns metadata for a given SingleTenantHsmInstanceProposal.
///
/// Request parameters:
///
/// [name] - Required. The name of the SingleTenantHsmInstanceProposal to get.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/singleTenantHsmInstances/\[^/\]+/proposals/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [SingleTenantHsmInstanceProposal].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<SingleTenantHsmInstanceProposal> get(
core.String name, {
core.String? $fields,
}) async {
final queryParams_ = <core.String, core.List<core.String>>{
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$name');
final response_ = await _requester.request(
url_,
'GET',
queryParams: queryParams_,
);
return SingleTenantHsmInstanceProposal.fromJson(
response_ as core.Map<core.String, core.dynamic>,
);
}
/// Lists SingleTenantHsmInstanceProposals.
///
/// Request parameters:
///
/// [parent] - Required. The resource name of the single tenant HSM instance
/// associated with the SingleTenantHsmInstanceProposals to list, in the
/// format `projects / * /locations / * /singleTenantHsmInstances / * `.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/singleTenantHsmInstances/\[^/\]+$`.
///
/// [filter] - Optional. Only include resources that match the filter in the
/// response. For more information, see
/// [Sorting and filtering list results](https://cloud.google.com/kms/docs/sorting-and-filtering).
///
/// [orderBy] - Optional. Specify how the results should be sorted. If not
/// specified, the results will be sorted in the default order. For more
/// information, see
/// [Sorting and filtering list results](https://cloud.google.com/kms/docs/sorting-and-filtering).
///
/// [pageSize] - Optional. Optional limit on the number of
/// SingleTenantHsmInstanceProposals to include in the response. Further
/// SingleTenantHsmInstanceProposals can subsequently be obtained by including
/// the ListSingleTenantHsmInstanceProposalsResponse.next_page_token in a
/// subsequent request. If unspecified, the server will pick an appropriate
/// default.
///
/// [pageToken] - Optional. Optional pagination token, returned earlier via
/// ListSingleTenantHsmInstanceProposalsResponse.next_page_token.
///
/// [showDeleted] - Optional. If set to true,
/// HsmManagement.ListSingleTenantHsmInstanceProposals will also return
/// SingleTenantHsmInstanceProposals in DELETED state.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [ListSingleTenantHsmInstanceProposalsResponse].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<ListSingleTenantHsmInstanceProposalsResponse> list(
core.String parent, {
core.String? filter,
core.String? orderBy,
core.int? pageSize,
core.String? pageToken,
core.bool? showDeleted,
core.String? $fields,
}) async {
final queryParams_ = <core.String, core.List<core.String>>{
'filter': ?filter == null ? null : [filter],
'orderBy': ?orderBy == null ? null : [orderBy],
'pageSize': ?pageSize == null ? null : ['${pageSize}'],
'pageToken': ?pageToken == null ? null : [pageToken],
'showDeleted': ?showDeleted == null ? null : ['${showDeleted}'],
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$parent') + '/proposals';
final response_ = await _requester.request(
url_,
'GET',
queryParams: queryParams_,
);
return ListSingleTenantHsmInstanceProposalsResponse.fromJson(
response_ as core.Map<core.String, core.dynamic>,
);
}
}
/// Add a quorum member to the SingleTenantHsmInstance.
///
/// This will increase the total_approver_count by 1. The
/// SingleTenantHsmInstance must be in the ACTIVE state to perform this
/// operation.
class AddQuorumMember {
/// The public key associated with the 2FA key for the new quorum member to
/// add.
///
/// Public keys must be associated with RSA 2048 keys.
///
/// Required.
core.String? twoFactorPublicKeyPem;
AddQuorumMember({this.twoFactorPublicKeyPem});
AddQuorumMember.fromJson(core.Map json_)
: this(
twoFactorPublicKeyPem: json_['twoFactorPublicKeyPem'] as core.String?,
);
core.Map<core.String, core.dynamic> toJson() {
final twoFactorPublicKeyPem = this.twoFactorPublicKeyPem;
return {'twoFactorPublicKeyPem': ?twoFactorPublicKeyPem};
}
}
/// Request message for HsmManagement.ApproveSingleTenantHsmInstanceProposal.
class ApproveSingleTenantHsmInstanceProposalRequest {
/// The reply to QuorumParameters for approving the proposal.
///
/// Required.
QuorumReply? quorumReply;
/// The reply to RequiredActionQuorumParameters for approving the proposal.
///
/// Required.
RequiredActionQuorumReply? requiredActionQuorumReply;
ApproveSingleTenantHsmInstanceProposalRequest({
this.quorumReply,
this.requiredActionQuorumReply,
});
ApproveSingleTenantHsmInstanceProposalRequest.fromJson(core.Map json_)
: this(
quorumReply: json_.containsKey('quorumReply')
? QuorumReply.fromJson(
json_['quorumReply'] as core.Map<core.String, core.dynamic>,
)
: null,
requiredActionQuorumReply:
json_.containsKey('requiredActionQuorumReply')
? RequiredActionQuorumReply.fromJson(
json_['requiredActionQuorumReply']
as core.Map<core.String, core.dynamic>,
)
: null,
);
core.Map<core.String, core.dynamic> toJson() {
final quorumReply = this.quorumReply;
final requiredActionQuorumReply = this.requiredActionQuorumReply;
return {
'quorumReply': ?quorumReply,
'requiredActionQuorumReply': ?requiredActionQuorumReply,
};
}
}
/// Response message for HsmManagement.ApproveSingleTenantHsmInstanceProposal.
typedef ApproveSingleTenantHsmInstanceProposalResponse = $Empty;
/// Request message for KeyManagementService.AsymmetricDecrypt.
class AsymmetricDecryptRequest {
/// The data encrypted with the named CryptoKeyVersion's public key using
/// OAEP.
///
/// Required.
core.String? ciphertext;
core.List<core.int> get ciphertextAsBytes =>
convert.base64.decode(ciphertext!);
set ciphertextAsBytes(core.List<core.int> bytes_) {
ciphertext = convert.base64
.encode(bytes_)
.replaceAll('/', '_')
.replaceAll('+', '-');
}
/// An optional CRC32C checksum of the AsymmetricDecryptRequest.ciphertext.
///
/// If specified, KeyManagementService will verify the integrity of the
/// received AsymmetricDecryptRequest.ciphertext using this checksum.
/// KeyManagementService will report an error if the checksum verification
/// fails. If you receive a checksum error, your client should verify that
/// CRC32C(AsymmetricDecryptRequest.ciphertext) is equal to
/// AsymmetricDecryptRequest.ciphertext_crc32c, and if so, perform a limited
/// number of retries. A persistent mismatch may indicate an issue in your
/// computation of the CRC32C checksum. Note: This field is defined as int64
/// for reasons of compatibility across different languages. However, it is a
/// non-negative integer, which will never exceed 2^32-1, and can be safely
/// downconverted to uint32 in languages that support this type.
///
/// Optional.
core.String? ciphertextCrc32c;
AsymmetricDecryptRequest({this.ciphertext, this.ciphertextCrc32c});
AsymmetricDecryptRequest.fromJson(core.Map json_)
: this(
ciphertext: json_['ciphertext'] as core.String?,
ciphertextCrc32c: json_['ciphertextCrc32c'] as core.String?,
);
core.Map<core.String, core.dynamic> toJson() {
final ciphertext = this.ciphertext;
final ciphertextCrc32c = this.ciphertextCrc32c;
return {'ciphertext': ?ciphertext, 'ciphertextCrc32c': ?ciphertextCrc32c};
}
}
/// Response message for KeyManagementService.AsymmetricDecrypt.
class AsymmetricDecryptResponse {
/// The decrypted data originally encrypted with the matching public key.
core.String? plaintext;
core.List<core.int> get plaintextAsBytes => convert.base64.decode(plaintext!);
set plaintextAsBytes(core.List<core.int> bytes_) {
plaintext = convert.base64
.encode(bytes_)
.replaceAll('/', '_')
.replaceAll('+', '-');
}
/// Integrity verification field.
///
/// A CRC32C checksum of the returned AsymmetricDecryptResponse.plaintext. An
/// integrity check of AsymmetricDecryptResponse.plaintext can be performed by
/// computing the CRC32C checksum of AsymmetricDecryptResponse.plaintext and
/// comparing your results to this field. Discard the response in case of
/// non-matching checksum values, and perform a limited number of retries. A
/// persistent mismatch may indicate an issue in your computation of the
/// CRC32C checksum. Note: This field is defined as int64 for reasons of
/// compatibility across different languages. However, it is a non-negative
/// integer, which will never exceed 2^32-1, and can be safely downconverted
/// to uint32 in languages that support this type.
core.String? plaintextCrc32c;
/// The ProtectionLevel of the CryptoKeyVersion used in decryption.
/// Possible string values are:
/// - "PROTECTION_LEVEL_UNSPECIFIED" : Not specified.
/// - "SOFTWARE" : Crypto operations are performed in software.
/// - "HSM" : Crypto operations are performed in a Hardware Security Module.
/// - "EXTERNAL" : Crypto operations are performed by an external key manager.
/// - "EXTERNAL_VPC" : Crypto operations are performed in an EKM-over-VPC
/// backend.
/// - "HSM_SINGLE_TENANT" : Crypto operations are performed in a single-tenant
/// HSM.
core.String? protectionLevel;
/// Integrity verification field.
///
/// A flag indicating whether AsymmetricDecryptRequest.ciphertext_crc32c was
/// received by KeyManagementService and used for the integrity verification
/// of the ciphertext. A false value of this field indicates either that
/// AsymmetricDecryptRequest.ciphertext_crc32c was left unset or that it was
/// not delivered to KeyManagementService. If you've set
/// AsymmetricDecryptRequest.ciphertext_crc32c but this field is still false,
/// discard the response and perform a limited number of retries.
core.bool? verifiedCiphertextCrc32c;
AsymmetricDecryptResponse({
this.plaintext,
this.plaintextCrc32c,
this.protectionLevel,
this.verifiedCiphertextCrc32c,
});
AsymmetricDecryptResponse.fromJson(core.Map json_)
: this(
plaintext: json_['plaintext'] as core.String?,
plaintextCrc32c: json_['plaintextCrc32c'] as core.String?,
protectionLevel: json_['protectionLevel'] as core.String?,
verifiedCiphertextCrc32c:
json_['verifiedCiphertextCrc32c'] as core.bool?,
);
core.Map<core.String, core.dynamic> toJson() {
final plaintext = this.plaintext;
final plaintextCrc32c = this.plaintextCrc32c;
final protectionLevel = this.protectionLevel;
final verifiedCiphertextCrc32c = this.verifiedCiphertextCrc32c;
return {
'plaintext': ?plaintext,
'plaintextCrc32c': ?plaintextCrc32c,
'protectionLevel': ?protectionLevel,
'verifiedCiphertextCrc32c': ?verifiedCiphertextCrc32c,
};
}
}
/// Request message for KeyManagementService.AsymmetricSign.
class AsymmetricSignRequest {
/// The data to sign.
///
/// It can't be supplied if AsymmetricSignRequest.digest is supplied.
///
/// Optional.
core.String? data;
core.List<core.int> get dataAsBytes => convert.base64.decode(data!);
set dataAsBytes(core.List<core.int> bytes_) {
data = convert.base64
.encode(bytes_)
.replaceAll('/', '_')
.replaceAll('+', '-');
}
/// An optional CRC32C checksum of the AsymmetricSignRequest.data.
///
/// If specified, KeyManagementService will verify the integrity of the
/// received AsymmetricSignRequest.data using this checksum.
/// KeyManagementService will report an error if the checksum verification
/// fails. If you receive a checksum error, your client should verify that
/// CRC32C(AsymmetricSignRequest.data) is equal to
/// AsymmetricSignRequest.data_crc32c, and if so, perform a limited number of
/// retries. A persistent mismatch may indicate an issue in your computation
/// of the CRC32C checksum. Note: This field is defined as int64 for reasons
/// of compatibility across different languages. However, it is a non-negative
/// integer, which will never exceed 2^32-1, and can be safely downconverted
/// to uint32 in languages that support this type.
///
/// Optional.
core.String? dataCrc32c;
/// The digest of the data to sign.
///
/// The digest must be produced with the same digest algorithm as specified by
/// the key version's algorithm. This field may not be supplied if
/// AsymmetricSignRequest.data is supplied.
///
/// Optional.
Digest? digest;
/// An optional CRC32C checksum of the AsymmetricSignRequest.digest.
///
/// If specified, KeyManagementService will verify the integrity of the
/// received AsymmetricSignRequest.digest using this checksum.
/// KeyManagementService will report an error if the checksum verification
/// fails. If you receive a checksum error, your client should verify that
/// CRC32C(AsymmetricSignRequest.digest) is equal to
/// AsymmetricSignRequest.digest_crc32c, and if so, perform a limited number
/// of retries. A persistent mismatch may indicate an issue in your
/// computation of the CRC32C checksum. Note: This field is defined as int64
/// for reasons of compatibility across different languages. However, it is a
/// non-negative integer, which will never exceed 2^32-1, and can be safely
/// downconverted to uint32 in languages that support this type.
///
/// Optional.
core.String? digestCrc32c;
AsymmetricSignRequest({
this.data,
this.dataCrc32c,
this.digest,
this.digestCrc32c,
});
AsymmetricSignRequest.fromJson(core.Map json_)
: this(
data: json_['data'] as core.String?,
dataCrc32c: json_['dataCrc32c'] as core.String?,
digest: json_.containsKey('digest')
? Digest.fromJson(
json_['digest'] as core.Map<core.String, core.dynamic>,
)
: null,
digestCrc32c: json_['digestCrc32c'] as core.String?,
);
core.Map<core.String, core.dynamic> toJson() {
final data = this.data;
final dataCrc32c = this.dataCrc32c;
final digest = this.digest;
final digestCrc32c = this.digestCrc32c;
return {
'data': ?data,
'dataCrc32c': ?dataCrc32c,
'digest': ?digest,
'digestCrc32c': ?digestCrc32c,
};
}
}
/// Response message for KeyManagementService.AsymmetricSign.
class AsymmetricSignResponse {
/// The resource name of the CryptoKeyVersion used for signing.
///
/// Check this field to verify that the intended resource was used for
/// signing.
core.String? name;
/// The ProtectionLevel of the CryptoKeyVersion used for signing.
/// Possible string values are:
/// - "PROTECTION_LEVEL_UNSPECIFIED" : Not specified.
/// - "SOFTWARE" : Crypto operations are performed in software.
/// - "HSM" : Crypto operations are performed in a Hardware Security Module.
/// - "EXTERNAL" : Crypto operations are performed by an external key manager.
/// - "EXTERNAL_VPC" : Crypto operations are performed in an EKM-over-VPC
/// backend.
/// - "HSM_SINGLE_TENANT" : Crypto operations are performed in a single-tenant
/// HSM.
core.String? protectionLevel;
/// The created signature.
core.String? signature;
core.List<core.int> get signatureAsBytes => convert.base64.decode(signature!);
set signatureAsBytes(core.List<core.int> bytes_) {
signature = convert.base64
.encode(bytes_)
.replaceAll('/', '_')
.replaceAll('+', '-');
}
/// Integrity verification field.
///
/// A CRC32C checksum of the returned AsymmetricSignResponse.signature. An
/// integrity check of AsymmetricSignResponse.signature can be performed by
/// computing the CRC32C checksum of AsymmetricSignResponse.signature and
/// comparing your results to this field. Discard the response in case of
/// non-matching checksum values, and perform a limited number of retries. A
/// persistent mismatch may indicate an issue in your computation of the
/// CRC32C checksum. Note: This field is defined as int64 for reasons of
/// compatibility across different languages. However, it is a non-negative
/// integer, which will never exceed 2^32-1, and can be safely downconverted
/// to uint32 in languages that support this type.
core.String? signatureCrc32c;
/// Integrity verification field.
///
/// A flag indicating whether AsymmetricSignRequest.data_crc32c was received
/// by KeyManagementService and used for the integrity verification of the
/// data. A false value of this field indicates either that
/// AsymmetricSignRequest.data_crc32c was left unset or that it was not
/// delivered to KeyManagementService. If you've set
/// AsymmetricSignRequest.data_crc32c but this field is still false, discard
/// the response and perform a limited number of retries.
core.bool? verifiedDataCrc32c;
/// Integrity verification field.
///
/// A flag indicating whether AsymmetricSignRequest.digest_crc32c was received
/// by KeyManagementService and used for the integrity verification of the
/// digest. A false value of this field indicates either that
/// AsymmetricSignRequest.digest_crc32c was left unset or that it was not
/// delivered to KeyManagementService. If you've set
/// AsymmetricSignRequest.digest_crc32c but this field is still false, discard
/// the response and perform a limited number of retries.
core.bool? verifiedDigestCrc32c;
AsymmetricSignResponse({
this.name,
this.protectionLevel,
this.signature,
this.signatureCrc32c,
this.verifiedDataCrc32c,
this.verifiedDigestCrc32c,
});
AsymmetricSignResponse.fromJson(core.Map json_)
: this(
name: json_['name'] as core.String?,
protectionLevel: json_['protectionLevel'] as core.String?,
signature: json_['signature'] as core.String?,
signatureCrc32c: json_['signatureCrc32c'] as core.String?,
verifiedDataCrc32c: json_['verifiedDataCrc32c'] as core.bool?,
verifiedDigestCrc32c: json_['verifiedDigestCrc32c'] as core.bool?,
);
core.Map<core.String, core.dynamic> toJson() {
final name = this.name;
final protectionLevel = this.protectionLevel;
final signature = this.signature;
final signatureCrc32c = this.signatureCrc32c;
final verifiedDataCrc32c = this.verifiedDataCrc32c;
final verifiedDigestCrc32c = this.verifiedDigestCrc32c;
return {
'name': ?name,
'protectionLevel': ?protectionLevel,
'signature': ?signature,
'signatureCrc32c': ?signatureCrc32c,
'verifiedDataCrc32c': ?verifiedDataCrc32c,
'verifiedDigestCrc32c': ?verifiedDigestCrc32c,
};
}
}
/// Specifies the audit configuration for a service.
///
/// The configuration determines which permission types are logged, and what
/// identities, if any, are exempted from logging. An AuditConfig must have one
/// or more AuditLogConfigs. If there are AuditConfigs for both `allServices`
/// and a specific service, the union of the two AuditConfigs is used for that
/// service: the log_types specified in each AuditConfig are enabled, and the
/// exempted_members in each AuditLogConfig are exempted. Example Policy with
/// multiple AuditConfigs: { "audit_configs": \[ { "service": "allServices",
/// "audit_log_configs": \[ { "log_type": "DATA_READ", "exempted_members": \[
/// "user:jose@example.com" \] }, { "log_type": "DATA_WRITE" }, { "log_type":
/// "ADMIN_READ" } \] }, { "service": "sampleservice.googleapis.com",
/// "audit_log_configs": \[ { "log_type": "DATA_READ" }, { "log_type":
/// "DATA_WRITE", "exempted_members": \[ "user:aliya@example.com" \] } \] } \] }
/// For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
/// logging. It also exempts `jose@example.com` from DATA_READ logging, and
/// `aliya@example.com` from DATA_WRITE logging.
class AuditConfig {
/// The configuration for logging of each type of permission.
core.List<AuditLogConfig>? auditLogConfigs;
/// Specifies a service that will be enabled for audit logging.
///
/// For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.
/// `allServices` is a special value that covers all services.
core.String? service;
AuditConfig({this.auditLogConfigs, this.service});
AuditConfig.fromJson(core.Map json_)
: this(
auditLogConfigs: (json_['auditLogConfigs'] as core.List?)
?.map(
(value) => AuditLogConfig.fromJson(
value as core.Map<core.String, core.dynamic>,
),
)
.toList(),
service: json_['service'] as core.String?,
);
core.Map<core.String, core.dynamic> toJson() {
final auditLogConfigs = this.auditLogConfigs;
final service = this.service;
return {'auditLogConfigs': ?auditLogConfigs, 'service': ?service};
}
}
/// Provides the configuration for logging a type of permissions.
///
/// Example: { "audit_log_configs": \[ { "log_type": "DATA_READ",
/// "exempted_members": \[ "user:jose@example.com" \] }, { "log_type":
/// "DATA_WRITE" } \] } This enables 'DATA_READ' and 'DATA_WRITE' logging, while
/// exempting jose@example.com from DATA_READ logging.
typedef AuditLogConfig = $AuditLogConfig;
/// Cloud KMS Autokey configuration for a folder.
class AutokeyConfig {
/// A checksum computed by the server based on the value of other fields.
///
/// This may be sent on update requests to ensure that the client has an
/// up-to-date value before proceeding. The request will be rejected with an
/// ABORTED error on a mismatched etag.
///
/// Optional.
core.String? etag;
/// Name of the key project, e.g. `projects/{PROJECT_ID}` or
/// `projects/{PROJECT_NUMBER}`, where Cloud KMS Autokey will provision a new
/// CryptoKey when a KeyHandle is created.
///
/// On UpdateAutokeyConfig, the caller will require
/// `cloudkms.cryptoKeys.setIamPolicy` permission on this key project. Once
/// configured, for Cloud KMS Autokey to function properly, this key project
/// must have the Cloud KMS API activated and the Cloud KMS Service Agent for
/// this key project must be granted the `cloudkms.admin` role (or pertinent
/// permissions). A request with an empty key project field will clear the
/// configuration.
///
/// Optional.
core.String? keyProject;
/// KeyProjectResolutionMode for the AutokeyConfig.
///
/// Valid values are `DEDICATED_KEY_PROJECT`, `RESOURCE_PROJECT`, or
/// `DISABLED`.
///
/// Optional.
/// Possible string values are:
/// - "KEY_PROJECT_RESOLUTION_MODE_UNSPECIFIED" : Default value.
/// KeyProjectResolutionMode when not specified will act as
/// `DEDICATED_KEY_PROJECT`.
/// - "DEDICATED_KEY_PROJECT" : Keys are created in a dedicated project
/// specified by `key_project`.
/// - "RESOURCE_PROJECT" : Keys are created in the same project as the
/// resource requesting the key. The `key_project` must not be set when this
/// mode is used.
/// - "DISABLED" : Disables the AutokeyConfig. When this mode is set, any
/// AutokeyConfig from higher levels in the resource hierarchy are ignored for
/// this resource and its descendants. This setting can be overridden by a
/// more specific configuration at a lower level. For example, if Autokey is
/// disabled on a folder, it can be re-enabled on a sub-folder or project
/// within that folder by setting a different mode (e.g.,
/// DEDICATED_KEY_PROJECT or RESOURCE_PROJECT).
core.String? keyProjectResolutionMode;
/// Identifier.
///
/// Name of the AutokeyConfig resource, e.g.
/// `folders/{FOLDER_NUMBER}/autokeyConfig` or
/// `projects/{PROJECT_NUMBER}/autokeyConfig`.
core.String? name;
/// The state for the AutokeyConfig.
///
/// Output only.
/// Possible string values are:
/// - "STATE_UNSPECIFIED" : The state of the AutokeyConfig is unspecified.
/// - "ACTIVE" : The AutokeyConfig is currently active.
/// - "KEY_PROJECT_DELETED" : A previously configured key project has been
/// deleted and the current AutokeyConfig is unusable.
/// - "UNINITIALIZED" : The AutokeyConfig is not yet initialized or has been
/// reset to its default uninitialized state.
core.String? state;
AutokeyConfig({
this.etag,
this.keyProject,
this.keyProjectResolutionMode,
this.name,
this.state,
});
AutokeyConfig.fromJson(core.Map json_)
: this(
etag: json_['etag'] as core.String?,
keyProject: json_['keyProject'] as core.String?,
keyProjectResolutionMode:
json_['keyProjectResolutionMode'] as core.String?,
name: json_['name'] as core.String?,
state: json_['state'] as core.String?,
);
core.Map<core.String, core.dynamic> toJson() {
final etag = this.etag;
final keyProject = this.keyProject;
final keyProjectResolutionMode = this.keyProjectResolutionMode;
final name = this.name;
final state = this.state;
return {
'etag': ?etag,
'keyProject': ?keyProject,
'keyProjectResolutionMode': ?keyProjectResolutionMode,
'name': ?name,
'state': ?state,
};
}
}
/// Associates `members`, or principals, with a `role`.
class Binding {
/// The condition that is associated with this binding.
///
/// If the condition evaluates to `true`, then this binding applies to the
/// current request. If the condition evaluates to `false`, then this binding
/// does not apply to the current request. However, a different role binding
/// might grant the same role to one or more of the principals in this
/// binding. To learn which resources support conditions in their IAM
/// policies, see the
/// [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
Expr? condition;
/// Specifies the principals requesting access for a Google Cloud resource.
///
/// `members` can have the following values: * `allUsers`: A special
/// identifier that represents anyone who is on the internet; with or without
/// a Google account. * `allAuthenticatedUsers`: A special identifier that
/// represents anyone who is authenticated with a Google account or a service
/// account. Does not include identities that come from external identity
/// providers (IdPs) through identity federation. * `user:{emailid}`: An email
/// address that represents a specific Google account. For example,
/// `alice@example.com` . * `serviceAccount:{emailid}`: An email address that
/// represents a Google service account. For example,
/// `my-other-app@appspot.gserviceaccount.com`. *
/// `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An
/// identifier for a
/// [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts).
/// For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. *
/// `group:{emailid}`: An email address that represents a Google group. For
/// example, `admins@example.com`. * `domain:{domain}`: The G Suite domain
/// (primary) that represents all the users of that domain. For example,
/// `google.com` or `example.com`. *
/// `principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`:
/// A single identity in a workforce identity pool. *
/// `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/group/{group_id}`:
/// All workforce identities in a group. *
/// `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/attribute.{attribute_name}/{attribute_value}`:
/// All workforce identities with a specific attribute value. *
/// `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}
/// / * `: All identities in a workforce identity pool. *
/// `principal://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value}`:
/// A single identity in a workload identity pool. *
/// `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/group/{group_id}`:
/// A workload identity pool group. *
/// `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{attribute_value}`:
/// All identities in a workload identity pool with a certain attribute. *
/// `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}
/// / * `: All identities in a workload identity pool. *
/// `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique
/// identifier) representing a user that has been recently deleted. For
/// example, `alice@example.com?uid=123456789012345678901`. If the user is
/// recovered, this value reverts to `user:{emailid}` and the recovered user
/// retains the role in the binding. *
/// `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus
/// unique identifier) representing a service account that has been recently
/// deleted. For example,
/// `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If
/// the service account is undeleted, this value reverts to
/// `serviceAccount:{emailid}` and the undeleted service account retains the
/// role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email
/// address (plus unique identifier) representing a Google group that has been
/// recently deleted. For example,
/// `admins@example.com?uid=123456789012345678901`. If the group is recovered,
/// this value reverts to `group:{emailid}` and the recovered group retains
/// the role in the binding. *
/// `deleted:principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`:
/// Deleted single identity in a workforce identity pool. For example,
/// `deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-pool-id/subject/my-subject-attribute-value`.
core.List<core.String>? members;
/// Role that is assigned to the list of `members`, or principals.
///
/// For example, `roles/viewer`, `roles/editor`, or `roles/owner`. For an
/// overview of the IAM roles and permissions, see the
/// [IAM documentation](https://cloud.google.com/iam/docs/roles-overview). For
/// a list of the available pre-defined roles, see
/// [here](https://cloud.google.com/iam/docs/understanding-roles).
core.String? role;
Binding({this.condition, this.members, this.role});
Binding.fromJson(core.Map json_)
: this(
condition: json_.containsKey('condition')
? Expr.fromJson(
json_['condition'] as core.Map<core.String, core.dynamic>,
)
: null,
members: (json_['members'] as core.List?)
