| // Copyright 2017 Google LLC |
| // |
| // Use of this source code is governed by a BSD-style |
| // license that can be found in the LICENSE file or at |
| // https://developers.google.com/open-source/licenses/bsd |
| |
| // This is a generated file (see the discoveryapis_generator project). |
| |
| // ignore_for_file: camel_case_types |
| // ignore_for_file: comment_references |
| // ignore_for_file: deprecated_member_use_from_same_package |
| // ignore_for_file: doc_directive_unknown |
| // ignore_for_file: lines_longer_than_80_chars |
| // ignore_for_file: non_constant_identifier_names |
| // ignore_for_file: prefer_interpolation_to_compose_strings |
| // ignore_for_file: unintended_html_in_doc_comment |
| // ignore_for_file: unnecessary_brace_in_string_interps |
| // ignore_for_file: unnecessary_lambdas |
| // ignore_for_file: unnecessary_string_interpolations |
| |
| /// Cloud Key Management Service (KMS) API - v1 |
| /// |
| /// Manages keys and performs cryptographic operations in a central cloud |
| /// service, for direct use by other cloud resources and applications. |
| /// |
| /// For more information, see <https://cloud.google.com/kms/> |
| /// |
| /// Create an instance of [CloudKMSApi] to access these resources: |
| /// |
| /// - [FoldersResource] |
| /// - [OrganizationsResource] |
| /// - [ProjectsResource] |
| /// - [ProjectsLocationsResource] |
| /// - [ProjectsLocationsEkmConfigResource] |
| /// - [ProjectsLocationsEkmConnectionsResource] |
| /// - [ProjectsLocationsKeyHandlesResource] |
| /// - [ProjectsLocationsKeyRingsResource] |
| /// - [ProjectsLocationsKeyRingsCryptoKeysResource] |
| /// - [ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsResource] |
| /// - [ProjectsLocationsKeyRingsImportJobsResource] |
| /// - [ProjectsLocationsOperationsResource] |
| /// - [ProjectsLocationsRetiredResourcesResource] |
| /// - [ProjectsLocationsSingleTenantHsmInstancesResource] |
| /// - [ProjectsLocationsSingleTenantHsmInstancesProposalsResource] |
| library; |
| |
| import 'dart:async' as async; |
| import 'dart:convert' as convert; |
| import 'dart:core' as core; |
| |
| import 'package:_discoveryapis_commons/_discoveryapis_commons.dart' as commons; |
| import 'package:http/http.dart' as http; |
| |
| import '../shared.dart'; |
| import '../src/user_agent.dart'; |
| |
| export 'package:_discoveryapis_commons/_discoveryapis_commons.dart' |
| show ApiRequestError, DetailedApiRequestError; |
| |
| /// Manages keys and performs cryptographic operations in a central cloud |
| /// service, for direct use by other cloud resources and applications. |
| class CloudKMSApi { |
| /// See, edit, configure, and delete your Google Cloud data and see the email |
| /// address for your Google Account. |
| static const cloudPlatformScope = |
| 'https://www.googleapis.com/auth/cloud-platform'; |
| |
| /// View and manage your keys and secrets stored in Cloud Key Management |
| /// Service |
| static const cloudkmsScope = 'https://www.googleapis.com/auth/cloudkms'; |
| |
| final commons.ApiRequester _requester; |
| |
| FoldersResource get folders => FoldersResource(_requester); |
| OrganizationsResource get organizations => OrganizationsResource(_requester); |
| ProjectsResource get projects => ProjectsResource(_requester); |
| |
| CloudKMSApi( |
| http.Client client, { |
| core.String rootUrl = 'https://cloudkms.googleapis.com/', |
| core.String servicePath = '', |
| }) : _requester = commons.ApiRequester( |
| client, |
| rootUrl, |
| servicePath, |
| requestHeaders, |
| ); |
| } |
| |
| class FoldersResource { |
| final commons.ApiRequester _requester; |
| |
| FoldersResource(commons.ApiRequester client) : _requester = client; |
| |
| /// Returns the AutokeyConfig for a folder or project. |
| /// |
| /// Request parameters: |
| /// |
| /// [name] - Required. Name of the AutokeyConfig resource, e.g. |
| /// `folders/{FOLDER_NUMBER}/autokeyConfig` or |
| /// `projects/{PROJECT_NUMBER}/autokeyConfig`. |
| /// Value must have pattern `^folders/\[^/\]+/autokeyConfig$`. |
| /// |
| /// [$fields] - Selector specifying which fields to include in a partial |
| /// response. |
| /// |
| /// Completes with a [AutokeyConfig]. |
| /// |
| /// Completes with a [commons.ApiRequestError] if the API endpoint returned an |
| /// error. |
| /// |
| /// If the used [http.Client] completes with an error when making a REST call, |
| /// this method will complete with the same error. |
| async.Future<AutokeyConfig> getAutokeyConfig( |
| core.String name, { |
| core.String? $fields, |
| }) async { |
| final queryParams_ = <core.String, core.List<core.String>>{ |
| 'fields': ?$fields == null ? null : [$fields], |
| }; |
| |
| final url_ = 'v1/' + core.Uri.encodeFull('$name'); |
| |
| final response_ = await _requester.request( |
| url_, |
| 'GET', |
| queryParams: queryParams_, |
| ); |
| return AutokeyConfig.fromJson( |
| response_ as core.Map<core.String, core.dynamic>, |
| ); |
| } |
| |
| /// Gets the KeyAccessJustificationsPolicyConfig for a given organization, |
| /// folder, or project. |
| /// |
| /// Request parameters: |
| /// |
| /// [name] - Required. Specifies the name of the |
| /// KeyAccessJustificationsPolicyConfig to get. |
| /// Value must have pattern `^folders/\[^/\]+/kajPolicyConfig$`. |
| /// |
| /// [$fields] - Selector specifying which fields to include in a partial |
| /// response. |
| /// |
| /// Completes with a [KeyAccessJustificationsPolicyConfig]. |
| /// |
| /// Completes with a [commons.ApiRequestError] if the API endpoint returned an |
| /// error. |
| /// |
| /// If the used [http.Client] completes with an error when making a REST call, |
| /// this method will complete with the same error. |
| async.Future<KeyAccessJustificationsPolicyConfig> getKajPolicyConfig( |
| core.String name, { |
| core.String? $fields, |
| }) async { |
| final queryParams_ = <core.String, core.List<core.String>>{ |
| 'fields': ?$fields == null ? null : [$fields], |
| }; |
| |
| final url_ = 'v1/' + core.Uri.encodeFull('$name'); |
| |
| final response_ = await _requester.request( |
| url_, |
| 'GET', |
| queryParams: queryParams_, |
| ); |
| return KeyAccessJustificationsPolicyConfig.fromJson( |
| response_ as core.Map<core.String, core.dynamic>, |
| ); |
| } |
| |
| /// Updates the AutokeyConfig for a folder or a project. |
| /// |
| /// The caller must have both `cloudkms.autokeyConfigs.update` permission on |
| /// the parent folder and `cloudkms.cryptoKeys.setIamPolicy` permission on the |
| /// provided key project. A KeyHandle creation in the folder's descendant |
| /// projects will use this configuration to determine where to create the |
| /// resulting CryptoKey. |
| /// |
| /// [request] - The metadata request object. |
| /// |
| /// Request parameters: |
| /// |
| /// [name] - Identifier. Name of the AutokeyConfig resource, e.g. |
| /// `folders/{FOLDER_NUMBER}/autokeyConfig` or |
| /// `projects/{PROJECT_NUMBER}/autokeyConfig`. |
| /// Value must have pattern `^folders/\[^/\]+/autokeyConfig$`. |
| /// |
| /// [updateMask] - Required. Masks which fields of the AutokeyConfig to |
| /// update, e.g. `keyProject`. |
| /// |
| /// [$fields] - Selector specifying which fields to include in a partial |
| /// response. |
| /// |
| /// Completes with a [AutokeyConfig]. |
| /// |
| /// Completes with a [commons.ApiRequestError] if the API endpoint returned an |
| /// error. |
| /// |
| /// If the used [http.Client] completes with an error when making a REST call, |
| /// this method will complete with the same error. |
| async.Future<AutokeyConfig> updateAutokeyConfig( |
| AutokeyConfig request, |
| core.String name, { |
| core.String? updateMask, |
| core.String? $fields, |
| }) async { |
| final body_ = convert.json.encode(request); |
| final queryParams_ = <core.String, core.List<core.String>>{ |
| 'updateMask': ?updateMask == null ? null : [updateMask], |
| 'fields': ?$fields == null ? null : [$fields], |
| }; |
| |
| final url_ = 'v1/' + core.Uri.encodeFull('$name'); |
| |
| final response_ = await _requester.request( |
| url_, |
| 'PATCH', |
| body: body_, |
| queryParams: queryParams_, |
| ); |
| return AutokeyConfig.fromJson( |
| response_ as core.Map<core.String, core.dynamic>, |
| ); |
| } |
| |
| /// Updates the KeyAccessJustificationsPolicyConfig for a given organization, |
| /// folder, or project. |
| /// |
| /// [request] - The metadata request object. |
| /// |
| /// Request parameters: |
| /// |
| /// [name] - Identifier. Represents the resource name for this |
| /// KeyAccessJustificationsPolicyConfig in the format of |
| /// "{organizations|folders|projects} / * /kajPolicyConfig". |
| /// Value must have pattern `^folders/\[^/\]+/kajPolicyConfig$`. |
| /// |
| /// [updateMask] - Optional. Specifies the list of fields to update. |
| /// |
| /// [$fields] - Selector specifying which fields to include in a partial |
| /// response. |
| /// |
| /// Completes with a [KeyAccessJustificationsPolicyConfig]. |
| /// |
| /// Completes with a [commons.ApiRequestError] if the API endpoint returned an |
| /// error. |
| /// |
| /// If the used [http.Client] completes with an error when making a REST call, |
| /// this method will complete with the same error. |
| async.Future<KeyAccessJustificationsPolicyConfig> updateKajPolicyConfig( |
| KeyAccessJustificationsPolicyConfig request, |
| core.String name, { |
| core.String? updateMask, |
| core.String? $fields, |
| }) async { |
| final body_ = convert.json.encode(request); |
| final queryParams_ = <core.String, core.List<core.String>>{ |
| 'updateMask': ?updateMask == null ? null : [updateMask], |
| 'fields': ?$fields == null ? null : [$fields], |
| }; |
| |
| final url_ = 'v1/' + core.Uri.encodeFull('$name'); |
| |
| final response_ = await _requester.request( |
| url_, |
| 'PATCH', |
| body: body_, |
| queryParams: queryParams_, |
| ); |
| return KeyAccessJustificationsPolicyConfig.fromJson( |
| response_ as core.Map<core.String, core.dynamic>, |
| ); |
| } |
| } |
| |
| class OrganizationsResource { |
| final commons.ApiRequester _requester; |
| |
| OrganizationsResource(commons.ApiRequester client) : _requester = client; |
| |
| /// Gets the KeyAccessJustificationsPolicyConfig for a given organization, |
| /// folder, or project. |
| /// |
| /// Request parameters: |
| /// |
| /// [name] - Required. Specifies the name of the |
| /// KeyAccessJustificationsPolicyConfig to get. |
| /// Value must have pattern `^organizations/\[^/\]+/kajPolicyConfig$`. |
| /// |
| /// [$fields] - Selector specifying which fields to include in a partial |
| /// response. |
| /// |
| /// Completes with a [KeyAccessJustificationsPolicyConfig]. |
| /// |
| /// Completes with a [commons.ApiRequestError] if the API endpoint returned an |
| /// error. |
| /// |
| /// If the used [http.Client] completes with an error when making a REST call, |
| /// this method will complete with the same error. |
| async.Future<KeyAccessJustificationsPolicyConfig> getKajPolicyConfig( |
| core.String name, { |
| core.String? $fields, |
| }) async { |
| final queryParams_ = <core.String, core.List<core.String>>{ |
| 'fields': ?$fields == null ? null : [$fields], |
| }; |
| |
| final url_ = 'v1/' + core.Uri.encodeFull('$name'); |
| |
| final response_ = await _requester.request( |
| url_, |
| 'GET', |
| queryParams: queryParams_, |
| ); |
| return KeyAccessJustificationsPolicyConfig.fromJson( |
| response_ as core.Map<core.String, core.dynamic>, |
| ); |
| } |
| |
| /// Updates the KeyAccessJustificationsPolicyConfig for a given organization, |
| /// folder, or project. |
| /// |
| /// [request] - The metadata request object. |
| /// |
| /// Request parameters: |
| /// |
| /// [name] - Identifier. Represents the resource name for this |
| /// KeyAccessJustificationsPolicyConfig in the format of |
| /// "{organizations|folders|projects} / * /kajPolicyConfig". |
| /// Value must have pattern `^organizations/\[^/\]+/kajPolicyConfig$`. |
| /// |
| /// [updateMask] - Optional. Specifies the list of fields to update. |
| /// |
| /// [$fields] - Selector specifying which fields to include in a partial |
| /// response. |
| /// |
| /// Completes with a [KeyAccessJustificationsPolicyConfig]. |
| /// |
| /// Completes with a [commons.ApiRequestError] if the API endpoint returned an |
| /// error. |
| /// |
| /// If the used [http.Client] completes with an error when making a REST call, |
| /// this method will complete with the same error. |
| async.Future<KeyAccessJustificationsPolicyConfig> updateKajPolicyConfig( |
| KeyAccessJustificationsPolicyConfig request, |
| core.String name, { |
| core.String? updateMask, |
| core.String? $fields, |
| }) async { |
| final body_ = convert.json.encode(request); |
| final queryParams_ = <core.String, core.List<core.String>>{ |
| 'updateMask': ?updateMask == null ? null : [updateMask], |
| 'fields': ?$fields == null ? null : [$fields], |
| }; |
| |
| final url_ = 'v1/' + core.Uri.encodeFull('$name'); |
| |
| final response_ = await _requester.request( |
| url_, |
| 'PATCH', |
| body: body_, |
| queryParams: queryParams_, |
| ); |
| return KeyAccessJustificationsPolicyConfig.fromJson( |
| response_ as core.Map<core.String, core.dynamic>, |
| ); |
| } |
| } |
| |
| class ProjectsResource { |
| final commons.ApiRequester _requester; |
| |
| ProjectsLocationsResource get locations => |
| ProjectsLocationsResource(_requester); |
| |
| ProjectsResource(commons.ApiRequester client) : _requester = client; |
| |
| /// Returns the AutokeyConfig for a folder or project. |
| /// |
| /// Request parameters: |
| /// |
| /// [name] - Required. Name of the AutokeyConfig resource, e.g. |
| /// `folders/{FOLDER_NUMBER}/autokeyConfig` or |
| /// `projects/{PROJECT_NUMBER}/autokeyConfig`. |
| /// Value must have pattern `^projects/\[^/\]+/autokeyConfig$`. |
| /// |
| /// [$fields] - Selector specifying which fields to include in a partial |
| /// response. |
| /// |
| /// Completes with a [AutokeyConfig]. |
| /// |
| /// Completes with a [commons.ApiRequestError] if the API endpoint returned an |
| /// error. |
| /// |
| /// If the used [http.Client] completes with an error when making a REST call, |
| /// this method will complete with the same error. |
| async.Future<AutokeyConfig> getAutokeyConfig( |
| core.String name, { |
| core.String? $fields, |
| }) async { |
| final queryParams_ = <core.String, core.List<core.String>>{ |
| 'fields': ?$fields == null ? null : [$fields], |
| }; |
| |
| final url_ = 'v1/' + core.Uri.encodeFull('$name'); |
| |
| final response_ = await _requester.request( |
| url_, |
| 'GET', |
| queryParams: queryParams_, |
| ); |
| return AutokeyConfig.fromJson( |
| response_ as core.Map<core.String, core.dynamic>, |
| ); |
| } |
| |
| /// Gets the KeyAccessJustificationsPolicyConfig for a given organization, |
| /// folder, or project. |
| /// |
| /// Request parameters: |
| /// |
| /// [name] - Required. Specifies the name of the |
| /// KeyAccessJustificationsPolicyConfig to get. |
| /// Value must have pattern `^projects/\[^/\]+/kajPolicyConfig$`. |
| /// |
| /// [$fields] - Selector specifying which fields to include in a partial |
| /// response. |
| /// |
| /// Completes with a [KeyAccessJustificationsPolicyConfig]. |
| /// |
| /// Completes with a [commons.ApiRequestError] if the API endpoint returned an |
| /// error. |
| /// |
| /// If the used [http.Client] completes with an error when making a REST call, |
| /// this method will complete with the same error. |
| async.Future<KeyAccessJustificationsPolicyConfig> getKajPolicyConfig( |
| core.String name, { |
| core.String? $fields, |
| }) async { |
| final queryParams_ = <core.String, core.List<core.String>>{ |
| 'fields': ?$fields == null ? null : [$fields], |
| }; |
| |
| final url_ = 'v1/' + core.Uri.encodeFull('$name'); |
| |
| final response_ = await _requester.request( |
| url_, |
| 'GET', |
| queryParams: queryParams_, |
| ); |
| return KeyAccessJustificationsPolicyConfig.fromJson( |
| response_ as core.Map<core.String, core.dynamic>, |
| ); |
| } |
| |
| /// Returns the effective Cloud KMS Autokey configuration for a given project. |
| /// |
| /// Request parameters: |
| /// |
| /// [parent] - Required. Name of the resource project to the show effective |
| /// Cloud KMS Autokey configuration for. This may be helpful for interrogating |
| /// the effect of nested folder configurations on a given resource project. |
| /// Value must have pattern `^projects/\[^/\]+$`. |
| /// |
| /// [$fields] - Selector specifying which fields to include in a partial |
| /// response. |
| /// |
| /// Completes with a [ShowEffectiveAutokeyConfigResponse]. |
| /// |
| /// Completes with a [commons.ApiRequestError] if the API endpoint returned an |
| /// error. |
| /// |
| /// If the used [http.Client] completes with an error when making a REST call, |
| /// this method will complete with the same error. |
| async.Future<ShowEffectiveAutokeyConfigResponse> showEffectiveAutokeyConfig( |
| core.String parent, { |
| core.String? $fields, |
| }) async { |
| final queryParams_ = <core.String, core.List<core.String>>{ |
| 'fields': ?$fields == null ? null : [$fields], |
| }; |
| |