?.map((value) => value as core.String)
.toList(),
role: json_['role'] as core.String?,
);
core.Map<core.String, core.dynamic> toJson() {
final condition = this.condition;
final members = this.members;
final role = this.role;
return {'condition': ?condition, 'members': ?members, 'role': ?role};
}
}
/// A Certificate represents an X.509 certificate used to authenticate HTTPS
/// connections to EKM replicas.
class Certificate {
/// The issuer distinguished name in RFC 2253 format.
///
/// Only present if parsed is true.
///
/// Output only.
core.String? issuer;
/// The certificate is not valid after this time.
///
/// Only present if parsed is true.
///
/// Output only.
core.String? notAfterTime;
/// The certificate is not valid before this time.
///
/// Only present if parsed is true.
///
/// Output only.
core.String? notBeforeTime;
/// True if the certificate was parsed successfully.
///
/// Output only.
core.bool? parsed;
/// The raw certificate bytes in DER format.
///
/// Required.
core.String? rawDer;
core.List<core.int> get rawDerAsBytes => convert.base64.decode(rawDer!);
set rawDerAsBytes(core.List<core.int> bytes_) {
rawDer = convert.base64
.encode(bytes_)
.replaceAll('/', '_')
.replaceAll('+', '-');
}
/// The certificate serial number as a hex string.
///
/// Only present if parsed is true.
///
/// Output only.
core.String? serialNumber;
/// The SHA-256 certificate fingerprint as a hex string.
///
/// Only present if parsed is true.
///
/// Output only.
core.String? sha256Fingerprint;
/// The subject distinguished name in RFC 2253 format.
///
/// Only present if parsed is true.
///
/// Output only.
core.String? subject;
/// The subject Alternative DNS names.
///
/// Only present if parsed is true.
///
/// Output only.
core.List<core.String>? subjectAlternativeDnsNames;
Certificate({
this.issuer,
this.notAfterTime,
this.notBeforeTime,
this.parsed,
this.rawDer,
this.serialNumber,
this.sha256Fingerprint,
this.subject,
this.subjectAlternativeDnsNames,
});
Certificate.fromJson(core.Map json_)
: this(
issuer: json_['issuer'] as core.String?,
notAfterTime: json_['notAfterTime'] as core.String?,
notBeforeTime: json_['notBeforeTime'] as core.String?,
parsed: json_['parsed'] as core.bool?,
rawDer: json_['rawDer'] as core.String?,
serialNumber: json_['serialNumber'] as core.String?,
sha256Fingerprint: json_['sha256Fingerprint'] as core.String?,
subject: json_['subject'] as core.String?,
subjectAlternativeDnsNames:
(json_['subjectAlternativeDnsNames'] as core.List?)
?.map((value) => value as core.String)
.toList(),
);
core.Map<core.String, core.dynamic> toJson() {
final issuer = this.issuer;
final notAfterTime = this.notAfterTime;
final notBeforeTime = this.notBeforeTime;
final parsed = this.parsed;
final rawDer = this.rawDer;
final serialNumber = this.serialNumber;
final sha256Fingerprint = this.sha256Fingerprint;
final subject = this.subject;
final subjectAlternativeDnsNames = this.subjectAlternativeDnsNames;
return {
'issuer': ?issuer,
'notAfterTime': ?notAfterTime,
'notBeforeTime': ?notBeforeTime,
'parsed': ?parsed,
'rawDer': ?rawDer,
'serialNumber': ?serialNumber,
'sha256Fingerprint': ?sha256Fingerprint,
'subject': ?subject,
'subjectAlternativeDnsNames': ?subjectAlternativeDnsNames,
};
}
}
/// Certificate chains needed to verify the attestation.
///
/// Certificates in chains are PEM-encoded and are ordered based on
/// https://tools.ietf.org/html/rfc5246#section-7.4.2.
typedef CertificateChains = $CertificateChains;
/// A challenge to be signed by a 2FA key.
class Challenge {
/// The challenge to be signed by the 2FA key indicated by the public key.
///
/// Output only.
core.String? challenge;
core.List<core.int> get challengeAsBytes => convert.base64.decode(challenge!);
set challengeAsBytes(core.List<core.int> bytes_) {
challenge = convert.base64
.encode(bytes_)
.replaceAll('/', '_')
.replaceAll('+', '-');
}
/// The public key associated with the 2FA key that should sign the challenge.
///
/// Output only.
core.String? publicKeyPem;
Challenge({this.challenge, this.publicKeyPem});
Challenge.fromJson(core.Map json_)
: this(
challenge: json_['challenge'] as core.String?,
publicKeyPem: json_['publicKeyPem'] as core.String?,
);
core.Map<core.String, core.dynamic> toJson() {
final challenge = this.challenge;
final publicKeyPem = this.publicKeyPem;
return {'challenge': ?challenge, 'publicKeyPem': ?publicKeyPem};
}
}
/// A reply to a challenge signed by a 2FA key.
class ChallengeReply {
/// The public key associated with the 2FA key.
///
/// Required.
core.String? publicKeyPem;
/// The signed challenge associated with the 2FA key.
///
/// The signature must be RSASSA-PKCS1 v1.5 with a SHA256 digest.
///
/// Required.
core.String? signedChallenge;
core.List<core.int> get signedChallengeAsBytes =>
convert.base64.decode(signedChallenge!);
set signedChallengeAsBytes(core.List<core.int> bytes_) {
signedChallenge = convert.base64
.encode(bytes_)
.replaceAll('/', '_')
.replaceAll('+', '-');
}
ChallengeReply({this.publicKeyPem, this.signedChallenge});
ChallengeReply.fromJson(core.Map json_)
: this(
publicKeyPem: json_['publicKeyPem'] as core.String?,
signedChallenge: json_['signedChallenge'] as core.String?,
);
core.Map<core.String, core.dynamic> toJson() {
final publicKeyPem = this.publicKeyPem;
final signedChallenge = this.signedChallenge;
return {'publicKeyPem': ?publicKeyPem, 'signedChallenge': ?signedChallenge};
}
}
/// Data with integrity verification field.
class ChecksummedData {
/// Integrity verification field.
///
/// A CRC32C checksum of the returned ChecksummedData.data. An integrity check
/// of ChecksummedData.data can be performed by computing the CRC32C checksum
/// of ChecksummedData.data and comparing your results to this field. Discard
/// the response in case of non-matching checksum values, and perform a
/// limited number of retries. A persistent mismatch may indicate an issue in
/// your computation of the CRC32C checksum. Note: This field is defined as
/// int64 for reasons of compatibility across different languages. However, it
/// is a non-negative integer, which will never exceed `2^32-1`, and can be
/// safely downconverted to uint32 in languages that support this type.
core.String? crc32cChecksum;
/// Raw Data.
core.String? data;
core.List<core.int> get dataAsBytes => convert.base64.decode(data!);
set dataAsBytes(core.List<core.int> bytes_) {
data = convert.base64
.encode(bytes_)
.replaceAll('/', '_')
.replaceAll('+', '-');
}
ChecksummedData({this.crc32cChecksum, this.data});
ChecksummedData.fromJson(core.Map json_)
: this(
crc32cChecksum: json_['crc32cChecksum'] as core.String?,
data: json_['data'] as core.String?,
);
core.Map<core.String, core.dynamic> toJson() {
final crc32cChecksum = this.crc32cChecksum;
final data = this.data;
return {'crc32cChecksum': ?crc32cChecksum, 'data': ?data};
}
}
/// A CryptoKey represents a logical key that can be used for cryptographic
/// operations.
///
/// A CryptoKey is made up of zero or more versions, which represent the actual
/// key material used in cryptographic operations.
class CryptoKey {
/// The time at which this CryptoKey was created.
///
/// Output only.
core.String? createTime;
/// The resource name of the backend environment where the key material for
/// all CryptoKeyVersions associated with this CryptoKey reside and where all
/// related cryptographic operations are performed.
///
/// Only applicable if CryptoKeyVersions have a ProtectionLevel of
/// EXTERNAL_VPC, with the resource name in the format `projects / *
/// /locations / * /ekmConnections / * `. Only applicable if CryptoKeyVersions
/// have a ProtectionLevel of HSM_SINGLE_TENANT, with the resource name in the
/// format `projects / * /locations / * /singleTenantHsmInstances / * `. Note,
/// this list is non-exhaustive and may apply to additional ProtectionLevels
/// in the future.
///
/// Immutable.
core.String? cryptoKeyBackend;
/// The period of time that versions of this key spend in the
/// DESTROY_SCHEDULED state before transitioning to DESTROYED.
///
/// If not specified at creation time, the default duration is 30 days.
///
/// Immutable.
core.String? destroyScheduledDuration;
/// Whether this key may contain imported versions only.
///
/// Immutable.
core.bool? importOnly;
/// The policy used for Key Access Justifications Policy Enforcement.
///
/// If this field is present and this key is enrolled in Key Access
/// Justifications Policy Enforcement, the policy will be evaluated in
/// encrypt, decrypt, and sign operations, and the operation will fail if
/// rejected by the policy. The policy is defined by specifying zero or more
/// allowed justification codes.
/// https://cloud.google.com/assured-workloads/key-access-justifications/docs/justification-codes
/// By default, this field is absent, and all justification codes are allowed.
/// If the `key_access_justifications_policy.allowed_access_reasons` is empty
/// (zero allowed justification code), all encrypt, decrypt, and sign
/// operations will fail.
///
/// Optional.
KeyAccessJustificationsPolicy? keyAccessJustificationsPolicy;
/// Labels with user-defined metadata.
///
/// For more information, see
/// [Labeling Keys](https://cloud.google.com/kms/docs/labeling-keys).
core.Map<core.String, core.String>? labels;
/// The resource name for this CryptoKey in the format `projects / *
/// /locations / * /keyRings / * /cryptoKeys / * `.
///
/// Output only.
core.String? name;
/// At next_rotation_time, the Key Management Service will automatically: 1.
///
/// Create a new version of this CryptoKey. 2. Mark the new version as
/// primary. Key rotations performed manually via CreateCryptoKeyVersion and
/// UpdateCryptoKeyPrimaryVersion do not affect next_rotation_time. Keys with
/// purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this
/// field must be omitted.
core.String? nextRotationTime;
/// A copy of the "primary" CryptoKeyVersion that will be used by Encrypt when
/// this CryptoKey is given in EncryptRequest.name.
///
/// The CryptoKey's primary version can be updated via
/// UpdateCryptoKeyPrimaryVersion. Keys with purpose ENCRYPT_DECRYPT may have
/// a primary. For other keys, this field will be omitted.
///
/// Output only.
CryptoKeyVersion? primary;
/// The immutable purpose of this CryptoKey.
///
/// Immutable.
/// Possible string values are:
/// - "CRYPTO_KEY_PURPOSE_UNSPECIFIED" : Not specified.
/// - "ENCRYPT_DECRYPT" : CryptoKeys with this purpose may be used with
/// Encrypt and Decrypt.
/// - "ASYMMETRIC_SIGN" : CryptoKeys with this purpose may be used with
/// AsymmetricSign and GetPublicKey.
/// - "ASYMMETRIC_DECRYPT" : CryptoKeys with this purpose may be used with
/// AsymmetricDecrypt and GetPublicKey.
/// - "RAW_ENCRYPT_DECRYPT" : CryptoKeys with this purpose may be used with
/// RawEncrypt and RawDecrypt. This purpose is meant to be used for
/// interoperable symmetric encryption and does not support automatic
/// CryptoKey rotation.
/// - "MAC" : CryptoKeys with this purpose may be used with MacSign.
/// - "KEY_ENCAPSULATION" : CryptoKeys with this purpose may be used with
/// GetPublicKey and Decapsulate.
core.String? purpose;
/// next_rotation_time will be advanced by this period when the service
/// automatically rotates a key.
///
/// Must be at least 24 hours and at most 876,000 hours. If rotation_period is
/// set, next_rotation_time must also be set. Keys with purpose
/// ENCRYPT_DECRYPT support automatic rotation. For other keys, this field
/// must be omitted.
core.String? rotationPeriod;
/// A template describing settings for new CryptoKeyVersion instances.
///
/// The properties of new CryptoKeyVersion instances created by either
/// CreateCryptoKeyVersion or auto-rotation are controlled by this template.
CryptoKeyVersionTemplate? versionTemplate;
CryptoKey({
this.createTime,
this.cryptoKeyBackend,
this.destroyScheduledDuration,
this.importOnly,
this.keyAccessJustificationsPolicy,
this.labels,
this.name,
this.nextRotationTime,
this.primary,
this.purpose,
this.rotationPeriod,
this.versionTemplate,
});
CryptoKey.fromJson(core.Map json_)
: this(
createTime: json_['createTime'] as core.String?,
cryptoKeyBackend: json_['cryptoKeyBackend'] as core.String?,
destroyScheduledDuration:
json_['destroyScheduledDuration'] as core.String?,
importOnly: json_['importOnly'] as core.bool?,
keyAccessJustificationsPolicy:
json_.containsKey('keyAccessJustificationsPolicy')
? KeyAccessJustificationsPolicy.fromJson(
json_['keyAccessJustificationsPolicy']
as core.Map<core.String, core.dynamic>,
)
: null,
labels: (json_['labels'] as core.Map<core.String, core.dynamic>?)?.map(
(key, value) => core.MapEntry(key, value as core.String),
),
name: json_['name'] as core.String?,
nextRotationTime: json_['nextRotationTime'] as core.String?,
primary: json_.containsKey('primary')
? CryptoKeyVersion.fromJson(
json_['primary'] as core.Map<core.String, core.dynamic>,
)
: null,
purpose: json_['purpose'] as core.String?,
rotationPeriod: json_['rotationPeriod'] as core.String?,
versionTemplate: json_.containsKey('versionTemplate')
? CryptoKeyVersionTemplate.fromJson(
json_['versionTemplate'] as core.Map<core.String, core.dynamic>,
)
: null,
);
core.Map<core.String, core.dynamic> toJson() {
final createTime = this.createTime;
final cryptoKeyBackend = this.cryptoKeyBackend;
final destroyScheduledDuration = this.destroyScheduledDuration;
final importOnly = this.importOnly;
final keyAccessJustificationsPolicy = this.keyAccessJustificationsPolicy;
final labels = this.labels;
final name = this.name;
final nextRotationTime = this.nextRotationTime;
final primary = this.primary;
final purpose = this.purpose;
final rotationPeriod = this.rotationPeriod;
final versionTemplate = this.versionTemplate;
return {
'createTime': ?createTime,
'cryptoKeyBackend': ?cryptoKeyBackend,
'destroyScheduledDuration': ?destroyScheduledDuration,
'importOnly': ?importOnly,
'keyAccessJustificationsPolicy': ?keyAccessJustificationsPolicy,
'labels': ?labels,
'name': ?name,
'nextRotationTime': ?nextRotationTime,
'primary': ?primary,
'purpose': ?purpose,
'rotationPeriod': ?rotationPeriod,
'versionTemplate': ?versionTemplate,
};
}
}
/// A CryptoKeyVersion represents an individual cryptographic key, and the
/// associated key material.
///
/// An ENABLED version can be used for cryptographic operations. For security
/// reasons, the raw cryptographic key material represented by a
/// CryptoKeyVersion can never be viewed or exported. It can only be used to
/// encrypt, decrypt, or sign data when an authorized user or application
/// invokes Cloud KMS.
class CryptoKeyVersion {
/// The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
///
/// Output only.
/// Possible string values are:
/// - "CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED" : Not specified.
/// - "GOOGLE_SYMMETRIC_ENCRYPTION" : Creates symmetric encryption keys.
/// - "AES_128_GCM" : AES-GCM (Galois Counter Mode) using 128-bit keys.
/// - "AES_256_GCM" : AES-GCM (Galois Counter Mode) using 256-bit keys.
/// - "AES_128_CBC" : AES-CBC (Cipher Block Chaining Mode) using 128-bit keys.
/// - "AES_256_CBC" : AES-CBC (Cipher Block Chaining Mode) using 256-bit keys.
/// - "AES_128_CTR" : AES-CTR (Counter Mode) using 128-bit keys.
/// - "AES_256_CTR" : AES-CTR (Counter Mode) using 256-bit keys.
/// - "RSA_SIGN_PSS_2048_SHA256" : RSASSA-PSS 2048 bit key with a SHA256
/// digest.
/// - "RSA_SIGN_PSS_3072_SHA256" : RSASSA-PSS 3072 bit key with a SHA256
/// digest.
/// - "RSA_SIGN_PSS_4096_SHA256" : RSASSA-PSS 4096 bit key with a SHA256
/// digest.
/// - "RSA_SIGN_PSS_4096_SHA512" : RSASSA-PSS 4096 bit key with a SHA512
/// digest.
/// - "RSA_SIGN_PKCS1_2048_SHA256" : RSASSA-PKCS1-v1_5 with a 2048 bit key and
/// a SHA256 digest.
/// - "RSA_SIGN_PKCS1_3072_SHA256" : RSASSA-PKCS1-v1_5 with a 3072 bit key and
/// a SHA256 digest.
/// - "RSA_SIGN_PKCS1_4096_SHA256" : RSASSA-PKCS1-v1_5 with a 4096 bit key and
/// a SHA256 digest.
/// - "RSA_SIGN_PKCS1_4096_SHA512" : RSASSA-PKCS1-v1_5 with a 4096 bit key and
/// a SHA512 digest.
/// - "RSA_SIGN_RAW_PKCS1_2048" : RSASSA-PKCS1-v1_5 signing without encoding,
/// with a 2048 bit key.
/// - "RSA_SIGN_RAW_PKCS1_3072" : RSASSA-PKCS1-v1_5 signing without encoding,
/// with a 3072 bit key.
/// - "RSA_SIGN_RAW_PKCS1_4096" : RSASSA-PKCS1-v1_5 signing without encoding,
/// with a 4096 bit key.
/// - "RSA_DECRYPT_OAEP_2048_SHA256" : RSAES-OAEP 2048 bit key with a SHA256
/// digest.
/// - "RSA_DECRYPT_OAEP_3072_SHA256" : RSAES-OAEP 3072 bit key with a SHA256
/// digest.
/// - "RSA_DECRYPT_OAEP_4096_SHA256" : RSAES-OAEP 4096 bit key with a SHA256
/// digest.
/// - "RSA_DECRYPT_OAEP_4096_SHA512" : RSAES-OAEP 4096 bit key with a SHA512
/// digest.
/// - "RSA_DECRYPT_OAEP_2048_SHA1" : RSAES-OAEP 2048 bit key with a SHA1
/// digest.
/// - "RSA_DECRYPT_OAEP_3072_SHA1" : RSAES-OAEP 3072 bit key with a SHA1
/// digest.
/// - "RSA_DECRYPT_OAEP_4096_SHA1" : RSAES-OAEP 4096 bit key with a SHA1
/// digest.
/// - "EC_SIGN_P256_SHA256" : ECDSA on the NIST P-256 curve with a SHA256
/// digest. Other hash functions can also be used:
/// https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms
/// - "EC_SIGN_P384_SHA384" : ECDSA on the NIST P-384 curve with a SHA384
/// digest. Other hash functions can also be used:
/// https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms
/// - "EC_SIGN_SECP256K1_SHA256" : ECDSA on the non-NIST secp256k1 curve. This
/// curve is only supported for HSM protection level. Other hash functions can
/// also be used:
/// https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms
/// - "EC_SIGN_ED25519" : EdDSA on the Curve25519 in pure mode (taking data as
/// input).
/// - "HMAC_SHA256" : HMAC-SHA256 signing with a 256 bit key.
/// - "HMAC_SHA1" : HMAC-SHA1 signing with a 160 bit key.
/// - "HMAC_SHA384" : HMAC-SHA384 signing with a 384 bit key.
/// - "HMAC_SHA512" : HMAC-SHA512 signing with a 512 bit key.
/// - "HMAC_SHA224" : HMAC-SHA224 signing with a 224 bit key.
/// - "EXTERNAL_SYMMETRIC_ENCRYPTION" : Algorithm representing symmetric
/// encryption by an external key manager.
/// - "ML_KEM_768" : ML-KEM-768 (FIPS 203)
/// - "ML_KEM_1024" : ML-KEM-1024 (FIPS 203)
/// - "KEM_XWING" : X-Wing hybrid KEM combining ML-KEM-768 with X25519
/// following datatracker.ietf.org/doc/draft-connolly-cfrg-xwing-kem/.
/// - "PQ_SIGN_ML_DSA_44" : The post-quantum Module-Lattice-Based Digital
/// Signature Algorithm, at security level 1. Randomized version.
/// - "PQ_SIGN_ML_DSA_65" : The post-quantum Module-Lattice-Based Digital
/// Signature Algorithm, at security level 3. Randomized version.
/// - "PQ_SIGN_ML_DSA_87" : The post-quantum Module-Lattice-Based Digital
/// Signature Algorithm, at security level 5. Randomized version.
/// - "PQ_SIGN_SLH_DSA_SHA2_128S" : The post-quantum stateless hash-based
/// digital signature algorithm, at security level 1. Randomized version.
/// - "PQ_SIGN_HASH_SLH_DSA_SHA2_128S_SHA256" : The post-quantum stateless
/// hash-based digital signature algorithm, at security level 1. Randomized
/// pre-hash version supporting SHA256 digests.
/// - "PQ_SIGN_ML_DSA_44_EXTERNAL_MU" : The post-quantum Module-Lattice-Based
/// Digital Signature Algorithm, at security level 1. Randomized version
/// supporting externally-computed message representatives.
/// - "PQ_SIGN_ML_DSA_65_EXTERNAL_MU" : The post-quantum Module-Lattice-Based
/// Digital Signature Algorithm, at security level 3. Randomized version
/// supporting externally-computed message representatives.
/// - "PQ_SIGN_ML_DSA_87_EXTERNAL_MU" : The post-quantum Module-Lattice-Based
/// Digital Signature Algorithm, at security level 5. Randomized version
/// supporting externally-computed message representatives.
core.String? algorithm;
/// Statement that was generated and signed by the HSM at key creation time.
///
/// Use this statement to verify attributes of the key as stored on the HSM,
/// independently of Google. Only provided for key versions with
/// protection_level HSM.
///
/// Output only.
KeyOperationAttestation? attestation;
/// The time at which this CryptoKeyVersion was created.
///
/// Output only.
core.String? createTime;
/// The time this CryptoKeyVersion's key material was destroyed.
///
/// Only present if state is DESTROYED.
///
/// Output only.
core.String? destroyEventTime;
/// The time this CryptoKeyVersion's key material is scheduled for
/// destruction.
///
/// Only present if state is DESTROY_SCHEDULED.
///
/// Output only.
core.String? destroyTime;
/// The root cause of the most recent external destruction failure.
///
/// Only present if state is EXTERNAL_DESTRUCTION_FAILED.
///
/// Output only.
core.String? externalDestructionFailureReason;
/// ExternalProtectionLevelOptions stores a group of additional fields for
/// configuring a CryptoKeyVersion that are specific to the EXTERNAL
/// protection level and EXTERNAL_VPC protection levels.
ExternalProtectionLevelOptions? externalProtectionLevelOptions;
/// The time this CryptoKeyVersion's key material was generated.
///
/// Output only.
core.String? generateTime;
/// The root cause of the most recent generation failure.
///
/// Only present if state is GENERATION_FAILED.
///
/// Output only.
core.String? generationFailureReason;
/// The root cause of the most recent import failure.
///
/// Only present if state is IMPORT_FAILED.
///
/// Output only.
core.String? importFailureReason;
/// The name of the ImportJob used in the most recent import of this
/// CryptoKeyVersion.
///
/// Only present if the underlying key material was imported.
///
/// Output only.
core.String? importJob;
/// The time at which this CryptoKeyVersion's key material was most recently
/// imported.
///
/// Output only.
core.String? importTime;
/// The resource name for this CryptoKeyVersion in the format `projects / *
/// /locations / * /keyRings / * /cryptoKeys / * /cryptoKeyVersions / * `.
///
/// Output only.
core.String? name;
/// The ProtectionLevel describing how crypto operations are performed with
/// this CryptoKeyVersion.
///
/// Output only.
/// Possible string values are:
/// - "PROTECTION_LEVEL_UNSPECIFIED" : Not specified.
/// - "SOFTWARE" : Crypto operations are performed in software.
/// - "HSM" : Crypto operations are performed in a Hardware Security Module.
/// - "EXTERNAL" : Crypto operations are performed by an external key manager.
/// - "EXTERNAL_VPC" : Crypto operations are performed in an EKM-over-VPC
/// backend.
/// - "HSM_SINGLE_TENANT" : Crypto operations are performed in a single-tenant
/// HSM.
core.String? protectionLevel;
/// Whether or not this key version is eligible for reimport, by being
/// specified as a target in ImportCryptoKeyVersionRequest.crypto_key_version.
///
/// Output only.
core.bool? reimportEligible;
/// The current state of the CryptoKeyVersion.
/// Possible string values are:
/// - "CRYPTO_KEY_VERSION_STATE_UNSPECIFIED" : Not specified.
/// - "PENDING_GENERATION" : This version is still being generated. It may not
/// be used, enabled, disabled, or destroyed yet. Cloud KMS will automatically
/// mark this version ENABLED as soon as the version is ready.
/// - "ENABLED" : This version may be used for cryptographic operations.
/// - "DISABLED" : This version may not be used, but the key material is still
/// available, and the version can be placed back into the ENABLED state.
/// - "DESTROYED" : The key material of this version is destroyed and no
/// longer stored. This version may only become ENABLED again if this version
/// is reimport_eligible and the original key material is reimported with a
/// call to KeyManagementService.ImportCryptoKeyVersion.
/// - "DESTROY_SCHEDULED" : This version is scheduled for destruction, and
/// will be destroyed soon. Call RestoreCryptoKeyVersion to put it back into
/// the DISABLED state.
/// - "PENDING_IMPORT" : This version is still being imported. It may not be
/// used, enabled, disabled, or destroyed yet. Cloud KMS will automatically
/// mark this version ENABLED as soon as the version is ready.
/// - "IMPORT_FAILED" : This version was not imported successfully. It may not
/// be used, enabled, disabled, or destroyed. The submitted key material has
/// been discarded. Additional details can be found in
/// CryptoKeyVersion.import_failure_reason.
/// - "GENERATION_FAILED" : This version was not generated successfully. It
/// may not be used, enabled, disabled, or destroyed. Additional details can
/// be found in CryptoKeyVersion.generation_failure_reason.
/// - "PENDING_EXTERNAL_DESTRUCTION" : This version was destroyed, and it may
/// not be used or enabled again. Cloud KMS is waiting for the corresponding
/// key material residing in an external key manager to be destroyed.
/// - "EXTERNAL_DESTRUCTION_FAILED" : This version was destroyed, and it may
/// not be used or enabled again. However, Cloud KMS could not confirm that
/// the corresponding key material residing in an external key manager was
/// destroyed. Additional details can be found in
/// CryptoKeyVersion.external_destruction_failure_reason.
core.String? state;
CryptoKeyVersion({
this.algorithm,
this.attestation,
this.createTime,
this.destroyEventTime,
this.destroyTime,
this.externalDestructionFailureReason,
this.externalProtectionLevelOptions,
this.generateTime,
this.generationFailureReason,
this.importFailureReason,
this.importJob,
this.importTime,
this.name,
this.protectionLevel,
this.reimportEligible,
this.state,
});
CryptoKeyVersion.fromJson(core.Map json_)
: this(
algorithm: json_['algorithm'] as core.String?,
attestation: json_.containsKey('attestation')
? KeyOperationAttestation.fromJson(
json_['attestation'] as core.Map<core.String, core.dynamic>,
)
: null,
createTime: json_['createTime'] as core.String?,
destroyEventTime: json_['destroyEventTime'] as core.String?,
destroyTime: json_['destroyTime'] as core.String?,
externalDestructionFailureReason:
json_['externalDestructionFailureReason'] as core.String?,
externalProtectionLevelOptions:
json_.containsKey('externalProtectionLevelOptions')
? ExternalProtectionLevelOptions.fromJson(
json_['externalProtectionLevelOptions']
as core.Map<core.String, core.dynamic>,
)
: null,
generateTime: json_['generateTime'] as core.String?,
generationFailureReason:
json_['generationFailureReason'] as core.String?,
importFailureReason: json_['importFailureReason'] as core.String?,
importJob: json_['importJob'] as core.String?,
importTime: json_['importTime'] as core.String?,
name: json_['name'] as core.String?,
protectionLevel: json_['protectionLevel'] as core.String?,
reimportEligible: json_['reimportEligible'] as core.bool?,
state: json_['state'] as core.String?,
);
core.Map<core.String, core.dynamic> toJson() {
final algorithm = this.algorithm;
final attestation = this.attestation;
final createTime = this.createTime;
final destroyEventTime = this.destroyEventTime;
final destroyTime = this.destroyTime;
final externalDestructionFailureReason =
this.externalDestructionFailureReason;
final externalProtectionLevelOptions = this.externalProtectionLevelOptions;
final generateTime = this.generateTime;
final generationFailureReason = this.generationFailureReason;
final importFailureReason = this.importFailureReason;
final importJob = this.importJob;
final importTime = this.importTime;
final name = this.name;
final protectionLevel = this.protectionLevel;
final reimportEligible = this.reimportEligible;
final state = this.state;
return {
'algorithm': ?algorithm,
'attestation': ?attestation,
'createTime': ?createTime,
'destroyEventTime': ?destroyEventTime,
'destroyTime': ?destroyTime,
'externalDestructionFailureReason': ?externalDestructionFailureReason,
'externalProtectionLevelOptions': ?externalProtectionLevelOptions,
'generateTime': ?generateTime,
'generationFailureReason': ?generationFailureReason,
'importFailureReason': ?importFailureReason,
'importJob': ?importJob,
'importTime': ?importTime,
'name': ?name,
'protectionLevel': ?protectionLevel,
'reimportEligible': ?reimportEligible,
'state': ?state,
};
}
}
/// A CryptoKeyVersionTemplate specifies the properties to use when creating a
/// new CryptoKeyVersion, either manually with CreateCryptoKeyVersion or
/// automatically as a result of auto-rotation.
typedef CryptoKeyVersionTemplate = $CryptoKeyVersionTemplate;
/// Request message for KeyManagementService.Decapsulate.
class DecapsulateRequest {
/// The ciphertext produced from encapsulation with the named CryptoKeyVersion
/// public key(s).
///
/// Required.
core.String? ciphertext;
core.List<core.int> get ciphertextAsBytes =>
convert.base64.decode(ciphertext!);
set ciphertextAsBytes(core.List<core.int> bytes_) {
ciphertext = convert.base64
.encode(bytes_)
.replaceAll('/', '_')
.replaceAll('+', '-');
}
/// A CRC32C checksum of the DecapsulateRequest.ciphertext.
///
/// If specified, KeyManagementService will verify the integrity of the
/// received DecapsulateRequest.ciphertext using this checksum.
/// KeyManagementService will report an error if the checksum verification
/// fails. If you receive a checksum error, your client should verify that
/// CRC32C(DecapsulateRequest.ciphertext) is equal to
/// DecapsulateRequest.ciphertext_crc32c, and if so, perform a limited number
/// of retries. A persistent mismatch may indicate an issue in your
/// computation of the CRC32C checksum. Note: This field is defined as int64
/// for reasons of compatibility across different languages. However, it is a
/// non-negative integer, which will never exceed 2^32-1, and can be safely
/// downconverted to uint32 in languages that support this type.
///
/// Optional.
core.String? ciphertextCrc32c;
DecapsulateRequest({this.ciphertext, this.ciphertextCrc32c});
DecapsulateRequest.fromJson(core.Map json_)
: this(
ciphertext: json_['ciphertext'] as core.String?,
ciphertextCrc32c: json_['ciphertextCrc32c'] as core.String?,
);
core.Map<core.String, core.dynamic> toJson() {
final ciphertext = this.ciphertext;
final ciphertextCrc32c = this.ciphertextCrc32c;
return {'ciphertext': ?ciphertext, 'ciphertextCrc32c': ?ciphertextCrc32c};
}
}
/// Response message for KeyManagementService.Decapsulate.
class DecapsulateResponse {
/// The resource name of the CryptoKeyVersion used for decapsulation.
///
/// Check this field to verify that the intended resource was used for
/// decapsulation.
core.String? name;
/// The ProtectionLevel of the CryptoKeyVersion used in decapsulation.
/// Possible string values are:
/// - "PROTECTION_LEVEL_UNSPECIFIED" : Not specified.
/// - "SOFTWARE" : Crypto operations are performed in software.
/// - "HSM" : Crypto operations are performed in a Hardware Security Module.
/// - "EXTERNAL" : Crypto operations are performed by an external key manager.
/// - "EXTERNAL_VPC" : Crypto operations are performed in an EKM-over-VPC
/// backend.
/// - "HSM_SINGLE_TENANT" : Crypto operations are performed in a single-tenant
/// HSM.
core.String? protectionLevel;
/// The decapsulated shared_secret originally encapsulated with the matching
/// public key.
core.String? sharedSecret;
core.List<core.int> get sharedSecretAsBytes =>
convert.base64.decode(sharedSecret!);
set sharedSecretAsBytes(core.List<core.int> bytes_) {
sharedSecret = convert.base64
.encode(bytes_)
.replaceAll('/', '_')
.replaceAll('+', '-');
}
/// Integrity verification field.
///
/// A CRC32C checksum of the returned DecapsulateResponse.shared_secret. An
/// integrity check of DecapsulateResponse.shared_secret can be performed by
/// computing the CRC32C checksum of DecapsulateResponse.shared_secret and
/// comparing your results to this field. Discard the response in case of
/// non-matching checksum values, and perform a limited number of retries. A
/// persistent mismatch may indicate an issue in your computation of the
/// CRC32C checksum. Note: receiving this response message indicates that
/// KeyManagementService is able to successfully decrypt the ciphertext. Note:
/// This field is defined as int64 for reasons of compatibility across
/// different languages. However, it is a non-negative integer, which will
/// never exceed 2^32-1, and can be safely downconverted to uint32 in
/// languages that support this type.
core.String? sharedSecretCrc32c;
/// Integrity verification field.
///
/// A flag indicating whether DecapsulateRequest.ciphertext_crc32c was
/// received by KeyManagementService and used for the integrity verification
/// of the ciphertext. A false value of this field indicates either that
/// DecapsulateRequest.ciphertext_crc32c was left unset or that it was not
/// delivered to KeyManagementService. If you've set
/// DecapsulateRequest.ciphertext_crc32c but this field is still false,
/// discard the response and perform a limited number of retries.
core.bool? verifiedCiphertextCrc32c;
DecapsulateResponse({
this.name,
this.protectionLevel,
this.sharedSecret,
this.sharedSecretCrc32c,
this.verifiedCiphertextCrc32c,
});
DecapsulateResponse.fromJson(core.Map json_)
: this(
name: json_['name'] as core.String?,
protectionLevel: json_['protectionLevel'] as core.String?,
sharedSecret: json_['sharedSecret'] as core.String?,
sharedSecretCrc32c: json_['sharedSecretCrc32c'] as core.String?,
verifiedCiphertextCrc32c:
json_['verifiedCiphertextCrc32c'] as core.bool?,
);
core.Map<core.String, core.dynamic> toJson() {
final name = this.name;
final protectionLevel = this.protectionLevel;
final sharedSecret = this.sharedSecret;
final sharedSecretCrc32c = this.sharedSecretCrc32c;
final verifiedCiphertextCrc32c = this.verifiedCiphertextCrc32c;
return {
'name': ?name,
'protectionLevel': ?protectionLevel,
'sharedSecret': ?sharedSecret,
'sharedSecretCrc32c': ?sharedSecretCrc32c,
'verifiedCiphertextCrc32c': ?verifiedCiphertextCrc32c,
};
}
}
/// Request message for KeyManagementService.Decrypt.
class DecryptRequest {
/// Optional data that must match the data originally supplied in
/// EncryptRequest.additional_authenticated_data.
///
/// Optional.
core.String? additionalAuthenticatedData;
core.List<core.int> get additionalAuthenticatedDataAsBytes =>
convert.base64.decode(additionalAuthenticatedData!);
set additionalAuthenticatedDataAsBytes(core.List<core.int> bytes_) {
additionalAuthenticatedData = convert.base64
.encode(bytes_)
.replaceAll('/', '_')
.replaceAll('+', '-');
}
/// An optional CRC32C checksum of the
/// DecryptRequest.additional_authenticated_data.
///
/// If specified, KeyManagementService will verify the integrity of the
/// received DecryptRequest.additional_authenticated_data using this checksum.
/// KeyManagementService will report an error if the checksum verification
/// fails. If you receive a checksum error, your client should verify that
/// CRC32C(DecryptRequest.additional_authenticated_data) is equal to
/// DecryptRequest.additional_authenticated_data_crc32c, and if so, perform a
/// limited number of retries. A persistent mismatch may indicate an issue in
/// your computation of the CRC32C checksum. Note: This field is defined as
/// int64 for reasons of compatibility across different languages. However, it
/// is a non-negative integer, which will never exceed 2^32-1, and can be
/// safely downconverted to uint32 in languages that support this type.
///
/// Optional.
core.String? additionalAuthenticatedDataCrc32c;
/// The encrypted data originally returned in EncryptResponse.ciphertext.
///
/// Required.
core.String? ciphertext;
core.List<core.int> get ciphertextAsBytes =>
convert.base64.decode(ciphertext!);
set ciphertextAsBytes(core.List<core.int> bytes_) {
ciphertext = convert.base64
.encode(bytes_)
.replaceAll('/', '_')
.replaceAll('+', '-');
}
/// An optional CRC32C checksum of the DecryptRequest.ciphertext.
///
/// If specified, KeyManagementService will verify the integrity of the
/// received DecryptRequest.ciphertext using this checksum.
/// KeyManagementService will report an error if the checksum verification
/// fails. If you receive a checksum error, your client should verify that
/// CRC32C(DecryptRequest.ciphertext) is equal to
/// DecryptRequest.ciphertext_crc32c, and if so, perform a limited number of
/// retries. A persistent mismatch may indicate an issue in your computation
/// of the CRC32C checksum. Note: This field is defined as int64 for reasons
/// of compatibility across different languages. However, it is a non-negative
/// integer, which will never exceed 2^32-1, and can be safely downconverted
/// to uint32 in languages that support this type.
///
/// Optional.
core.String? ciphertextCrc32c;
DecryptRequest({
this.additionalAuthenticatedData,
this.additionalAuthenticatedDataCrc32c,
this.ciphertext,
this.ciphertextCrc32c,
});
DecryptRequest.fromJson(core.Map json_)
: this(
additionalAuthenticatedData:
json_['additionalAuthenticatedData'] as core.String?,
additionalAuthenticatedDataCrc32c:
json_['additionalAuthenticatedDataCrc32c'] as core.String?,
ciphertext: json_['ciphertext'] as core.String?,
ciphertextCrc32c: json_['ciphertextCrc32c'] as core.String?,
);
core.Map<core.String, core.dynamic> toJson() {
final additionalAuthenticatedData = this.additionalAuthenticatedData;
final additionalAuthenticatedDataCrc32c =
this.additionalAuthenticatedDataCrc32c;
final ciphertext = this.ciphertext;
final ciphertextCrc32c = this.ciphertextCrc32c;
return {
'additionalAuthenticatedData': ?additionalAuthenticatedData,
'additionalAuthenticatedDataCrc32c': ?additionalAuthenticatedDataCrc32c,
'ciphertext': ?ciphertext,
'ciphertextCrc32c': ?ciphertextCrc32c,
};
}
}
/// Response message for KeyManagementService.Decrypt.
class DecryptResponse {
/// The decrypted data originally supplied in EncryptRequest.plaintext.
core.String? plaintext;
core.List<core.int> get plaintextAsBytes => convert.base64.decode(plaintext!);
set plaintextAsBytes(core.List<core.int> bytes_) {
plaintext = convert.base64
.encode(bytes_)
.replaceAll('/', '_')
.replaceAll('+', '-');
}
/// Integrity verification field.
///
/// A CRC32C checksum of the returned DecryptResponse.plaintext. An integrity
/// check of DecryptResponse.plaintext can be performed by computing the
/// CRC32C checksum of DecryptResponse.plaintext and comparing your results to
/// this field. Discard the response in case of non-matching checksum values,
/// and perform a limited number of retries. A persistent mismatch may
/// indicate an issue in your computation of the CRC32C checksum. Note:
/// receiving this response message indicates that KeyManagementService is
/// able to successfully decrypt the ciphertext. Note: This field is defined
/// as int64 for reasons of compatibility across different languages. However,
/// it is a non-negative integer, which will never exceed 2^32-1, and can be
/// safely downconverted to uint32 in languages that support this type.
core.String? plaintextCrc32c;
/// The ProtectionLevel of the CryptoKeyVersion used in decryption.
/// Possible string values are:
/// - "PROTECTION_LEVEL_UNSPECIFIED" : Not specified.
/// - "SOFTWARE" : Crypto operations are performed in software.
/// - "HSM" : Crypto operations are performed in a Hardware Security Module.
/// - "EXTERNAL" : Crypto operations are performed by an external key manager.
/// - "EXTERNAL_VPC" : Crypto operations are performed in an EKM-over-VPC
/// backend.
/// - "HSM_SINGLE_TENANT" : Crypto operations are performed in a single-tenant
/// HSM.
core.String? protectionLevel;
/// Whether the Decryption was performed using the primary key version.
core.bool? usedPrimary;
DecryptResponse({
this.plaintext,
this.plaintextCrc32c,
this.protectionLevel,
this.usedPrimary,
});
DecryptResponse.fromJson(core.Map json_)
: this(
plaintext: json_['plaintext'] as core.String?,
plaintextCrc32c: json_['plaintextCrc32c'] as core.String?,
protectionLevel: json_['protectionLevel'] as core.String?,
usedPrimary: json_['usedPrimary'] as core.bool?,
);
core.Map<core.String, core.dynamic> toJson() {
final plaintext = this.plaintext;
final plaintextCrc32c = this.plaintextCrc32c;
final protectionLevel = this.protectionLevel;
final usedPrimary = this.usedPrimary;
return {
'plaintext': ?plaintext,
'plaintextCrc32c': ?plaintextCrc32c,
'protectionLevel': ?protectionLevel,
'usedPrimary': ?usedPrimary,
};
}
}
/// Delete the SingleTenantHsmInstance.
///
/// Deleting a SingleTenantHsmInstance will make all CryptoKeys attached to the
/// SingleTenantHsmInstance unusable. The SingleTenantHsmInstance must not be in
/// the DELETING or DELETED state to perform this operation.
typedef DeleteSingleTenantHsmInstance = $Empty;
/// Request message for KeyManagementService.DestroyCryptoKeyVersion.
typedef DestroyCryptoKeyVersionRequest = $Empty;
/// A Digest holds a cryptographic message digest.
class Digest {
/// A message digest produced with SHAKE-256, to be used with ML-DSA
/// external-μ algorithms only.
///
/// See "message representative" note in section 6.2, algorithm 7 of the
/// FIPS-204 standard: https://doi.org/10.6028/nist.fips.204
core.String? externalMu;
core.List<core.int> get externalMuAsBytes =>
convert.base64.decode(externalMu!);
set externalMuAsBytes(core.List<core.int> bytes_) {
externalMu = convert.base64
.encode(bytes_)
.replaceAll('/', '_')
.replaceAll('+', '-');
}
/// A message digest produced with the SHA-256 algorithm.
core.String? sha256;
core.List<core.int> get sha256AsBytes => convert.base64.decode(sha256!);
set sha256AsBytes(core.List<core.int> bytes_) {
sha256 = convert.base64
.encode(bytes_)
.replaceAll('/', '_')
.replaceAll('+', '-');
}
/// A message digest produced with the SHA-384 algorithm.
core.String? sha384;
core.List<core.int> get sha384AsBytes => convert.base64.decode(sha384!);
set sha384AsBytes(core.List<core.int> bytes_) {
sha384 = convert.base64
.encode(bytes_)
.replaceAll('/', '_')
.replaceAll('+', '-');
}
/// A message digest produced with the SHA-512 algorithm.
core.String? sha512;
core.List<core.int> get sha512AsBytes => convert.base64.decode(sha512!);
set sha512AsBytes(core.List<core.int> bytes_) {
sha512 = convert.base64
.encode(bytes_)
.replaceAll('/', '_')
.replaceAll('+', '-');
}
Digest({this.externalMu, this.sha256, this.sha384, this.sha512});
Digest.fromJson(core.Map json_)
: this(
externalMu: json_['externalMu'] as core.String?,
sha256: json_['sha256'] as core.String?,
sha384: json_['sha384'] as core.String?,
sha512: json_['sha512'] as core.String?,
);
core.Map<core.String, core.dynamic> toJson() {
final externalMu = this.externalMu;
final sha256 = this.sha256;
final sha384 = this.sha384;
final sha512 = this.sha512;
return {
'externalMu': ?externalMu,
'sha256': ?sha256,
'sha384': ?sha384,
'sha512': ?sha512,
};
}
}
/// Disable the SingleTenantHsmInstance.
///
/// The SingleTenantHsmInstance must be in the ACTIVE state to perform this
/// operation.
typedef DisableSingleTenantHsmInstance = $Empty;
/// An EkmConfig is a singleton resource that represents configuration
/// parameters that apply to all CryptoKeys and CryptoKeyVersions with a
/// ProtectionLevel of EXTERNAL_VPC in a given project and location.
class EkmConfig {
/// Resource name of the default EkmConnection.
///
/// Setting this field to the empty string removes the default.
///
/// Optional.
core.String? defaultEkmConnection;
/// The resource name for the EkmConfig in the format `projects / * /locations
/// / * /ekmConfig`.
///
/// Output only.
core.String? name;
EkmConfig({this.defaultEkmConnection, this.name});
EkmConfig.fromJson(core.Map json_)
: this(
defaultEkmConnection: json_['defaultEkmConnection'] as core.String?,
name: json_['name'] as core.String?,
);
core.Map<core.String, core.dynamic> toJson() {
final defaultEkmConnection = this.defaultEkmConnection;
final name = this.name;
return {'defaultEkmConnection': ?defaultEkmConnection, 'name': ?name};
}
}
/// An EkmConnection represents an individual EKM connection.
///
/// It can be used for creating CryptoKeys and CryptoKeyVersions with a
/// ProtectionLevel of EXTERNAL_VPC, as well as performing cryptographic
/// operations using keys created within the EkmConnection.
class EkmConnection {
/// The time at which the EkmConnection was created.
///
/// Output only.
core.String? createTime;
/// Identifies the EKM Crypto Space that this EkmConnection maps to.
///
/// Note: This field is required if KeyManagementMode is CLOUD_KMS.
///
/// Optional.
core.String? cryptoSpacePath;
/// Etag of the currently stored EkmConnection.
///
/// Optional.
core.String? etag;
/// Describes who can perform control plane operations on the EKM.
///
/// If unset, this defaults to MANUAL.
///
/// Optional.
/// Possible string values are:
/// - "KEY_MANAGEMENT_MODE_UNSPECIFIED" : Not specified.
/// - "MANUAL" : EKM-side key management operations on CryptoKeys created with
/// this EkmConnection must be initiated from the EKM directly and cannot be
/// performed from Cloud KMS. This means that: * When creating a
/// CryptoKeyVersion associated with this EkmConnection, the caller must
/// supply the key path of pre-existing external key material that will be
/// linked to the CryptoKeyVersion. * Destruction of external key material
/// cannot be requested via the Cloud KMS API and must be performed directly
/// in the EKM. * Automatic rotation of key material is not supported.
/// - "CLOUD_KMS" : All CryptoKeys created with this EkmConnection use
/// EKM-side key management operations initiated from Cloud KMS. This means
/// that: * When a CryptoKeyVersion associated with this EkmConnection is
/// created, the EKM automatically generates new key material and a new key
/// path. The caller cannot supply the key path of pre-existing external key
/// material. * Destruction of external key material associated with this
/// EkmConnection can be requested by calling DestroyCryptoKeyVersion. *
/// Automatic rotation of key material is supported.
core.String? keyManagementMode;
/// The resource name for the EkmConnection in the format `projects / *
/// /locations / * /ekmConnections / * `.
///
/// Output only.
core.String? name;
/// A list of ServiceResolvers where the EKM can be reached.
///
/// There should be one ServiceResolver per EKM replica. Currently, only a
/// single ServiceResolver is supported.
///
/// Optional.
core.List<ServiceResolver>? serviceResolvers;
EkmConnection({
this.createTime,
this.cryptoSpacePath,
this.etag,
this.keyManagementMode,
this.name,
this.serviceResolvers,
});
EkmConnection.fromJson(core.Map json_)
: this(
createTime: json_['createTime'] as core.String?,
cryptoSpacePath: json_['cryptoSpacePath'] as core.String?,
etag: json_['etag'] as core.String?,
keyManagementMode: json_['keyManagementMode'] as core.String?,
name: json_['name'] as core.String?,
serviceResolvers: (json_['serviceResolvers'] as core.List?)
?.map(
(value) => ServiceResolver.fromJson(
value as core.Map<core.String, core.dynamic>,
),
)
.toList(),
);
core.Map<core.String, core.dynamic> toJson() {
final createTime = this.createTime;
final cryptoSpacePath = this.cryptoSpacePath;
final etag = this.etag;
final keyManagementMode = this.keyManagementMode;
final name = this.name;
final serviceResolvers = this.serviceResolvers;
return {
'createTime': ?createTime,
'cryptoSpacePath': ?cryptoSpacePath,
'etag': ?etag,
'keyManagementMode': ?keyManagementMode,
'name': ?name,
'serviceResolvers': ?serviceResolvers,
};
}
}
/// A generic empty message that you can re-use to avoid defining duplicated
/// empty messages in your APIs.
///
/// A typical example is to use it as the request or the response type of an API
/// method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns
/// (google.protobuf.Empty); }
typedef Empty = $Empty;
/// Enable the SingleTenantHsmInstance.
///
/// The SingleTenantHsmInstance must be in the DISABLED state to perform this
/// operation.
typedef EnableSingleTenantHsmInstance = $Empty;
/// Request message for KeyManagementService.Encrypt.
class EncryptRequest {
/// Optional data that, if specified, must also be provided during decryption
/// through DecryptRequest.additional_authenticated_data.
///
/// The maximum size depends on the key version's protection_level. For
/// SOFTWARE, EXTERNAL, and EXTERNAL_VPC keys the AAD must be no larger than
/// 64KiB. For HSM keys, the combined length of the plaintext and
/// additional_authenticated_data fields must be no larger than 8KiB.
///
/// Optional.
core.String? additionalAuthenticatedData;
core.List<core.int> get additionalAuthenticatedDataAsBytes =>
convert.base64.decode(additionalAuthenticatedData!);
set additionalAuthenticatedDataAsBytes(core.List<core.int> bytes_) {
additionalAuthenticatedData = convert.base64
.encode(bytes_)
.replaceAll('/', '_')
.replaceAll('+', '-');
}
/// An optional CRC32C checksum of the
/// EncryptRequest.additional_authenticated_data.
///
/// If specified, KeyManagementService will verify the integrity of the
/// received EncryptRequest.additional_authenticated_data using this checksum.
/// KeyManagementService will report an error if the checksum verification
/// fails. If you receive a checksum error, your client should verify that
/// CRC32C(EncryptRequest.additional_authenticated_data) is equal to
/// EncryptRequest.additional_authenticated_data_crc32c, and if so, perform a
/// limited number of retries. A persistent mismatch may indicate an issue in
/// your computation of the CRC32C checksum. Note: This field is defined as
/// int64 for reasons of compatibility across different languages. However, it
/// is a non-negative integer, which will never exceed 2^32-1, and can be
/// safely downconverted to uint32 in languages that support this type.
///
/// Optional.
core.String? additionalAuthenticatedDataCrc32c;
/// The data to encrypt.
///
/// Must be no larger than 64KiB. The maximum size depends on the key
/// version's protection_level. For SOFTWARE, EXTERNAL, and EXTERNAL_VPC keys,
/// the plaintext must be no larger than 64KiB. For HSM keys, the combined
/// length of the plaintext and additional_authenticated_data fields must be
/// no larger than 8KiB.
///
/// Required.
core.String? plaintext;
core.List<core.int> get plaintextAsBytes => convert.base64.decode(plaintext!);
set plaintextAsBytes(core.List<core.int> bytes_) {
plaintext = convert.base64
.encode(bytes_)
.replaceAll('/', '_')
.replaceAll('+', '-');
}
/// An optional CRC32C checksum of the EncryptRequest.plaintext.
///
/// If specified, KeyManagementService will verify the integrity of the
/// received EncryptRequest.plaintext using this checksum.
/// KeyManagementService will report an error if the checksum verification
/// fails. If you receive a checksum error, your client should verify that
/// CRC32C(EncryptRequest.plaintext) is equal to
/// EncryptRequest.plaintext_crc32c, and if so, perform a limited number of
/// retries. A persistent mismatch may indicate an issue in your computation
/// of the CRC32C checksum. Note: This field is defined as int64 for reasons
/// of compatibility across different languages. However, it is a non-negative
/// integer, which will never exceed 2^32-1, and can be safely downconverted
/// to uint32 in languages that support this type.
///
/// Optional.
core.String? plaintextCrc32c;
EncryptRequest({
this.additionalAuthenticatedData,
this.additionalAuthenticatedDataCrc32c,
this.plaintext,
this.plaintextCrc32c,
});
EncryptRequest.fromJson(core.Map json_)
: this(
additionalAuthenticatedData:
json_['additionalAuthenticatedData'] as core.String?,
additionalAuthenticatedDataCrc32c:
json_['additionalAuthenticatedDataCrc32c'] as core.String?,
plaintext: json_['plaintext'] as core.String?,
plaintextCrc32c: json_['plaintextCrc32c'] as core.String?,
);
core.Map<core.String, core.dynamic> toJson() {
final additionalAuthenticatedData = this.additionalAuthenticatedData;
final additionalAuthenticatedDataCrc32c =
this.additionalAuthenticatedDataCrc32c;
final plaintext = this.plaintext;
final plaintextCrc32c = this.plaintextCrc32c;
return {
'additionalAuthenticatedData': ?additionalAuthenticatedData,
'additionalAuthenticatedDataCrc32c': ?additionalAuthenticatedDataCrc32c,
'plaintext': ?plaintext,
'plaintextCrc32c': ?plaintextCrc32c,
};
}
}
/// Response message for KeyManagementService.Encrypt.
class EncryptResponse {
/// The encrypted data.
core.String? ciphertext;
core.List<core.int> get ciphertextAsBytes =>
convert.base64.decode(ciphertext!);
set ciphertextAsBytes(core.List<core.int> bytes_) {
ciphertext = convert.base64
.encode(bytes_)
.replaceAll('/', '_')
.replaceAll('+', '-');
}
/// Integrity verification field.