| final url_ = |
| 'v1/' + core.Uri.encodeFull('$parent') + ':showEffectiveAutokeyConfig'; |
| |
| final response_ = await _requester.request( |
| url_, |
| 'GET', |
| queryParams: queryParams_, |
| ); |
| return ShowEffectiveAutokeyConfigResponse.fromJson( |
| response_ as core.Map<core.String, core.dynamic>, |
| ); |
| } |
| |
| /// Returns the KeyAccessJustificationsEnrollmentConfig of the resource |
| /// closest to the given project in hierarchy. |
| /// |
| /// Request parameters: |
| /// |
| /// [project] - Required. Specifies the number or id of the project to get the |
| /// effective KeyAccessJustificationsEnrollmentConfig for. |
| /// Value must have pattern `^projects/\[^/\]+$`. |
| /// |
| /// [$fields] - Selector specifying which fields to include in a partial |
| /// response. |
| /// |
| /// Completes with a |
| /// [ShowEffectiveKeyAccessJustificationsEnrollmentConfigResponse]. |
| /// |
| /// Completes with a [commons.ApiRequestError] if the API endpoint returned an |
| /// error. |
| /// |
| /// If the used [http.Client] completes with an error when making a REST call, |
| /// this method will complete with the same error. |
| async.Future<ShowEffectiveKeyAccessJustificationsEnrollmentConfigResponse> |
| showEffectiveKeyAccessJustificationsEnrollmentConfig( |
| core.String project, { |
| core.String? $fields, |
| }) async { |
| final queryParams_ = <core.String, core.List<core.String>>{ |
| 'fields': ?$fields == null ? null : [$fields], |
| }; |
| |
| final url_ = |
| 'v1/' + |
| core.Uri.encodeFull('$project') + |
| ':showEffectiveKeyAccessJustificationsEnrollmentConfig'; |
| |
| final response_ = await _requester.request( |
| url_, |
| 'GET', |
| queryParams: queryParams_, |
| ); |
| return ShowEffectiveKeyAccessJustificationsEnrollmentConfigResponse.fromJson( |
| response_ as core.Map<core.String, core.dynamic>, |
| ); |
| } |
| |
| /// Returns the KeyAccessJustificationsPolicyConfig of the resource closest to |
| /// the given project in hierarchy. |
| /// |
| /// Request parameters: |
| /// |
| /// [project] - Required. Specifies the number or id of the project to get the |
| /// effective KeyAccessJustificationsPolicyConfig. In the format of |
| /// "projects/{|}" |
| /// Value must have pattern `^projects/\[^/\]+$`. |
| /// |
| /// [$fields] - Selector specifying which fields to include in a partial |
| /// response. |
| /// |
| /// Completes with a |
| /// [ShowEffectiveKeyAccessJustificationsPolicyConfigResponse]. |
| /// |
| /// Completes with a [commons.ApiRequestError] if the API endpoint returned an |
| /// error. |
| /// |
| /// If the used [http.Client] completes with an error when making a REST call, |
| /// this method will complete with the same error. |
| async.Future<ShowEffectiveKeyAccessJustificationsPolicyConfigResponse> |
| showEffectiveKeyAccessJustificationsPolicyConfig( |
| core.String project, { |
| core.String? $fields, |
| }) async { |
| final queryParams_ = <core.String, core.List<core.String>>{ |
| 'fields': ?$fields == null ? null : [$fields], |
| }; |
| |
| final url_ = |
| 'v1/' + |
| core.Uri.encodeFull('$project') + |
| ':showEffectiveKeyAccessJustificationsPolicyConfig'; |
| |
| final response_ = await _requester.request( |
| url_, |
| 'GET', |
| queryParams: queryParams_, |
| ); |
| return ShowEffectiveKeyAccessJustificationsPolicyConfigResponse.fromJson( |
| response_ as core.Map<core.String, core.dynamic>, |
| ); |
| } |
| |
| /// Updates the AutokeyConfig for a folder or a project. |
| /// |
| /// The caller must have both `cloudkms.autokeyConfigs.update` permission on |
| /// the parent folder and `cloudkms.cryptoKeys.setIamPolicy` permission on the |
| /// provided key project. A KeyHandle creation in the folder's descendant |
| /// projects will use this configuration to determine where to create the |
| /// resulting CryptoKey. |
| /// |
| /// [request] - The metadata request object. |
| /// |
| /// Request parameters: |
| /// |
| /// [name] - Identifier. Name of the AutokeyConfig resource, e.g. |
| /// `folders/{FOLDER_NUMBER}/autokeyConfig` or |
| /// `projects/{PROJECT_NUMBER}/autokeyConfig`. |
| /// Value must have pattern `^projects/\[^/\]+/autokeyConfig$`. |
| /// |
| /// [updateMask] - Required. Masks which fields of the AutokeyConfig to |
| /// update, e.g. `keyProject`. |
| /// |
| /// [$fields] - Selector specifying which fields to include in a partial |
| /// response. |
| /// |
| /// Completes with a [AutokeyConfig]. |
| /// |
| /// Completes with a [commons.ApiRequestError] if the API endpoint returned an |
| /// error. |
| /// |
| /// If the used [http.Client] completes with an error when making a REST call, |
| /// this method will complete with the same error. |
| async.Future<AutokeyConfig> updateAutokeyConfig( |
| AutokeyConfig request, |
| core.String name, { |
| core.String? updateMask, |
| core.String? $fields, |
| }) async { |
| final body_ = convert.json.encode(request); |
| final queryParams_ = <core.String, core.List<core.String>>{ |
| 'updateMask': ?updateMask == null ? null : [updateMask], |
| 'fields': ?$fields == null ? null : [$fields], |
| }; |
| |
| final url_ = 'v1/' + core.Uri.encodeFull('$name'); |
| |
| final response_ = await _requester.request( |
| url_, |
| 'PATCH', |
| body: body_, |
| queryParams: queryParams_, |
| ); |
| return AutokeyConfig.fromJson( |
| response_ as core.Map<core.String, core.dynamic>, |
| ); |
| } |
| |
| /// Updates the KeyAccessJustificationsPolicyConfig for a given organization, |
| /// folder, or project. |
| /// |
| /// [request] - The metadata request object. |
| /// |
| /// Request parameters: |
| /// |
| /// [name] - Identifier. Represents the resource name for this |
| /// KeyAccessJustificationsPolicyConfig in the format of |
| /// "{organizations|folders|projects} / * /kajPolicyConfig". |
| /// Value must have pattern `^projects/\[^/\]+/kajPolicyConfig$`. |
| /// |
| /// [updateMask] - Optional. Specifies the list of fields to update. |
| /// |
| /// [$fields] - Selector specifying which fields to include in a partial |
| /// response. |
| /// |
| /// Completes with a [KeyAccessJustificationsPolicyConfig]. |
| /// |
| /// Completes with a [commons.ApiRequestError] if the API endpoint returned an |
| /// error. |
| /// |
| /// If the used [http.Client] completes with an error when making a REST call, |
| /// this method will complete with the same error. |
| async.Future<KeyAccessJustificationsPolicyConfig> updateKajPolicyConfig( |
| KeyAccessJustificationsPolicyConfig request, |
| core.String name, { |
| core.String? updateMask, |
| core.String? $fields, |
| }) async { |
| final body_ = convert.json.encode(request); |
| final queryParams_ = <core.String, core.List<core.String>>{ |
| 'updateMask': ?updateMask == null ? null : [updateMask], |
| 'fields': ?$fields == null ? null : [$fields], |
| }; |
| |
| final url_ = 'v1/' + core.Uri.encodeFull('$name'); |
| |
| final response_ = await _requester.request( |
| url_, |
| 'PATCH', |
| body: body_, |
| queryParams: queryParams_, |
| ); |
| return KeyAccessJustificationsPolicyConfig.fromJson( |
| response_ as core.Map<core.String, core.dynamic>, |
| ); |
| } |
| } |
| |
| class ProjectsLocationsResource { |
| final commons.ApiRequester _requester; |
| |
| ProjectsLocationsEkmConfigResource get ekmConfig => |
| ProjectsLocationsEkmConfigResource(_requester); |
| ProjectsLocationsEkmConnectionsResource get ekmConnections => |
| ProjectsLocationsEkmConnectionsResource(_requester); |
| ProjectsLocationsKeyHandlesResource get keyHandles => |
| ProjectsLocationsKeyHandlesResource(_requester); |
| ProjectsLocationsKeyRingsResource get keyRings => |
| ProjectsLocationsKeyRingsResource(_requester); |
| ProjectsLocationsOperationsResource get operations => |
| ProjectsLocationsOperationsResource(_requester); |
| ProjectsLocationsRetiredResourcesResource get retiredResources => |
| ProjectsLocationsRetiredResourcesResource(_requester); |
| ProjectsLocationsSingleTenantHsmInstancesResource |
| get singleTenantHsmInstances => |
| ProjectsLocationsSingleTenantHsmInstancesResource(_requester); |
| |
| ProjectsLocationsResource(commons.ApiRequester client) : _requester = client; |
| |
| /// Generate random bytes using the Cloud KMS randomness source in the |
| /// provided location. |
| /// |
| /// [request] - The metadata request object. |
| /// |
| /// Request parameters: |
| /// |
| /// [location] - The project-specific location in which to generate random |
| /// bytes. For example, "projects/my-project/locations/us-central1". |
| /// Value must have pattern `^projects/\[^/\]+/locations/\[^/\]+$`. |
| /// |
| /// [$fields] - Selector specifying which fields to include in a partial |
| /// response. |
| /// |
| /// Completes with a [GenerateRandomBytesResponse]. |
| /// |
| /// Completes with a [commons.ApiRequestError] if the API endpoint returned an |
| /// error. |
| /// |
| /// If the used [http.Client] completes with an error when making a REST call, |
| /// this method will complete with the same error. |
| async.Future<GenerateRandomBytesResponse> generateRandomBytes( |
| GenerateRandomBytesRequest request, |
| core.String location, { |
| core.String? $fields, |
| }) async { |
| final body_ = convert.json.encode(request); |
| final queryParams_ = <core.String, core.List<core.String>>{ |
| 'fields': ?$fields == null ? null : [$fields], |
| }; |
| |
| final url_ = |
| 'v1/' + core.Uri.encodeFull('$location') + ':generateRandomBytes'; |
| |
| final response_ = await _requester.request( |
| url_, |
| 'POST', |
| body: body_, |
| queryParams: queryParams_, |
| ); |
| return GenerateRandomBytesResponse.fromJson( |
| response_ as core.Map<core.String, core.dynamic>, |
| ); |
| } |
| |
| /// Gets information about a location. |
| /// |
| /// Request parameters: |
| /// |
| /// [name] - Resource name for the location. |
| /// Value must have pattern `^projects/\[^/\]+/locations/\[^/\]+$`. |
| /// |
| /// [$fields] - Selector specifying which fields to include in a partial |
| /// response. |
| /// |
| /// Completes with a [Location]. |
| /// |
| /// Completes with a [commons.ApiRequestError] if the API endpoint returned an |
| /// error. |
| /// |
| /// If the used [http.Client] completes with an error when making a REST call, |
| /// this method will complete with the same error. |
| async.Future<Location> get(core.String name, {core.String? $fields}) async { |
| final queryParams_ = <core.String, core.List<core.String>>{ |
| 'fields': ?$fields == null ? null : [$fields], |
| }; |
| |
| final url_ = 'v1/' + core.Uri.encodeFull('$name'); |
| |
| final response_ = await _requester.request( |
| url_, |
| 'GET', |
| queryParams: queryParams_, |
| ); |
| return Location.fromJson(response_ as core.Map<core.String, core.dynamic>); |
| } |
| |
| /// Returns the EkmConfig singleton resource for a given project and location. |
| /// |
| /// Request parameters: |
| /// |
| /// [name] - Required. The name of the EkmConfig to get. |
| /// Value must have pattern `^projects/\[^/\]+/locations/\[^/\]+/ekmConfig$`. |
| /// |
| /// [$fields] - Selector specifying which fields to include in a partial |
| /// response. |
| /// |
| /// Completes with a [EkmConfig]. |
| /// |
| /// Completes with a [commons.ApiRequestError] if the API endpoint returned an |
| /// error. |
| /// |
| /// If the used [http.Client] completes with an error when making a REST call, |
| /// this method will complete with the same error. |
| async.Future<EkmConfig> getEkmConfig( |
| core.String name, { |
| core.String? $fields, |
| }) async { |
| final queryParams_ = <core.String, core.List<core.String>>{ |
| 'fields': ?$fields == null ? null : [$fields], |
| }; |
| |
| final url_ = 'v1/' + core.Uri.encodeFull('$name'); |
| |
| final response_ = await _requester.request( |
| url_, |
| 'GET', |
| queryParams: queryParams_, |
| ); |
| return EkmConfig.fromJson(response_ as core.Map<core.String, core.dynamic>); |
| } |
| |
| /// Lists information about the supported locations for this service. |
| /// |
| /// This method lists locations based on the resource scope provided in the |
| /// \[ListLocationsRequest.name\] field: * **Global locations**: If `name` is |
| /// empty, the method lists the public locations available to all projects. * |
| /// **Project-specific locations**: If `name` follows the format |
| /// `projects/{project}`, the method lists locations visible to that specific |
| /// project. This includes public, private, or other project-specific |
| /// locations enabled for the project. For gRPC and client library |
| /// implementations, the resource name is passed as the `name` field. For |
| /// direct service calls, the resource name is incorporated into the request |
| /// path based on the specific service implementation and version. |
| /// |
| /// Request parameters: |
| /// |
| /// [name] - The resource that owns the locations collection, if applicable. |
| /// Value must have pattern `^projects/\[^/\]+$`. |
| /// |
| /// [extraLocationTypes] - Optional. Do not use this field. It is unsupported |
| /// and is ignored unless explicitly documented otherwise. This is primarily |
| /// for internal usage. |
| /// |
| /// [filter] - A filter to narrow down results to a preferred subset. The |
| /// filtering language accepts strings like `"displayName=tokyo"`, and is |
| /// documented in more detail in \[AIP-160\](https://google.aip.dev/160). |
| /// |
| /// [pageSize] - The maximum number of results to return. If not set, the |
| /// service selects a default. |
| /// |
| /// [pageToken] - A page token received from the `next_page_token` field in |
| /// the response. Send that page token to receive the subsequent page. |
| /// |
| /// [$fields] - Selector specifying which fields to include in a partial |
| /// response. |
| /// |
| /// Completes with a [ListLocationsResponse]. |
| /// |
| /// Completes with a [commons.ApiRequestError] if the API endpoint returned an |
| /// error. |
| /// |
| /// If the used [http.Client] completes with an error when making a REST call, |
| /// this method will complete with the same error. |
| async.Future<ListLocationsResponse> list( |
| core.String name, { |
| core.List<core.String>? extraLocationTypes, |
| core.String? filter, |
| core.int? pageSize, |
| core.String? pageToken, |
| core.String? $fields, |
| }) async { |
| final queryParams_ = <core.String, core.List<core.String>>{ |
| 'extraLocationTypes': ?extraLocationTypes, |
| 'filter': ?filter == null ? null : [filter], |
| 'pageSize': ?pageSize == null ? null : ['${pageSize}'], |
| 'pageToken': ?pageToken == null ? null : [pageToken], |
| 'fields': ?$fields == null ? null : [$fields], |
| }; |
| |
| final url_ = 'v1/' + core.Uri.encodeFull('$name') + '/locations'; |
| |
| final response_ = await _requester.request( |
| url_, |
| 'GET', |
| queryParams: queryParams_, |
| ); |
| return ListLocationsResponse.fromJson( |
| response_ as core.Map<core.String, core.dynamic>, |
| ); |
| } |
| |
| /// Updates the EkmConfig singleton resource for a given project and location. |
| /// |
| /// [request] - The metadata request object. |
| /// |
| /// Request parameters: |
| /// |
| /// [name] - Output only. The resource name for the EkmConfig in the format |
| /// `projects / * /locations / * /ekmConfig`. |
| /// Value must have pattern `^projects/\[^/\]+/locations/\[^/\]+/ekmConfig$`. |
| /// |
| /// [updateMask] - Required. List of fields to be updated in this request. |
| /// |
| /// [$fields] - Selector specifying which fields to include in a partial |
| /// response. |
| /// |
| /// Completes with a [EkmConfig]. |
| /// |
| /// Completes with a [commons.ApiRequestError] if the API endpoint returned an |
| /// error. |
| /// |
| /// If the used [http.Client] completes with an error when making a REST call, |
| /// this method will complete with the same error. |
| async.Future<EkmConfig> updateEkmConfig( |
| EkmConfig request, |
| core.String name, { |
| core.String? updateMask, |
| core.String? $fields, |
| }) async { |
| final body_ = convert.json.encode(request); |
| final queryParams_ = <core.String, core.List<core.String>>{ |
| 'updateMask': ?updateMask == null ? null : [updateMask], |
| 'fields': ?$fields == null ? null : [$fields], |
| }; |
| |
| final url_ = 'v1/' + core.Uri.encodeFull('$name'); |
| |
| final response_ = await _requester.request( |
| url_, |
| 'PATCH', |
| body: body_, |
| queryParams: queryParams_, |
| ); |
| return EkmConfig.fromJson(response_ as core.Map<core.String, core.dynamic>); |
| } |
| } |
| |
| class ProjectsLocationsEkmConfigResource { |
| final commons.ApiRequester _requester; |
| |
| ProjectsLocationsEkmConfigResource(commons.ApiRequester client) |
| : _requester = client; |
| |
| /// Gets the access control policy for a resource. |
| /// |
| /// Returns an empty policy if the resource exists and does not have a policy |
| /// set. |
| /// |
| /// Request parameters: |
| /// |
| /// [resource] - REQUIRED: The resource for which the policy is being |
| /// requested. See |
| /// [Resource names](https://cloud.google.com/apis/design/resource_names) for |
| /// the appropriate value for this field. |