///
/// A CRC32C checksum of the returned EncryptResponse.ciphertext. An integrity
/// check of EncryptResponse.ciphertext can be performed by computing the
/// CRC32C checksum of EncryptResponse.ciphertext and comparing your results
/// to this field. Discard the response in case of non-matching checksum
/// values, and perform a limited number of retries. A persistent mismatch may
/// indicate an issue in your computation of the CRC32C checksum. Note: This
/// field is defined as int64 for reasons of compatibility across different
/// languages. However, it is a non-negative integer, which will never exceed
/// 2^32-1, and can be safely downconverted to uint32 in languages that
/// support this type.
core.String? ciphertextCrc32c;
/// The resource name of the CryptoKeyVersion used in encryption.
///
/// Check this field to verify that the intended resource was used for
/// encryption.
core.String? name;
/// The ProtectionLevel of the CryptoKeyVersion used in encryption.
/// Possible string values are:
/// - "PROTECTION_LEVEL_UNSPECIFIED" : Not specified.
/// - "SOFTWARE" : Crypto operations are performed in software.
/// - "HSM" : Crypto operations are performed in a Hardware Security Module.
/// - "EXTERNAL" : Crypto operations are performed by an external key manager.
/// - "EXTERNAL_VPC" : Crypto operations are performed in an EKM-over-VPC
/// backend.
/// - "HSM_SINGLE_TENANT" : Crypto operations are performed in a single-tenant
/// HSM.
core.String? protectionLevel;
/// Integrity verification field.
///
/// A flag indicating whether
/// EncryptRequest.additional_authenticated_data_crc32c was received by
/// KeyManagementService and used for the integrity verification of the AAD. A
/// false value of this field indicates either that
/// EncryptRequest.additional_authenticated_data_crc32c was left unset or that
/// it was not delivered to KeyManagementService. If you've set
/// EncryptRequest.additional_authenticated_data_crc32c but this field is
/// still false, discard the response and perform a limited number of retries.
core.bool? verifiedAdditionalAuthenticatedDataCrc32c;
/// Integrity verification field.
///
/// A flag indicating whether EncryptRequest.plaintext_crc32c was received by
/// KeyManagementService and used for the integrity verification of the
/// plaintext. A false value of this field indicates either that
/// EncryptRequest.plaintext_crc32c was left unset or that it was not
/// delivered to KeyManagementService. If you've set
/// EncryptRequest.plaintext_crc32c but this field is still false, discard the
/// response and perform a limited number of retries.
core.bool? verifiedPlaintextCrc32c;
EncryptResponse({
this.ciphertext,
this.ciphertextCrc32c,
this.name,
this.protectionLevel,
this.verifiedAdditionalAuthenticatedDataCrc32c,
this.verifiedPlaintextCrc32c,
});
EncryptResponse.fromJson(core.Map json_)
: this(
ciphertext: json_['ciphertext'] as core.String?,
ciphertextCrc32c: json_['ciphertextCrc32c'] as core.String?,
name: json_['name'] as core.String?,
protectionLevel: json_['protectionLevel'] as core.String?,
verifiedAdditionalAuthenticatedDataCrc32c:
json_['verifiedAdditionalAuthenticatedDataCrc32c'] as core.bool?,
verifiedPlaintextCrc32c: json_['verifiedPlaintextCrc32c'] as core.bool?,
);
core.Map<core.String, core.dynamic> toJson() {
final ciphertext = this.ciphertext;
final ciphertextCrc32c = this.ciphertextCrc32c;
final name = this.name;
final protectionLevel = this.protectionLevel;
final verifiedAdditionalAuthenticatedDataCrc32c =
this.verifiedAdditionalAuthenticatedDataCrc32c;
final verifiedPlaintextCrc32c = this.verifiedPlaintextCrc32c;
return {
'ciphertext': ?ciphertext,
'ciphertextCrc32c': ?ciphertextCrc32c,
'name': ?name,
'protectionLevel': ?protectionLevel,
'verifiedAdditionalAuthenticatedDataCrc32c':
?verifiedAdditionalAuthenticatedDataCrc32c,
'verifiedPlaintextCrc32c': ?verifiedPlaintextCrc32c,
};
}
}
/// Request message for HsmManagement.ExecuteSingleTenantHsmInstanceProposal.
typedef ExecuteSingleTenantHsmInstanceProposalRequest = $Empty;
/// Represents a textual expression in the Common Expression Language (CEL)
/// syntax.
///
/// CEL is a C-like expression language. The syntax and semantics of CEL are
/// documented at https://github.com/google/cel-spec. Example (Comparison):
/// title: "Summary size limit" description: "Determines if a summary is less
/// than 100 chars" expression: "document.summary.size() \< 100" Example
/// (Equality): title: "Requestor is owner" description: "Determines if
/// requestor is the document owner" expression: "document.owner ==
/// request.auth.claims.email" Example (Logic): title: "Public documents"
/// description: "Determine whether the document should be publicly visible"
/// expression: "document.type != 'private' && document.type != 'internal'"
/// Example (Data Manipulation): title: "Notification string" description:
/// "Create a notification string with a timestamp." expression: "'New message
/// received at ' + string(document.create_time)" The exact variables and
/// functions that may be referenced within an expression are determined by the
/// service that evaluates it. See the service documentation for additional
/// information.
typedef Expr = $Expr;
/// ExternalProtectionLevelOptions stores a group of additional fields for
/// configuring a CryptoKeyVersion that are specific to the EXTERNAL protection
/// level and EXTERNAL_VPC protection levels.
typedef ExternalProtectionLevelOptions = $ExternalProtectionLevelOptions;
/// Request message for KeyManagementService.GenerateRandomBytes.
class GenerateRandomBytesRequest {
/// The length in bytes of the amount of randomness to retrieve.
///
/// Minimum 8 bytes, maximum 1024 bytes.
core.int? lengthBytes;
/// The ProtectionLevel to use when generating the random data.
///
/// Currently, only HSM protection level is supported.
/// Possible string values are:
/// - "PROTECTION_LEVEL_UNSPECIFIED" : Not specified.
/// - "SOFTWARE" : Crypto operations are performed in software.
/// - "HSM" : Crypto operations are performed in a Hardware Security Module.
/// - "EXTERNAL" : Crypto operations are performed by an external key manager.
/// - "EXTERNAL_VPC" : Crypto operations are performed in an EKM-over-VPC
/// backend.
/// - "HSM_SINGLE_TENANT" : Crypto operations are performed in a single-tenant
/// HSM.
core.String? protectionLevel;
GenerateRandomBytesRequest({this.lengthBytes, this.protectionLevel});
GenerateRandomBytesRequest.fromJson(core.Map json_)
: this(
lengthBytes: json_['lengthBytes'] as core.int?,
protectionLevel: json_['protectionLevel'] as core.String?,
);
core.Map<core.String, core.dynamic> toJson() {
final lengthBytes = this.lengthBytes;
final protectionLevel = this.protectionLevel;
return {'lengthBytes': ?lengthBytes, 'protectionLevel': ?protectionLevel};
}
}
/// Response message for KeyManagementService.GenerateRandomBytes.
class GenerateRandomBytesResponse {
/// The generated data.
core.String? data;
core.List<core.int> get dataAsBytes => convert.base64.decode(data!);
set dataAsBytes(core.List<core.int> bytes_) {
data = convert.base64
.encode(bytes_)
.replaceAll('/', '_')
.replaceAll('+', '-');
}
/// Integrity verification field.
///
/// A CRC32C checksum of the returned GenerateRandomBytesResponse.data. An
/// integrity check of GenerateRandomBytesResponse.data can be performed by
/// computing the CRC32C checksum of GenerateRandomBytesResponse.data and
/// comparing your results to this field. Discard the response in case of
/// non-matching checksum values, and perform a limited number of retries. A
/// persistent mismatch may indicate an issue in your computation of the
/// CRC32C checksum. Note: This field is defined as int64 for reasons of
/// compatibility across different languages. However, it is a non-negative
/// integer, which will never exceed 2^32-1, and can be safely downconverted
/// to uint32 in languages that support this type.
core.String? dataCrc32c;
GenerateRandomBytesResponse({this.data, this.dataCrc32c});
GenerateRandomBytesResponse.fromJson(core.Map json_)
: this(
data: json_['data'] as core.String?,
dataCrc32c: json_['dataCrc32c'] as core.String?,
);
core.Map<core.String, core.dynamic> toJson() {
final data = this.data;
final dataCrc32c = this.dataCrc32c;
return {'data': ?data, 'dataCrc32c': ?dataCrc32c};
}
}
/// Request message for KeyManagementService.ImportCryptoKeyVersion.
class ImportCryptoKeyVersionRequest {
/// The algorithm of the key being imported.
///
/// This does not need to match the version_template of the CryptoKey this
/// version imports into.
///
/// Required.
/// Possible string values are:
/// - "CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED" : Not specified.
/// - "GOOGLE_SYMMETRIC_ENCRYPTION" : Creates symmetric encryption keys.
/// - "AES_128_GCM" : AES-GCM (Galois Counter Mode) using 128-bit keys.
/// - "AES_256_GCM" : AES-GCM (Galois Counter Mode) using 256-bit keys.
/// - "AES_128_CBC" : AES-CBC (Cipher Block Chaining Mode) using 128-bit keys.
/// - "AES_256_CBC" : AES-CBC (Cipher Block Chaining Mode) using 256-bit keys.
/// - "AES_128_CTR" : AES-CTR (Counter Mode) using 128-bit keys.
/// - "AES_256_CTR" : AES-CTR (Counter Mode) using 256-bit keys.
/// - "RSA_SIGN_PSS_2048_SHA256" : RSASSA-PSS 2048 bit key with a SHA256
/// digest.
/// - "RSA_SIGN_PSS_3072_SHA256" : RSASSA-PSS 3072 bit key with a SHA256
/// digest.
/// - "RSA_SIGN_PSS_4096_SHA256" : RSASSA-PSS 4096 bit key with a SHA256
/// digest.
/// - "RSA_SIGN_PSS_4096_SHA512" : RSASSA-PSS 4096 bit key with a SHA512
/// digest.
/// - "RSA_SIGN_PKCS1_2048_SHA256" : RSASSA-PKCS1-v1_5 with a 2048 bit key and
/// a SHA256 digest.
/// - "RSA_SIGN_PKCS1_3072_SHA256" : RSASSA-PKCS1-v1_5 with a 3072 bit key and
/// a SHA256 digest.
/// - "RSA_SIGN_PKCS1_4096_SHA256" : RSASSA-PKCS1-v1_5 with a 4096 bit key and
/// a SHA256 digest.
/// - "RSA_SIGN_PKCS1_4096_SHA512" : RSASSA-PKCS1-v1_5 with a 4096 bit key and
/// a SHA512 digest.
/// - "RSA_SIGN_RAW_PKCS1_2048" : RSASSA-PKCS1-v1_5 signing without encoding,
/// with a 2048 bit key.
/// - "RSA_SIGN_RAW_PKCS1_3072" : RSASSA-PKCS1-v1_5 signing without encoding,
/// with a 3072 bit key.
/// - "RSA_SIGN_RAW_PKCS1_4096" : RSASSA-PKCS1-v1_5 signing without encoding,
/// with a 4096 bit key.
/// - "RSA_DECRYPT_OAEP_2048_SHA256" : RSAES-OAEP 2048 bit key with a SHA256
/// digest.
/// - "RSA_DECRYPT_OAEP_3072_SHA256" : RSAES-OAEP 3072 bit key with a SHA256
/// digest.
/// - "RSA_DECRYPT_OAEP_4096_SHA256" : RSAES-OAEP 4096 bit key with a SHA256
/// digest.
/// - "RSA_DECRYPT_OAEP_4096_SHA512" : RSAES-OAEP 4096 bit key with a SHA512
/// digest.
/// - "RSA_DECRYPT_OAEP_2048_SHA1" : RSAES-OAEP 2048 bit key with a SHA1
/// digest.
/// - "RSA_DECRYPT_OAEP_3072_SHA1" : RSAES-OAEP 3072 bit key with a SHA1
/// digest.
/// - "RSA_DECRYPT_OAEP_4096_SHA1" : RSAES-OAEP 4096 bit key with a SHA1
/// digest.
/// - "EC_SIGN_P256_SHA256" : ECDSA on the NIST P-256 curve with a SHA256
/// digest. Other hash functions can also be used:
/// https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms
/// - "EC_SIGN_P384_SHA384" : ECDSA on the NIST P-384 curve with a SHA384
/// digest. Other hash functions can also be used:
/// https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms
/// - "EC_SIGN_SECP256K1_SHA256" : ECDSA on the non-NIST secp256k1 curve. This
/// curve is only supported for HSM protection level. Other hash functions can
/// also be used:
/// https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms
/// - "EC_SIGN_ED25519" : EdDSA on the Curve25519 in pure mode (taking data as
/// input).
/// - "HMAC_SHA256" : HMAC-SHA256 signing with a 256 bit key.
/// - "HMAC_SHA1" : HMAC-SHA1 signing with a 160 bit key.
/// - "HMAC_SHA384" : HMAC-SHA384 signing with a 384 bit key.
/// - "HMAC_SHA512" : HMAC-SHA512 signing with a 512 bit key.
/// - "HMAC_SHA224" : HMAC-SHA224 signing with a 224 bit key.
/// - "EXTERNAL_SYMMETRIC_ENCRYPTION" : Algorithm representing symmetric
/// encryption by an external key manager.
/// - "ML_KEM_768" : ML-KEM-768 (FIPS 203)
/// - "ML_KEM_1024" : ML-KEM-1024 (FIPS 203)
/// - "KEM_XWING" : X-Wing hybrid KEM combining ML-KEM-768 with X25519
/// following datatracker.ietf.org/doc/draft-connolly-cfrg-xwing-kem/.
/// - "PQ_SIGN_ML_DSA_44" : The post-quantum Module-Lattice-Based Digital
/// Signature Algorithm, at security level 1. Randomized version.
/// - "PQ_SIGN_ML_DSA_65" : The post-quantum Module-Lattice-Based Digital
/// Signature Algorithm, at security level 3. Randomized version.
/// - "PQ_SIGN_ML_DSA_87" : The post-quantum Module-Lattice-Based Digital
/// Signature Algorithm, at security level 5. Randomized version.
/// - "PQ_SIGN_SLH_DSA_SHA2_128S" : The post-quantum stateless hash-based
/// digital signature algorithm, at security level 1. Randomized version.
/// - "PQ_SIGN_HASH_SLH_DSA_SHA2_128S_SHA256" : The post-quantum stateless
/// hash-based digital signature algorithm, at security level 1. Randomized
/// pre-hash version supporting SHA256 digests.
/// - "PQ_SIGN_ML_DSA_44_EXTERNAL_MU" : The post-quantum Module-Lattice-Based
/// Digital Signature Algorithm, at security level 1. Randomized version
/// supporting externally-computed message representatives.
/// - "PQ_SIGN_ML_DSA_65_EXTERNAL_MU" : The post-quantum Module-Lattice-Based
/// Digital Signature Algorithm, at security level 3. Randomized version
/// supporting externally-computed message representatives.
/// - "PQ_SIGN_ML_DSA_87_EXTERNAL_MU" : The post-quantum Module-Lattice-Based
/// Digital Signature Algorithm, at security level 5. Randomized version
/// supporting externally-computed message representatives.
core.String? algorithm;
/// The optional name of an existing CryptoKeyVersion to target for an import
/// operation.
///
/// If this field is not present, a new CryptoKeyVersion containing the
/// supplied key material is created. If this field is present, the supplied
/// key material is imported into the existing CryptoKeyVersion. To import
/// into an existing CryptoKeyVersion, the CryptoKeyVersion must be a child of
/// ImportCryptoKeyVersionRequest.parent, have been previously created via
/// ImportCryptoKeyVersion, and be in DESTROYED or IMPORT_FAILED state. The
/// key material and algorithm must match the previous CryptoKeyVersion
/// exactly if the CryptoKeyVersion has ever contained key material.
///
/// Optional.
core.String? cryptoKeyVersion;
/// The name of the ImportJob that was used to wrap this key material.
///
/// Required.
core.String? importJob;
/// This field has the same meaning as wrapped_key.
///
/// Prefer to use that field in new work. Either that field or this field (but
/// not both) must be specified.
///
/// Optional.
core.String? rsaAesWrappedKey;
core.List<core.int> get rsaAesWrappedKeyAsBytes =>
convert.base64.decode(rsaAesWrappedKey!);
set rsaAesWrappedKeyAsBytes(core.List<core.int> bytes_) {
rsaAesWrappedKey = convert.base64
.encode(bytes_)
.replaceAll('/', '_')
.replaceAll('+', '-');
}
/// The wrapped key material to import.
///
/// Before wrapping, key material must be formatted. If importing symmetric
/// key material, the expected key material format is plain bytes. If
/// importing asymmetric key material, the expected key material format is
/// PKCS#8-encoded DER (the PrivateKeyInfo structure from RFC 5208). When
/// wrapping with import methods (RSA_OAEP_3072_SHA1_AES_256 or
/// RSA_OAEP_4096_SHA1_AES_256 or RSA_OAEP_3072_SHA256_AES_256 or
/// RSA_OAEP_4096_SHA256_AES_256), this field must contain the concatenation
/// of: 1. An ephemeral AES-256 wrapping key wrapped with the public_key using
/// RSAES-OAEP with SHA-1/SHA-256, MGF1 with SHA-1/SHA-256, and an empty
/// label. 2. The formatted key to be imported, wrapped with the ephemeral
/// AES-256 key using AES-KWP (RFC 5649). This format is the same as the
/// format produced by PKCS#11 mechanism CKM_RSA_AES_KEY_WRAP. When wrapping
/// with import methods (RSA_OAEP_3072_SHA256 or RSA_OAEP_4096_SHA256), this
/// field must contain the formatted key to be imported, wrapped with the
/// public_key using RSAES-OAEP with SHA-256, MGF1 with SHA-256, and an empty
/// label.
///
/// Optional.
core.String? wrappedKey;
core.List<core.int> get wrappedKeyAsBytes =>
convert.base64.decode(wrappedKey!);
set wrappedKeyAsBytes(core.List<core.int> bytes_) {
wrappedKey = convert.base64
.encode(bytes_)
.replaceAll('/', '_')
.replaceAll('+', '-');
}
ImportCryptoKeyVersionRequest({
this.algorithm,
this.cryptoKeyVersion,
this.importJob,
this.rsaAesWrappedKey,
this.wrappedKey,
});
ImportCryptoKeyVersionRequest.fromJson(core.Map json_)
: this(
algorithm: json_['algorithm'] as core.String?,
cryptoKeyVersion: json_['cryptoKeyVersion'] as core.String?,
importJob: json_['importJob'] as core.String?,
rsaAesWrappedKey: json_['rsaAesWrappedKey'] as core.String?,
wrappedKey: json_['wrappedKey'] as core.String?,
);
core.Map<core.String, core.dynamic> toJson() {
final algorithm = this.algorithm;
final cryptoKeyVersion = this.cryptoKeyVersion;
final importJob = this.importJob;
final rsaAesWrappedKey = this.rsaAesWrappedKey;
final wrappedKey = this.wrappedKey;
return {
'algorithm': ?algorithm,
'cryptoKeyVersion': ?cryptoKeyVersion,
'importJob': ?importJob,
'rsaAesWrappedKey': ?rsaAesWrappedKey,
'wrappedKey': ?wrappedKey,
};
}
}
/// An ImportJob can be used to create CryptoKeys and CryptoKeyVersions using
/// pre-existing key material, generated outside of Cloud KMS.
///
/// When an ImportJob is created, Cloud KMS will generate a "wrapping key",
/// which is a public/private key pair. You use the wrapping key to encrypt
/// (also known as wrap) the pre-existing key material to protect it during the
/// import process. The nature of the wrapping key depends on the choice of
/// import_method. When the wrapping key generation is complete, the state will
/// be set to ACTIVE and the public_key can be fetched. The fetched public key
/// can then be used to wrap your pre-existing key material. Once the key
/// material is wrapped, it can be imported into a new CryptoKeyVersion in an
/// existing CryptoKey by calling ImportCryptoKeyVersion. Multiple
/// CryptoKeyVersions can be imported with a single ImportJob. Cloud KMS uses
/// the private key portion of the wrapping key to unwrap the key material. Only
/// Cloud KMS has access to the private key. An ImportJob expires 3 days after
/// it is created. Once expired, Cloud KMS will no longer be able to import or
/// unwrap any key material that was wrapped with the ImportJob's public key.
/// For more information, see
/// [Importing a key](https://cloud.google.com/kms/docs/importing-a-key).
class ImportJob {
/// Statement that was generated and signed by the key creator (for example,
/// an HSM) at key creation time.
///
/// Use this statement to verify attributes of the key as stored on the HSM,
/// independently of Google. Only present if the chosen ImportMethod is one
/// with a protection level of HSM.
///
/// Output only.
KeyOperationAttestation? attestation;
/// The time at which this ImportJob was created.
///
/// Output only.
core.String? createTime;
/// The resource name of the backend environment where the key material for
/// the wrapping key resides and where all related cryptographic operations
/// are performed.
///
/// Currently, this field is only populated for keys stored in
/// HSM_SINGLE_TENANT. Note, this list is non-exhaustive and may apply to
/// additional ProtectionLevels in the future. Supported resources: *
/// `"projects / * /locations / * /singleTenantHsmInstances / * "`
///
/// Immutable.
core.String? cryptoKeyBackend;
/// The time this ImportJob expired.
///
/// Only present if state is EXPIRED.
///
/// Output only.
core.String? expireEventTime;
/// The time at which this ImportJob is scheduled for expiration and can no
/// longer be used to import key material.
///
/// Output only.
core.String? expireTime;
/// The time this ImportJob's key material was generated.
///
/// Output only.
core.String? generateTime;
/// The wrapping method to be used for incoming key material.
///
/// Required. Immutable.
/// Possible string values are:
/// - "IMPORT_METHOD_UNSPECIFIED" : Not specified.
/// - "RSA_OAEP_3072_SHA1_AES_256" : This ImportMethod represents the
/// CKM_RSA_AES_KEY_WRAP key wrapping scheme defined in the PKCS #11 standard.
/// In summary, this involves wrapping the raw key with an ephemeral AES key,
/// and wrapping the ephemeral AES key with a 3072 bit RSA key. For more
/// details, see
/// [RSA AES key wrap mechanism](http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/cos01/pkcs11-curr-v2.40-cos01.html#_Toc408226908).
/// - "RSA_OAEP_4096_SHA1_AES_256" : This ImportMethod represents the
/// CKM_RSA_AES_KEY_WRAP key wrapping scheme defined in the PKCS #11 standard.
/// In summary, this involves wrapping the raw key with an ephemeral AES key,
/// and wrapping the ephemeral AES key with a 4096 bit RSA key. For more
/// details, see
/// [RSA AES key wrap mechanism](http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/cos01/pkcs11-curr-v2.40-cos01.html#_Toc408226908).
/// - "RSA_OAEP_3072_SHA256_AES_256" : This ImportMethod represents the
/// CKM_RSA_AES_KEY_WRAP key wrapping scheme defined in the PKCS #11 standard.
/// In summary, this involves wrapping the raw key with an ephemeral AES key,
/// and wrapping the ephemeral AES key with a 3072 bit RSA key. For more
/// details, see
/// [RSA AES key wrap mechanism](http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/cos01/pkcs11-curr-v2.40-cos01.html#_Toc408226908).
/// - "RSA_OAEP_4096_SHA256_AES_256" : This ImportMethod represents the
/// CKM_RSA_AES_KEY_WRAP key wrapping scheme defined in the PKCS #11 standard.
/// In summary, this involves wrapping the raw key with an ephemeral AES key,
/// and wrapping the ephemeral AES key with a 4096 bit RSA key. For more
/// details, see
/// [RSA AES key wrap mechanism](http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/cos01/pkcs11-curr-v2.40-cos01.html#_Toc408226908).
/// - "RSA_OAEP_3072_SHA256" : This ImportMethod represents RSAES-OAEP with a
/// 3072 bit RSA key. The key material to be imported is wrapped directly with
/// the RSA key. Due to technical limitations of RSA wrapping, this method
/// cannot be used to wrap RSA keys for import.
/// - "RSA_OAEP_4096_SHA256" : This ImportMethod represents RSAES-OAEP with a
/// 4096 bit RSA key. The key material to be imported is wrapped directly with
/// the RSA key. Due to technical limitations of RSA wrapping, this method
/// cannot be used to wrap RSA keys for import.
core.String? importMethod;
/// The resource name for this ImportJob in the format `projects / *
/// /locations / * /keyRings / * /importJobs / * `.
///
/// Output only.
core.String? name;
/// The protection level of the ImportJob.
///
/// This must match the protection_level of the version_template on the
/// CryptoKey you attempt to import into.
///
/// Required. Immutable.
/// Possible string values are:
/// - "PROTECTION_LEVEL_UNSPECIFIED" : Not specified.
/// - "SOFTWARE" : Crypto operations are performed in software.
/// - "HSM" : Crypto operations are performed in a Hardware Security Module.
/// - "EXTERNAL" : Crypto operations are performed by an external key manager.
/// - "EXTERNAL_VPC" : Crypto operations are performed in an EKM-over-VPC
/// backend.
/// - "HSM_SINGLE_TENANT" : Crypto operations are performed in a single-tenant
/// HSM.
core.String? protectionLevel;
/// The public key with which to wrap key material prior to import.
///
/// Only returned if state is ACTIVE.
///
/// Output only.
WrappingPublicKey? publicKey;
/// The current state of the ImportJob, indicating if it can be used.
///
/// Output only.
/// Possible string values are:
/// - "IMPORT_JOB_STATE_UNSPECIFIED" : Not specified.
/// - "PENDING_GENERATION" : The wrapping key for this job is still being
/// generated. It may not be used. Cloud KMS will automatically mark this job
/// as ACTIVE as soon as the wrapping key is generated.
/// - "ACTIVE" : This job may be used in CreateCryptoKey and
/// CreateCryptoKeyVersion requests.