| /// Value must have pattern `^projects/\[^/\]+/locations/\[^/\]+/ekmConfig$`. |
| /// |
| /// [options_requestedPolicyVersion] - Optional. The maximum policy version |
| /// that will be used to format the policy. Valid values are 0, 1, and 3. |
| /// Requests specifying an invalid value will be rejected. Requests for |
| /// policies with any conditional role bindings must specify version 3. |
| /// Policies with no conditional role bindings may specify any valid value or |
| /// leave the field unset. The policy in the response might use the policy |
| /// version that you specified, or it might use a lower policy version. For |
| /// example, if you specify version 3, but the policy has no conditional role |
| /// bindings, the response uses version 1. To learn which resources support |
| /// conditions in their IAM policies, see the |
| /// [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). |
| /// |
| /// [$fields] - Selector specifying which fields to include in a partial |
| /// response. |
| /// |
| /// Completes with a [Policy]. |
| /// |
| /// Completes with a [commons.ApiRequestError] if the API endpoint returned an |
| /// error. |
| /// |
| /// If the used [http.Client] completes with an error when making a REST call, |
| /// this method will complete with the same error. |
| async.Future<Policy> getIamPolicy( |
| core.String resource, { |
| core.int? options_requestedPolicyVersion, |
| core.String? $fields, |
| }) async { |
| final queryParams_ = <core.String, core.List<core.String>>{ |
| 'options.requestedPolicyVersion': ?options_requestedPolicyVersion == null |
| ? null |
| : ['${options_requestedPolicyVersion}'], |
| 'fields': ?$fields == null ? null : [$fields], |
| }; |
| |
| final url_ = 'v1/' + core.Uri.encodeFull('$resource') + ':getIamPolicy'; |
| |
| final response_ = await _requester.request( |
| url_, |
| 'GET', |
| queryParams: queryParams_, |
| ); |
| return Policy.fromJson(response_ as core.Map<core.String, core.dynamic>); |
| } |
| |
| /// Sets the access control policy on the specified resource. |
| /// |
| /// Replaces any existing policy. Can return `NOT_FOUND`, `INVALID_ARGUMENT`, |
| /// and `PERMISSION_DENIED` errors. |
| /// |
| /// [request] - The metadata request object. |
| /// |
| /// Request parameters: |
| /// |
| /// [resource] - REQUIRED: The resource for which the policy is being |
| /// specified. See |
| /// [Resource names](https://cloud.google.com/apis/design/resource_names) for |
| /// the appropriate value for this field. |
| /// Value must have pattern `^projects/\[^/\]+/locations/\[^/\]+/ekmConfig$`. |
| /// |
| /// [$fields] - Selector specifying which fields to include in a partial |
| /// response. |
| /// |
| /// Completes with a [Policy]. |
| /// |
| /// Completes with a [commons.ApiRequestError] if the API endpoint returned an |
| /// error. |
| /// |
| /// If the used [http.Client] completes with an error when making a REST call, |
| /// this method will complete with the same error. |
| async.Future<Policy> setIamPolicy( |
| SetIamPolicyRequest request, |
| core.String resource, { |
| core.String? $fields, |
| }) async { |
| final body_ = convert.json.encode(request); |
| final queryParams_ = <core.String, core.List<core.String>>{ |
| 'fields': ?$fields == null ? null : [$fields], |
| }; |
| |
| final url_ = 'v1/' + core.Uri.encodeFull('$resource') + ':setIamPolicy'; |
| |
| final response_ = await _requester.request( |
| url_, |
| 'POST', |
| body: body_, |
| queryParams: queryParams_, |
| ); |
| return Policy.fromJson(response_ as core.Map<core.String, core.dynamic>); |
| } |
| |
| /// Returns permissions that a caller has on the specified resource. |
| /// |
| /// If the resource does not exist, this will return an empty set of |
| /// permissions, not a `NOT_FOUND` error. Note: This operation is designed to |
| /// be used for building permission-aware UIs and command-line tools, not for |
| /// authorization checking. This operation may "fail open" without warning. |
| /// |
| /// [request] - The metadata request object. |
| /// |
| /// Request parameters: |
| /// |
| /// [resource] - REQUIRED: The resource for which the policy detail is being |
| /// requested. See |
| /// [Resource names](https://cloud.google.com/apis/design/resource_names) for |
| /// the appropriate value for this field. |
| /// Value must have pattern `^projects/\[^/\]+/locations/\[^/\]+/ekmConfig$`. |
| /// |
| /// [$fields] - Selector specifying which fields to include in a partial |
| /// response. |
| /// |
| /// Completes with a [TestIamPermissionsResponse]. |
| /// |
| /// Completes with a [commons.ApiRequestError] if the API endpoint returned an |
| /// error. |
| /// |
| /// If the used [http.Client] completes with an error when making a REST call, |
| /// this method will complete with the same error. |
| async.Future<TestIamPermissionsResponse> testIamPermissions( |
| TestIamPermissionsRequest request, |
| core.String resource, { |
| core.String? $fields, |
| }) async { |
| final body_ = convert.json.encode(request); |
| final queryParams_ = <core.String, core.List<core.String>>{ |
| 'fields': ?$fields == null ? null : [$fields], |
| }; |
| |
| final url_ = |
| 'v1/' + core.Uri.encodeFull('$resource') + ':testIamPermissions'; |
| |
| final response_ = await _requester.request( |
| url_, |
| 'POST', |
| body: body_, |
| queryParams: queryParams_, |
| ); |
| return TestIamPermissionsResponse.fromJson( |
| response_ as core.Map<core.String, core.dynamic>, |
| ); |
| } |
| } |
| |
| class ProjectsLocationsEkmConnectionsResource { |
| final commons.ApiRequester _requester; |
| |
| ProjectsLocationsEkmConnectionsResource(commons.ApiRequester client) |
| : _requester = client; |
| |
| /// Creates a new EkmConnection in a given Project and Location. |
| /// |
| /// [request] - The metadata request object. |
| /// |
| /// Request parameters: |
| /// |
| /// [parent] - Required. The resource name of the location associated with the |
| /// EkmConnection, in the format `projects / * /locations / * `. |
| /// Value must have pattern `^projects/\[^/\]+/locations/\[^/\]+$`. |
| /// |
| /// [ekmConnectionId] - Required. It must be unique within a location and |
| /// match the regular expression `[a-zA-Z0-9_-]{1,63}`. |
| /// |
| /// [$fields] - Selector specifying which fields to include in a partial |
| /// response. |
| /// |
| /// Completes with a [EkmConnection]. |
| /// |
| /// Completes with a [commons.ApiRequestError] if the API endpoint returned an |
| /// error. |
| /// |
| /// If the used [http.Client] completes with an error when making a REST call, |
| /// this method will complete with the same error. |
| async.Future<EkmConnection> create( |
| EkmConnection request, |
| core.String parent, { |
| core.String? ekmConnectionId, |
| core.String? $fields, |
| }) async { |
| final body_ = convert.json.encode(request); |
| final queryParams_ = <core.String, core.List<core.String>>{ |
| 'ekmConnectionId': ?ekmConnectionId == null ? null : [ekmConnectionId], |
| 'fields': ?$fields == null ? null : [$fields], |
| }; |
| |
| final url_ = 'v1/' + core.Uri.encodeFull('$parent') + '/ekmConnections'; |
| |
| final response_ = await _requester.request( |
| url_, |
| 'POST', |
| body: body_, |
| queryParams: queryParams_, |
| ); |
| return EkmConnection.fromJson( |
| response_ as core.Map<core.String, core.dynamic>, |
| ); |
| } |
| |
| /// Returns metadata for a given EkmConnection. |
| /// |
| /// Request parameters: |
| /// |
| /// [name] - Required. The name of the EkmConnection to get. |
| /// Value must have pattern |
| /// `^projects/\[^/\]+/locations/\[^/\]+/ekmConnections/\[^/\]+$`. |
| /// |
| /// [$fields] - Selector specifying which fields to include in a partial |
| /// response. |
| /// |
| /// Completes with a [EkmConnection]. |
| /// |
| /// Completes with a [commons.ApiRequestError] if the API endpoint returned an |
| /// error. |
| /// |
| /// If the used [http.Client] completes with an error when making a REST call, |
| /// this method will complete with the same error. |
| async.Future<EkmConnection> get( |
| core.String name, { |
| core.String? $fields, |
| }) async { |
| final queryParams_ = <core.String, core.List<core.String>>{ |
| 'fields': ?$fields == null ? null : [$fields], |
| }; |
| |
| final url_ = 'v1/' + core.Uri.encodeFull('$name'); |
| |
| final response_ = await _requester.request( |
| url_, |
| 'GET', |
| queryParams: queryParams_, |
| ); |
| return EkmConnection.fromJson( |
| response_ as core.Map<core.String, core.dynamic>, |
| ); |
| } |
| |
| /// Gets the access control policy for a resource. |
| /// |
| /// Returns an empty policy if the resource exists and does not have a policy |
| /// set. |
| /// |
| /// Request parameters: |
| /// |
| /// [resource] - REQUIRED: The resource for which the policy is being |
| /// requested. See |
| /// [Resource names](https://cloud.google.com/apis/design/resource_names) for |
| /// the appropriate value for this field. |
| /// Value must have pattern |
| /// `^projects/\[^/\]+/locations/\[^/\]+/ekmConnections/\[^/\]+$`. |
| /// |
| /// [options_requestedPolicyVersion] - Optional. The maximum policy version |
| /// that will be used to format the policy. Valid values are 0, 1, and 3. |
| /// Requests specifying an invalid value will be rejected. Requests for |
| /// policies with any conditional role bindings must specify version 3. |
| /// Policies with no conditional role bindings may specify any valid value or |
| /// leave the field unset. The policy in the response might use the policy |
| /// version that you specified, or it might use a lower policy version. For |
| /// example, if you specify version 3, but the policy has no conditional role |
| /// bindings, the response uses version 1. To learn which resources support |
| /// conditions in their IAM policies, see the |
| /// [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). |
| /// |
| /// [$fields] - Selector specifying which fields to include in a partial |
| /// response. |
| /// |
| /// Completes with a [Policy]. |
| /// |
| /// Completes with a [commons.ApiRequestError] if the API endpoint returned an |
| /// error. |
| /// |
| /// If the used [http.Client] completes with an error when making a REST call, |
| /// this method will complete with the same error. |
| async.Future<Policy> getIamPolicy( |
| core.String resource, { |
| core.int? options_requestedPolicyVersion, |
| core.String? $fields, |
| }) async { |
| final queryParams_ = <core.String, core.List<core.String>>{ |
| 'options.requestedPolicyVersion': ?options_requestedPolicyVersion == null |
| ? null |
| : ['${options_requestedPolicyVersion}'], |
| 'fields': ?$fields == null ? null : [$fields], |
| }; |
| |
| final url_ = 'v1/' + core.Uri.encodeFull('$resource') + ':getIamPolicy'; |
| |
| final response_ = await _requester.request( |
| url_, |
| 'GET', |
| queryParams: queryParams_, |
| ); |
| return Policy.fromJson(response_ as core.Map<core.String, core.dynamic>); |
| } |
| |
| /// Lists EkmConnections. |
| /// |
| /// Request parameters: |
| /// |
| /// [parent] - Required. The resource name of the location associated with the |
| /// EkmConnections to list, in the format `projects / * /locations / * `. |
| /// Value must have pattern `^projects/\[^/\]+/locations/\[^/\]+$`. |
| /// |
| /// [filter] - Optional. Only include resources that match the filter in the |
| /// response. For more information, see |
| /// [Sorting and filtering list results](https://cloud.google.com/kms/docs/sorting-and-filtering). |
| /// |
| /// [orderBy] - Optional. Specify how the results should be sorted. If not |
| /// specified, the results will be sorted in the default order. For more |
| /// information, see |
| /// [Sorting and filtering list results](https://cloud.google.com/kms/docs/sorting-and-filtering). |
| /// |
| /// [pageSize] - Optional. Optional limit on the number of EkmConnections to |
| /// include in the response. Further EkmConnections can subsequently be |
| /// obtained by including the ListEkmConnectionsResponse.next_page_token in a |
| /// subsequent request. If unspecified, the server will pick an appropriate |
| /// default. |
| /// |
| /// [pageToken] - Optional. Optional pagination token, returned earlier via |
| /// ListEkmConnectionsResponse.next_page_token. |
| /// |
| /// [$fields] - Selector specifying which fields to include in a partial |
| /// response. |
| /// |
| /// Completes with a [ListEkmConnectionsResponse]. |
| /// |
| /// Completes with a [commons.ApiRequestError] if the API endpoint returned an |
| /// error. |
| /// |
| /// If the used [http.Client] completes with an error when making a REST call, |
| /// this method will complete with the same error. |
| async.Future<ListEkmConnectionsResponse> list( |
| core.String parent, { |
| core.String? filter, |
| core.String? orderBy, |
| core.int? pageSize, |
| core.String? pageToken, |
| core.String? $fields, |
| }) async { |
| final queryParams_ = <core.String, core.List<core.String>>{ |
| 'filter': ?filter == null ? null : [filter], |
| 'orderBy': ?orderBy == null ? null : [orderBy], |
| 'pageSize': ?pageSize == null ? null : ['${pageSize}'], |
| 'pageToken': ?pageToken == null ? null : [pageToken], |
| 'fields': ?$fields == null ? null : [$fields], |
| }; |
| |
| final url_ = 'v1/' + core.Uri.encodeFull('$parent') + '/ekmConnections'; |
| |
| final response_ = await _requester.request( |
| url_, |
| 'GET', |
| queryParams: queryParams_, |
| ); |
| return ListEkmConnectionsResponse.fromJson( |
| response_ as core.Map<core.String, core.dynamic>, |
| ); |
| } |
| |
| /// Updates an EkmConnection's metadata. |
| /// |
| /// [request] - The metadata request object. |
| /// |
| /// Request parameters: |
| /// |
| /// [name] - Output only. The resource name for the EkmConnection in the |
| /// format `projects / * /locations / * /ekmConnections / * `. |
| /// Value must have pattern |
| /// `^projects/\[^/\]+/locations/\[^/\]+/ekmConnections/\[^/\]+$`. |
| /// |
| /// [updateMask] - Required. List of fields to be updated in this request. |
| /// |
| /// [$fields] - Selector specifying which fields to include in a partial |
| /// response. |
| /// |
| /// Completes with a [EkmConnection]. |
| /// |
| /// Completes with a [commons.ApiRequestError] if the API endpoint returned an |
| /// error. |
| /// |
| /// If the used [http.Client] completes with an error when making a REST call, |
| /// this method will complete with the same error. |
| async.Future<EkmConnection> patch( |
| EkmConnection request, |
| core.String name, { |
| core.String? updateMask, |
| core.String? $fields, |
| }) async { |
| final body_ = convert.json.encode(request); |
| final queryParams_ = <core.String, core.List<core.String>>{ |
| 'updateMask': ?updateMask == null ? null : [updateMask], |
| 'fields': ?$fields == null ? null : [$fields], |
| }; |
| |
| final url_ = 'v1/' + core.Uri.encodeFull('$name'); |
| |
| final response_ = await _requester.request( |
| url_, |
| 'PATCH', |
| body: body_, |
| queryParams: queryParams_, |
| ); |
| return EkmConnection.fromJson( |
| response_ as core.Map<core.String, core.dynamic>, |
| ); |
| } |
| |
| /// Sets the access control policy on the specified resource. |
| /// |
| /// Replaces any existing policy. Can return `NOT_FOUND`, `INVALID_ARGUMENT`, |
| /// and `PERMISSION_DENIED` errors. |
| /// |
| /// [request] - The metadata request object. |
| /// |
| /// Request parameters: |
| /// |
| /// [resource] - REQUIRED: The resource for which the policy is being |
| /// specified. See |
| /// [Resource names](https://cloud.google.com/apis/design/resource_names) for |
| /// the appropriate value for this field. |
| /// Value must have pattern |
| /// `^projects/\[^/\]+/locations/\[^/\]+/ekmConnections/\[^/\]+$`. |
| /// |
| /// [$fields] - Selector specifying which fields to include in a partial |
| /// response. |
| /// |
| /// Completes with a [Policy]. |
| /// |
| /// Completes with a [commons.ApiRequestError] if the API endpoint returned an |
| /// error. |
| /// |
| /// If the used [http.Client] completes with an error when making a REST call, |
| /// this method will complete with the same error. |
| async.Future<Policy> setIamPolicy( |
| SetIamPolicyRequest request, |
| core.String resource, { |
| core.String? $fields, |
| }) async { |
| final body_ = convert.json.encode(request); |
| final queryParams_ = <core.String, core.List<core.String>>{ |
| 'fields': ?$fields == null ? null : [$fields], |
| }; |
| |
| final url_ = 'v1/' + core.Uri.encodeFull('$resource') + ':setIamPolicy'; |
| |
| final response_ = await _requester.request( |
| url_, |
| 'POST', |
| body: body_, |
| queryParams: queryParams_, |
| ); |
| return Policy.fromJson(response_ as core.Map<core.String, core.dynamic>); |
| } |
| |
| /// Returns permissions that a caller has on the specified resource. |
| /// |
| /// If the resource does not exist, this will return an empty set of |
| /// permissions, not a `NOT_FOUND` error. Note: This operation is designed to |
| /// be used for building permission-aware UIs and command-line tools, not for |
| /// authorization checking. This operation may "fail open" without warning. |