/// - "EXPIRED" : This job can no longer be used and may not leave this state
/// once entered.
core.String? state;
ImportJob({
this.attestation,
this.createTime,
this.cryptoKeyBackend,
this.expireEventTime,
this.expireTime,
this.generateTime,
this.importMethod,
this.name,
this.protectionLevel,
this.publicKey,
this.state,
});
ImportJob.fromJson(core.Map json_)
: this(
attestation: json_.containsKey('attestation')
? KeyOperationAttestation.fromJson(
json_['attestation'] as core.Map<core.String, core.dynamic>,
)
: null,
createTime: json_['createTime'] as core.String?,
cryptoKeyBackend: json_['cryptoKeyBackend'] as core.String?,
expireEventTime: json_['expireEventTime'] as core.String?,
expireTime: json_['expireTime'] as core.String?,
generateTime: json_['generateTime'] as core.String?,
importMethod: json_['importMethod'] as core.String?,
name: json_['name'] as core.String?,
protectionLevel: json_['protectionLevel'] as core.String?,
publicKey: json_.containsKey('publicKey')
? WrappingPublicKey.fromJson(
json_['publicKey'] as core.Map<core.String, core.dynamic>,
)
: null,
state: json_['state'] as core.String?,
);
core.Map<core.String, core.dynamic> toJson() {
final attestation = this.attestation;
final createTime = this.createTime;
final cryptoKeyBackend = this.cryptoKeyBackend;
final expireEventTime = this.expireEventTime;
final expireTime = this.expireTime;
final generateTime = this.generateTime;
final importMethod = this.importMethod;
final name = this.name;
final protectionLevel = this.protectionLevel;
final publicKey = this.publicKey;
final state = this.state;
return {
'attestation': ?attestation,
'createTime': ?createTime,
'cryptoKeyBackend': ?cryptoKeyBackend,
'expireEventTime': ?expireEventTime,
'expireTime': ?expireTime,
'generateTime': ?generateTime,
'importMethod': ?importMethod,
'name': ?name,
'protectionLevel': ?protectionLevel,
'publicKey': ?publicKey,
'state': ?state,
};
}
}
/// Represents the configuration of a protection level for a project's Key
/// Access Justifications enrollment.
class KeyAccessJustificationsEnrollmentConfig {
/// Indicates whether the project has KAJ logging enabled.
core.bool? auditLogging;
/// Indicates whether the project is enrolled in KAJ policy enforcement.
core.bool? policyEnforcement;
KeyAccessJustificationsEnrollmentConfig({
this.auditLogging,
this.policyEnforcement,
});
KeyAccessJustificationsEnrollmentConfig.fromJson(core.Map json_)
: this(
auditLogging: json_['auditLogging'] as core.bool?,
policyEnforcement: json_['policyEnforcement'] as core.bool?,
);
core.Map<core.String, core.dynamic> toJson() {
final auditLogging = this.auditLogging;
final policyEnforcement = this.policyEnforcement;
return {
'auditLogging': ?auditLogging,
'policyEnforcement': ?policyEnforcement,
};
}
}
/// A KeyAccessJustificationsPolicy specifies zero or more allowed AccessReason
/// values for encrypt, decrypt, and sign operations on a CryptoKey or
/// KeyAccessJustificationsPolicyConfig (the default Key Access Justifications
/// policy).
typedef KeyAccessJustificationsPolicy = $KeyAccessJustificationsPolicy;
/// Represents a singleton configuration for Key Access Justifications policies.
class KeyAccessJustificationsPolicyConfig {
/// Specifies the default key access justifications (KAJ) policy used when a
/// CryptoKey is created in this folder.
///
/// This is only used when a Key Access Justifications policy is not provided
/// in the CreateCryptoKeyRequest. This overrides any default policies in its
/// ancestry. If this field is unset, or is set but contains an empty
/// allowed_access_reasons list, no default Key Access Justifications (KAJ)
/// policy configuration is active. In this scenario, all newly created keys
/// will default to an "allow-all" policy.
///
/// Optional.
KeyAccessJustificationsPolicy? defaultKeyAccessJustificationPolicy;
/// Indicates whether this parent resource is available to default policy
/// feature.
///
/// Please consult
/// [the prerequisite of default policy feature](https://cloud.google.com/assured-workloads/key-access-justifications/docs/set-default-policy#before)
/// for more details.
///
/// Output only.
core.bool? defaultPolicyAvailable;
/// Identifier.
///
/// Represents the resource name for this KeyAccessJustificationsPolicyConfig
/// in the format of "{organizations|folders|projects} / * /kajPolicyConfig".
core.String? name;
KeyAccessJustificationsPolicyConfig({
this.defaultKeyAccessJustificationPolicy,
this.defaultPolicyAvailable,
this.name,
});
KeyAccessJustificationsPolicyConfig.fromJson(core.Map json_)
: this(
defaultKeyAccessJustificationPolicy:
json_.containsKey('defaultKeyAccessJustificationPolicy')
? KeyAccessJustificationsPolicy.fromJson(
json_['defaultKeyAccessJustificationPolicy']
as core.Map<core.String, core.dynamic>,
)
: null,
defaultPolicyAvailable: json_['defaultPolicyAvailable'] as core.bool?,
name: json_['name'] as core.String?,
);
core.Map<core.String, core.dynamic> toJson() {
final defaultKeyAccessJustificationPolicy =
this.defaultKeyAccessJustificationPolicy;
final defaultPolicyAvailable = this.defaultPolicyAvailable;
final name = this.name;
return {
'defaultKeyAccessJustificationPolicy':
?defaultKeyAccessJustificationPolicy,
'defaultPolicyAvailable': ?defaultPolicyAvailable,
'name': ?name,
};
}
}
/// Resource-oriented representation of a request to Cloud KMS Autokey and the
/// resulting provisioning of a CryptoKey.
class KeyHandle {
/// Name of a CryptoKey that has been provisioned for Customer Managed
/// Encryption Key (CMEK) use in the KeyHandle project and location for the
/// requested resource type.
///
/// The CryptoKey project will reflect the value configured in the
/// AutokeyConfig on the resource project's ancestor folder at the time of the
/// KeyHandle creation. If more than one ancestor folder has a configured
/// AutokeyConfig, the nearest of these configurations is used.
///
/// Output only.
core.String? kmsKey;
/// Identifier.
///
/// Name of the KeyHandle resource, e.g.
/// `projects/{PROJECT_ID}/locations/{LOCATION}/keyHandles/{KEY_HANDLE_ID}`.
core.String? name;
/// Indicates the resource type that the resulting CryptoKey is meant to
/// protect, e.g. `{SERVICE}.googleapis.com/{TYPE}`.
///
/// See documentation for supported resource types.
///
/// Required.
core.String? resourceTypeSelector;
KeyHandle({this.kmsKey, this.name, this.resourceTypeSelector});
KeyHandle.fromJson(core.Map json_)
: this(
kmsKey: json_['kmsKey'] as core.String?,
name: json_['name'] as core.String?,
resourceTypeSelector: json_['resourceTypeSelector'] as core.String?,
);
core.Map<core.String, core.dynamic> toJson() {
final kmsKey = this.kmsKey;
final name = this.name;
final resourceTypeSelector = this.resourceTypeSelector;
return {
'kmsKey': ?kmsKey,
'name': ?name,
'resourceTypeSelector': ?resourceTypeSelector,
};
}
}
/// Contains an HSM-generated attestation about a key operation.
///
/// For more information, see
/// [Verifying attestations](https://cloud.google.com/kms/docs/attest-key).
class KeyOperationAttestation {
/// The certificate chains needed to validate the attestation
///
/// Output only.
CertificateChains? certChains;
/// The attestation data provided by the HSM when the key operation was
/// performed.
///
/// Output only.
core.String? content;
core.List<core.int> get contentAsBytes => convert.base64.decode(content!);
set contentAsBytes(core.List<core.int> bytes_) {
content = convert.base64
.encode(bytes_)
.replaceAll('/', '_')
.replaceAll('+', '-');
}
/// The format of the attestation data.
///
/// Output only.
/// Possible string values are:
/// - "ATTESTATION_FORMAT_UNSPECIFIED" : Not specified.
/// - "CAVIUM_V1_COMPRESSED" : Cavium HSM attestation compressed with gzip.
/// Note that this format is defined by Cavium and subject to change at any
/// time. See
/// https://www.marvell.com/products/security-solutions/nitrox-hs-adapters/software-key-attestation.html.
/// - "CAVIUM_V2_COMPRESSED" : Cavium HSM attestation V2 compressed with gzip.
/// This is a new format introduced in Cavium's version 3.2-08.
core.String? format;
KeyOperationAttestation({this.certChains, this.content, this.format});
KeyOperationAttestation.fromJson(core.Map json_)
: this(
certChains: json_.containsKey('certChains')
? CertificateChains.fromJson(
json_['certChains'] as core.Map<core.String, core.dynamic>,
)
: null,
content: json_['content'] as core.String?,
format: json_['format'] as core.String?,
);
core.Map<core.String, core.dynamic> toJson() {
final certChains = this.certChains;
final content = this.content;
final format = this.format;
return {'certChains': ?certChains, 'content': ?content, 'format': ?format};
}
}
/// A KeyRing is a toplevel logical grouping of CryptoKeys.
class KeyRing {
/// The time at which this KeyRing was created.
///
/// Output only.
core.String? createTime;
/// The resource name for the KeyRing in the format `projects / * /locations /
/// * /keyRings / * `.
///
/// Output only.
core.String? name;
KeyRing({this.createTime, this.name});
KeyRing.fromJson(core.Map json_)
: this(
createTime: json_['createTime'] as core.String?,
name: json_['name'] as core.String?,
);
core.Map<core.String, core.dynamic> toJson() {
final createTime = this.createTime;
final name = this.name;
return {'createTime': ?createTime, 'name': ?name};
}
}
/// Response message for KeyManagementService.ListCryptoKeyVersions.
class ListCryptoKeyVersionsResponse {
/// The list of CryptoKeyVersions.
core.List<CryptoKeyVersion>? cryptoKeyVersions;
/// A token to retrieve next page of results.
///
/// Pass this value in ListCryptoKeyVersionsRequest.page_token to retrieve the
/// next page of results.
core.String? nextPageToken;
/// The total number of CryptoKeyVersions that matched the query.
///
/// This field is not populated if ListCryptoKeyVersionsRequest.filter is
/// applied.
core.int? totalSize;
ListCryptoKeyVersionsResponse({
this.cryptoKeyVersions,
this.nextPageToken,
this.totalSize,
});
ListCryptoKeyVersionsResponse.fromJson(core.Map json_)
: this(
cryptoKeyVersions: (json_['cryptoKeyVersions'] as core.List?)
?.map(
(value) => CryptoKeyVersion.fromJson(
value as core.Map<core.String, core.dynamic>,
),
)
.toList(),
nextPageToken: json_['nextPageToken'] as core.String?,
totalSize: json_['totalSize'] as core.int?,
);
core.Map<core.String, core.dynamic> toJson() {
final cryptoKeyVersions = this.cryptoKeyVersions;
final nextPageToken = this.nextPageToken;
final totalSize = this.totalSize;
return {
'cryptoKeyVersions': ?cryptoKeyVersions,
'nextPageToken': ?nextPageToken,
'totalSize': ?totalSize,
};
}
}
/// Response message for KeyManagementService.ListCryptoKeys.
class ListCryptoKeysResponse {
/// The list of CryptoKeys.
core.List<CryptoKey>? cryptoKeys;
/// A token to retrieve next page of results.
///
/// Pass this value in ListCryptoKeysRequest.page_token to retrieve the next
/// page of results.
core.String? nextPageToken;
/// The total number of CryptoKeys that matched the query.
///
/// This field is not populated if ListCryptoKeysRequest.filter is applied.
core.int? totalSize;
ListCryptoKeysResponse({this.cryptoKeys, this.nextPageToken, this.totalSize});
ListCryptoKeysResponse.fromJson(core.Map json_)
: this(
cryptoKeys: (json_['cryptoKeys'] as core.List?)
?.map(
(value) => CryptoKey.fromJson(
value as core.Map<core.String, core.dynamic>,
),
)
.toList(),
nextPageToken: json_['nextPageToken'] as core.String?,
totalSize: json_['totalSize'] as core.int?,
);
core.Map<core.String, core.dynamic> toJson() {
final cryptoKeys = this.cryptoKeys;
final nextPageToken = this.nextPageToken;
final totalSize = this.totalSize;
return {
'cryptoKeys': ?cryptoKeys,
'nextPageToken': ?nextPageToken,
'totalSize': ?totalSize,
};
}
}
/// Response message for EkmService.ListEkmConnections.
class ListEkmConnectionsResponse {
/// The list of EkmConnections.
core.List<EkmConnection>? ekmConnections;
/// A token to retrieve next page of results.
///
/// Pass this value in ListEkmConnectionsRequest.page_token to retrieve the
/// next page of results.
core.String? nextPageToken;
/// The total number of EkmConnections that matched the query.
///
/// This field is not populated if ListEkmConnectionsRequest.filter is
/// applied.
core.int? totalSize;
ListEkmConnectionsResponse({
this.ekmConnections,
this.nextPageToken,
this.totalSize,
});
ListEkmConnectionsResponse.fromJson(core.Map json_)
: this(
ekmConnections: (json_['ekmConnections'] as core.List?)
?.map(
(value) => EkmConnection.fromJson(
value as core.Map<core.String, core.dynamic>,
),
)
.toList(),
nextPageToken: json_['nextPageToken'] as core.String?,
totalSize: json_['totalSize'] as core.int?,
);
core.Map<core.String, core.dynamic> toJson() {
final ekmConnections = this.ekmConnections;
final nextPageToken = this.nextPageToken;
final totalSize = this.totalSize;
return {
'ekmConnections': ?ekmConnections,
'nextPageToken': ?nextPageToken,
'totalSize': ?totalSize,
};
}
}
/// Response message for KeyManagementService.ListImportJobs.
class ListImportJobsResponse {
/// The list of ImportJobs.
core.List<ImportJob>? importJobs;
/// A token to retrieve next page of results.
///
/// Pass this value in ListImportJobsRequest.page_token to retrieve the next
/// page of results.
core.String? nextPageToken;
/// The total number of ImportJobs that matched the query.
///
/// This field is not populated if ListImportJobsRequest.filter is applied.
core.int? totalSize;
ListImportJobsResponse({this.importJobs, this.nextPageToken, this.totalSize});
ListImportJobsResponse.fromJson(core.Map json_)
: this(
importJobs: (json_['importJobs'] as core.List?)
?.map(
(value) => ImportJob.fromJson(
value as core.Map<core.String, core.dynamic>,
),
)
.toList(),
nextPageToken: json_['nextPageToken'] as core.String?,
totalSize: json_['totalSize'] as core.int?,
);
core.Map<core.String, core.dynamic> toJson() {
final importJobs = this.importJobs;
final nextPageToken = this.nextPageToken;
final totalSize = this.totalSize;
return {
'importJobs': ?importJobs,
'nextPageToken': ?nextPageToken,
'totalSize': ?totalSize,
};
}
}
/// Response message for Autokey.ListKeyHandles.
class ListKeyHandlesResponse {
/// Resulting KeyHandles.
core.List<KeyHandle>? keyHandles;
/// A token to retrieve next page of results.
///
/// Pass this value in ListKeyHandlesRequest.page_token to retrieve the next
/// page of results.
core.String? nextPageToken;
ListKeyHandlesResponse({this.keyHandles, this.nextPageToken});
ListKeyHandlesResponse.fromJson(core.Map json_)
: this(
keyHandles: (json_['keyHandles'] as core.List?)
?.map(
(value) => KeyHandle.fromJson(
value as core.Map<core.String, core.dynamic>,
),
)
.toList(),
nextPageToken: json_['nextPageToken'] as core.String?,
);
core.Map<core.String, core.dynamic> toJson() {
final keyHandles = this.keyHandles;
final nextPageToken = this.nextPageToken;
return {'keyHandles': ?keyHandles, 'nextPageToken': ?nextPageToken};
}
}
/// Response message for KeyManagementService.ListKeyRings.
class ListKeyRingsResponse {
/// The list of KeyRings.
core.List<KeyRing>? keyRings;
/// A token to retrieve next page of results.
///
/// Pass this value in ListKeyRingsRequest.page_token to retrieve the next
/// page of results.
core.String? nextPageToken;
/// The total number of KeyRings that matched the query.
///
/// This field is not populated if ListKeyRingsRequest.filter is applied.
core.int? totalSize;
ListKeyRingsResponse({this.keyRings, this.nextPageToken, this.totalSize});
ListKeyRingsResponse.fromJson(core.Map json_)
: this(
keyRings: (json_['keyRings'] as core.List?)
?.map(
(value) => KeyRing.fromJson(
value as core.Map<core.String, core.dynamic>,
),
)
.toList(),
nextPageToken: json_['nextPageToken'] as core.String?,
totalSize: json_['totalSize'] as core.int?,
);
core.Map<core.String, core.dynamic> toJson() {
final keyRings = this.keyRings;
final nextPageToken = this.nextPageToken;
final totalSize = this.totalSize;
return {
'keyRings': ?keyRings,
'nextPageToken': ?nextPageToken,
'totalSize': ?totalSize,
};
}
}
/// The response message for Locations.ListLocations.
class ListLocationsResponse {
/// A list of locations that matches the specified filter in the request.
core.List<Location>? locations;
/// The standard List next-page token.
core.String? nextPageToken;
ListLocationsResponse({this.locations, this.nextPageToken});
ListLocationsResponse.fromJson(core.Map json_)
: this(
locations: (json_['locations'] as core.List?)
?.map(
(value) => Location.fromJson(
value as core.Map<core.String, core.dynamic>,
),
)
.toList(),
nextPageToken: json_['nextPageToken'] as core.String?,
);
core.Map<core.String, core.dynamic> toJson() {
final locations = this.locations;
final nextPageToken = this.nextPageToken;
return {'locations': ?locations, 'nextPageToken': ?nextPageToken};
}
}
/// Response message for KeyManagementService.ListRetiredResources.
class ListRetiredResourcesResponse {
/// A token to retrieve the next page of results.
///
/// Pass this value in ListRetiredResourcesRequest.page_token to retrieve the
/// next page of results.
core.String? nextPageToken;
/// The list of RetiredResources.
core.List<RetiredResource>? retiredResources;
/// The total number of RetiredResources that matched the query.
core.String? totalSize;
ListRetiredResourcesResponse({
this.nextPageToken,
this.retiredResources,
this.totalSize,
});
ListRetiredResourcesResponse.fromJson(core.Map json_)
: this(
nextPageToken: json_['nextPageToken'] as core.String?,
retiredResources: (json_['retiredResources'] as core.List?)
?.map(
(value) => RetiredResource.fromJson(
value as core.Map<core.String, core.dynamic>,
),
)
.toList(),
totalSize: json_['totalSize'] as core.String?,
);
core.Map<core.String, core.dynamic> toJson() {
final nextPageToken = this.nextPageToken;
final retiredResources = this.retiredResources;
final totalSize = this.totalSize;
return {
'nextPageToken': ?nextPageToken,
'retiredResources': ?retiredResources,
'totalSize': ?totalSize,
};
}
}
/// Response message for HsmManagement.ListSingleTenantHsmInstanceProposals.
class ListSingleTenantHsmInstanceProposalsResponse {
/// A token to retrieve next page of results.
///
/// Pass this value in ListSingleTenantHsmInstanceProposalsRequest.page_token
/// to retrieve the next page of results.
core.String? nextPageToken;
/// The list of SingleTenantHsmInstanceProposals.
core.List<SingleTenantHsmInstanceProposal>? singleTenantHsmInstanceProposals;
/// The total number of SingleTenantHsmInstanceProposals that matched the
/// query.
///
/// This field is not populated if
/// ListSingleTenantHsmInstanceProposalsRequest.filter is applied.
core.int? totalSize;
ListSingleTenantHsmInstanceProposalsResponse({
this.nextPageToken,
this.singleTenantHsmInstanceProposals,
this.totalSize,
});
ListSingleTenantHsmInstanceProposalsResponse.fromJson(core.Map json_)
: this(
nextPageToken: json_['nextPageToken'] as core.String?,
singleTenantHsmInstanceProposals:
(json_['singleTenantHsmInstanceProposals'] as core.List?)
?.map(
(value) => SingleTenantHsmInstanceProposal.fromJson(
value as core.Map<core.String, core.dynamic>,
),
)
.toList(),
totalSize: json_['totalSize'] as core.int?,
);
core.Map<core.String, core.dynamic> toJson() {
final nextPageToken = this.nextPageToken;
final singleTenantHsmInstanceProposals =
this.singleTenantHsmInstanceProposals;
final totalSize = this.totalSize;
return {
'nextPageToken': ?nextPageToken,
'singleTenantHsmInstanceProposals': ?singleTenantHsmInstanceProposals,
'totalSize': ?totalSize,
};
}
}
/// Response message for HsmManagement.ListSingleTenantHsmInstances.
class ListSingleTenantHsmInstancesResponse {
/// A token to retrieve next page of results.
///
/// Pass this value in ListSingleTenantHsmInstancesRequest.page_token to
/// retrieve the next page of results.
core.String? nextPageToken;
/// The list of SingleTenantHsmInstances.
core.List<SingleTenantHsmInstance>? singleTenantHsmInstances;
/// The total number of SingleTenantHsmInstances that matched the query.
///
/// This field is not populated if ListSingleTenantHsmInstancesRequest.filter
/// is applied.
core.int? totalSize;
ListSingleTenantHsmInstancesResponse({
this.nextPageToken,
this.singleTenantHsmInstances,
this.totalSize,
});
ListSingleTenantHsmInstancesResponse.fromJson(core.Map json_)
: this(
nextPageToken: json_['nextPageToken'] as core.String?,
singleTenantHsmInstances:
(json_['singleTenantHsmInstances'] as core.List?)
?.map(
(value) => SingleTenantHsmInstance.fromJson(
value as core.Map<core.String, core.dynamic>,
),
)
.toList(),
totalSize: json_['totalSize'] as core.int?,
);
core.Map<core.String, core.dynamic> toJson() {
final nextPageToken = this.nextPageToken;
final singleTenantHsmInstances = this.singleTenantHsmInstances;
final totalSize = this.totalSize;
return {
'nextPageToken': ?nextPageToken,
'singleTenantHsmInstances': ?singleTenantHsmInstances,
'totalSize': ?totalSize,
};
}
}
/// A resource that represents a Google Cloud location.
typedef Location = $Location00;
/// Request message for KeyManagementService.MacSign.
class MacSignRequest {
/// The data to sign.
///
/// The MAC tag is computed over this data field based on the specific
/// algorithm.
///
/// Required.
core.String? data;
core.List<core.int> get dataAsBytes => convert.base64.decode(data!);
set dataAsBytes(core.List<core.int> bytes_) {
data = convert.base64
.encode(bytes_)
.replaceAll('/', '_')
.replaceAll('+', '-');
}
/// An optional CRC32C checksum of the MacSignRequest.data.
///
/// If specified, KeyManagementService will verify the integrity of the
/// received MacSignRequest.data using this checksum. KeyManagementService
/// will report an error if the checksum verification fails. If you receive a
/// checksum error, your client should verify that CRC32C(MacSignRequest.data)
/// is equal to MacSignRequest.data_crc32c, and if so, perform a limited
/// number of retries. A persistent mismatch may indicate an issue in your
/// computation of the CRC32C checksum. Note: This field is defined as int64
/// for reasons of compatibility across different languages. However, it is a
/// non-negative integer, which will never exceed 2^32-1, and can be safely
/// downconverted to uint32 in languages that support this type.
///
/// Optional.
core.String? dataCrc32c;
MacSignRequest({this.data, this.dataCrc32c});
MacSignRequest.fromJson(core.Map json_)
: this(
data: json_['data'] as core.String?,
dataCrc32c: json_['dataCrc32c'] as core.String?,
);
core.Map<core.String, core.dynamic> toJson() {
final data = this.data;
final dataCrc32c = this.dataCrc32c;
return {'data': ?data, 'dataCrc32c': ?dataCrc32c};
}
}
/// Response message for KeyManagementService.MacSign.
class MacSignResponse {
/// The created signature.
core.String? mac;
core.List<core.int> get macAsBytes => convert.base64.decode(mac!);
set macAsBytes(core.List<core.int> bytes_) {
mac = convert.base64
.encode(bytes_)
.replaceAll('/', '_')
.replaceAll('+', '-');
}
/// Integrity verification field.
///
/// A CRC32C checksum of the returned MacSignResponse.mac. An integrity check
/// of MacSignResponse.mac can be performed by computing the CRC32C checksum
/// of MacSignResponse.mac and comparing your results to this field. Discard
/// the response in case of non-matching checksum values, and perform a
/// limited number of retries. A persistent mismatch may indicate an issue in
/// your computation of the CRC32C checksum. Note: This field is defined as
/// int64 for reasons of compatibility across different languages. However, it
/// is a non-negative integer, which will never exceed 2^32-1, and can be
/// safely downconverted to uint32 in languages that support this type.
core.String? macCrc32c;
/// The resource name of the CryptoKeyVersion used for signing.
///
/// Check this field to verify that the intended resource was used for
/// signing.
core.String? name;
/// The ProtectionLevel of the CryptoKeyVersion used for signing.
/// Possible string values are:
/// - "PROTECTION_LEVEL_UNSPECIFIED" : Not specified.
/// - "SOFTWARE" : Crypto operations are performed in software.
/// - "HSM" : Crypto operations are performed in a Hardware Security Module.
/// - "EXTERNAL" : Crypto operations are performed by an external key manager.
/// - "EXTERNAL_VPC" : Crypto operations are performed in an EKM-over-VPC
/// backend.
/// - "HSM_SINGLE_TENANT" : Crypto operations are performed in a single-tenant
/// HSM.
core.String? protectionLevel;
/// Integrity verification field.
///
/// A flag indicating whether MacSignRequest.data_crc32c was received by
/// KeyManagementService and used for the integrity verification of the data.
/// A false value of this field indicates either that
/// MacSignRequest.data_crc32c was left unset or that it was not delivered to
/// KeyManagementService. If you've set MacSignRequest.data_crc32c but this
/// field is still false, discard the response and perform a limited number of
/// retries.
core.bool? verifiedDataCrc32c;
MacSignResponse({
this.mac,
this.macCrc32c,
this.name,
this.protectionLevel,
this.verifiedDataCrc32c,
});
MacSignResponse.fromJson(core.Map json_)
: this(
mac: json_['mac'] as core.String?,
macCrc32c: json_['macCrc32c'] as core.String?,
name: json_['name'] as core.String?,
protectionLevel: json_['protectionLevel'] as core.String?,
verifiedDataCrc32c: json_['verifiedDataCrc32c'] as core.bool?,
);
core.Map<core.String, core.dynamic> toJson() {
final mac = this.mac;
final macCrc32c = this.macCrc32c;
final name = this.name;
final protectionLevel = this.protectionLevel;
final verifiedDataCrc32c = this.verifiedDataCrc32c;
return {
'mac': ?mac,
'macCrc32c': ?macCrc32c,
'name': ?name,
'protectionLevel': ?protectionLevel,
'verifiedDataCrc32c': ?verifiedDataCrc32c,
};
}
}
/// Request message for KeyManagementService.MacVerify.
class MacVerifyRequest {
/// The data used previously as a MacSignRequest.data to generate the MAC tag.
///
/// Required.
core.String? data;
core.List<core.int> get dataAsBytes => convert.base64.decode(data!);
set dataAsBytes(core.List<core.int> bytes_) {
data = convert.base64
.encode(bytes_)
.replaceAll('/', '_')
.replaceAll('+', '-');
}
/// An optional CRC32C checksum of the MacVerifyRequest.data.
///
/// If specified, KeyManagementService will verify the integrity of the
/// received MacVerifyRequest.data using this checksum. KeyManagementService
/// will report an error if the checksum verification fails. If you receive a
/// checksum error, your client should verify that
/// CRC32C(MacVerifyRequest.data) is equal to MacVerifyRequest.data_crc32c,
/// and if so, perform a limited number of retries. A persistent mismatch may
/// indicate an issue in your computation of the CRC32C checksum. Note: This
/// field is defined as int64 for reasons of compatibility across different
/// languages. However, it is a non-negative integer, which will never exceed
/// 2^32-1, and can be safely downconverted to uint32 in languages that
/// support this type.
///
/// Optional.
core.String? dataCrc32c;
/// The signature to verify.
///
/// Required.
core.String? mac;
core.List<core.int> get macAsBytes => convert.base64.decode(mac!);
set macAsBytes(core.List<core.int> bytes_) {
mac = convert.base64
.encode(bytes_)
.replaceAll('/', '_')
.replaceAll('+', '-');
}
/// An optional CRC32C checksum of the MacVerifyRequest.mac.