| /// |
| /// [request] - The metadata request object. |
| /// |
| /// Request parameters: |
| /// |
| /// [resource] - REQUIRED: The resource for which the policy detail is being |
| /// requested. See |
| /// [Resource names](https://cloud.google.com/apis/design/resource_names) for |
| /// the appropriate value for this field. |
| /// Value must have pattern |
| /// `^projects/\[^/\]+/locations/\[^/\]+/ekmConnections/\[^/\]+$`. |
| /// |
| /// [$fields] - Selector specifying which fields to include in a partial |
| /// response. |
| /// |
| /// Completes with a [TestIamPermissionsResponse]. |
| /// |
| /// Completes with a [commons.ApiRequestError] if the API endpoint returned an |
| /// error. |
| /// |
| /// If the used [http.Client] completes with an error when making a REST call, |
| /// this method will complete with the same error. |
| async.Future<TestIamPermissionsResponse> testIamPermissions( |
| TestIamPermissionsRequest request, |
| core.String resource, { |
| core.String? $fields, |
| }) async { |
| final body_ = convert.json.encode(request); |
| final queryParams_ = <core.String, core.List<core.String>>{ |
| 'fields': ?$fields == null ? null : [$fields], |
| }; |
| |
| final url_ = |
| 'v1/' + core.Uri.encodeFull('$resource') + ':testIamPermissions'; |
| |
| final response_ = await _requester.request( |
| url_, |
| 'POST', |
| body: body_, |
| queryParams: queryParams_, |
| ); |
| return TestIamPermissionsResponse.fromJson( |
| response_ as core.Map<core.String, core.dynamic>, |
| ); |
| } |
| |
| /// Verifies that Cloud KMS can successfully connect to the external key |
| /// manager specified by an EkmConnection. |
| /// |
| /// If there is an error connecting to the EKM, this method returns a |
| /// FAILED_PRECONDITION status containing structured information as described |
| /// at https://cloud.google.com/kms/docs/reference/ekm_errors. |
| /// |
| /// Request parameters: |
| /// |
| /// [name] - Required. The name of the EkmConnection to verify. |
| /// Value must have pattern |
| /// `^projects/\[^/\]+/locations/\[^/\]+/ekmConnections/\[^/\]+$`. |
| /// |
| /// [$fields] - Selector specifying which fields to include in a partial |
| /// response. |
| /// |
| /// Completes with a [VerifyConnectivityResponse]. |
| /// |
| /// Completes with a [commons.ApiRequestError] if the API endpoint returned an |
| /// error. |
| /// |
| /// If the used [http.Client] completes with an error when making a REST call, |
| /// this method will complete with the same error. |
| async.Future<VerifyConnectivityResponse> verifyConnectivity( |
| core.String name, { |
| core.String? $fields, |
| }) async { |
| final queryParams_ = <core.String, core.List<core.String>>{ |
| 'fields': ?$fields == null ? null : [$fields], |
| }; |
| |
| final url_ = 'v1/' + core.Uri.encodeFull('$name') + ':verifyConnectivity'; |
| |
| final response_ = await _requester.request( |
| url_, |
| 'GET', |
| queryParams: queryParams_, |
| ); |
| return VerifyConnectivityResponse.fromJson( |
| response_ as core.Map<core.String, core.dynamic>, |
| ); |
| } |
| } |
| |
| class ProjectsLocationsKeyHandlesResource { |
| final commons.ApiRequester _requester; |
| |
| ProjectsLocationsKeyHandlesResource(commons.ApiRequester client) |
| : _requester = client; |
| |
| /// Creates a new KeyHandle, triggering the provisioning of a new CryptoKey |
| /// for CMEK use with the given resource type in the configured key project |
| /// and the same location. |
| /// |
| /// GetOperation should be used to resolve the resulting long-running |
| /// operation and get the resulting KeyHandle and CryptoKey. |
| /// |
| /// [request] - The metadata request object. |
| /// |
| /// Request parameters: |
| /// |
| /// [parent] - Required. Name of the resource project and location to create |
| /// the KeyHandle in, e.g. `projects/{PROJECT_ID}/locations/{LOCATION}`. |
| /// Value must have pattern `^projects/\[^/\]+/locations/\[^/\]+$`. |
| /// |
| /// [keyHandleId] - Optional. Id of the KeyHandle. Must be unique to the |
| /// resource project and location. If not provided by the caller, a new UUID |
| /// is used. |
| /// |
| /// [$fields] - Selector specifying which fields to include in a partial |
| /// response. |
| /// |
| /// Completes with a [Operation]. |
| /// |
| /// Completes with a [commons.ApiRequestError] if the API endpoint returned an |
| /// error. |
| /// |
| /// If the used [http.Client] completes with an error when making a REST call, |
| /// this method will complete with the same error. |
| async.Future<Operation> create( |
| KeyHandle request, |
| core.String parent, { |
| core.String? keyHandleId, |
| core.String? $fields, |
| }) async { |
| final body_ = convert.json.encode(request); |
| final queryParams_ = <core.String, core.List<core.String>>{ |
| 'keyHandleId': ?keyHandleId == null ? null : [keyHandleId], |
| 'fields': ?$fields == null ? null : [$fields], |
| }; |
| |
| final url_ = 'v1/' + core.Uri.encodeFull('$parent') + '/keyHandles'; |
| |
| final response_ = await _requester.request( |
| url_, |
| 'POST', |
| body: body_, |
| queryParams: queryParams_, |
| ); |
| return Operation.fromJson(response_ as core.Map<core.String, core.dynamic>); |
| } |
| |
| /// Returns the KeyHandle. |
| /// |
| /// Request parameters: |
| /// |
| /// [name] - Required. Name of the KeyHandle resource, e.g. |
| /// `projects/{PROJECT_ID}/locations/{LOCATION}/keyHandles/{KEY_HANDLE_ID}`. |
| /// Value must have pattern |
| /// `^projects/\[^/\]+/locations/\[^/\]+/keyHandles/\[^/\]+$`. |
| /// |
| /// [$fields] - Selector specifying which fields to include in a partial |
| /// response. |
| /// |
| /// Completes with a [KeyHandle]. |
| /// |
| /// Completes with a [commons.ApiRequestError] if the API endpoint returned an |
| /// error. |
| /// |
| /// If the used [http.Client] completes with an error when making a REST call, |
| /// this method will complete with the same error. |
| async.Future<KeyHandle> get(core.String name, {core.String? $fields}) async { |
| final queryParams_ = <core.String, core.List<core.String>>{ |
| 'fields': ?$fields == null ? null : [$fields], |
| }; |
| |
| final url_ = 'v1/' + core.Uri.encodeFull('$name'); |
| |
| final response_ = await _requester.request( |
| url_, |
| 'GET', |
| queryParams: queryParams_, |
| ); |
| return KeyHandle.fromJson(response_ as core.Map<core.String, core.dynamic>); |
| } |
| |
| /// Lists KeyHandles. |
| /// |
| /// Request parameters: |
| /// |
| /// [parent] - Required. Name of the resource project and location from which |
| /// to list KeyHandles, e.g. `projects/{PROJECT_ID}/locations/{LOCATION}`. |
| /// Value must have pattern `^projects/\[^/\]+/locations/\[^/\]+$`. |
| /// |
| /// [filter] - Optional. Filter to apply when listing KeyHandles, e.g. |
| /// `resource_type_selector="{SERVICE}.googleapis.com/{TYPE}"`. |
| /// |
| /// [pageSize] - Optional. Optional limit on the number of KeyHandles to |
| /// include in the response. The service may return fewer than this value. |
| /// Further KeyHandles can subsequently be obtained by including the |
| /// ListKeyHandlesResponse.next_page_token in a subsequent request. If |
| /// unspecified, at most 100 KeyHandles will be returned. |
| /// |
| /// [pageToken] - Optional. Optional pagination token, returned earlier via |
| /// ListKeyHandlesResponse.next_page_token. |
| /// |
| /// [$fields] - Selector specifying which fields to include in a partial |
| /// response. |
| /// |
| /// Completes with a [ListKeyHandlesResponse]. |
| /// |
| /// Completes with a [commons.ApiRequestError] if the API endpoint returned an |
| /// error. |
| /// |
| /// If the used [http.Client] completes with an error when making a REST call, |
| /// this method will complete with the same error. |
| async.Future<ListKeyHandlesResponse> list( |
| core.String parent, { |
| core.String? filter, |
| core.int? pageSize, |
| core.String? pageToken, |
| core.String? $fields, |
| }) async { |
| final queryParams_ = <core.String, core.List<core.String>>{ |
| 'filter': ?filter == null ? null : [filter], |
| 'pageSize': ?pageSize == null ? null : ['${pageSize}'], |
| 'pageToken': ?pageToken == null ? null : [pageToken], |
| 'fields': ?$fields == null ? null : [$fields], |
| }; |
| |
| final url_ = 'v1/' + core.Uri.encodeFull('$parent') + '/keyHandles'; |
| |
| final response_ = await _requester.request( |
| url_, |
| 'GET', |
| queryParams: queryParams_, |
| ); |
| return ListKeyHandlesResponse.fromJson( |
| response_ as core.Map<core.String, core.dynamic>, |
| ); |
| } |
| } |
| |
| class ProjectsLocationsKeyRingsResource { |
| final commons.ApiRequester _requester; |
| |
| ProjectsLocationsKeyRingsCryptoKeysResource get cryptoKeys => |
| ProjectsLocationsKeyRingsCryptoKeysResource(_requester); |
| ProjectsLocationsKeyRingsImportJobsResource get importJobs => |
| ProjectsLocationsKeyRingsImportJobsResource(_requester); |
| |
| ProjectsLocationsKeyRingsResource(commons.ApiRequester client) |
| : _requester = client; |
| |
| /// Create a new KeyRing in a given Project and Location. |
| /// |
| /// [request] - The metadata request object. |
| /// |
| /// Request parameters: |
| /// |
| /// [parent] - Required. The resource name of the location associated with the |
| /// KeyRings, in the format `projects / * /locations / * `. |
| /// Value must have pattern `^projects/\[^/\]+/locations/\[^/\]+$`. |
| /// |
| /// [keyRingId] - Required. It must be unique within a location and match the |
| /// regular expression `[a-zA-Z0-9_-]{1,63}` |
| /// |
| /// [$fields] - Selector specifying which fields to include in a partial |
| /// response. |
| /// |
| /// Completes with a [KeyRing]. |
| /// |
| /// Completes with a [commons.ApiRequestError] if the API endpoint returned an |
| /// error. |
| /// |
| /// If the used [http.Client] completes with an error when making a REST call, |
| /// this method will complete with the same error. |
| async.Future<KeyRing> create( |
| KeyRing request, |
| core.String parent, { |
| core.String? keyRingId, |
| core.String? $fields, |
| }) async { |
| final body_ = convert.json.encode(request); |
| final queryParams_ = <core.String, core.List<core.String>>{ |
| 'keyRingId': ?keyRingId == null ? null : [keyRingId], |
| 'fields': ?$fields == null ? null : [$fields], |
| }; |
| |
| final url_ = 'v1/' + core.Uri.encodeFull('$parent') + '/keyRings'; |
| |
| final response_ = await _requester.request( |
| url_, |
| 'POST', |
| body: body_, |
| queryParams: queryParams_, |
| ); |
| return KeyRing.fromJson(response_ as core.Map<core.String, core.dynamic>); |
| } |
| |
| /// Returns metadata for a given KeyRing. |
| /// |
| /// Request parameters: |
| /// |
| /// [name] - Required. The name of the KeyRing to get. |
| /// Value must have pattern |
| /// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+$`. |
| /// |
| /// [$fields] - Selector specifying which fields to include in a partial |
| /// response. |
| /// |
| /// Completes with a [KeyRing]. |
| /// |
| /// Completes with a [commons.ApiRequestError] if the API endpoint returned an |
| /// error. |
| /// |
| /// If the used [http.Client] completes with an error when making a REST call, |
| /// this method will complete with the same error. |
| async.Future<KeyRing> get(core.String name, {core.String? $fields}) async { |
| final queryParams_ = <core.String, core.List<core.String>>{ |
| 'fields': ?$fields == null ? null : [$fields], |
| }; |
| |
| final url_ = 'v1/' + core.Uri.encodeFull('$name'); |
| |
| final response_ = await _requester.request( |
| url_, |
| 'GET', |
| queryParams: queryParams_, |
| ); |
| return KeyRing.fromJson(response_ as core.Map<core.String, core.dynamic>); |
| } |
| |
| /// Gets the access control policy for a resource. |
| /// |
| /// Returns an empty policy if the resource exists and does not have a policy |
| /// set. |
| /// |
| /// Request parameters: |
| /// |
| /// [resource] - REQUIRED: The resource for which the policy is being |
| /// requested. See |
| /// [Resource names](https://cloud.google.com/apis/design/resource_names) for |
| /// the appropriate value for this field. |
| /// Value must have pattern |
| /// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+$`. |
| /// |
| /// [options_requestedPolicyVersion] - Optional. The maximum policy version |
| /// that will be used to format the policy. Valid values are 0, 1, and 3. |
| /// Requests specifying an invalid value will be rejected. Requests for |
| /// policies with any conditional role bindings must specify version 3. |
| /// Policies with no conditional role bindings may specify any valid value or |
| /// leave the field unset. The policy in the response might use the policy |
| /// version that you specified, or it might use a lower policy version. For |
| /// example, if you specify version 3, but the policy has no conditional role |
| /// bindings, the response uses version 1. To learn which resources support |
| /// conditions in their IAM policies, see the |
| /// [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). |
| /// |
| /// [$fields] - Selector specifying which fields to include in a partial |
| /// response. |
| /// |
| /// Completes with a [Policy]. |
| /// |
| /// Completes with a [commons.ApiRequestError] if the API endpoint returned an |
| /// error. |
| /// |
| /// If the used [http.Client] completes with an error when making a REST call, |
| /// this method will complete with the same error. |
| async.Future<Policy> getIamPolicy( |
| core.String resource, { |
| core.int? options_requestedPolicyVersion, |
| core.String? $fields, |
| }) async { |
| final queryParams_ = <core.String, core.List<core.String>>{ |
| 'options.requestedPolicyVersion': ?options_requestedPolicyVersion == null |
| ? null |
| : ['${options_requestedPolicyVersion}'], |
| 'fields': ?$fields == null ? null : [$fields], |
| }; |
| |
| final url_ = 'v1/' + core.Uri.encodeFull('$resource') + ':getIamPolicy'; |
| |
| final response_ = await _requester.request( |
| url_, |
| 'GET', |
| queryParams: queryParams_, |
| ); |
| return Policy.fromJson(response_ as core.Map<core.String, core.dynamic>); |
| } |
| |
| /// Lists KeyRings. |
| /// |
| /// Request parameters: |
| /// |
| /// [parent] - Required. The resource name of the location associated with the |
| /// KeyRings, in the format `projects / * /locations / * `. |
| /// Value must have pattern `^projects/\[^/\]+/locations/\[^/\]+$`. |
| /// |
| /// [filter] - Optional. Only include resources that match the filter in the |
| /// response. For more information, see |
| /// [Sorting and filtering list results](https://cloud.google.com/kms/docs/sorting-and-filtering). |
| /// |
| /// [orderBy] - Optional. Specify how the results should be sorted. If not |
| /// specified, the results will be sorted in the default order. For more |
| /// information, see |
| /// [Sorting and filtering list results](https://cloud.google.com/kms/docs/sorting-and-filtering). |
| /// |
| /// [pageSize] - Optional. Optional limit on the number of KeyRings to include |
| /// in the response. Further KeyRings can subsequently be obtained by |
| /// including the ListKeyRingsResponse.next_page_token in a subsequent |
| /// request. If unspecified, the server will pick an appropriate default. |
| /// |
| /// [pageToken] - Optional. Optional pagination token, returned earlier via |
| /// ListKeyRingsResponse.next_page_token. |
| /// |
| /// [$fields] - Selector specifying which fields to include in a partial |
| /// response. |
| /// |
| /// Completes with a [ListKeyRingsResponse]. |
| /// |
| /// Completes with a [commons.ApiRequestError] if the API endpoint returned an |
| /// error. |
| /// |
| /// If the used [http.Client] completes with an error when making a REST call, |
| /// this method will complete with the same error. |
| async.Future<ListKeyRingsResponse> list( |
| core.String parent, { |
| core.String? filter, |
| core.String? orderBy, |
| core.int? pageSize, |
| core.String? pageToken, |
| core.String? $fields, |
| }) async { |
| final queryParams_ = <core.String, core.List<core.String>>{ |
| 'filter': ?filter == null ? null : [filter], |
| 'orderBy': ?orderBy == null ? null : [orderBy], |
| 'pageSize': ?pageSize == null ? null : ['${pageSize}'], |
| 'pageToken': ?pageToken == null ? null : [pageToken], |
| 'fields': ?$fields == null ? null : [$fields], |
| }; |
| |
| final url_ = 'v1/' + core.Uri.encodeFull('$parent') + '/keyRings'; |
| |
| final response_ = await _requester.request( |
| url_, |
| 'GET', |
| queryParams: queryParams_, |
| ); |
| return ListKeyRingsResponse.fromJson( |
| response_ as core.Map<core.String, core.dynamic>, |
| ); |
| } |
| |
| /// Sets the access control policy on the specified resource. |
| /// |
| /// Replaces any existing policy. Can return `NOT_FOUND`, `INVALID_ARGUMENT`, |
| /// and `PERMISSION_DENIED` errors. |
| /// |
| /// [request] - The metadata request object. |
| /// |
| /// Request parameters: |
| /// |
| /// [resource] - REQUIRED: The resource for which the policy is being |
| /// specified. See |
| /// [Resource names](https://cloud.google.com/apis/design/resource_names) for |