///
/// If specified, KeyManagementService will verify the integrity of the
/// received MacVerifyRequest.mac using this checksum. KeyManagementService
/// will report an error if the checksum verification fails. If you receive a
/// checksum error, your client should verify that
/// CRC32C(MacVerifyRequest.mac) is equal to MacVerifyRequest.mac_crc32c, and
/// if so, perform a limited number of retries. A persistent mismatch may
/// indicate an issue in your computation of the CRC32C checksum. Note: This
/// field is defined as int64 for reasons of compatibility across different
/// languages. However, it is a non-negative integer, which will never exceed
/// 2^32-1, and can be safely downconverted to uint32 in languages that
/// support this type.
///
/// Optional.
core.String? macCrc32c;
MacVerifyRequest({this.data, this.dataCrc32c, this.mac, this.macCrc32c});
MacVerifyRequest.fromJson(core.Map json_)
: this(
data: json_['data'] as core.String?,
dataCrc32c: json_['dataCrc32c'] as core.String?,
mac: json_['mac'] as core.String?,
macCrc32c: json_['macCrc32c'] as core.String?,
);
core.Map<core.String, core.dynamic> toJson() {
final data = this.data;
final dataCrc32c = this.dataCrc32c;
final mac = this.mac;
final macCrc32c = this.macCrc32c;
return {
'data': ?data,
'dataCrc32c': ?dataCrc32c,
'mac': ?mac,
'macCrc32c': ?macCrc32c,
};
}
}
/// Response message for KeyManagementService.MacVerify.
class MacVerifyResponse {
/// The resource name of the CryptoKeyVersion used for verification.
///
/// Check this field to verify that the intended resource was used for
/// verification.
core.String? name;
/// The ProtectionLevel of the CryptoKeyVersion used for verification.
/// Possible string values are:
/// - "PROTECTION_LEVEL_UNSPECIFIED" : Not specified.
/// - "SOFTWARE" : Crypto operations are performed in software.
/// - "HSM" : Crypto operations are performed in a Hardware Security Module.
/// - "EXTERNAL" : Crypto operations are performed by an external key manager.
/// - "EXTERNAL_VPC" : Crypto operations are performed in an EKM-over-VPC
/// backend.
/// - "HSM_SINGLE_TENANT" : Crypto operations are performed in a single-tenant
/// HSM.
core.String? protectionLevel;
/// This field indicates whether or not the verification operation for
/// MacVerifyRequest.mac over MacVerifyRequest.data was successful.
core.bool? success;
/// Integrity verification field.
///
/// A flag indicating whether MacVerifyRequest.data_crc32c was received by
/// KeyManagementService and used for the integrity verification of the data.
/// A false value of this field indicates either that
/// MacVerifyRequest.data_crc32c was left unset or that it was not delivered
/// to KeyManagementService. If you've set MacVerifyRequest.data_crc32c but
/// this field is still false, discard the response and perform a limited
/// number of retries.
core.bool? verifiedDataCrc32c;
/// Integrity verification field.
///
/// A flag indicating whether MacVerifyRequest.mac_crc32c was received by
/// KeyManagementService and used for the integrity verification of the data.
/// A false value of this field indicates either that
/// MacVerifyRequest.mac_crc32c was left unset or that it was not delivered to
/// KeyManagementService. If you've set MacVerifyRequest.mac_crc32c but this
/// field is still false, discard the response and perform a limited number of
/// retries.
core.bool? verifiedMacCrc32c;
/// Integrity verification field.
///
/// This value is used for the integrity verification of
/// \[MacVerifyResponse.success\]. If the value of this field contradicts the
/// value of \[MacVerifyResponse.success\], discard the response and perform a
/// limited number of retries.
core.bool? verifiedSuccessIntegrity;
MacVerifyResponse({
this.name,
this.protectionLevel,
this.success,
this.verifiedDataCrc32c,
this.verifiedMacCrc32c,
this.verifiedSuccessIntegrity,
});
MacVerifyResponse.fromJson(core.Map json_)
: this(
name: json_['name'] as core.String?,
protectionLevel: json_['protectionLevel'] as core.String?,
success: json_['success'] as core.bool?,
verifiedDataCrc32c: json_['verifiedDataCrc32c'] as core.bool?,
verifiedMacCrc32c: json_['verifiedMacCrc32c'] as core.bool?,
verifiedSuccessIntegrity:
json_['verifiedSuccessIntegrity'] as core.bool?,
);
core.Map<core.String, core.dynamic> toJson() {
final name = this.name;
final protectionLevel = this.protectionLevel;
final success = this.success;
final verifiedDataCrc32c = this.verifiedDataCrc32c;
final verifiedMacCrc32c = this.verifiedMacCrc32c;
final verifiedSuccessIntegrity = this.verifiedSuccessIntegrity;
return {
'name': ?name,
'protectionLevel': ?protectionLevel,
'success': ?success,
'verifiedDataCrc32c': ?verifiedDataCrc32c,
'verifiedMacCrc32c': ?verifiedMacCrc32c,
'verifiedSuccessIntegrity': ?verifiedSuccessIntegrity,
};
}
}
/// This resource represents a long-running operation that is the result of a
/// network API call.
class Operation {
/// If the value is `false`, it means the operation is still in progress.
///
/// If `true`, the operation is completed, and either `error` or `response` is
/// available.
core.bool? done;
/// The error result of the operation in case of failure or cancellation.
Status? error;
/// Service-specific metadata associated with the operation.
///
/// It typically contains progress information and common metadata such as
/// create time. Some services might not provide such metadata. Any method
/// that returns a long-running operation should document the metadata type,
/// if any.
///
/// The values for Object must be JSON objects. It can consist of `num`,
/// `String`, `bool` and `null` as well as `Map` and `List` values.
core.Map<core.String, core.Object?>? metadata;
/// The server-assigned name, which is only unique within the same service
/// that originally returns it.
///
/// If you use the default HTTP mapping, the `name` should be a resource name
/// ending with `operations/{unique_id}`.
core.String? name;
/// The normal, successful response of the operation.
///
/// If the original method returns no data on success, such as `Delete`, the
/// response is `google.protobuf.Empty`. If the original method is standard
/// `Get`/`Create`/`Update`, the response should be the resource. For other
/// methods, the response should have the type `XxxResponse`, where `Xxx` is
/// the original method name. For example, if the original method name is
/// `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
///
/// The values for Object must be JSON objects. It can consist of `num`,
/// `String`, `bool` and `null` as well as `Map` and `List` values.
core.Map<core.String, core.Object?>? response;
Operation({this.done, this.error, this.metadata, this.name, this.response});
Operation.fromJson(core.Map json_)
: this(
done: json_['done'] as core.bool?,
error: json_.containsKey('error')
? Status.fromJson(
json_['error'] as core.Map<core.String, core.dynamic>,
)
: null,
metadata: json_.containsKey('metadata')
? json_['metadata'] as core.Map<core.String, core.dynamic>
: null,
name: json_['name'] as core.String?,
response: json_.containsKey('response')
? json_['response'] as core.Map<core.String, core.dynamic>
: null,
);
core.Map<core.String, core.dynamic> toJson() {
final done = this.done;
final error = this.error;
final metadata = this.metadata;
final name = this.name;
final response = this.response;
return {
'done': ?done,
'error': ?error,
'metadata': ?metadata,
'name': ?name,
'response': ?response,
};
}
}
/// An Identity and Access Management (IAM) policy, which specifies access
/// controls for Google Cloud resources.
///
/// A `Policy` is a collection of `bindings`. A `binding` binds one or more
/// `members`, or principals, to a single `role`. Principals can be user
/// accounts, service accounts, Google groups, and domains (such as G Suite). A
/// `role` is a named list of permissions; each `role` can be an IAM predefined
/// role or a user-created custom role. For some types of Google Cloud
/// resources, a `binding` can also specify a `condition`, which is a logical
/// expression that allows access to a resource only if the expression evaluates
/// to `true`. A condition can add constraints based on attributes of the
/// request, the resource, or both. To learn which resources support conditions
/// in their IAM policies, see the
/// [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
/// **JSON example:** ``` { "bindings": [ { "role":
/// "roles/resourcemanager.organizationAdmin", "members": [
/// "user:mike@example.com", "group:admins@example.com", "domain:google.com",
/// "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role":
/// "roles/resourcemanager.organizationViewer", "members": [
/// "user:eve@example.com" ], "condition": { "title": "expirable access",
/// "description": "Does not grant access after Sep 2020", "expression":
/// "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag":
/// "BwWWja0YfJA=", "version": 3 } ``` **YAML example:** ``` bindings: -
/// members: - user:mike@example.com - group:admins@example.com -
/// domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com
/// role: roles/resourcemanager.organizationAdmin - members: -
/// user:eve@example.com role: roles/resourcemanager.organizationViewer
/// condition: title: expirable access description: Does not grant access after
/// Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z')
/// etag: BwWWja0YfJA= version: 3 ``` For a description of IAM and its features,
/// see the [IAM documentation](https://cloud.google.com/iam/docs/).
class Policy {
/// Specifies cloud audit logging configuration for this policy.
core.List<AuditConfig>? auditConfigs;
/// Associates a list of `members`, or principals, with a `role`.
///
/// Optionally, may specify a `condition` that determines how and when the
/// `bindings` are applied. Each of the `bindings` must contain at least one
/// principal. The `bindings` in a `Policy` can refer to up to 1,500
/// principals; up to 250 of these principals can be Google groups. Each
/// occurrence of a principal counts towards these limits. For example, if the
/// `bindings` grant 50 different roles to `user:alice@example.com`, and not
/// to any other principal, then you can add another 1,450 principals to the
/// `bindings` in the `Policy`.
core.List<Binding>? bindings;
/// `etag` is used for optimistic concurrency control as a way to help prevent
/// simultaneous updates of a policy from overwriting each other.
///
/// It is strongly suggested that systems make use of the `etag` in the
/// read-modify-write cycle to perform policy updates in order to avoid race
/// conditions: An `etag` is returned in the response to `getIamPolicy`, and
/// systems are expected to put that etag in the request to `setIamPolicy` to
/// ensure that their change will be applied to the same version of the
/// policy. **Important:** If you use IAM Conditions, you must include the
/// `etag` field whenever you call `setIamPolicy`. If you omit this field,
/// then IAM allows you to overwrite a version `3` policy with a version `1`
/// policy, and all of the conditions in the version `3` policy are lost.
core.String? etag;
core.List<core.int> get etagAsBytes => convert.base64.decode(etag!);
set etagAsBytes(core.List<core.int> bytes_) {
etag = convert.base64
.encode(bytes_)
.replaceAll('/', '_')
.replaceAll('+', '-');
}
/// Specifies the format of the policy.
///
/// Valid values are `0`, `1`, and `3`. Requests that specify an invalid value
/// are rejected. Any operation that affects conditional role bindings must
/// specify version `3`. This requirement applies to the following operations:
/// * Getting a policy that includes a conditional role binding * Adding a
/// conditional role binding to a policy * Changing a conditional role binding
/// in a policy * Removing any role binding, with or without a condition, from
/// a policy that includes conditions **Important:** If you use IAM
/// Conditions, you must include the `etag` field whenever you call
/// `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a
/// version `3` policy with a version `1` policy, and all of the conditions in
/// the version `3` policy are lost. If a policy does not include any
/// conditions, operations on that policy may specify any valid version or
/// leave the field unset. To learn which resources support conditions in
/// their IAM policies, see the
/// [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
core.int? version;
Policy({this.auditConfigs, this.bindings, this.etag, this.version});
Policy.fromJson(core.Map json_)
: this(
auditConfigs: (json_['auditConfigs'] as core.List?)
?.map(
(value) => AuditConfig.fromJson(
value as core.Map<core.String, core.dynamic>,
),
)
.toList(),
bindings: (json_['bindings'] as core.List?)
?.map(
(value) => Binding.fromJson(
value as core.Map<core.String, core.dynamic>,
),
)
.toList(),
etag: json_['etag'] as core.String?,
version: json_['version'] as core.int?,
);
core.Map<core.String, core.dynamic> toJson() {
final auditConfigs = this.auditConfigs;
final bindings = this.bindings;
final etag = this.etag;
final version = this.version;
return {
'auditConfigs': ?auditConfigs,
'bindings': ?bindings,
'etag': ?etag,
'version': ?version,
};
}
}
/// The public keys for a given CryptoKeyVersion.
///
/// Obtained via GetPublicKey.
class PublicKey {
/// The Algorithm associated with this key.
/// Possible string values are:
/// - "CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED" : Not specified.
/// - "GOOGLE_SYMMETRIC_ENCRYPTION" : Creates symmetric encryption keys.
/// - "AES_128_GCM" : AES-GCM (Galois Counter Mode) using 128-bit keys.
/// - "AES_256_GCM" : AES-GCM (Galois Counter Mode) using 256-bit keys.
/// - "AES_128_CBC" : AES-CBC (Cipher Block Chaining Mode) using 128-bit keys.
/// - "AES_256_CBC" : AES-CBC (Cipher Block Chaining Mode) using 256-bit keys.
/// - "AES_128_CTR" : AES-CTR (Counter Mode) using 128-bit keys.
/// - "AES_256_CTR" : AES-CTR (Counter Mode) using 256-bit keys.
/// - "RSA_SIGN_PSS_2048_SHA256" : RSASSA-PSS 2048 bit key with a SHA256
/// digest.
/// - "RSA_SIGN_PSS_3072_SHA256" : RSASSA-PSS 3072 bit key with a SHA256
/// digest.
/// - "RSA_SIGN_PSS_4096_SHA256" : RSASSA-PSS 4096 bit key with a SHA256
/// digest.
/// - "RSA_SIGN_PSS_4096_SHA512" : RSASSA-PSS 4096 bit key with a SHA512
/// digest.
/// - "RSA_SIGN_PKCS1_2048_SHA256" : RSASSA-PKCS1-v1_5 with a 2048 bit key and
/// a SHA256 digest.
/// - "RSA_SIGN_PKCS1_3072_SHA256" : RSASSA-PKCS1-v1_5 with a 3072 bit key and
/// a SHA256 digest.
/// - "RSA_SIGN_PKCS1_4096_SHA256" : RSASSA-PKCS1-v1_5 with a 4096 bit key and
/// a SHA256 digest.
/// - "RSA_SIGN_PKCS1_4096_SHA512" : RSASSA-PKCS1-v1_5 with a 4096 bit key and
/// a SHA512 digest.
/// - "RSA_SIGN_RAW_PKCS1_2048" : RSASSA-PKCS1-v1_5 signing without encoding,
/// with a 2048 bit key.
/// - "RSA_SIGN_RAW_PKCS1_3072" : RSASSA-PKCS1-v1_5 signing without encoding,
/// with a 3072 bit key.
/// - "RSA_SIGN_RAW_PKCS1_4096" : RSASSA-PKCS1-v1_5 signing without encoding,
/// with a 4096 bit key.
/// - "RSA_DECRYPT_OAEP_2048_SHA256" : RSAES-OAEP 2048 bit key with a SHA256
/// digest.
/// - "RSA_DECRYPT_OAEP_3072_SHA256" : RSAES-OAEP 3072 bit key with a SHA256
/// digest.
/// - "RSA_DECRYPT_OAEP_4096_SHA256" : RSAES-OAEP 4096 bit key with a SHA256
/// digest.
/// - "RSA_DECRYPT_OAEP_4096_SHA512" : RSAES-OAEP 4096 bit key with a SHA512
/// digest.
/// - "RSA_DECRYPT_OAEP_2048_SHA1" : RSAES-OAEP 2048 bit key with a SHA1
/// digest.
/// - "RSA_DECRYPT_OAEP_3072_SHA1" : RSAES-OAEP 3072 bit key with a SHA1
/// digest.
/// - "RSA_DECRYPT_OAEP_4096_SHA1" : RSAES-OAEP 4096 bit key with a SHA1
/// digest.
/// - "EC_SIGN_P256_SHA256" : ECDSA on the NIST P-256 curve with a SHA256
/// digest. Other hash functions can also be used:
/// https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms
/// - "EC_SIGN_P384_SHA384" : ECDSA on the NIST P-384 curve with a SHA384
/// digest. Other hash functions can also be used:
/// https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms
/// - "EC_SIGN_SECP256K1_SHA256" : ECDSA on the non-NIST secp256k1 curve. This
/// curve is only supported for HSM protection level. Other hash functions can
/// also be used:
/// https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms
/// - "EC_SIGN_ED25519" : EdDSA on the Curve25519 in pure mode (taking data as
/// input).
/// - "HMAC_SHA256" : HMAC-SHA256 signing with a 256 bit key.
/// - "HMAC_SHA1" : HMAC-SHA1 signing with a 160 bit key.
/// - "HMAC_SHA384" : HMAC-SHA384 signing with a 384 bit key.
/// - "HMAC_SHA512" : HMAC-SHA512 signing with a 512 bit key.
/// - "HMAC_SHA224" : HMAC-SHA224 signing with a 224 bit key.
/// - "EXTERNAL_SYMMETRIC_ENCRYPTION" : Algorithm representing symmetric
/// encryption by an external key manager.
/// - "ML_KEM_768" : ML-KEM-768 (FIPS 203)
/// - "ML_KEM_1024" : ML-KEM-1024 (FIPS 203)
/// - "KEM_XWING" : X-Wing hybrid KEM combining ML-KEM-768 with X25519
/// following datatracker.ietf.org/doc/draft-connolly-cfrg-xwing-kem/.
/// - "PQ_SIGN_ML_DSA_44" : The post-quantum Module-Lattice-Based Digital
/// Signature Algorithm, at security level 1. Randomized version.
/// - "PQ_SIGN_ML_DSA_65" : The post-quantum Module-Lattice-Based Digital
/// Signature Algorithm, at security level 3. Randomized version.
/// - "PQ_SIGN_ML_DSA_87" : The post-quantum Module-Lattice-Based Digital
/// Signature Algorithm, at security level 5. Randomized version.
/// - "PQ_SIGN_SLH_DSA_SHA2_128S" : The post-quantum stateless hash-based
/// digital signature algorithm, at security level 1. Randomized version.
/// - "PQ_SIGN_HASH_SLH_DSA_SHA2_128S_SHA256" : The post-quantum stateless
/// hash-based digital signature algorithm, at security level 1. Randomized
/// pre-hash version supporting SHA256 digests.
/// - "PQ_SIGN_ML_DSA_44_EXTERNAL_MU" : The post-quantum Module-Lattice-Based
/// Digital Signature Algorithm, at security level 1. Randomized version
/// supporting externally-computed message representatives.
/// - "PQ_SIGN_ML_DSA_65_EXTERNAL_MU" : The post-quantum Module-Lattice-Based
/// Digital Signature Algorithm, at security level 3. Randomized version
/// supporting externally-computed message representatives.
/// - "PQ_SIGN_ML_DSA_87_EXTERNAL_MU" : The post-quantum Module-Lattice-Based
/// Digital Signature Algorithm, at security level 5. Randomized version
/// supporting externally-computed message representatives.
core.String? algorithm;
/// The name of the CryptoKeyVersion public key.
///
/// Provided here for verification. NOTE: This field is in Beta.
core.String? name;
/// The public key, encoded in PEM format.
///
/// For more information, see the
/// [RFC 7468](https://tools.ietf.org/html/rfc7468) sections for
/// [General Considerations](https://tools.ietf.org/html/rfc7468#section-2)
/// and
/// [Textual Encoding of Subject Public Key Info](https://tools.ietf.org/html/rfc7468#section-13).
core.String? pem;
/// Integrity verification field.
///
/// A CRC32C checksum of the returned PublicKey.pem. An integrity check of
/// PublicKey.pem can be performed by computing the CRC32C checksum of
/// PublicKey.pem and comparing your results to this field. Discard the
/// response in case of non-matching checksum values, and perform a limited
/// number of retries. A persistent mismatch may indicate an issue in your
/// computation of the CRC32C checksum. Note: This field is defined as int64
/// for reasons of compatibility across different languages. However, it is a
/// non-negative integer, which will never exceed `2^32-1`, and can be safely
/// downconverted to uint32 in languages that support this type. NOTE: This
/// field is in Beta.
core.String? pemCrc32c;
/// The ProtectionLevel of the CryptoKeyVersion public key.
/// Possible string values are:
/// - "PROTECTION_LEVEL_UNSPECIFIED" : Not specified.
/// - "SOFTWARE" : Crypto operations are performed in software.
/// - "HSM" : Crypto operations are performed in a Hardware Security Module.
/// - "EXTERNAL" : Crypto operations are performed by an external key manager.
/// - "EXTERNAL_VPC" : Crypto operations are performed in an EKM-over-VPC
/// backend.
/// - "HSM_SINGLE_TENANT" : Crypto operations are performed in a single-tenant
/// HSM.
core.String? protectionLevel;
/// This field contains the public key (with integrity verification),
/// formatted according to the public_key_format field.
ChecksummedData? publicKey;
/// The PublicKey format specified by the customer through the
/// public_key_format field.
/// Possible string values are:
/// - "PUBLIC_KEY_FORMAT_UNSPECIFIED" : If the public_key_format field is not
/// specified: - For PQC algorithms, an error will be returned. - For non-PQC
/// algorithms, the default format is PEM, and the field pem will be
/// populated. Otherwise, the public key will be exported through the
/// public_key field in the requested format.
/// - "PEM" : The returned public key will be encoded in PEM format. See the
/// [RFC7468](https://tools.ietf.org/html/rfc7468) sections for
/// [General Considerations](https://tools.ietf.org/html/rfc7468#section-2)
/// and
/// [Textual Encoding of Subject Public Key Info](https://tools.ietf.org/html/rfc7468#section-13)
/// for more information.
/// - "DER" : The returned public key will be encoded in DER format (the
/// PrivateKeyInfo structure from RFC 5208).
/// - "NIST_PQC" : This is supported only for PQC algorithms. The key material
/// is returned in the format defined by NIST PQC standards (FIPS 203, FIPS
/// 204, and FIPS 205).
/// - "XWING_RAW_BYTES" : The returned public key is in raw bytes format
/// defined in its standard
/// https://datatracker.ietf.org/doc/draft-connolly-cfrg-xwing-kem.
core.String? publicKeyFormat;
PublicKey({
this.algorithm,
this.name,
this.pem,
this.pemCrc32c,
this.protectionLevel,
this.publicKey,
this.publicKeyFormat,
});
PublicKey.fromJson(core.Map json_)
: this(
algorithm: json_['algorithm'] as core.String?,
name: json_['name'] as core.String?,
pem: json_['pem'] as core.String?,
pemCrc32c: json_['pemCrc32c'] as core.String?,
protectionLevel: json_['protectionLevel'] as core.String?,
publicKey: json_.containsKey('publicKey')
? ChecksummedData.fromJson(
json_['publicKey'] as core.Map<core.String, core.dynamic>,
)
: null,
publicKeyFormat: json_['publicKeyFormat'] as core.String?,
);
core.Map<core.String, core.dynamic> toJson() {
final algorithm = this.algorithm;
final name = this.name;
final pem = this.pem;
final pemCrc32c = this.pemCrc32c;
final protectionLevel = this.protectionLevel;
final publicKey = this.publicKey;
final publicKeyFormat = this.publicKeyFormat;
return {
'algorithm': ?algorithm,
'name': ?name,
'pem': ?pem,
'pemCrc32c': ?pemCrc32c,
'protectionLevel': ?protectionLevel,
'publicKey': ?publicKey,
'publicKeyFormat': ?publicKeyFormat,
};
}
}
/// Configuration for M of N quorum auth.
class QuorumAuth {
/// The required numbers of approvers.
///
/// The M value used for M of N quorum auth. Must be greater than or equal to
/// 2 and less than or equal to total_approver_count - 1.
///
/// Output only.
core.int? requiredApproverCount;
/// The total number of approvers.
///
/// This is the N value used for M of N quorum auth. Must be greater than or
/// equal to 3 and less than or equal to 16.
///
/// Required.
core.int? totalApproverCount;
/// The public keys associated with the 2FA keys for M of N quorum auth.
///
/// Output only.
core.List<core.String>? twoFactorPublicKeyPems;
QuorumAuth({
this.requiredApproverCount,
this.totalApproverCount,
this.twoFactorPublicKeyPems,
});
QuorumAuth.fromJson(core.Map json_)
: this(
requiredApproverCount: json_['requiredApproverCount'] as core.int?,
totalApproverCount: json_['totalApproverCount'] as core.int?,
twoFactorPublicKeyPems: (json_['twoFactorPublicKeyPems'] as core.List?)
?.map((value) => value as core.String)
.toList(),
);
core.Map<core.String, core.dynamic> toJson() {
final requiredApproverCount = this.requiredApproverCount;
final totalApproverCount = this.totalApproverCount;
final twoFactorPublicKeyPems = this.twoFactorPublicKeyPems;
return {
'requiredApproverCount': ?requiredApproverCount,
'totalApproverCount': ?totalApproverCount,
'twoFactorPublicKeyPems': ?twoFactorPublicKeyPems,
};
}
}
/// Parameters of quorum approval for the SingleTenantHsmInstanceProposal.
class QuorumParameters {
/// The public keys associated with the 2FA keys that have already approved
/// the SingleTenantHsmInstanceProposal by signing the challenge.
///
/// Output only.
core.List<core.String>? approvedTwoFactorPublicKeyPems;
/// The challenges to be signed by 2FA keys for quorum auth.
///
/// M of N of these challenges are required to be signed to approve the
/// operation.
///
/// Output only.
core.List<Challenge>? challenges;
/// The required numbers of approvers.
///
/// This is the M value used for M of N quorum auth. It is less than the
/// number of public keys.
///
/// Output only.
core.int? requiredApproverCount;
QuorumParameters({
this.approvedTwoFactorPublicKeyPems,
this.challenges,
this.requiredApproverCount,
});
QuorumParameters.fromJson(core.Map json_)
: this(
approvedTwoFactorPublicKeyPems:
(json_['approvedTwoFactorPublicKeyPems'] as core.List?)
?.map((value) => value as core.String)
.toList(),
challenges: (json_['challenges'] as core.List?)
?.map(
(value) => Challenge.fromJson(
value as core.Map<core.String, core.dynamic>,
),
)
.toList(),
requiredApproverCount: json_['requiredApproverCount'] as core.int?,
);
core.Map<core.String, core.dynamic> toJson() {
final approvedTwoFactorPublicKeyPems = this.approvedTwoFactorPublicKeyPems;
final challenges = this.challenges;
final requiredApproverCount = this.requiredApproverCount;
return {
'approvedTwoFactorPublicKeyPems': ?approvedTwoFactorPublicKeyPems,
'challenges': ?challenges,
'requiredApproverCount': ?requiredApproverCount,
};
}
}
/// The reply to QuorumParameters for approving the proposal.
class QuorumReply {
/// The challenge replies to approve the proposal.
///
/// Challenge replies can be sent across multiple requests. The proposal will
/// be approved when required_approver_count challenge replies are provided.
///
/// Required.
core.List<ChallengeReply>? challengeReplies;
QuorumReply({this.challengeReplies});
QuorumReply.fromJson(core.Map json_)
: this(
challengeReplies: (json_['challengeReplies'] as core.List?)
?.map(
(value) => ChallengeReply.fromJson(
value as core.Map<core.String, core.dynamic>,
),
)
.toList(),
);
core.Map<core.String, core.dynamic> toJson() {
final challengeReplies = this.challengeReplies;
return {'challengeReplies': ?challengeReplies};
}
}
/// Request message for KeyManagementService.RawDecrypt.
class RawDecryptRequest {
/// Optional data that must match the data originally supplied in
/// RawEncryptRequest.additional_authenticated_data.