| /// the appropriate value for this field. |
| /// Value must have pattern |
| /// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+$`. |
| /// |
| /// [$fields] - Selector specifying which fields to include in a partial |
| /// response. |
| /// |
| /// Completes with a [Policy]. |
| /// |
| /// Completes with a [commons.ApiRequestError] if the API endpoint returned an |
| /// error. |
| /// |
| /// If the used [http.Client] completes with an error when making a REST call, |
| /// this method will complete with the same error. |
| async.Future<Policy> setIamPolicy( |
| SetIamPolicyRequest request, |
| core.String resource, { |
| core.String? $fields, |
| }) async { |
| final body_ = convert.json.encode(request); |
| final queryParams_ = <core.String, core.List<core.String>>{ |
| 'fields': ?$fields == null ? null : [$fields], |
| }; |
| |
| final url_ = 'v1/' + core.Uri.encodeFull('$resource') + ':setIamPolicy'; |
| |
| final response_ = await _requester.request( |
| url_, |
| 'POST', |
| body: body_, |
| queryParams: queryParams_, |
| ); |
| return Policy.fromJson(response_ as core.Map<core.String, core.dynamic>); |
| } |
| |
| /// Returns permissions that a caller has on the specified resource. |
| /// |
| /// If the resource does not exist, this will return an empty set of |
| /// permissions, not a `NOT_FOUND` error. Note: This operation is designed to |
| /// be used for building permission-aware UIs and command-line tools, not for |
| /// authorization checking. This operation may "fail open" without warning. |
| /// |
| /// [request] - The metadata request object. |
| /// |
| /// Request parameters: |
| /// |
| /// [resource] - REQUIRED: The resource for which the policy detail is being |
| /// requested. See |
| /// [Resource names](https://cloud.google.com/apis/design/resource_names) for |
| /// the appropriate value for this field. |
| /// Value must have pattern |
| /// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+$`. |
| /// |
| /// [$fields] - Selector specifying which fields to include in a partial |
| /// response. |
| /// |
| /// Completes with a [TestIamPermissionsResponse]. |
| /// |
| /// Completes with a [commons.ApiRequestError] if the API endpoint returned an |
| /// error. |
| /// |
| /// If the used [http.Client] completes with an error when making a REST call, |
| /// this method will complete with the same error. |
| async.Future<TestIamPermissionsResponse> testIamPermissions( |
| TestIamPermissionsRequest request, |
| core.String resource, { |
| core.String? $fields, |
| }) async { |
| final body_ = convert.json.encode(request); |
| final queryParams_ = <core.String, core.List<core.String>>{ |
| 'fields': ?$fields == null ? null : [$fields], |
| }; |
| |
| final url_ = |
| 'v1/' + core.Uri.encodeFull('$resource') + ':testIamPermissions'; |
| |
| final response_ = await _requester.request( |
| url_, |
| 'POST', |
| body: body_, |
| queryParams: queryParams_, |
| ); |
| return TestIamPermissionsResponse.fromJson( |
| response_ as core.Map<core.String, core.dynamic>, |
| ); |
| } |
| } |
| |
| class ProjectsLocationsKeyRingsCryptoKeysResource { |
| final commons.ApiRequester _requester; |
| |
| ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsResource |
| get cryptoKeyVersions => |
| ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsResource(_requester); |
| |
| ProjectsLocationsKeyRingsCryptoKeysResource(commons.ApiRequester client) |
| : _requester = client; |
| |
| /// Create a new CryptoKey within a KeyRing. |
| /// |
| /// CryptoKey.purpose and CryptoKey.version_template.algorithm are required. |
| /// |
| /// [request] - The metadata request object. |
| /// |
| /// Request parameters: |
| /// |
| /// [parent] - Required. The name of the KeyRing associated with the |
| /// CryptoKeys. |
| /// Value must have pattern |
| /// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+$`. |
| /// |
| /// [cryptoKeyId] - Required. It must be unique within a KeyRing and match the |
| /// regular expression `[a-zA-Z0-9_-]{1,63}` |
| /// |
| /// [skipInitialVersionCreation] - If set to true, the request will create a |
| /// CryptoKey without any CryptoKeyVersions. You must manually call |
| /// CreateCryptoKeyVersion or ImportCryptoKeyVersion before you can use this |
| /// CryptoKey. |
| /// |
| /// [$fields] - Selector specifying which fields to include in a partial |
| /// response. |
| /// |
| /// Completes with a [CryptoKey]. |
| /// |
| /// Completes with a [commons.ApiRequestError] if the API endpoint returned an |
| /// error. |
| /// |
| /// If the used [http.Client] completes with an error when making a REST call, |
| /// this method will complete with the same error. |
| async.Future<CryptoKey> create( |
| CryptoKey request, |
| core.String parent, { |
| core.String? cryptoKeyId, |
| core.bool? skipInitialVersionCreation, |
| core.String? $fields, |
| }) async { |
| final body_ = convert.json.encode(request); |
| final queryParams_ = <core.String, core.List<core.String>>{ |
| 'cryptoKeyId': ?cryptoKeyId == null ? null : [cryptoKeyId], |
| 'skipInitialVersionCreation': ?skipInitialVersionCreation == null |
| ? null |
| : ['${skipInitialVersionCreation}'], |
| 'fields': ?$fields == null ? null : [$fields], |
| }; |
| |
| final url_ = 'v1/' + core.Uri.encodeFull('$parent') + '/cryptoKeys'; |
| |
| final response_ = await _requester.request( |
| url_, |
| 'POST', |
| body: body_, |
| queryParams: queryParams_, |
| ); |
| return CryptoKey.fromJson(response_ as core.Map<core.String, core.dynamic>); |
| } |
| |
| /// Decrypts data that was protected by Encrypt. |
| /// |
| /// The CryptoKey.purpose must be ENCRYPT_DECRYPT. |
| /// |
| /// [request] - The metadata request object. |
| /// |
| /// Request parameters: |
| /// |
| /// [name] - Required. The resource name of the CryptoKey to use for |
| /// decryption. The server will choose the appropriate version. |
| /// Value must have pattern |
| /// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+/cryptoKeys/\[^/\]+$`. |
| /// |
| /// [$fields] - Selector specifying which fields to include in a partial |
| /// response. |
| /// |
| /// Completes with a [DecryptResponse]. |
| /// |
| /// Completes with a [commons.ApiRequestError] if the API endpoint returned an |
| /// error. |
| /// |
| /// If the used [http.Client] completes with an error when making a REST call, |
| /// this method will complete with the same error. |
| async.Future<DecryptResponse> decrypt( |
| DecryptRequest request, |
| core.String name, { |
| core.String? $fields, |
| }) async { |
| final body_ = convert.json.encode(request); |
| final queryParams_ = <core.String, core.List<core.String>>{ |
| 'fields': ?$fields == null ? null : [$fields], |
| }; |
| |
| final url_ = 'v1/' + core.Uri.encodeFull('$name') + ':decrypt'; |
| |
| final response_ = await _requester.request( |
| url_, |
| 'POST', |
| body: body_, |
| queryParams: queryParams_, |
| ); |
| return DecryptResponse.fromJson( |
| response_ as core.Map<core.String, core.dynamic>, |
| ); |
| } |
| |
| /// Permanently deletes the given CryptoKey. |
| /// |
| /// All child CryptoKeyVersions must have been previously deleted using |
| /// KeyManagementService.DeleteCryptoKeyVersion. The specified crypto key will |
| /// be immediately and permanently deleted upon calling this method. This |
| /// action cannot be undone. |
| /// |
| /// Request parameters: |
| /// |
| /// [name] - Required. The name of the CryptoKey to delete. |
| /// Value must have pattern |
| /// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+/cryptoKeys/\[^/\]+$`. |
| /// |
| /// [$fields] - Selector specifying which fields to include in a partial |
| /// response. |
| /// |
| /// Completes with a [Operation]. |
| /// |
| /// Completes with a [commons.ApiRequestError] if the API endpoint returned an |
| /// error. |
| /// |
| /// If the used [http.Client] completes with an error when making a REST call, |
| /// this method will complete with the same error. |
| async.Future<Operation> delete( |
| core.String name, { |
| core.String? $fields, |
| }) async { |
| final queryParams_ = <core.String, core.List<core.String>>{ |
| 'fields': ?$fields == null ? null : [$fields], |
| }; |
| |
| final url_ = 'v1/' + core.Uri.encodeFull('$name'); |
| |
| final response_ = await _requester.request( |
| url_, |
| 'DELETE', |
| queryParams: queryParams_, |
| ); |
| return Operation.fromJson(response_ as core.Map<core.String, core.dynamic>); |
| } |
| |
| /// Encrypts data, so that it can only be recovered by a call to Decrypt. |
| /// |
| /// The CryptoKey.purpose must be ENCRYPT_DECRYPT. |
| /// |
| /// [request] - The metadata request object. |
| /// |
| /// Request parameters: |
| /// |
| /// [name] - Required. The resource name of the CryptoKey or CryptoKeyVersion |
| /// to use for encryption. If a CryptoKey is specified, the server will use |
| /// its primary version. |
| /// Value must have pattern |
| /// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+/cryptoKeys/.*$`. |
| /// |
| /// [$fields] - Selector specifying which fields to include in a partial |
| /// response. |
| /// |
| /// Completes with a [EncryptResponse]. |
| /// |
| /// Completes with a [commons.ApiRequestError] if the API endpoint returned an |
| /// error. |
| /// |
| /// If the used [http.Client] completes with an error when making a REST call, |
| /// this method will complete with the same error. |
| async.Future<EncryptResponse> encrypt( |
| EncryptRequest request, |
| core.String name, { |
| core.String? $fields, |
| }) async { |
| final body_ = convert.json.encode(request); |
| final queryParams_ = <core.String, core.List<core.String>>{ |
| 'fields': ?$fields == null ? null : [$fields], |
| }; |
| |
| final url_ = 'v1/' + core.Uri.encodeFull('$name') + ':encrypt'; |
| |
| final response_ = await _requester.request( |
| url_, |
| 'POST', |
| body: body_, |
| queryParams: queryParams_, |
| ); |
| return EncryptResponse.fromJson( |
| response_ as core.Map<core.String, core.dynamic>, |
| ); |
| } |
| |
| /// Returns metadata for a given CryptoKey, as well as its primary |
| /// CryptoKeyVersion. |
| /// |
| /// Request parameters: |
| /// |
| /// [name] - Required. The name of the CryptoKey to get. |
| /// Value must have pattern |
| /// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+/cryptoKeys/\[^/\]+$`. |
| /// |
| /// [$fields] - Selector specifying which fields to include in a partial |
| /// response. |
| /// |
| /// Completes with a [CryptoKey]. |
| /// |
| /// Completes with a [commons.ApiRequestError] if the API endpoint returned an |
| /// error. |
| /// |
| /// If the used [http.Client] completes with an error when making a REST call, |
| /// this method will complete with the same error. |
| async.Future<CryptoKey> get(core.String name, {core.String? $fields}) async { |
| final queryParams_ = <core.String, core.List<core.String>>{ |
| 'fields': ?$fields == null ? null : [$fields], |
| }; |
| |
| final url_ = 'v1/' + core.Uri.encodeFull('$name'); |
| |
| final response_ = await _requester.request( |
| url_, |
| 'GET', |
| queryParams: queryParams_, |
| ); |
| return CryptoKey.fromJson(response_ as core.Map<core.String, core.dynamic>); |
| } |
| |
| /// Gets the access control policy for a resource. |
| /// |
| /// Returns an empty policy if the resource exists and does not have a policy |
| /// set. |
| /// |
| /// Request parameters: |
| /// |
| /// [resource] - REQUIRED: The resource for which the policy is being |
| /// requested. See |
| /// [Resource names](https://cloud.google.com/apis/design/resource_names) for |
| /// the appropriate value for this field. |
| /// Value must have pattern |
| /// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+/cryptoKeys/\[^/\]+$`. |
| /// |
| /// [options_requestedPolicyVersion] - Optional. The maximum policy version |
| /// that will be used to format the policy. Valid values are 0, 1, and 3. |
| /// Requests specifying an invalid value will be rejected. Requests for |
| /// policies with any conditional role bindings must specify version 3. |
| /// Policies with no conditional role bindings may specify any valid value or |
| /// leave the field unset. The policy in the response might use the policy |
| /// version that you specified, or it might use a lower policy version. For |
| /// example, if you specify version 3, but the policy has no conditional role |
| /// bindings, the response uses version 1. To learn which resources support |
| /// conditions in their IAM policies, see the |
| /// [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). |
| /// |
| /// [$fields] - Selector specifying which fields to include in a partial |
| /// response. |
| /// |
| /// Completes with a [Policy]. |
| /// |
| /// Completes with a [commons.ApiRequestError] if the API endpoint returned an |
| /// error. |
| /// |
| /// If the used [http.Client] completes with an error when making a REST call, |
| /// this method will complete with the same error. |
| async.Future<Policy> getIamPolicy( |
| core.String resource, { |
| core.int? options_requestedPolicyVersion, |
| core.String? $fields, |
| }) async { |
| final queryParams_ = <core.String, core.List<core.String>>{ |
| 'options.requestedPolicyVersion': ?options_requestedPolicyVersion == null |
| ? null |
| : ['${options_requestedPolicyVersion}'], |
| 'fields': ?$fields == null ? null : [$fields], |
| }; |
| |
| final url_ = 'v1/' + core.Uri.encodeFull('$resource') + ':getIamPolicy'; |
| |
| final response_ = await _requester.request( |
| url_, |
| 'GET', |
| queryParams: queryParams_, |
| ); |
| return Policy.fromJson(response_ as core.Map<core.String, core.dynamic>); |
| } |
| |
| /// Lists CryptoKeys. |
| /// |
| /// Request parameters: |
| /// |
| /// [parent] - Required. The resource name of the KeyRing to list, in the |
| /// format `projects / * /locations / * /keyRings / * `. |
| /// Value must have pattern |
| /// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+$`. |
| /// |
| /// [filter] - Optional. Only include resources that match the filter in the |
| /// response. For more information, see |
| /// [Sorting and filtering list results](https://cloud.google.com/kms/docs/sorting-and-filtering). |
| /// |
| /// [orderBy] - Optional. Specify how the results should be sorted. If not |
| /// specified, the results will be sorted in the default order. For more |
| /// information, see |
| /// [Sorting and filtering list results](https://cloud.google.com/kms/docs/sorting-and-filtering). |
| /// |
| /// [pageSize] - Optional. Optional limit on the number of CryptoKeys to |
| /// include in the response. Further CryptoKeys can subsequently be obtained |
| /// by including the ListCryptoKeysResponse.next_page_token in a subsequent |
| /// request. If unspecified, the server will pick an appropriate default. |
| /// |
| /// [pageToken] - Optional. Optional pagination token, returned earlier via |
| /// ListCryptoKeysResponse.next_page_token. |
| /// |
| /// [versionView] - The fields of the primary version to include in the |
| /// response. |
| /// Possible string values are: |
| /// - "CRYPTO_KEY_VERSION_VIEW_UNSPECIFIED" : Default view for each |
| /// CryptoKeyVersion. Does not include the attestation field. |
| /// - "FULL" : Provides all fields in each CryptoKeyVersion, including the |
| /// attestation. |
| /// |
| /// [$fields] - Selector specifying which fields to include in a partial |
| /// response. |
| /// |
| /// Completes with a [ListCryptoKeysResponse]. |
| /// |
| /// Completes with a [commons.ApiRequestError] if the API endpoint returned an |
| /// error. |
| /// |
| /// If the used [http.Client] completes with an error when making a REST call, |
| /// this method will complete with the same error. |
| async.Future<ListCryptoKeysResponse> list( |
| core.String parent, { |
| core.String? filter, |
| core.String? orderBy, |
| core.int? pageSize, |
| core.String? pageToken, |
| core.String? versionView, |
| core.String? $fields, |
| }) async { |
| final queryParams_ = <core.String, core.List<core.String>>{ |
| 'filter': ?filter == null ? null : [filter], |
| 'orderBy': ?orderBy == null ? null : [orderBy], |
| 'pageSize': ?pageSize == null ? null : ['${pageSize}'], |
| 'pageToken': ?pageToken == null ? null : [pageToken], |
| 'versionView': ?versionView == null ? null : [versionView], |
| 'fields': ?$fields == null ? null : [$fields], |
| }; |
| |
| final url_ = 'v1/' + core.Uri.encodeFull('$parent') + '/cryptoKeys'; |
| |
| final response_ = await _requester.request( |
| url_, |
| 'GET', |
| queryParams: queryParams_, |
| ); |
| return ListCryptoKeysResponse.fromJson( |
| response_ as core.Map<core.String, core.dynamic>, |
| ); |
| } |
| |
| /// Update a CryptoKey. |
| /// |
| /// [request] - The metadata request object. |
| /// |
| /// Request parameters: |
| /// |
| /// [name] - Output only. The resource name for this CryptoKey in the format |
| /// `projects / * /locations / * /keyRings / * /cryptoKeys / * `. |
| /// Value must have pattern |
| /// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+/cryptoKeys/\[^/\]+$`. |
| /// |
| /// [updateMask] - Required. List of fields to be updated in this request. |
| /// |
| /// [$fields] - Selector specifying which fields to include in a partial |
| /// response. |
| /// |
| /// Completes with a [CryptoKey]. |
| /// |
| /// Completes with a [commons.ApiRequestError] if the API endpoint returned an |
| /// error. |
| /// |
| /// If the used [http.Client] completes with an error when making a REST call, |
| /// this method will complete with the same error. |
| async.Future<CryptoKey> patch( |
| CryptoKey request, |
| core.String name, { |
| core.String? updateMask, |
| core.String? $fields, |
| }) async { |
| final body_ = convert.json.encode(request); |
| final queryParams_ = <core.String, core.List<core.String>>{ |
| 'updateMask': ?updateMask == null ? null : [updateMask], |
| 'fields': ?$fields == null ? null : [$fields], |
| }; |
| |
| final url_ = 'v1/' + core.Uri.encodeFull('$name'); |
| |
| final response_ = await _requester.request( |
| url_, |
| 'PATCH', |
| body: body_, |
| queryParams: queryParams_, |
| ); |
| return CryptoKey.fromJson(response_ as core.Map<core.String, core.dynamic>); |
| } |
| |
| /// Sets the access control policy on the specified resource. |
| /// |
| /// Replaces any existing policy. Can return `NOT_FOUND`, `INVALID_ARGUMENT`, |
| /// and `PERMISSION_DENIED` errors. |
| /// |
| /// [request] - The metadata request object. |
| /// |
| /// Request parameters: |
| /// |
| /// [resource] - REQUIRED: The resource for which the policy is being |
| /// specified. See |
| /// [Resource names](https://cloud.google.com/apis/design/resource_names) for |
| /// the appropriate value for this field. |
| /// Value must have pattern |
| /// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+/cryptoKeys/\[^/\]+$`. |
| /// |
| /// [$fields] - Selector specifying which fields to include in a partial |
| /// response. |
| /// |
| /// Completes with a [Policy]. |
| /// |
| /// Completes with a [commons.ApiRequestError] if the API endpoint returned an |
| /// error. |
| /// |
| /// If the used [http.Client] completes with an error when making a REST call, |
| /// this method will complete with the same error. |
| async.Future<Policy> setIamPolicy( |
| SetIamPolicyRequest request, |
| core.String resource, { |
| core.String? $fields, |
| }) async { |
| final body_ = convert.json.encode(request); |
| final queryParams_ = <core.String, core.List<core.String>>{ |
| 'fields': ?$fields == null ? null : [$fields], |
| }; |
| |
| final url_ = 'v1/' + core.Uri.encodeFull('$resource') + ':setIamPolicy'; |
| |
| final response_ = await _requester.request( |
| url_, |
| 'POST', |
| body: body_, |
| queryParams: queryParams_, |
| ); |
| return Policy.fromJson(response_ as core.Map<core.String, core.dynamic>); |
| } |
| |
| /// Returns permissions that a caller has on the specified resource. |
| /// |
| /// If the resource does not exist, this will return an empty set of |
| /// permissions, not a `NOT_FOUND` error. Note: This operation is designed to |
| /// be used for building permission-aware UIs and command-line tools, not for |
| /// authorization checking. This operation may "fail open" without warning. |
| /// |
| /// [request] - The metadata request object. |
| /// |
| /// Request parameters: |
| /// |
| /// [resource] - REQUIRED: The resource for which the policy detail is being |
| /// requested. See |
| /// [Resource names](https://cloud.google.com/apis/design/resource_names) for |
| /// the appropriate value for this field. |
| /// Value must have pattern |
| /// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+/cryptoKeys/\[^/\]+$`. |
| /// |
| /// [$fields] - Selector specifying which fields to include in a partial |
| /// response. |
| /// |
| /// Completes with a [TestIamPermissionsResponse]. |
| /// |
| /// Completes with a [commons.ApiRequestError] if the API endpoint returned an |
| /// error. |
| /// |
| /// If the used [http.Client] completes with an error when making a REST call, |
| /// this method will complete with the same error. |
| async.Future<TestIamPermissionsResponse> testIamPermissions( |
| TestIamPermissionsRequest request, |
| core.String resource, { |
| core.String? $fields, |
| }) async { |
| final body_ = convert.json.encode(request); |
| final queryParams_ = <core.String, core.List<core.String>>{ |
| 'fields': ?$fields == null ? null : [$fields], |
| }; |
| |
| final url_ = |
| 'v1/' + core.Uri.encodeFull('$resource') + ':testIamPermissions'; |
| |
| final response_ = await _requester.request( |
| url_, |
| 'POST', |
| body: body_, |
| queryParams: queryParams_, |
| ); |
| return TestIamPermissionsResponse.fromJson( |
| response_ as core.Map<core.String, core.dynamic>, |
| ); |
| } |
| |
| /// Update the version of a CryptoKey that will be used in Encrypt. |
| /// |
| /// Returns an error if called on a key whose purpose is not ENCRYPT_DECRYPT. |
| /// |
| /// [request] - The metadata request object. |
| /// |
| /// Request parameters: |
| /// |
| /// [name] - Required. The resource name of the CryptoKey to update. |
| /// Value must have pattern |
| /// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+/cryptoKeys/\[^/\]+$`. |
| /// |
| /// [$fields] - Selector specifying which fields to include in a partial |
| /// response. |
| /// |
| /// Completes with a [CryptoKey]. |
| /// |
| /// Completes with a [commons.ApiRequestError] if the API endpoint returned an |
| /// error. |
| /// |
| /// If the used [http.Client] completes with an error when making a REST call, |
| /// this method will complete with the same error. |
| async.Future<CryptoKey> updatePrimaryVersion( |
| UpdateCryptoKeyPrimaryVersionRequest request, |
| core.String name, { |
| core.String? $fields, |
| }) async { |
| final body_ = convert.json.encode(request); |
| final queryParams_ = <core.String, core.List<core.String>>{ |
| 'fields': ?$fields == null ? null : [$fields], |
| }; |
| |
| final url_ = 'v1/' + core.Uri.encodeFull('$name') + ':updatePrimaryVersion'; |
| |
| final response_ = await _requester.request( |
| url_, |
| 'POST', |
| body: body_, |
| queryParams: queryParams_, |
| ); |
| return CryptoKey.fromJson(response_ as core.Map<core.String, core.dynamic>); |
| } |
| } |
| |
| class ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsResource { |
| final commons.ApiRequester _requester; |
| |
| ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsResource( |
| commons.ApiRequester client, |
| ) : _requester = client; |
| |
| /// Decrypts data that was encrypted with a public key retrieved from |
| /// GetPublicKey corresponding to a CryptoKeyVersion with CryptoKey.purpose |
| /// ASYMMETRIC_DECRYPT. |
| /// |
| /// [request] - The metadata request object. |
| /// |
| /// Request parameters: |
| /// |
| /// [name] - Required. The resource name of the CryptoKeyVersion to use for |
| /// decryption. |
| /// Value must have pattern |
| /// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+/cryptoKeys/\[^/\]+/cryptoKeyVersions/\[^/\]+$`. |
| /// |
| /// [$fields] - Selector specifying which fields to include in a partial |
| /// response. |
| /// |
| /// Completes with a [AsymmetricDecryptResponse]. |
| /// |
| /// Completes with a [commons.ApiRequestError] if the API endpoint returned an |
| /// error. |
| /// |
| /// If the used [http.Client] completes with an error when making a REST call, |
| /// this method will complete with the same error. |
| async.Future<AsymmetricDecryptResponse> asymmetricDecrypt( |
| AsymmetricDecryptRequest request, |
| core.String name, { |
| core.String? $fields, |
| }) async { |
| final body_ = convert.json.encode(request); |
| final queryParams_ = <core.String, core.List<core.String>>{ |
| 'fields': ?$fields == null ? null : [$fields], |
| }; |
| |
| final url_ = 'v1/' + core.Uri.encodeFull('$name') + ':asymmetricDecrypt'; |
| |
| final response_ = await _requester.request( |
| url_, |
| 'POST', |
| body: body_, |
| queryParams: queryParams_, |
| ); |
| return AsymmetricDecryptResponse.fromJson( |
| response_ as core.Map<core.String, core.dynamic>, |
| ); |
| } |
| |
| /// Signs data using a CryptoKeyVersion with CryptoKey.purpose |
| /// ASYMMETRIC_SIGN, producing a signature that can be verified with the |
| /// public key retrieved from GetPublicKey. |
| /// |
| /// [request] - The metadata request object. |
| /// |
| /// Request parameters: |
| /// |
| /// [name] - Required. The resource name of the CryptoKeyVersion to use for |
| /// signing. |
| /// Value must have pattern |
| /// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+/cryptoKeys/\[^/\]+/cryptoKeyVersions/\[^/\]+$`. |
| /// |
| /// [$fields] - Selector specifying which fields to include in a partial |
| /// response. |
| /// |
| /// Completes with a [AsymmetricSignResponse]. |
| /// |
| /// Completes with a [commons.ApiRequestError] if the API endpoint returned an |
| /// error. |
| /// |
| /// If the used [http.Client] completes with an error when making a REST call, |
| /// this method will complete with the same error. |
| async.Future<AsymmetricSignResponse> asymmetricSign( |
| AsymmetricSignRequest request, |
| core.String name, { |
| core.String? $fields, |
| }) async { |
| final body_ = convert.json.encode(request); |
| final queryParams_ = <core.String, core.List<core.String>>{ |
| 'fields': ?$fields == null ? null : [$fields], |
| }; |
| |
| final url_ = 'v1/' + core.Uri.encodeFull('$name') + ':asymmetricSign'; |
| |
| final response_ = await _requester.request( |
| url_, |
| 'POST', |
| body: body_, |
| queryParams: queryParams_, |
| ); |
| return AsymmetricSignResponse.fromJson( |
| response_ as core.Map<core.String, core.dynamic>, |
| ); |
| } |
| |
| /// Create a new CryptoKeyVersion in a CryptoKey. |
| /// |
| /// The server will assign the next sequential id. If unset, state will be set |
| /// to ENABLED. |
| /// |
| /// [request] - The metadata request object. |
| /// |
| /// Request parameters: |
| /// |
| /// [parent] - Required. The name of the CryptoKey associated with the |
| /// CryptoKeyVersions. |
| /// Value must have pattern |
| /// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+/cryptoKeys/\[^/\]+$`. |
| /// |
| /// [$fields] - Selector specifying which fields to include in a partial |
| /// response. |
| /// |
| /// Completes with a [CryptoKeyVersion]. |
| /// |
| /// Completes with a [commons.ApiRequestError] if the API endpoint returned an |
| /// error. |
| /// |
| /// If the used [http.Client] completes with an error when making a REST call, |
| /// this method will complete with the same error. |
| async.Future<CryptoKeyVersion> create( |
| CryptoKeyVersion request, |
| core.String parent, { |
| core.String? $fields, |
| }) async { |
| final body_ = convert.json.encode(request); |
| final queryParams_ = <core.String, core.List<core.String>>{ |
| 'fields': ?$fields == null ? null : [$fields], |
| }; |
| |
| final url_ = 'v1/' + core.Uri.encodeFull('$parent') + '/cryptoKeyVersions'; |
| |
| final response_ = await _requester.request( |
| url_, |
| 'POST', |
| body: body_, |
| queryParams: queryParams_, |
| ); |
| return CryptoKeyVersion.fromJson( |
| response_ as core.Map<core.String, core.dynamic>, |
| ); |
| } |
| |
| /// Decapsulates data that was encapsulated with a public key retrieved from |
| /// GetPublicKey corresponding to a CryptoKeyVersion with CryptoKey.purpose |
| /// KEY_ENCAPSULATION. |
| /// |
| /// [request] - The metadata request object. |
| /// |
| /// Request parameters: |
| /// |
| /// [name] - Required. The resource name of the CryptoKeyVersion to use for |
| /// decapsulation. |
| /// Value must have pattern |
| /// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+/cryptoKeys/\[^/\]+/cryptoKeyVersions/\[^/\]+$`. |
| /// |
| /// [$fields] - Selector specifying which fields to include in a partial |
| /// response. |
| /// |
| /// Completes with a [DecapsulateResponse]. |
| /// |
| /// Completes with a [commons.ApiRequestError] if the API endpoint returned an |
| /// error. |
| /// |
| /// If the used [http.Client] completes with an error when making a REST call, |
| /// this method will complete with the same error. |
| async.Future<DecapsulateResponse> decapsulate( |
| DecapsulateRequest request, |
| core.String name, { |
| core.String? $fields, |
| }) async { |
| final body_ = convert.json.encode(request); |
| final queryParams_ = <core.String, core.List<core.String>>{ |
| 'fields': ?$fields == null ? null : [$fields], |
| }; |
| |
| final url_ = 'v1/' + core.Uri.encodeFull('$name') + ':decapsulate'; |
| |
| final response_ = await _requester.request( |
| url_, |
| 'POST', |
| body: body_, |
| queryParams: queryParams_, |
| ); |
| return DecapsulateResponse.fromJson( |
| response_ as core.Map<core.String, core.dynamic>, |
| ); |
| } |
| |
| /// Permanently deletes the given CryptoKeyVersion. |
| /// |
| /// Only possible if the version has not been previously imported and if its |
| /// state is one of DESTROYED, IMPORT_FAILED, or GENERATION_FAILED. |
| /// Successfully imported CryptoKeyVersions cannot be deleted at this time. |
| /// The specified version will be immediately and permanently deleted upon |
| /// calling this method. This action cannot be undone. |
| /// |
| /// Request parameters: |
| /// |
| /// [name] - Required. The name of the CryptoKeyVersion to delete. |
| /// Value must have pattern |
| /// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+/cryptoKeys/\[^/\]+/cryptoKeyVersions/\[^/\]+$`. |
| /// |
| /// [$fields] - Selector specifying which fields to include in a partial |
| /// response. |
| /// |
| /// Completes with a [Operation]. |
| /// |
| /// Completes with a [commons.ApiRequestError] if the API endpoint returned an |
| /// error. |
| /// |
| /// If the used [http.Client] completes with an error when making a REST call, |
| /// this method will complete with the same error. |
| async.Future<Operation> delete( |
| core.String name, { |
| core.String? $fields, |
| }) async { |
| final queryParams_ = <core.String, core.List<core.String>>{ |
| 'fields': ?$fields == null ? null : [$fields], |
| }; |
| |
| final url_ = 'v1/' + core.Uri.encodeFull('$name'); |
| |
| final response_ = await _requester.request( |
| url_, |
| 'DELETE', |
| queryParams: queryParams_, |
| ); |
| return Operation.fromJson(response_ as core.Map<core.String, core.dynamic>); |
| } |
| |
| /// Schedule a CryptoKeyVersion for destruction. |
| /// |
| /// Upon calling this method, CryptoKeyVersion.state will be set to |
| /// DESTROY_SCHEDULED, and destroy_time will be set to the time |
| /// destroy_scheduled_duration in the future. At that time, the state will |
| /// automatically change to DESTROYED, and the key material will be |
| /// irrevocably destroyed. Before the destroy_time is reached, |
| /// RestoreCryptoKeyVersion may be called to reverse the process. |
| /// |
| /// [request] - The metadata request object. |
| /// |
| /// Request parameters: |
| /// |
| /// [name] - Required. The resource name of the CryptoKeyVersion to destroy. |
| /// Value must have pattern |
| /// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+/cryptoKeys/\[^/\]+/cryptoKeyVersions/\[^/\]+$`. |
| /// |
| /// [$fields] - Selector specifying which fields to include in a partial |
| /// response. |
| /// |
| /// Completes with a [CryptoKeyVersion]. |
| /// |
| /// Completes with a [commons.ApiRequestError] if the API endpoint returned an |
| /// error. |
| /// |
| /// If the used [http.Client] completes with an error when making a REST call, |
| /// this method will complete with the same error. |
| async.Future<CryptoKeyVersion> destroy( |
| DestroyCryptoKeyVersionRequest request, |
| core.String name, { |
| core.String? $fields, |
| }) async { |
| final body_ = convert.json.encode(request); |
| final queryParams_ = <core.String, core.List<core.String>>{ |
| 'fields': ?$fields == null ? null : [$fields], |
| }; |
| |
| final url_ = 'v1/' + core.Uri.encodeFull('$name') + ':destroy'; |
| |
| final response_ = await _requester.request( |
| url_, |
| 'POST', |
| body: body_, |
| queryParams: queryParams_, |
| ); |
| return CryptoKeyVersion.fromJson( |
| response_ as core.Map<core.String, core.dynamic>, |
| ); |
| } |
| |
| /// Returns metadata for a given CryptoKeyVersion. |
| /// |
| /// Request parameters: |
| /// |
| /// [name] - Required. The name of the CryptoKeyVersion to get. |
| /// Value must have pattern |
| /// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+/cryptoKeys/\[^/\]+/cryptoKeyVersions/\[^/\]+$`. |
| /// |
| /// [$fields] - Selector specifying which fields to include in a partial |
| /// response. |
| /// |
| /// Completes with a [CryptoKeyVersion]. |
| /// |
| /// Completes with a [commons.ApiRequestError] if the API endpoint returned an |
| /// error. |
| /// |
| /// If the used [http.Client] completes with an error when making a REST call, |
| /// this method will complete with the same error. |
| async.Future<CryptoKeyVersion> get( |
| core.String name, { |
| core.String? $fields, |
| }) async { |
| final queryParams_ = <core.String, core.List<core.String>>{ |
| 'fields': ?$fields == null ? null : [$fields], |
| }; |
| |
| final url_ = 'v1/' + core.Uri.encodeFull('$name'); |
| |