///
/// Optional.
core.String? additionalAuthenticatedData;
core.List<core.int> get additionalAuthenticatedDataAsBytes =>
convert.base64.decode(additionalAuthenticatedData!);
set additionalAuthenticatedDataAsBytes(core.List<core.int> bytes_) {
additionalAuthenticatedData = convert.base64
.encode(bytes_)
.replaceAll('/', '_')
.replaceAll('+', '-');
}
/// An optional CRC32C checksum of the
/// RawDecryptRequest.additional_authenticated_data.
///
/// If specified, KeyManagementService will verify the integrity of the
/// received additional_authenticated_data using this checksum.
/// KeyManagementService will report an error if the checksum verification
/// fails. If you receive a checksum error, your client should verify that
/// CRC32C(additional_authenticated_data) is equal to
/// additional_authenticated_data_crc32c, and if so, perform a limited number
/// of retries. A persistent mismatch may indicate an issue in your
/// computation of the CRC32C checksum. Note: This field is defined as int64
/// for reasons of compatibility across different languages. However, it is a
/// non-negative integer, which will never exceed 2^32-1, and can be safely
/// downconverted to uint32 in languages that support this type.
///
/// Optional.
core.String? additionalAuthenticatedDataCrc32c;
/// The encrypted data originally returned in RawEncryptResponse.ciphertext.
///
/// Required.
core.String? ciphertext;
core.List<core.int> get ciphertextAsBytes =>
convert.base64.decode(ciphertext!);
set ciphertextAsBytes(core.List<core.int> bytes_) {
ciphertext = convert.base64
.encode(bytes_)
.replaceAll('/', '_')
.replaceAll('+', '-');
}
/// An optional CRC32C checksum of the RawDecryptRequest.ciphertext.
///
/// If specified, KeyManagementService will verify the integrity of the
/// received ciphertext using this checksum. KeyManagementService will report
/// an error if the checksum verification fails. If you receive a checksum
/// error, your client should verify that CRC32C(ciphertext) is equal to
/// ciphertext_crc32c, and if so, perform a limited number of retries. A
/// persistent mismatch may indicate an issue in your computation of the
/// CRC32C checksum. Note: This field is defined as int64 for reasons of
/// compatibility across different languages. However, it is a non-negative
/// integer, which will never exceed 2^32-1, and can be safely downconverted
/// to uint32 in languages that support this type.
///
/// Optional.
core.String? ciphertextCrc32c;
/// The initialization vector (IV) used during encryption, which must match
/// the data originally provided in RawEncryptResponse.initialization_vector.
///
/// Required.
core.String? initializationVector;
core.List<core.int> get initializationVectorAsBytes =>
convert.base64.decode(initializationVector!);
set initializationVectorAsBytes(core.List<core.int> bytes_) {
initializationVector = convert.base64
.encode(bytes_)
.replaceAll('/', '_')
.replaceAll('+', '-');
}
/// An optional CRC32C checksum of the
/// RawDecryptRequest.initialization_vector.
///
/// If specified, KeyManagementService will verify the integrity of the
/// received initialization_vector using this checksum. KeyManagementService
/// will report an error if the checksum verification fails. If you receive a
/// checksum error, your client should verify that
/// CRC32C(initialization_vector) is equal to initialization_vector_crc32c,
/// and if so, perform a limited number of retries. A persistent mismatch may
/// indicate an issue in your computation of the CRC32C checksum. Note: This
/// field is defined as int64 for reasons of compatibility across different
/// languages. However, it is a non-negative integer, which will never exceed
/// 2^32-1, and can be safely downconverted to uint32 in languages that
/// support this type.
///
/// Optional.
core.String? initializationVectorCrc32c;
/// The length of the authentication tag that is appended to the end of the
/// ciphertext.
///
/// If unspecified (0), the default value for the key's algorithm will be used
/// (for AES-GCM, the default value is 16).
core.int? tagLength;
RawDecryptRequest({
this.additionalAuthenticatedData,
this.additionalAuthenticatedDataCrc32c,
this.ciphertext,
this.ciphertextCrc32c,
this.initializationVector,
this.initializationVectorCrc32c,
this.tagLength,
});
RawDecryptRequest.fromJson(core.Map json_)
: this(
additionalAuthenticatedData:
json_['additionalAuthenticatedData'] as core.String?,
additionalAuthenticatedDataCrc32c:
json_['additionalAuthenticatedDataCrc32c'] as core.String?,
ciphertext: json_['ciphertext'] as core.String?,
ciphertextCrc32c: json_['ciphertextCrc32c'] as core.String?,
initializationVector: json_['initializationVector'] as core.String?,
initializationVectorCrc32c:
json_['initializationVectorCrc32c'] as core.String?,
tagLength: json_['tagLength'] as core.int?,
);
core.Map<core.String, core.dynamic> toJson() {
final additionalAuthenticatedData = this.additionalAuthenticatedData;
final additionalAuthenticatedDataCrc32c =
this.additionalAuthenticatedDataCrc32c;
final ciphertext = this.ciphertext;
final ciphertextCrc32c = this.ciphertextCrc32c;
final initializationVector = this.initializationVector;
final initializationVectorCrc32c = this.initializationVectorCrc32c;
final tagLength = this.tagLength;
return {
'additionalAuthenticatedData': ?additionalAuthenticatedData,
'additionalAuthenticatedDataCrc32c': ?additionalAuthenticatedDataCrc32c,
'ciphertext': ?ciphertext,
'ciphertextCrc32c': ?ciphertextCrc32c,
'initializationVector': ?initializationVector,
'initializationVectorCrc32c': ?initializationVectorCrc32c,
'tagLength': ?tagLength,
};
}
}
/// Response message for KeyManagementService.RawDecrypt.
class RawDecryptResponse {
/// The decrypted data.
core.String? plaintext;
core.List<core.int> get plaintextAsBytes => convert.base64.decode(plaintext!);
set plaintextAsBytes(core.List<core.int> bytes_) {
plaintext = convert.base64
.encode(bytes_)
.replaceAll('/', '_')
.replaceAll('+', '-');
}
/// Integrity verification field.
///
/// A CRC32C checksum of the returned RawDecryptResponse.plaintext. An
/// integrity check of plaintext can be performed by computing the CRC32C
/// checksum of plaintext and comparing your results to this field. Discard
/// the response in case of non-matching checksum values, and perform a
/// limited number of retries. A persistent mismatch may indicate an issue in
/// your computation of the CRC32C checksum. Note: receiving this response
/// message indicates that KeyManagementService is able to successfully
/// decrypt the ciphertext. Note: This field is defined as int64 for reasons
/// of compatibility across different languages. However, it is a non-negative
/// integer, which will never exceed 2^32-1, and can be safely downconverted
/// to uint32 in languages that support this type.
core.String? plaintextCrc32c;
/// The ProtectionLevel of the CryptoKeyVersion used in decryption.
/// Possible string values are:
/// - "PROTECTION_LEVEL_UNSPECIFIED" : Not specified.
/// - "SOFTWARE" : Crypto operations are performed in software.
/// - "HSM" : Crypto operations are performed in a Hardware Security Module.
/// - "EXTERNAL" : Crypto operations are performed by an external key manager.
/// - "EXTERNAL_VPC" : Crypto operations are performed in an EKM-over-VPC
/// backend.
/// - "HSM_SINGLE_TENANT" : Crypto operations are performed in a single-tenant
/// HSM.
core.String? protectionLevel;
/// Integrity verification field.
///
/// A flag indicating whether
/// RawDecryptRequest.additional_authenticated_data_crc32c was received by
/// KeyManagementService and used for the integrity verification of
/// additional_authenticated_data. A false value of this field indicates
/// either that // RawDecryptRequest.additional_authenticated_data_crc32c was
/// left unset or that it was not delivered to KeyManagementService. If you've
/// set RawDecryptRequest.additional_authenticated_data_crc32c but this field
/// is still false, discard the response and perform a limited number of
/// retries.
core.bool? verifiedAdditionalAuthenticatedDataCrc32c;
/// Integrity verification field.
///
/// A flag indicating whether RawDecryptRequest.ciphertext_crc32c was received
/// by KeyManagementService and used for the integrity verification of the
/// ciphertext. A false value of this field indicates either that
/// RawDecryptRequest.ciphertext_crc32c was left unset or that it was not
/// delivered to KeyManagementService. If you've set
/// RawDecryptRequest.ciphertext_crc32c but this field is still false, discard
/// the response and perform a limited number of retries.
core.bool? verifiedCiphertextCrc32c;
/// Integrity verification field.
///
/// A flag indicating whether RawDecryptRequest.initialization_vector_crc32c
/// was received by KeyManagementService and used for the integrity
/// verification of initialization_vector. A false value of this field
/// indicates either that RawDecryptRequest.initialization_vector_crc32c was
/// left unset or that it was not delivered to KeyManagementService. If you've
/// set RawDecryptRequest.initialization_vector_crc32c but this field is still
/// false, discard the response and perform a limited number of retries.
core.bool? verifiedInitializationVectorCrc32c;
RawDecryptResponse({
this.plaintext,
this.plaintextCrc32c,
this.protectionLevel,
this.verifiedAdditionalAuthenticatedDataCrc32c,
this.verifiedCiphertextCrc32c,
this.verifiedInitializationVectorCrc32c,
});
RawDecryptResponse.fromJson(core.Map json_)
: this(
plaintext: json_['plaintext'] as core.String?,
plaintextCrc32c: json_['plaintextCrc32c'] as core.String?,
protectionLevel: json_['protectionLevel'] as core.String?,
verifiedAdditionalAuthenticatedDataCrc32c:
json_['verifiedAdditionalAuthenticatedDataCrc32c'] as core.bool?,
verifiedCiphertextCrc32c:
json_['verifiedCiphertextCrc32c'] as core.bool?,
verifiedInitializationVectorCrc32c:
json_['verifiedInitializationVectorCrc32c'] as core.bool?,
);
core.Map<core.String, core.dynamic> toJson() {
final plaintext = this.plaintext;
final plaintextCrc32c = this.plaintextCrc32c;
final protectionLevel = this.protectionLevel;
final verifiedAdditionalAuthenticatedDataCrc32c =
this.verifiedAdditionalAuthenticatedDataCrc32c;
final verifiedCiphertextCrc32c = this.verifiedCiphertextCrc32c;
final verifiedInitializationVectorCrc32c =
this.verifiedInitializationVectorCrc32c;
return {
'plaintext': ?plaintext,
'plaintextCrc32c': ?plaintextCrc32c,
'protectionLevel': ?protectionLevel,
'verifiedAdditionalAuthenticatedDataCrc32c':
?verifiedAdditionalAuthenticatedDataCrc32c,
'verifiedCiphertextCrc32c': ?verifiedCiphertextCrc32c,
'verifiedInitializationVectorCrc32c': ?verifiedInitializationVectorCrc32c,
};
}
}
/// Request message for KeyManagementService.RawEncrypt.
class RawEncryptRequest {
/// Optional data that, if specified, must also be provided during decryption
/// through RawDecryptRequest.additional_authenticated_data.
///
/// This field may only be used in conjunction with an algorithm that accepts
/// additional authenticated data (for example, AES-GCM). The maximum size
/// depends on the key version's protection_level. For SOFTWARE keys, the
/// plaintext must be no larger than 64KiB. For HSM keys, the combined length
/// of the plaintext and additional_authenticated_data fields must be no
/// larger than 8KiB.
///
/// Optional.
core.String? additionalAuthenticatedData;
core.List<core.int> get additionalAuthenticatedDataAsBytes =>
convert.base64.decode(additionalAuthenticatedData!);
set additionalAuthenticatedDataAsBytes(core.List<core.int> bytes_) {
additionalAuthenticatedData = convert.base64
.encode(bytes_)
.replaceAll('/', '_')
.replaceAll('+', '-');
}
/// An optional CRC32C checksum of the
/// RawEncryptRequest.additional_authenticated_data.
///
/// If specified, KeyManagementService will verify the integrity of the
/// received additional_authenticated_data using this checksum.
/// KeyManagementService will report an error if the checksum verification
/// fails. If you receive a checksum error, your client should verify that
/// CRC32C(additional_authenticated_data) is equal to
/// additional_authenticated_data_crc32c, and if so, perform a limited number
/// of retries. A persistent mismatch may indicate an issue in your
/// computation of the CRC32C checksum. Note: This field is defined as int64
/// for reasons of compatibility across different languages. However, it is a
/// non-negative integer, which will never exceed 2^32-1, and can be safely
/// downconverted to uint32 in languages that support this type.
///
/// Optional.
core.String? additionalAuthenticatedDataCrc32c;
/// A customer-supplied initialization vector that will be used for
/// encryption.
///
/// If it is not provided for AES-CBC and AES-CTR, one will be generated. It
/// will be returned in RawEncryptResponse.initialization_vector.
///
/// Optional.
core.String? initializationVector;
core.List<core.int> get initializationVectorAsBytes =>
convert.base64.decode(initializationVector!);
set initializationVectorAsBytes(core.List<core.int> bytes_) {
initializationVector = convert.base64
.encode(bytes_)
.replaceAll('/', '_')
.replaceAll('+', '-');
}
/// An optional CRC32C checksum of the
/// RawEncryptRequest.initialization_vector.
///
/// If specified, KeyManagementService will verify the integrity of the
/// received initialization_vector using this checksum. KeyManagementService
/// will report an error if the checksum verification fails. If you receive a
/// checksum error, your client should verify that
/// CRC32C(initialization_vector) is equal to initialization_vector_crc32c,
/// and if so, perform a limited number of retries. A persistent mismatch may
/// indicate an issue in your computation of the CRC32C checksum. Note: This
/// field is defined as int64 for reasons of compatibility across different
/// languages. However, it is a non-negative integer, which will never exceed
/// 2^32-1, and can be safely downconverted to uint32 in languages that
/// support this type.
///
/// Optional.
core.String? initializationVectorCrc32c;
/// The data to encrypt.
///
/// Must be no larger than 64KiB. The maximum size depends on the key
/// version's protection_level. For SOFTWARE keys, the plaintext must be no
/// larger than 64KiB. For HSM keys, the combined length of the plaintext and
/// additional_authenticated_data fields must be no larger than 8KiB.
///
/// Required.
core.String? plaintext;
core.List<core.int> get plaintextAsBytes => convert.base64.decode(plaintext!);
set plaintextAsBytes(core.List<core.int> bytes_) {
plaintext = convert.base64
.encode(bytes_)
.replaceAll('/', '_')
.replaceAll('+', '-');
}
/// An optional CRC32C checksum of the RawEncryptRequest.plaintext.
///
/// If specified, KeyManagementService will verify the integrity of the
/// received plaintext using this checksum. KeyManagementService will report
/// an error if the checksum verification fails. If you receive a checksum
/// error, your client should verify that CRC32C(plaintext) is equal to
/// plaintext_crc32c, and if so, perform a limited number of retries. A
/// persistent mismatch may indicate an issue in your computation of the
/// CRC32C checksum. Note: This field is defined as int64 for reasons of
/// compatibility across different languages. However, it is a non-negative
/// integer, which will never exceed 2^32-1, and can be safely downconverted
/// to uint32 in languages that support this type.
///
/// Optional.
core.String? plaintextCrc32c;
RawEncryptRequest({
this.additionalAuthenticatedData,
this.additionalAuthenticatedDataCrc32c,
this.initializationVector,
this.initializationVectorCrc32c,
this.plaintext,
this.plaintextCrc32c,
});
RawEncryptRequest.fromJson(core.Map json_)
: this(
additionalAuthenticatedData:
json_['additionalAuthenticatedData'] as core.String?,
additionalAuthenticatedDataCrc32c:
json_['additionalAuthenticatedDataCrc32c'] as core.String?,
initializationVector: json_['initializationVector'] as core.String?,
initializationVectorCrc32c:
json_['initializationVectorCrc32c'] as core.String?,
plaintext: json_['plaintext'] as core.String?,
plaintextCrc32c: json_['plaintextCrc32c'] as core.String?,
);
core.Map<core.String, core.dynamic> toJson() {
final additionalAuthenticatedData = this.additionalAuthenticatedData;
final additionalAuthenticatedDataCrc32c =
this.additionalAuthenticatedDataCrc32c;
final initializationVector = this.initializationVector;
final initializationVectorCrc32c = this.initializationVectorCrc32c;
final plaintext = this.plaintext;
final plaintextCrc32c = this.plaintextCrc32c;
return {
'additionalAuthenticatedData': ?additionalAuthenticatedData,
'additionalAuthenticatedDataCrc32c': ?additionalAuthenticatedDataCrc32c,
'initializationVector': ?initializationVector,
'initializationVectorCrc32c': ?initializationVectorCrc32c,
'plaintext': ?plaintext,
'plaintextCrc32c': ?plaintextCrc32c,
};
}
}
/// Response message for KeyManagementService.RawEncrypt.
class RawEncryptResponse {
/// The encrypted data.
///
/// In the case of AES-GCM, the authentication tag is the tag_length bytes at
/// the end of this field.
core.String? ciphertext;
core.List<core.int> get ciphertextAsBytes =>
convert.base64.decode(ciphertext!);
set ciphertextAsBytes(core.List<core.int> bytes_) {
ciphertext = convert.base64
.encode(bytes_)
.replaceAll('/', '_')
.replaceAll('+', '-');
}
/// Integrity verification field.
///
/// A CRC32C checksum of the returned RawEncryptResponse.ciphertext. An
/// integrity check of ciphertext can be performed by computing the CRC32C
/// checksum of ciphertext and comparing your results to this field. Discard
/// the response in case of non-matching checksum values, and perform a
/// limited number of retries. A persistent mismatch may indicate an issue in
/// your computation of the CRC32C checksum. Note: This field is defined as
/// int64 for reasons of compatibility across different languages. However, it
/// is a non-negative integer, which will never exceed 2^32-1, and can be
/// safely downconverted to uint32 in languages that support this type.
core.String? ciphertextCrc32c;
/// The initialization vector (IV) generated by the service during encryption.
///
/// This value must be stored and provided in
/// RawDecryptRequest.initialization_vector at decryption time.
core.String? initializationVector;
core.List<core.int> get initializationVectorAsBytes =>
convert.base64.decode(initializationVector!);
set initializationVectorAsBytes(core.List<core.int> bytes_) {
initializationVector = convert.base64
.encode(bytes_)
.replaceAll('/', '_')
.replaceAll('+', '-');
}
/// Integrity verification field.
///
/// A CRC32C checksum of the returned
/// RawEncryptResponse.initialization_vector. An integrity check of
/// initialization_vector can be performed by computing the CRC32C checksum of
/// initialization_vector and comparing your results to this field. Discard
/// the response in case of non-matching checksum values, and perform a
/// limited number of retries. A persistent mismatch may indicate an issue in
/// your computation of the CRC32C checksum. Note: This field is defined as
/// int64 for reasons of compatibility across different languages. However, it
/// is a non-negative integer, which will never exceed 2^32-1, and can be
/// safely downconverted to uint32 in languages that support this type.
core.String? initializationVectorCrc32c;
/// The resource name of the CryptoKeyVersion used in encryption.
///
/// Check this field to verify that the intended resource was used for
/// encryption.
core.String? name;
/// The ProtectionLevel of the CryptoKeyVersion used in encryption.
/// Possible string values are:
/// - "PROTECTION_LEVEL_UNSPECIFIED" : Not specified.
/// - "SOFTWARE" : Crypto operations are performed in software.
/// - "HSM" : Crypto operations are performed in a Hardware Security Module.
/// - "EXTERNAL" : Crypto operations are performed by an external key manager.
/// - "EXTERNAL_VPC" : Crypto operations are performed in an EKM-over-VPC
/// backend.
/// - "HSM_SINGLE_TENANT" : Crypto operations are performed in a single-tenant
/// HSM.
core.String? protectionLevel;
/// The length of the authentication tag that is appended to the end of the
/// ciphertext.
core.int? tagLength;
/// Integrity verification field.
///
/// A flag indicating whether
/// RawEncryptRequest.additional_authenticated_data_crc32c was received by
/// KeyManagementService and used for the integrity verification of
/// additional_authenticated_data. A false value of this field indicates
/// either that // RawEncryptRequest.additional_authenticated_data_crc32c was
/// left unset or that it was not delivered to KeyManagementService. If you've
/// set RawEncryptRequest.additional_authenticated_data_crc32c but this field
/// is still false, discard the response and perform a limited number of
/// retries.
core.bool? verifiedAdditionalAuthenticatedDataCrc32c;
/// Integrity verification field.
///
/// A flag indicating whether RawEncryptRequest.initialization_vector_crc32c
/// was received by KeyManagementService and used for the integrity
/// verification of initialization_vector. A false value of this field
/// indicates either that RawEncryptRequest.initialization_vector_crc32c was
/// left unset or that it was not delivered to KeyManagementService. If you've
/// set RawEncryptRequest.initialization_vector_crc32c but this field is still
/// false, discard the response and perform a limited number of retries.
core.bool? verifiedInitializationVectorCrc32c;
/// Integrity verification field.
///
/// A flag indicating whether RawEncryptRequest.plaintext_crc32c was received
/// by KeyManagementService and used for the integrity verification of the
/// plaintext. A false value of this field indicates either that
/// RawEncryptRequest.plaintext_crc32c was left unset or that it was not
/// delivered to KeyManagementService. If you've set
/// RawEncryptRequest.plaintext_crc32c but this field is still false, discard
/// the response and perform a limited number of retries.
core.bool? verifiedPlaintextCrc32c;
RawEncryptResponse({
this.ciphertext,
this.ciphertextCrc32c,
this.initializationVector,
this.initializationVectorCrc32c,
this.name,
this.protectionLevel,
this.tagLength,
this.verifiedAdditionalAuthenticatedDataCrc32c,
this.verifiedInitializationVectorCrc32c,
this.verifiedPlaintextCrc32c,
});
RawEncryptResponse.fromJson(core.Map json_)
: this(
ciphertext: json_['ciphertext'] as core.String?,
ciphertextCrc32c: json_['ciphertextCrc32c'] as core.String?,
initializationVector: json_['initializationVector'] as core.String?,
initializationVectorCrc32c:
json_['initializationVectorCrc32c'] as core.String?,
name: json_['name'] as core.String?,
protectionLevel: json_['protectionLevel'] as core.String?,
tagLength: json_['tagLength'] as core.int?,
verifiedAdditionalAuthenticatedDataCrc32c:
json_['verifiedAdditionalAuthenticatedDataCrc32c'] as core.bool?,
verifiedInitializationVectorCrc32c:
json_['verifiedInitializationVectorCrc32c'] as core.bool?,
verifiedPlaintextCrc32c: json_['verifiedPlaintextCrc32c'] as core.bool?,
);
core.Map<core.String, core.dynamic> toJson() {
final ciphertext = this.ciphertext;
final ciphertextCrc32c = this.ciphertextCrc32c;
final initializationVector = this.initializationVector;
final initializationVectorCrc32c = this.initializationVectorCrc32c;
final name = this.name;
final protectionLevel = this.protectionLevel;
final tagLength = this.tagLength;
final verifiedAdditionalAuthenticatedDataCrc32c =
this.verifiedAdditionalAuthenticatedDataCrc32c;
final verifiedInitializationVectorCrc32c =
this.verifiedInitializationVectorCrc32c;
final verifiedPlaintextCrc32c = this.verifiedPlaintextCrc32c;
return {
'ciphertext': ?ciphertext,
'ciphertextCrc32c': ?ciphertextCrc32c,
'initializationVector': ?initializationVector,
'initializationVectorCrc32c': ?initializationVectorCrc32c,
'name': ?name,
'protectionLevel': ?protectionLevel,
'tagLength': ?tagLength,
'verifiedAdditionalAuthenticatedDataCrc32c':
?verifiedAdditionalAuthenticatedDataCrc32c,
'verifiedInitializationVectorCrc32c': ?verifiedInitializationVectorCrc32c,
'verifiedPlaintextCrc32c': ?verifiedPlaintextCrc32c,
};
}
}
/// Refreshes the SingleTenantHsmInstance.
///
/// This operation must be performed periodically to keep the
/// SingleTenantHsmInstance active. This operation must be performed before
/// unrefreshed_duration_until_disable has passed. The SingleTenantHsmInstance
/// must be in the ACTIVE state to perform this operation.
typedef RefreshSingleTenantHsmInstance = $Empty;
/// Register 2FA keys for the SingleTenantHsmInstance.
///
/// This operation requires all Challenges to be signed by 2FA keys. The
/// SingleTenantHsmInstance must be in the PENDING_TWO_FACTOR_AUTH_REGISTRATION
/// state to perform this operation.
class RegisterTwoFactorAuthKeys {
/// The required numbers of approvers to set for the SingleTenantHsmInstance.
///
/// This is the M value used for M of N quorum auth. Must be greater than or
/// equal to 2 and less than or equal to total_approver_count - 1.
///
/// Required.
core.int? requiredApproverCount;
/// The public keys associated with the 2FA keys for M of N quorum auth.
///
/// Public keys must be associated with RSA 2048 keys.
///
/// Required.
core.List<core.String>? twoFactorPublicKeyPems;
RegisterTwoFactorAuthKeys({
this.requiredApproverCount,
this.twoFactorPublicKeyPems,
});
RegisterTwoFactorAuthKeys.fromJson(core.Map json_)
: this(
requiredApproverCount: json_['requiredApproverCount'] as core.int?,
twoFactorPublicKeyPems: (json_['twoFactorPublicKeyPems'] as core.List?)
?.map((value) => value as core.String)
.toList(),
);
core.Map<core.String, core.dynamic> toJson() {
final requiredApproverCount = this.requiredApproverCount;
final twoFactorPublicKeyPems = this.twoFactorPublicKeyPems;
return {
'requiredApproverCount': ?requiredApproverCount,
'twoFactorPublicKeyPems': ?twoFactorPublicKeyPems,
};
}
}
/// Remove a quorum member from the SingleTenantHsmInstance.
///
/// This will reduce total_approver_count by 1. The SingleTenantHsmInstance must
/// be in the ACTIVE state to perform this operation.
class RemoveQuorumMember {
/// The public key associated with the 2FA key for the quorum member to
/// remove.
///
/// Public keys must be associated with RSA 2048 keys.
///
/// Required.
core.String? twoFactorPublicKeyPem;
RemoveQuorumMember({this.twoFactorPublicKeyPem});
RemoveQuorumMember.fromJson(core.Map json_)
: this(
twoFactorPublicKeyPem: json_['twoFactorPublicKeyPem'] as core.String?,
);
core.Map<core.String, core.dynamic> toJson() {
final twoFactorPublicKeyPem = this.twoFactorPublicKeyPem;
return {'twoFactorPublicKeyPem': ?twoFactorPublicKeyPem};
}
}
/// Parameters for an approval that has both required challenges and a quorum.
class RequiredActionQuorumParameters {
/// The public keys associated with the 2FA keys that have already approved
/// the SingleTenantHsmInstanceProposal by signing the challenge.
///
/// Output only.
core.List<core.String>? approvedTwoFactorPublicKeyPems;
/// The challenges to be signed by 2FA keys for quorum auth.
///
/// M of N of these challenges are required to be signed to approve the
/// operation.
///
/// Output only.
core.List<Challenge>? quorumChallenges;
/// The required number of quorum approvers.
///
/// This is the M value used for M of N quorum auth. It is less than the
/// number of public keys.