| final response_ = await _requester.request( |
| url_, |
| 'GET', |
| queryParams: queryParams_, |
| ); |
| return CryptoKeyVersion.fromJson( |
| response_ as core.Map<core.String, core.dynamic>, |
| ); |
| } |
| |
| /// Returns the public key for the given CryptoKeyVersion. |
| /// |
| /// The CryptoKey.purpose must be ASYMMETRIC_SIGN or ASYMMETRIC_DECRYPT. |
| /// |
| /// Request parameters: |
| /// |
| /// [name] - Required. The name of the CryptoKeyVersion public key to get. |
| /// Value must have pattern |
| /// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+/cryptoKeys/\[^/\]+/cryptoKeyVersions/\[^/\]+$`. |
| /// |
| /// [publicKeyFormat] - Optional. The PublicKey format specified by the user. |
| /// This field is required for PQC algorithms. If specified, the public key |
| /// will be exported through the public_key field in the requested format. |
| /// Otherwise, the pem field will be populated for non-PQC algorithms, and an |
| /// error will be returned for PQC algorithms. |
| /// Possible string values are: |
| /// - "PUBLIC_KEY_FORMAT_UNSPECIFIED" : If the public_key_format field is not |
| /// specified: - For PQC algorithms, an error will be returned. - For non-PQC |
| /// algorithms, the default format is PEM, and the field pem will be |
| /// populated. Otherwise, the public key will be exported through the |
| /// public_key field in the requested format. |
| /// - "PEM" : The returned public key will be encoded in PEM format. See the |
| /// [RFC7468](https://tools.ietf.org/html/rfc7468) sections for |
| /// [General Considerations](https://tools.ietf.org/html/rfc7468#section-2) |
| /// and |
| /// [Textual Encoding of Subject Public Key Info](https://tools.ietf.org/html/rfc7468#section-13) |
| /// for more information. |
| /// - "DER" : The returned public key will be encoded in DER format (the |
| /// PrivateKeyInfo structure from RFC 5208). |
| /// - "NIST_PQC" : This is supported only for PQC algorithms. The key material |
| /// is returned in the format defined by NIST PQC standards (FIPS 203, FIPS |
| /// 204, and FIPS 205). |
| /// - "XWING_RAW_BYTES" : The returned public key is in raw bytes format |
| /// defined in its standard |
| /// https://datatracker.ietf.org/doc/draft-connolly-cfrg-xwing-kem. |
| /// |
| /// [$fields] - Selector specifying which fields to include in a partial |
| /// response. |
| /// |
| /// Completes with a [PublicKey]. |
| /// |
| /// Completes with a [commons.ApiRequestError] if the API endpoint returned an |
| /// error. |
| /// |
| /// If the used [http.Client] completes with an error when making a REST call, |
| /// this method will complete with the same error. |
| async.Future<PublicKey> getPublicKey( |
| core.String name, { |
| core.String? publicKeyFormat, |
| core.String? $fields, |
| }) async { |
| final queryParams_ = <core.String, core.List<core.String>>{ |
| 'publicKeyFormat': ?publicKeyFormat == null ? null : [publicKeyFormat], |
| 'fields': ?$fields == null ? null : [$fields], |
| }; |
| |
| final url_ = 'v1/' + core.Uri.encodeFull('$name') + '/publicKey'; |
| |
| final response_ = await _requester.request( |
| url_, |
| 'GET', |
| queryParams: queryParams_, |
| ); |
| return PublicKey.fromJson(response_ as core.Map<core.String, core.dynamic>); |
| } |
| |
| /// Import wrapped key material into a CryptoKeyVersion. |
| /// |
| /// All requests must specify a CryptoKey. If a CryptoKeyVersion is |
| /// additionally specified in the request, key material will be reimported |
| /// into that version. Otherwise, a new version will be created, and will be |
| /// assigned the next sequential id within the CryptoKey. |
| /// |
| /// [request] - The metadata request object. |
| /// |
| /// Request parameters: |
| /// |
| /// [parent] - Required. The name of the CryptoKey to be imported into. The |
| /// create permission is only required on this key when creating a new |
| /// CryptoKeyVersion. |
| /// Value must have pattern |
| /// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+/cryptoKeys/\[^/\]+$`. |
| /// |
| /// [$fields] - Selector specifying which fields to include in a partial |
| /// response. |
| /// |
| /// Completes with a [CryptoKeyVersion]. |
| /// |
| /// Completes with a [commons.ApiRequestError] if the API endpoint returned an |
| /// error. |
| /// |
| /// If the used [http.Client] completes with an error when making a REST call, |
| /// this method will complete with the same error. |
| async.Future<CryptoKeyVersion> import( |
| ImportCryptoKeyVersionRequest request, |
| core.String parent, { |
| core.String? $fields, |
| }) async { |
| final body_ = convert.json.encode(request); |
| final queryParams_ = <core.String, core.List<core.String>>{ |
| 'fields': ?$fields == null ? null : [$fields], |
| }; |
| |
| final url_ = |
| 'v1/' + core.Uri.encodeFull('$parent') + '/cryptoKeyVersions:import'; |
| |
| final response_ = await _requester.request( |
| url_, |
| 'POST', |
| body: body_, |
| queryParams: queryParams_, |
| ); |
| return CryptoKeyVersion.fromJson( |
| response_ as core.Map<core.String, core.dynamic>, |
| ); |
| } |
| |
| /// Lists CryptoKeyVersions. |
| /// |
| /// Request parameters: |
| /// |
| /// [parent] - Required. The resource name of the CryptoKey to list, in the |
| /// format `projects / * /locations / * /keyRings / * /cryptoKeys / * `. |
| /// Value must have pattern |
| /// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+/cryptoKeys/\[^/\]+$`. |
| /// |
| /// [filter] - Optional. Only include resources that match the filter in the |
| /// response. For more information, see |
| /// [Sorting and filtering list results](https://cloud.google.com/kms/docs/sorting-and-filtering). |
| /// |
| /// [orderBy] - Optional. Specify how the results should be sorted. If not |
| /// specified, the results will be sorted in the default order. For more |
| /// information, see |
| /// [Sorting and filtering list results](https://cloud.google.com/kms/docs/sorting-and-filtering). |
| /// |
| /// [pageSize] - Optional. Optional limit on the number of CryptoKeyVersions |
| /// to include in the response. Further CryptoKeyVersions can subsequently be |
| /// obtained by including the ListCryptoKeyVersionsResponse.next_page_token in |
| /// a subsequent request. If unspecified, the server will pick an appropriate |
| /// default. |
| /// |
| /// [pageToken] - Optional. Optional pagination token, returned earlier via |
| /// ListCryptoKeyVersionsResponse.next_page_token. |
| /// |
| /// [view] - The fields to include in the response. |
| /// Possible string values are: |
| /// - "CRYPTO_KEY_VERSION_VIEW_UNSPECIFIED" : Default view for each |
| /// CryptoKeyVersion. Does not include the attestation field. |
| /// - "FULL" : Provides all fields in each CryptoKeyVersion, including the |
| /// attestation. |
| /// |
| /// [$fields] - Selector specifying which fields to include in a partial |
| /// response. |
| /// |
| /// Completes with a [ListCryptoKeyVersionsResponse]. |
| /// |
| /// Completes with a [commons.ApiRequestError] if the API endpoint returned an |
| /// error. |
| /// |
| /// If the used [http.Client] completes with an error when making a REST call, |
| /// this method will complete with the same error. |
| async.Future<ListCryptoKeyVersionsResponse> list( |
| core.String parent, { |
| core.String? filter, |
| core.String? orderBy, |
| core.int? pageSize, |
| core.String? pageToken, |
| core.String? view, |
| core.String? $fields, |
| }) async { |
| final queryParams_ = <core.String, core.List<core.String>>{ |
| 'filter': ?filter == null ? null : [filter], |
| 'orderBy': ?orderBy == null ? null : [orderBy], |
| 'pageSize': ?pageSize == null ? null : ['${pageSize}'], |
| 'pageToken': ?pageToken == null ? null : [pageToken], |
| 'view': ?view == null ? null : [view], |
| 'fields': ?$fields == null ? null : [$fields], |
| }; |
| |
| final url_ = 'v1/' + core.Uri.encodeFull('$parent') + '/cryptoKeyVersions'; |
| |
| final response_ = await _requester.request( |
| url_, |
| 'GET', |
| queryParams: queryParams_, |
| ); |
| return ListCryptoKeyVersionsResponse.fromJson( |
| response_ as core.Map<core.String, core.dynamic>, |
| ); |
| } |
| |
| /// Signs data using a CryptoKeyVersion with CryptoKey.purpose MAC, producing |
| /// a tag that can be verified by another source with the same key. |
| /// |
| /// [request] - The metadata request object. |
| /// |
| /// Request parameters: |
| /// |
| /// [name] - Required. The resource name of the CryptoKeyVersion to use for |
| /// signing. |
| /// Value must have pattern |
| /// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+/cryptoKeys/\[^/\]+/cryptoKeyVersions/\[^/\]+$`. |
| /// |
| /// [$fields] - Selector specifying which fields to include in a partial |
| /// response. |
| /// |
| /// Completes with a [MacSignResponse]. |
| /// |
| /// Completes with a [commons.ApiRequestError] if the API endpoint returned an |
| /// error. |
| /// |
| /// If the used [http.Client] completes with an error when making a REST call, |
| /// this method will complete with the same error. |
| async.Future<MacSignResponse> macSign( |
| MacSignRequest request, |
| core.String name, { |
| core.String? $fields, |
| }) async { |
| final body_ = convert.json.encode(request); |
| final queryParams_ = <core.String, core.List<core.String>>{ |
| 'fields': ?$fields == null ? null : [$fields], |
| }; |
| |
| final url_ = 'v1/' + core.Uri.encodeFull('$name') + ':macSign'; |
| |
| final response_ = await _requester.request( |
| url_, |
| 'POST', |
| body: body_, |
| queryParams: queryParams_, |
| ); |
| return MacSignResponse.fromJson( |
| response_ as core.Map<core.String, core.dynamic>, |
| ); |
| } |
| |
| /// Verifies MAC tag using a CryptoKeyVersion with CryptoKey.purpose MAC, and |
| /// returns a response that indicates whether or not the verification was |
| /// successful. |
| /// |
| /// [request] - The metadata request object. |
| /// |
| /// Request parameters: |
| /// |
| /// [name] - Required. The resource name of the CryptoKeyVersion to use for |
| /// verification. |
| /// Value must have pattern |
| /// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+/cryptoKeys/\[^/\]+/cryptoKeyVersions/\[^/\]+$`. |
| /// |
| /// [$fields] - Selector specifying which fields to include in a partial |
| /// response. |
| /// |
| /// Completes with a [MacVerifyResponse]. |
| /// |
| /// Completes with a [commons.ApiRequestError] if the API endpoint returned an |
| /// error. |
| /// |
| /// If the used [http.Client] completes with an error when making a REST call, |
| /// this method will complete with the same error. |
| async.Future<MacVerifyResponse> macVerify( |
| MacVerifyRequest request, |
| core.String name, { |
| core.String? $fields, |
| }) async { |
| final body_ = convert.json.encode(request); |
| final queryParams_ = <core.String, core.List<core.String>>{ |
| 'fields': ?$fields == null ? null : [$fields], |
| }; |
| |
| final url_ = 'v1/' + core.Uri.encodeFull('$name') + ':macVerify'; |
| |
| final response_ = await _requester.request( |
| url_, |
| 'POST', |
| body: body_, |
| queryParams: queryParams_, |
| ); |
| return MacVerifyResponse.fromJson( |
| response_ as core.Map<core.String, core.dynamic>, |
| ); |
| } |
| |
| /// Update a CryptoKeyVersion's metadata. |
| /// |
| /// state may be changed between ENABLED and DISABLED using this method. See |
| /// DestroyCryptoKeyVersion and RestoreCryptoKeyVersion to move between other |
| /// states. |
| /// |
| /// [request] - The metadata request object. |
| /// |
| /// Request parameters: |
| /// |
| /// [name] - Output only. The resource name for this CryptoKeyVersion in the |
| /// format `projects / * /locations / * /keyRings / * /cryptoKeys / * |
| /// /cryptoKeyVersions / * `. |
| /// Value must have pattern |
| /// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+/cryptoKeys/\[^/\]+/cryptoKeyVersions/\[^/\]+$`. |
| /// |
| /// [updateMask] - Required. List of fields to be updated in this request. |
| /// |
| /// [$fields] - Selector specifying which fields to include in a partial |
| /// response. |
| /// |
| /// Completes with a [CryptoKeyVersion]. |
| /// |
| /// Completes with a [commons.ApiRequestError] if the API endpoint returned an |
| /// error. |
| /// |
| /// If the used [http.Client] completes with an error when making a REST call, |
| /// this method will complete with the same error. |
| async.Future<CryptoKeyVersion> patch( |
| CryptoKeyVersion request, |
| core.String name, { |
| core.String? updateMask, |
| core.String? $fields, |
| }) async { |
| final body_ = convert.json.encode(request); |
| final queryParams_ = <core.String, core.List<core.String>>{ |
| 'updateMask': ?updateMask == null ? null : [updateMask], |
| 'fields': ?$fields == null ? null : [$fields], |
| }; |
| |
| final url_ = 'v1/' + core.Uri.encodeFull('$name'); |
| |
| final response_ = await _requester.request( |
| url_, |
| 'PATCH', |
| body: body_, |
| queryParams: queryParams_, |
| ); |
| return CryptoKeyVersion.fromJson( |
| response_ as core.Map<core.String, core.dynamic>, |
| ); |
| } |
| |
| /// Decrypts data that was originally encrypted using a raw cryptographic |
| /// mechanism. |
| /// |
| /// The CryptoKey.purpose must be RAW_ENCRYPT_DECRYPT. |
| /// |
| /// [request] - The metadata request object. |
| /// |
| /// Request parameters: |
| /// |
| /// [name] - Required. The resource name of the CryptoKeyVersion to use for |
| /// decryption. |
| /// Value must have pattern |
| /// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+/cryptoKeys/\[^/\]+/cryptoKeyVersions/\[^/\]+$`. |
| /// |
| /// [$fields] - Selector specifying which fields to include in a partial |
| /// response. |
| /// |
| /// Completes with a [RawDecryptResponse]. |
| /// |
| /// Completes with a [commons.ApiRequestError] if the API endpoint returned an |
| /// error. |
| /// |
| /// If the used [http.Client] completes with an error when making a REST call, |
| /// this method will complete with the same error. |
| async.Future<RawDecryptResponse> rawDecrypt( |
| RawDecryptRequest request, |
| core.String name, { |
| core.String? $fields, |
| }) async { |
| final body_ = convert.json.encode(request); |
| final queryParams_ = <core.String, core.List<core.String>>{ |
| 'fields': ?$fields == null ? null : [$fields], |
| }; |
| |
| final url_ = 'v1/' + core.Uri.encodeFull('$name') + ':rawDecrypt'; |
| |
| final response_ = await _requester.request( |
| url_, |
| 'POST', |
| body: body_, |
| queryParams: queryParams_, |
| ); |
| return RawDecryptResponse.fromJson( |
| response_ as core.Map<core.String, core.dynamic>, |
| ); |
| } |
| |
| /// Encrypts data using portable cryptographic primitives. |
| /// |
| /// Most users should choose Encrypt and Decrypt rather than their raw |
| /// counterparts. The CryptoKey.purpose must be RAW_ENCRYPT_DECRYPT. |
| /// |
| /// [request] - The metadata request object. |
| /// |
| /// Request parameters: |
| /// |
| /// [name] - Required. The resource name of the CryptoKeyVersion to use for |
| /// encryption. |
| /// Value must have pattern |
| /// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+/cryptoKeys/\[^/\]+/cryptoKeyVersions/\[^/\]+$`. |
| /// |
| /// [$fields] - Selector specifying which fields to include in a partial |
| /// response. |
| /// |
| /// Completes with a [RawEncryptResponse]. |
| /// |
| /// Completes with a [commons.ApiRequestError] if the API endpoint returned an |
| /// error. |
| /// |
| /// If the used [http.Client] completes with an error when making a REST call, |
| /// this method will complete with the same error. |
| async.Future<RawEncryptResponse> rawEncrypt( |
| RawEncryptRequest request, |
| core.String name, { |
| core.String? $fields, |
| }) async { |
| final body_ = convert.json.encode(request); |
| final queryParams_ = <core.String, core.List<core.String>>{ |
| 'fields': ?$fields == null ? null : [$fields], |
| }; |
| |
| final url_ = 'v1/' + core.Uri.encodeFull('$name') + ':rawEncrypt'; |
| |
| final response_ = await _requester.request( |
| url_, |
| 'POST', |
| body: body_, |
| queryParams: queryParams_, |
| ); |
| return RawEncryptResponse.fromJson( |
| response_ as core.Map<core.String, core.dynamic>, |
| ); |
| } |
| |
| /// Restore a CryptoKeyVersion in the DESTROY_SCHEDULED state. |
| /// |
| /// Upon restoration of the CryptoKeyVersion, state will be set to DISABLED, |
| /// and destroy_time will be cleared. |
| /// |
| /// [request] - The metadata request object. |
| /// |
| /// Request parameters: |
| /// |
| /// [name] - Required. The resource name of the CryptoKeyVersion to restore. |
| /// Value must have pattern |
| /// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+/cryptoKeys/\[^/\]+/cryptoKeyVersions/\[^/\]+$`. |
| /// |
| /// [$fields] - Selector specifying which fields to include in a partial |
| /// response. |
| /// |
| /// Completes with a [CryptoKeyVersion]. |
| /// |
| /// Completes with a [commons.ApiRequestError] if the API endpoint returned an |
| /// error. |
| /// |
| /// If the used [http.Client] completes with an error when making a REST call, |
| /// this method will complete with the same error. |