///
/// Output only.
core.int? requiredApproverCount;
/// A list of specific challenges that must be signed.
///
/// For some operations, this will contain a single challenge.
///
/// Output only.
core.List<Challenge>? requiredChallenges;
RequiredActionQuorumParameters({
this.approvedTwoFactorPublicKeyPems,
this.quorumChallenges,
this.requiredApproverCount,
this.requiredChallenges,
});
RequiredActionQuorumParameters.fromJson(core.Map json_)
: this(
approvedTwoFactorPublicKeyPems:
(json_['approvedTwoFactorPublicKeyPems'] as core.List?)
?.map((value) => value as core.String)
.toList(),
quorumChallenges: (json_['quorumChallenges'] as core.List?)
?.map(
(value) => Challenge.fromJson(
value as core.Map<core.String, core.dynamic>,
),
)
.toList(),
requiredApproverCount: json_['requiredApproverCount'] as core.int?,
requiredChallenges: (json_['requiredChallenges'] as core.List?)
?.map(
(value) => Challenge.fromJson(
value as core.Map<core.String, core.dynamic>,
),
)
.toList(),
);
core.Map<core.String, core.dynamic> toJson() {
final approvedTwoFactorPublicKeyPems = this.approvedTwoFactorPublicKeyPems;
final quorumChallenges = this.quorumChallenges;
final requiredApproverCount = this.requiredApproverCount;
final requiredChallenges = this.requiredChallenges;
return {
'approvedTwoFactorPublicKeyPems': ?approvedTwoFactorPublicKeyPems,
'quorumChallenges': ?quorumChallenges,
'requiredApproverCount': ?requiredApproverCount,
'requiredChallenges': ?requiredChallenges,
};
}
}
/// The reply to RequiredActionQuorumParameters for approving the proposal.
class RequiredActionQuorumReply {
/// Quorum members' signed challenge replies.
///
/// These can be provided across multiple requests. The proposal will be
/// approved when required_approver_count quorum_challenge_replies are
/// provided and when all required_challenge_replies are provided.
///
/// Required.
core.List<ChallengeReply>? quorumChallengeReplies;
/// All required challenges must be signed for the proposal to be approved.
///
/// These can be sent across multiple requests.
///
/// Required.
core.List<ChallengeReply>? requiredChallengeReplies;
RequiredActionQuorumReply({
this.quorumChallengeReplies,
this.requiredChallengeReplies,
});
RequiredActionQuorumReply.fromJson(core.Map json_)
: this(
quorumChallengeReplies: (json_['quorumChallengeReplies'] as core.List?)
?.map(
(value) => ChallengeReply.fromJson(
value as core.Map<core.String, core.dynamic>,
),
)
.toList(),
requiredChallengeReplies:
(json_['requiredChallengeReplies'] as core.List?)
?.map(
(value) => ChallengeReply.fromJson(
value as core.Map<core.String, core.dynamic>,
),
)
.toList(),
);
core.Map<core.String, core.dynamic> toJson() {
final quorumChallengeReplies = this.quorumChallengeReplies;
final requiredChallengeReplies = this.requiredChallengeReplies;
return {
'quorumChallengeReplies': ?quorumChallengeReplies,
'requiredChallengeReplies': ?requiredChallengeReplies,
};
}
}
/// Request message for KeyManagementService.RestoreCryptoKeyVersion.
typedef RestoreCryptoKeyVersionRequest = $Empty;
/// A RetiredResource resource represents the record of a deleted CryptoKey.
///
/// Its purpose is to provide visibility into retained user data and to prevent
/// reuse of these names for new CryptoKeys.
class RetiredResource {
/// The time at which the original resource was deleted and this
/// RetiredResource record was created.
///
/// Output only.
core.String? deleteTime;
/// Identifier.
///
/// The resource name for this RetiredResource in the format `projects / *
/// /locations / * /retiredResources / * `.
///
/// Output only.
core.String? name;
/// The full resource name of the original CryptoKey that was deleted in the
/// format `projects / * /locations / * /keyRings / * /cryptoKeys / * `.
///
/// Output only.
core.String? originalResource;
/// The resource type of the original deleted resource.
///
/// Output only.
core.String? resourceType;
RetiredResource({
this.deleteTime,
this.name,
this.originalResource,
this.resourceType,
});
RetiredResource.fromJson(core.Map json_)
: this(
deleteTime: json_['deleteTime'] as core.String?,
name: json_['name'] as core.String?,
originalResource: json_['originalResource'] as core.String?,
resourceType: json_['resourceType'] as core.String?,
);
core.Map<core.String, core.dynamic> toJson() {
final deleteTime = this.deleteTime;
final name = this.name;
final originalResource = this.originalResource;
final resourceType = this.resourceType;
return {
'deleteTime': ?deleteTime,
'name': ?name,
'originalResource': ?originalResource,
'resourceType': ?resourceType,
};
}
}
/// A ServiceResolver represents an EKM replica that can be reached within an
/// EkmConnection.
class ServiceResolver {
/// The filter applied to the endpoints of the resolved service.
///
/// If no filter is specified, all endpoints will be considered. An endpoint
/// will be chosen arbitrarily from the filtered list for each request. For
/// endpoint filter syntax and examples, see
/// https://cloud.google.com/service-directory/docs/reference/rpc/google.cloud.servicedirectory.v1#resolveservicerequest.
///
/// Optional.
core.String? endpointFilter;
/// The hostname of the EKM replica used at TLS and HTTP layers.
///
/// Required.
core.String? hostname;
/// A list of leaf server certificates used to authenticate HTTPS connections
/// to the EKM replica.
///
/// Currently, a maximum of 10 Certificate is supported.
///
/// Required.
core.List<Certificate>? serverCertificates;
/// The resource name of the Service Directory service pointing to an EKM
/// replica, in the format `projects / * /locations / * /namespaces / *
/// /services / * `.
///
/// Required.
core.String? serviceDirectoryService;
ServiceResolver({
this.endpointFilter,
this.hostname,
this.serverCertificates,
this.serviceDirectoryService,
});
ServiceResolver.fromJson(core.Map json_)
: this(
endpointFilter: json_['endpointFilter'] as core.String?,
hostname: json_['hostname'] as core.String?,
serverCertificates: (json_['serverCertificates'] as core.List?)
?.map(
(value) => Certificate.fromJson(
value as core.Map<core.String, core.dynamic>,
),
)
.toList(),
serviceDirectoryService:
json_['serviceDirectoryService'] as core.String?,
);
core.Map<core.String, core.dynamic> toJson() {
final endpointFilter = this.endpointFilter;
final hostname = this.hostname;
final serverCertificates = this.serverCertificates;
final serviceDirectoryService = this.serviceDirectoryService;
return {
'endpointFilter': ?endpointFilter,
'hostname': ?hostname,
'serverCertificates': ?serverCertificates,
'serviceDirectoryService': ?serviceDirectoryService,
};
}
}
/// Request message for `SetIamPolicy` method.
class SetIamPolicyRequest {
/// REQUIRED: The complete policy to be applied to the `resource`.
///
/// The size of the policy is limited to a few 10s of KB. An empty policy is a
/// valid policy but certain Google Cloud services (such as Projects) might
/// reject them.
Policy? policy;
/// OPTIONAL: A FieldMask specifying which fields of the policy to modify.
///
/// Only the fields in the mask will be modified. If no mask is provided, the
/// following default mask is used: `paths: "bindings, etag"`
core.String? updateMask;
SetIamPolicyRequest({this.policy, this.updateMask});
SetIamPolicyRequest.fromJson(core.Map json_)
: this(
policy: json_.containsKey('policy')
? Policy.fromJson(
json_['policy'] as core.Map<core.String, core.dynamic>,
)
: null,
updateMask: json_['updateMask'] as core.String?,
);
core.Map<core.String, core.dynamic> toJson() {
final policy = this.policy;
final updateMask = this.updateMask;
return {'policy': ?policy, 'updateMask': ?updateMask};
}
}
/// Response message for ShowEffectiveAutokeyConfig.
class ShowEffectiveAutokeyConfigResponse {
/// Name of the key project configured in the resource project's folder
/// ancestry.
core.String? keyProject;
ShowEffectiveAutokeyConfigResponse({this.keyProject});
ShowEffectiveAutokeyConfigResponse.fromJson(core.Map json_)
: this(keyProject: json_['keyProject'] as core.String?);
core.Map<core.String, core.dynamic> toJson() {
final keyProject = this.keyProject;
return {'keyProject': ?keyProject};
}
}
/// Represents a response message for
/// KeyAccessJustificationsConfig.ShowEffectiveKeyAccessJustificationsEnrollmentConfig
class ShowEffectiveKeyAccessJustificationsEnrollmentConfigResponse {
/// Contains the effective KeyAccessJustificationsEnrollmentConfig for
/// external keys.
KeyAccessJustificationsEnrollmentConfig? externalConfig;
/// Contains the effective KeyAccessJustificationsEnrollmentConfig for
/// hardware keys.
KeyAccessJustificationsEnrollmentConfig? hardwareConfig;
/// Contains the effective KeyAccessJustificationsEnrollmentConfig for
/// software keys.
KeyAccessJustificationsEnrollmentConfig? softwareConfig;
ShowEffectiveKeyAccessJustificationsEnrollmentConfigResponse({
this.externalConfig,
this.hardwareConfig,
this.softwareConfig,
});
ShowEffectiveKeyAccessJustificationsEnrollmentConfigResponse.fromJson(
core.Map json_,
) : this(
externalConfig: json_.containsKey('externalConfig')
? KeyAccessJustificationsEnrollmentConfig.fromJson(
json_['externalConfig'] as core.Map<core.String, core.dynamic>,
)
: null,
hardwareConfig: json_.containsKey('hardwareConfig')
? KeyAccessJustificationsEnrollmentConfig.fromJson(
json_['hardwareConfig'] as core.Map<core.String, core.dynamic>,
)
: null,
softwareConfig: json_.containsKey('softwareConfig')
? KeyAccessJustificationsEnrollmentConfig.fromJson(
json_['softwareConfig'] as core.Map<core.String, core.dynamic>,
)
: null,
);
core.Map<core.String, core.dynamic> toJson() {
final externalConfig = this.externalConfig;
final hardwareConfig = this.hardwareConfig;
final softwareConfig = this.softwareConfig;
return {
'externalConfig': ?externalConfig,
'hardwareConfig': ?hardwareConfig,
'softwareConfig': ?softwareConfig,
};
}
}
/// Represents a response message for
/// KeyAccessJustificationsConfig.ShowEffectiveKeyAccessJustificationsPolicyConfig.
class ShowEffectiveKeyAccessJustificationsPolicyConfigResponse {
/// Contains the effective KeyAccessJustificationsPolicyConfig.
KeyAccessJustificationsPolicyConfig? effectiveKajPolicy;
ShowEffectiveKeyAccessJustificationsPolicyConfigResponse({
this.effectiveKajPolicy,
});
ShowEffectiveKeyAccessJustificationsPolicyConfigResponse.fromJson(
core.Map json_,
) : this(
effectiveKajPolicy: json_.containsKey('effectiveKajPolicy')
? KeyAccessJustificationsPolicyConfig.fromJson(
json_['effectiveKajPolicy']
as core.Map<core.String, core.dynamic>,
)
: null,
);
core.Map<core.String, core.dynamic> toJson() {
final effectiveKajPolicy = this.effectiveKajPolicy;
return {'effectiveKajPolicy': ?effectiveKajPolicy};
}
}
/// A SingleTenantHsmInstance represents a single-tenant HSM instance.
///
/// It can be used for creating CryptoKeys with a ProtectionLevel of
/// HSM_SINGLE_TENANT, as well as performing cryptographic operations using keys
/// created within the SingleTenantHsmInstance.
class SingleTenantHsmInstance {
/// The time at which the SingleTenantHsmInstance was created.
///
/// Output only.
core.String? createTime;
/// The time at which the SingleTenantHsmInstance was deleted.
///
/// Output only.
core.String? deleteTime;
/// The time at which the instance will be automatically disabled if not
/// refreshed.
///
/// This field is updated upon creation and after each successful refresh
/// operation and enable. A RefreshSingleTenantHsmInstance operation must be
/// made via a SingleTenantHsmInstanceProposal before this time otherwise the
/// SingleTenantHsmInstance will become disabled.
///
/// Output only.
core.String? disableTime;
/// Indicates whether key portability is enabled for the
/// SingleTenantHsmInstance.
///
/// This can only be set at creation time. Key portability features are
/// disabled by default and not yet available in GA.
///
/// Optional. Immutable.
core.bool? keyPortabilityEnabled;
/// Identifier.
///
/// The resource name for this SingleTenantHsmInstance in the format `projects
/// / * /locations / * /singleTenantHsmInstances / * `.
core.String? name;
/// The quorum auth configuration for the SingleTenantHsmInstance.
///
/// Required.
QuorumAuth? quorumAuth;
/// The state of the SingleTenantHsmInstance.
///
/// Output only.
/// Possible string values are:
/// - "STATE_UNSPECIFIED" : Not specified.
/// - "CREATING" : The SingleTenantHsmInstance is being created.
/// - "PENDING_TWO_FACTOR_AUTH_REGISTRATION" : The SingleTenantHsmInstance is
/// waiting for 2FA keys to be registered. This can be done by calling
/// CreateSingleTenantHsmInstanceProposal with the RegisterTwoFactorAuthKeys
/// operation.
/// - "ACTIVE" : The SingleTenantHsmInstance is ready to use. A
/// SingleTenantHsmInstance must be in the ACTIVE state for all CryptoKeys
/// created within the SingleTenantHsmInstance to be usable.
/// - "DISABLING" : The SingleTenantHsmInstance is being disabled.
/// - "DISABLED" : The SingleTenantHsmInstance is disabled.
/// - "DELETING" : The SingleTenantHsmInstance is being deleted. Requests to
/// the instance will be rejected in this state.
/// - "DELETED" : The SingleTenantHsmInstance has been deleted.
/// - "FAILED" : The SingleTenantHsmInstance has failed and can not be
/// recovered or used.
core.String? state;
/// The system-defined duration that an instance can remain unrefreshed until
/// it is automatically disabled.
///
/// This will have a value of 120 days.
///
/// Output only.
core.String? unrefreshedDurationUntilDisable;
SingleTenantHsmInstance({
this.createTime,
this.deleteTime,
this.disableTime,
this.keyPortabilityEnabled,
this.name,
this.quorumAuth,
this.state,
this.unrefreshedDurationUntilDisable,
});
SingleTenantHsmInstance.fromJson(core.Map json_)
: this(
createTime: json_['createTime'] as core.String?,
deleteTime: json_['deleteTime'] as core.String?,
disableTime: json_['disableTime'] as core.String?,
keyPortabilityEnabled: json_['keyPortabilityEnabled'] as core.bool?,
name: json_['name'] as core.String?,
quorumAuth: json_.containsKey('quorumAuth')
? QuorumAuth.fromJson(
json_['quorumAuth'] as core.Map<core.String, core.dynamic>,
)
: null,
state: json_['state'] as core.String?,
unrefreshedDurationUntilDisable:
json_['unrefreshedDurationUntilDisable'] as core.String?,
);
core.Map<core.String, core.dynamic> toJson() {
final createTime = this.createTime;
final deleteTime = this.deleteTime;
final disableTime = this.disableTime;
final keyPortabilityEnabled = this.keyPortabilityEnabled;
final name = this.name;
final quorumAuth = this.quorumAuth;
final state = this.state;
final unrefreshedDurationUntilDisable =
this.unrefreshedDurationUntilDisable;
return {
'createTime': ?createTime,
'deleteTime': ?deleteTime,
'disableTime': ?disableTime,
'keyPortabilityEnabled': ?keyPortabilityEnabled,
'name': ?name,
'quorumAuth': ?quorumAuth,
'state': ?state,
'unrefreshedDurationUntilDisable': ?unrefreshedDurationUntilDisable,
};
}
}
/// A SingleTenantHsmInstanceProposal represents a proposal to perform an
/// operation on a SingleTenantHsmInstance.
class SingleTenantHsmInstanceProposal {
/// Add a quorum member to the SingleTenantHsmInstance.
///
/// This will increase the total_approver_count by 1. The
/// SingleTenantHsmInstance must be in the ACTIVE state to perform this
/// operation.
AddQuorumMember? addQuorumMember;
/// The time at which the SingleTenantHsmInstanceProposal was created.
///
/// Output only.
core.String? createTime;
/// Delete the SingleTenantHsmInstance.
///
/// Deleting a SingleTenantHsmInstance will make all CryptoKeys attached to
/// the SingleTenantHsmInstance unusable. The SingleTenantHsmInstance must be
/// in the DISABLED or PENDING_TWO_FACTOR_AUTH_REGISTRATION state to perform
/// this operation.
DeleteSingleTenantHsmInstance? deleteSingleTenantHsmInstance;
/// The time at which the SingleTenantHsmInstanceProposal was deleted.
///
/// Output only.
core.String? deleteTime;
/// Disable the SingleTenantHsmInstance.
///
/// The SingleTenantHsmInstance must be in the ACTIVE state to perform this
/// operation.
DisableSingleTenantHsmInstance? disableSingleTenantHsmInstance;
/// Enable the SingleTenantHsmInstance.
///
/// The SingleTenantHsmInstance must be in the DISABLED state to perform this
/// operation.
EnableSingleTenantHsmInstance? enableSingleTenantHsmInstance;
/// The time at which the SingleTenantHsmInstanceProposal will expire if not
/// approved and executed.
core.String? expireTime;
/// The root cause of the most recent failure.
///
/// Only present if state is FAILED.
///
/// Output only.
core.String? failureReason;
/// Identifier.
///
/// The resource name for this SingleTenantHsmInstance in the format `projects
/// / * /locations / * /singleTenantHsmInstances / * /proposals / * `.
core.String? name;
/// The time at which the soft-deleted SingleTenantHsmInstanceProposal will be
/// permanently purged.
///
/// This field is only populated when the state is DELETED and will be set a
/// time after expiration of the proposal, i.e. \>= expire_time or
/// (create_time + ttl).
///
/// Output only.
core.String? purgeTime;
/// The quorum approval parameters for the SingleTenantHsmInstanceProposal.
///
/// Output only.
QuorumParameters? quorumParameters;
/// Refreshes the SingleTenantHsmInstance.
///
/// This operation must be performed periodically to keep the
/// SingleTenantHsmInstance active. This operation must be performed before
/// unrefreshed_duration_until_disable has passed. The SingleTenantHsmInstance
/// must be in the ACTIVE state to perform this operation.
RefreshSingleTenantHsmInstance? refreshSingleTenantHsmInstance;
/// Register 2FA keys for the SingleTenantHsmInstance.
///
/// This operation requires all N Challenges to be signed by 2FA keys. The
/// SingleTenantHsmInstance must be in the
/// PENDING_TWO_FACTOR_AUTH_REGISTRATION state to perform this operation.
RegisterTwoFactorAuthKeys? registerTwoFactorAuthKeys;
/// Remove a quorum member from the SingleTenantHsmInstance.
///
/// This will reduce total_approver_count by 1. The SingleTenantHsmInstance
/// must be in the ACTIVE state to perform this operation.
RemoveQuorumMember? removeQuorumMember;
/// Parameters for an approval of a SingleTenantHsmInstanceProposal that has
/// both required challenges and a quorum.
///
/// Output only.
RequiredActionQuorumParameters? requiredActionQuorumParameters;
/// The state of the SingleTenantHsmInstanceProposal.
///
/// Output only.
/// Possible string values are:
/// - "STATE_UNSPECIFIED" : Not specified.
/// - "CREATING" : The SingleTenantHsmInstanceProposal is being created.
/// - "PENDING" : The SingleTenantHsmInstanceProposal is pending approval.
/// - "APPROVED" : The SingleTenantHsmInstanceProposal has been approved.
/// - "RUNNING" : The SingleTenantHsmInstanceProposal is being executed.
/// - "SUCCEEDED" : The SingleTenantHsmInstanceProposal has been executed
/// successfully.
/// - "FAILED" : The SingleTenantHsmInstanceProposal has failed.
/// - "DELETED" : The SingleTenantHsmInstanceProposal has been deleted and
/// will be purged after the purge_time.
core.String? state;
/// Input only.
///
/// The TTL for the SingleTenantHsmInstanceProposal. Proposals will expire
/// after this duration.
core.String? ttl;
SingleTenantHsmInstanceProposal({
this.addQuorumMember,
this.createTime,
this.deleteSingleTenantHsmInstance,
this.deleteTime,
this.disableSingleTenantHsmInstance,
this.enableSingleTenantHsmInstance,
this.expireTime,
this.failureReason,
this.name,
this.purgeTime,
this.quorumParameters,
this.refreshSingleTenantHsmInstance,
this.registerTwoFactorAuthKeys,
this.removeQuorumMember,
this.requiredActionQuorumParameters,
this.state,
this.ttl,
});
SingleTenantHsmInstanceProposal.fromJson(core.Map json_)
: this(
addQuorumMember: json_.containsKey('addQuorumMember')
? AddQuorumMember.fromJson(
json_['addQuorumMember'] as core.Map<core.String, core.dynamic>,
)
: null,
createTime: json_['createTime'] as core.String?,
deleteSingleTenantHsmInstance:
json_.containsKey('deleteSingleTenantHsmInstance')
? DeleteSingleTenantHsmInstance.fromJson(
json_['deleteSingleTenantHsmInstance']
as core.Map<core.String, core.dynamic>,
)
: null,
deleteTime: json_['deleteTime'] as core.String?,
disableSingleTenantHsmInstance:
json_.containsKey('disableSingleTenantHsmInstance')
? DisableSingleTenantHsmInstance.fromJson(
json_['disableSingleTenantHsmInstance']
as core.Map<core.String, core.dynamic>,
)
: null,
enableSingleTenantHsmInstance:
json_.containsKey('enableSingleTenantHsmInstance')
? EnableSingleTenantHsmInstance.fromJson(
json_['enableSingleTenantHsmInstance']
as core.Map<core.String, core.dynamic>,
)
: null,
expireTime: json_['expireTime'] as core.String?,
failureReason: json_['failureReason'] as core.String?,
name: json_['name'] as core.String?,
purgeTime: json_['purgeTime'] as core.String?,
quorumParameters: json_.containsKey('quorumParameters')
? QuorumParameters.fromJson(
json_['quorumParameters']
as core.Map<core.String, core.dynamic>,
)
: null,
refreshSingleTenantHsmInstance:
json_.containsKey('refreshSingleTenantHsmInstance')
? RefreshSingleTenantHsmInstance.fromJson(
json_['refreshSingleTenantHsmInstance']
as core.Map<core.String, core.dynamic>,
)
: null,
registerTwoFactorAuthKeys:
json_.containsKey('registerTwoFactorAuthKeys')
? RegisterTwoFactorAuthKeys.fromJson(
json_['registerTwoFactorAuthKeys']
as core.Map<core.String, core.dynamic>,
)
: null,
removeQuorumMember: json_.containsKey('removeQuorumMember')
? RemoveQuorumMember.fromJson(
json_['removeQuorumMember']
as core.Map<core.String, core.dynamic>,
)
: null,
requiredActionQuorumParameters:
json_.containsKey('requiredActionQuorumParameters')
? RequiredActionQuorumParameters.fromJson(
json_['requiredActionQuorumParameters']
as core.Map<core.String, core.dynamic>,
)
: null,
state: json_['state'] as core.String?,
ttl: json_['ttl'] as core.String?,
);
core.Map<core.String, core.dynamic> toJson() {
final addQuorumMember = this.addQuorumMember;
final createTime = this.createTime;
final deleteSingleTenantHsmInstance = this.deleteSingleTenantHsmInstance;
final deleteTime = this.deleteTime;
final disableSingleTenantHsmInstance = this.disableSingleTenantHsmInstance;
final enableSingleTenantHsmInstance = this.enableSingleTenantHsmInstance;
final expireTime = this.expireTime;
final failureReason = this.failureReason;
final name = this.name;
final purgeTime = this.purgeTime;
final quorumParameters = this.quorumParameters;
final refreshSingleTenantHsmInstance = this.refreshSingleTenantHsmInstance;
final registerTwoFactorAuthKeys = this.registerTwoFactorAuthKeys;
final removeQuorumMember = this.removeQuorumMember;
final requiredActionQuorumParameters = this.requiredActionQuorumParameters;
final state = this.state;
final ttl = this.ttl;
return {
'addQuorumMember': ?addQuorumMember,
'createTime': ?createTime,
'deleteSingleTenantHsmInstance': ?deleteSingleTenantHsmInstance,
'deleteTime': ?deleteTime,
'disableSingleTenantHsmInstance': ?disableSingleTenantHsmInstance,
'enableSingleTenantHsmInstance': ?enableSingleTenantHsmInstance,
'expireTime': ?expireTime,
'failureReason': ?failureReason,
'name': ?name,
'purgeTime': ?purgeTime,
'quorumParameters': ?quorumParameters,
'refreshSingleTenantHsmInstance': ?refreshSingleTenantHsmInstance,
'registerTwoFactorAuthKeys': ?registerTwoFactorAuthKeys,
'removeQuorumMember': ?removeQuorumMember,
'requiredActionQuorumParameters': ?requiredActionQuorumParameters,
'state': ?state,
'ttl': ?ttl,
};
}
}
/// The `Status` type defines a logical error model that is suitable for
/// different programming environments, including REST APIs and RPC APIs.
///
/// It is used by [gRPC](https://github.com/grpc). Each `Status` message
/// contains three pieces of data: error code, error message, and error details.
/// You can find out more about this error model and how to work with it in the
/// [API Design Guide](https://cloud.google.com/apis/design/errors).
typedef Status = $Status00;
/// Request message for `TestIamPermissions` method.
typedef TestIamPermissionsRequest = $TestIamPermissionsRequest00;
/// Response message for `TestIamPermissions` method.
typedef TestIamPermissionsResponse = $PermissionsResponse;
/// Request message for KeyManagementService.UpdateCryptoKeyPrimaryVersion.
class UpdateCryptoKeyPrimaryVersionRequest {
/// The id of the child CryptoKeyVersion to use as primary.
///
/// Required.
core.String? cryptoKeyVersionId;
UpdateCryptoKeyPrimaryVersionRequest({this.cryptoKeyVersionId});
UpdateCryptoKeyPrimaryVersionRequest.fromJson(core.Map json_)
: this(cryptoKeyVersionId: json_['cryptoKeyVersionId'] as core.String?);
core.Map<core.String, core.dynamic> toJson() {
final cryptoKeyVersionId = this.cryptoKeyVersionId;
return {'cryptoKeyVersionId': ?cryptoKeyVersionId};
}
}
/// Response message for EkmService.VerifyConnectivity.
typedef VerifyConnectivityResponse = $Empty;
/// The public key component of the wrapping key.
///
/// For details of the type of key this public key corresponds to, see the
/// ImportMethod.
class WrappingPublicKey {
/// The public key, encoded in PEM format.
///
/// For more information, see the
/// [RFC 7468](https://tools.ietf.org/html/rfc7468) sections for
/// [General Considerations](https://tools.ietf.org/html/rfc7468#section-2)
/// and
/// [Textual Encoding of Subject Public Key Info](https://tools.ietf.org/html/rfc7468#section-13).
core.String? pem;
WrappingPublicKey({this.pem});
WrappingPublicKey.fromJson(core.Map json_)
: this(pem: json_['pem'] as core.String?);
core.Map<core.String, core.dynamic> toJson() {
final pem = this.pem;
return {'pem': ?pem};
}
}