| async.Future<CryptoKeyVersion> restore( |
| RestoreCryptoKeyVersionRequest request, |
| core.String name, { |
| core.String? $fields, |
| }) async { |
| final body_ = convert.json.encode(request); |
| final queryParams_ = <core.String, core.List<core.String>>{ |
| 'fields': ?$fields == null ? null : [$fields], |
| }; |
| |
| final url_ = 'v1/' + core.Uri.encodeFull('$name') + ':restore'; |
| |
| final response_ = await _requester.request( |
| url_, |
| 'POST', |
| body: body_, |
| queryParams: queryParams_, |
| ); |
| return CryptoKeyVersion.fromJson( |
| response_ as core.Map<core.String, core.dynamic>, |
| ); |
| } |
| } |
| |
| class ProjectsLocationsKeyRingsImportJobsResource { |
| final commons.ApiRequester _requester; |
| |
| ProjectsLocationsKeyRingsImportJobsResource(commons.ApiRequester client) |
| : _requester = client; |
| |
| /// Create a new ImportJob within a KeyRing. |
| /// |
| /// ImportJob.import_method is required. |
| /// |
| /// [request] - The metadata request object. |
| /// |
| /// Request parameters: |
| /// |
| /// [parent] - Required. The name of the KeyRing associated with the |
| /// ImportJobs. |
| /// Value must have pattern |
| /// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+$`. |
| /// |
| /// [importJobId] - Required. It must be unique within a KeyRing and match the |
| /// regular expression `[a-zA-Z0-9_-]{1,63}` |
| /// |
| /// [$fields] - Selector specifying which fields to include in a partial |
| /// response. |
| /// |
| /// Completes with a [ImportJob]. |
| /// |
| /// Completes with a [commons.ApiRequestError] if the API endpoint returned an |
| /// error. |
| /// |
| /// If the used [http.Client] completes with an error when making a REST call, |
| /// this method will complete with the same error. |
| async.Future<ImportJob> create( |
| ImportJob request, |
| core.String parent, { |
| core.String? importJobId, |
| core.String? $fields, |
| }) async { |
| final body_ = convert.json.encode(request); |
| final queryParams_ = <core.String, core.List<core.String>>{ |
| 'importJobId': ?importJobId == null ? null : [importJobId], |
| 'fields': ?$fields == null ? null : [$fields], |
| }; |
| |
| final url_ = 'v1/' + core.Uri.encodeFull('$parent') + '/importJobs'; |
| |
| final response_ = await _requester.request( |
| url_, |
| 'POST', |
| body: body_, |
| queryParams: queryParams_, |
| ); |
| return ImportJob.fromJson(response_ as core.Map<core.String, core.dynamic>); |
| } |
| |
| /// Returns metadata for a given ImportJob. |
| /// |
| /// Request parameters: |
| /// |
| /// [name] - Required. The name of the ImportJob to get. |
| /// Value must have pattern |
| /// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+/importJobs/\[^/\]+$`. |
| /// |
| /// [$fields] - Selector specifying which fields to include in a partial |
| /// response. |
| /// |
| /// Completes with a [ImportJob]. |
| /// |
| /// Completes with a [commons.ApiRequestError] if the API endpoint returned an |
| /// error. |
| /// |
| /// If the used [http.Client] completes with an error when making a REST call, |
| /// this method will complete with the same error. |
| async.Future<ImportJob> get(core.String name, {core.String? $fields}) async { |
| final queryParams_ = <core.String, core.List<core.String>>{ |
| 'fields': ?$fields == null ? null : [$fields], |
| }; |
| |
| final url_ = 'v1/' + core.Uri.encodeFull('$name'); |
| |
| final response_ = await _requester.request( |
| url_, |
| 'GET', |
| queryParams: queryParams_, |
| ); |
| return ImportJob.fromJson(response_ as core.Map<core.String, core.dynamic>); |
| } |
| |
| /// Gets the access control policy for a resource. |
| /// |
| /// Returns an empty policy if the resource exists and does not have a policy |
| /// set. |
| /// |
| /// Request parameters: |
| /// |
| /// [resource] - REQUIRED: The resource for which the policy is being |
| /// requested. See |
| /// [Resource names](https://cloud.google.com/apis/design/resource_names) for |
| /// the appropriate value for this field. |
| /// Value must have pattern |
| /// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+/importJobs/\[^/\]+$`. |
| /// |
| /// [options_requestedPolicyVersion] - Optional. The maximum policy version |
| /// that will be used to format the policy. Valid values are 0, 1, and 3. |
| /// Requests specifying an invalid value will be rejected. Requests for |
| /// policies with any conditional role bindings must specify version 3. |
| /// Policies with no conditional role bindings may specify any valid value or |
| /// leave the field unset. The policy in the response might use the policy |
| /// version that you specified, or it might use a lower policy version. For |
| /// example, if you specify version 3, but the policy has no conditional role |
| /// bindings, the response uses version 1. To learn which resources support |
| /// conditions in their IAM policies, see the |
| /// [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). |
| /// |
| /// [$fields] - Selector specifying which fields to include in a partial |
| /// response. |
| /// |
| /// Completes with a [Policy]. |
| /// |
| /// Completes with a [commons.ApiRequestError] if the API endpoint returned an |
| /// error. |
| /// |
| /// If the used [http.Client] completes with an error when making a REST call, |
| /// this method will complete with the same error. |
| async.Future<Policy> getIamPolicy( |
| core.String resource, { |
| core.int? options_requestedPolicyVersion, |
| core.String? $fields, |
| }) async { |
| final queryParams_ = <core.String, core.List<core.String>>{ |
| 'options.requestedPolicyVersion': ?options_requestedPolicyVersion == null |
| ? null |
| : ['${options_requestedPolicyVersion}'], |
| 'fields': ?$fields == null ? null : [$fields], |
| }; |
| |
| final url_ = 'v1/' + core.Uri.encodeFull('$resource') + ':getIamPolicy'; |
| |
| final response_ = await _requester.request( |
| url_, |
| 'GET', |
| queryParams: queryParams_, |
| ); |
| return Policy.fromJson(response_ as core.Map<core.String, core.dynamic>); |
| } |
| |
| /// Lists ImportJobs. |
| /// |
| /// Request parameters: |
| /// |
| /// [parent] - Required. The resource name of the KeyRing to list, in the |
| /// format `projects / * /locations / * /keyRings / * `. |
| /// Value must have pattern |
| /// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+$`. |
| /// |
| /// [filter] - Optional. Only include resources that match the filter in the |
| /// response. For more information, see |
| /// [Sorting and filtering list results](https://cloud.google.com/kms/docs/sorting-and-filtering). |
| /// |
| /// [orderBy] - Optional. Specify how the results should be sorted. If not |
| /// specified, the results will be sorted in the default order. For more |
| /// information, see |
| /// [Sorting and filtering list results](https://cloud.google.com/kms/docs/sorting-and-filtering). |
| /// |
| /// [pageSize] - Optional. Optional limit on the number of ImportJobs to |
| /// include in the response. Further ImportJobs can subsequently be obtained |
| /// by including the ListImportJobsResponse.next_page_token in a subsequent |
| /// request. If unspecified, the server will pick an appropriate default. |
| /// |
| /// [pageToken] - Optional. Optional pagination token, returned earlier via |
| /// ListImportJobsResponse.next_page_token. |
| /// |
| /// [$fields] - Selector specifying which fields to include in a partial |
| /// response. |
| /// |
| /// Completes with a [ListImportJobsResponse]. |
| /// |
| /// Completes with a [commons.ApiRequestError] if the API endpoint returned an |
| /// error. |
| /// |
| /// If the used [http.Client] completes with an error when making a REST call, |
| /// this method will complete with the same error. |
| async.Future<ListImportJobsResponse> list( |
| core.String parent, { |
| core.String? filter, |
| core.String? orderBy, |
| core.int? pageSize, |
| core.String? pageToken, |
| core.String? $fields, |
| }) async { |
| final queryParams_ = <core.String, core.List<core.String>>{ |
| 'filter': ?filter == null ? null : [filter], |
| 'orderBy': ?orderBy == null ? null : [orderBy], |
| 'pageSize': ?pageSize == null ? null : ['${pageSize}'], |
| 'pageToken': ?pageToken == null ? null : [pageToken], |
| 'fields': ?$fields == null ? null : [$fields], |
| }; |
| |
| final url_ = 'v1/' + core.Uri.encodeFull('$parent') + '/importJobs'; |
| |
| final response_ = await _requester.request( |
| url_, |
| 'GET', |
| queryParams: queryParams_, |
| ); |
| return ListImportJobsResponse.fromJson( |
| response_ as core.Map<core.String, core.dynamic>, |
| ); |
| } |
| |
| /// Sets the access control policy on the specified resource. |
| /// |
| /// Replaces any existing policy. Can return `NOT_FOUND`, `INVALID_ARGUMENT`, |
| /// and `PERMISSION_DENIED` errors. |
| /// |
| /// [request] - The metadata request object. |
| /// |
| /// Request parameters: |
| /// |
| /// [resource] - REQUIRED: The resource for which the policy is being |
| /// specified. See |
| /// [Resource names](https://cloud.google.com/apis/design/resource_names) for |
| /// the appropriate value for this field. |
| /// Value must have pattern |
| /// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+/importJobs/\[^/\]+$`. |
| /// |
| /// [$fields] - Selector specifying which fields to include in a partial |
| /// response. |
| /// |
| /// Completes with a [Policy]. |
| /// |
| /// Completes with a [commons.ApiRequestError] if the API endpoint returned an |
| /// error. |
| /// |
| /// If the used [http.Client] completes with an error when making a REST call, |
| /// this method will complete with the same error. |
| async.Future<Policy> setIamPolicy( |
| SetIamPolicyRequest request, |
| core.String resource, { |
| core.String? $fields, |
| }) async { |
| final body_ = convert.json.encode(request); |
| final queryParams_ = <core.String, core.List<core.String>>{ |
| 'fields': ?$fields == null ? null : [$fields], |
| }; |
| |
| final url_ = 'v1/' + core.Uri.encodeFull('$resource') + ':setIamPolicy'; |
| |
| final response_ = await _requester.request( |
| url_, |
| 'POST', |
| body: body_, |
| queryParams: queryParams_, |
| ); |
| return Policy.fromJson(response_ as core.Map<core.String, core.dynamic>); |
| } |
| |
| /// Returns permissions that a caller has on the specified resource. |
| /// |
| /// If the resource does not exist, this will return an empty set of |
| /// permissions, not a `NOT_FOUND` error. Note: This operation is designed to |
| /// be used for building permission-aware UIs and command-line tools, not for |
| /// authorization checking. This operation may "fail open" without warning. |
| /// |
| /// [request] - The metadata request object. |
| /// |
| /// Request parameters: |
| /// |
| /// [resource] - REQUIRED: The resource for which the policy detail is being |
| /// requested. See |
| /// [Resource names](https://cloud.google.com/apis/design/resource_names) for |
| /// the appropriate value for this field. |
| /// Value must have pattern |
| /// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+/importJobs/\[^/\]+$`. |
| /// |
| /// [$fields] - Selector specifying which fields to include in a partial |
| /// response. |
| /// |
| /// Completes with a [TestIamPermissionsResponse]. |
| /// |
| /// Completes with a [commons.ApiRequestError] if the API endpoint returned an |
| /// error. |
| /// |
| /// If the used [http.Client] completes with an error when making a REST call, |
| /// this method will complete with the same error. |
| async.Future<TestIamPermissionsResponse> testIamPermissions( |
| TestIamPermissionsRequest request, |
| core.String resource, { |
| core.String? $fields, |
| }) async { |
| final body_ = convert.json.encode(request); |
| final queryParams_ = <core.String, core.List<core.String>>{ |
| 'fields': ?$fields == null ? null : [$fields], |
| }; |
| |
| final url_ = |
| 'v1/' + core.Uri.encodeFull('$resource') + ':testIamPermissions'; |
| |
| final response_ = await _requester.request( |
| url_, |
| 'POST', |
| body: body_, |
| queryParams: queryParams_, |
| ); |
| return TestIamPermissionsResponse.fromJson( |
| response_ as core.Map<core.String, core.dynamic>, |
| ); |
| } |
| } |
| |
| class ProjectsLocationsOperationsResource { |
| final commons.ApiRequester _requester; |
| |
| ProjectsLocationsOperationsResource(commons.ApiRequester client) |
| : _requester = client; |
| |
| /// Gets the latest state of a long-running operation. |
| /// |
| /// Clients can use this method to poll the operation result at intervals as |
| /// recommended by the API service. |
| /// |
| /// Request parameters: |
| /// |
| /// [name] - The name of the operation resource. |
| /// Value must have pattern |
| /// `^projects/\[^/\]+/locations/\[^/\]+/operations/\[^/\]+$`. |
| /// |
| /// [$fields] - Selector specifying which fields to include in a partial |
| /// response. |
| /// |
| /// Completes with a [Operation]. |
| /// |
| /// Completes with a [commons.ApiRequestError] if the API endpoint returned an |
| /// error. |
| /// |
| /// If the used [http.Client] completes with an error when making a REST call, |
| /// this method will complete with the same error. |
| async.Future<Operation> get(core.String name, {core.String? $fields}) async { |
| final queryParams_ = <core.String, core.List<core.String>>{ |
| 'fields': ?$fields == null ? null : [$fields], |
| }; |
| |
| final url_ = 'v1/' + core.Uri.encodeFull('$name'); |
| |
| final response_ = await _requester.request( |
| url_, |
| 'GET', |
| queryParams: queryParams_, |
| ); |
| return Operation.fromJson(response_ as core.Map<core.String, core.dynamic>); |
| } |
| } |
| |
| class ProjectsLocationsRetiredResourcesResource { |
| final commons.ApiRequester _requester; |
| |
| ProjectsLocationsRetiredResourcesResource(commons.ApiRequester client) |
| : _requester = client; |
| |
| /// Retrieves a specific RetiredResource resource, which represents the record |
| /// of a deleted CryptoKey. |
| /// |
| /// Request parameters: |
| /// |
| /// [name] - Required. The name of the RetiredResource to get. |
| /// Value must have pattern |
| /// `^projects/\[^/\]+/locations/\[^/\]+/retiredResources/\[^/\]+$`. |
| /// |
| /// [$fields] - Selector specifying which fields to include in a partial |
| /// response. |
| /// |
| /// Completes with a [RetiredResource]. |
| /// |
| /// Completes with a [commons.ApiRequestError] if the API endpoint returned an |
| /// error. |
| /// |
| /// If the used [http.Client] completes with an error when making a REST call, |
| /// this method will complete with the same error. |
| async.Future<RetiredResource> get( |
| core.String name, { |
| core.String? $fields, |
| }) async { |
| final queryParams_ = <core.String, core.List<core.String>>{ |
| 'fields': ?$fields == null ? null : [$fields], |
| }; |
| |
| final url_ = 'v1/' + core.Uri.encodeFull('$name'); |
| |
| final response_ = await _requester.request( |
| url_, |
| 'GET', |
| queryParams: queryParams_, |
| ); |
| return RetiredResource.fromJson( |
| response_ as core.Map<core.String, core.dynamic>, |
| ); |
| } |
| |
| /// Lists the RetiredResources which are the records of deleted CryptoKeys. |
| /// |
| /// RetiredResources prevent the reuse of these resource names after deletion. |
| /// |
| /// Request parameters: |
| /// |
| /// [parent] - Required. The project-specific location holding the |
| /// RetiredResources, in the format `projects / * /locations / * `. |
| /// Value must have pattern `^projects/\[^/\]+/locations/\[^/\]+$`. |
| /// |
| /// [pageSize] - Optional. Optional limit on the number of RetiredResources to |
| /// be included in the response. Further RetiredResources can subsequently be |
| /// obtained by including the ListRetiredResourcesResponse.next_page_token in |
| /// a subsequent request. If unspecified, the server will pick an appropriate |
| /// default. |
| /// |
| /// [pageToken] - Optional. Optional pagination token, returned earlier via |
| /// ListRetiredResourcesResponse.next_page_token. |
| /// |
| /// [$fields] - Selector specifying which fields to include in a partial |
| /// response. |
| /// |
| /// Completes with a [ListRetiredResourcesResponse]. |
| /// |
| /// Completes with a [commons.ApiRequestError] if the API endpoint returned an |
| /// error. |
| /// |
| /// If the used [http.Client] completes with an error when making a REST call, |
| /// this method will complete with the same error. |
| async.Future<ListRetiredResourcesResponse> list( |
| core.String parent, { |
| core.int? pageSize, |
| core.String? pageToken, |
| core.String? $fields, |
| }) async { |
| final queryParams_ = <core.String, core.List<core.String>>{ |
| 'pageSize': ?pageSize == null ? null : ['${pageSize}'], |
| 'pageToken': ?pageToken == null ? null : [pageToken], |
| 'fields': ?$fields == null ? null : [$fields], |
| }; |
| |
| final url_ = 'v1/' + core.Uri.encodeFull('$parent') + '/retiredResources'; |
| |
| final response_ = await _requester.request( |
| url_, |
| 'GET', |
| queryParams: queryParams_, |
| ); |
| return ListRetiredResourcesResponse.fromJson( |
| response_ as core.Map<core.String, core.dynamic>, |
| ); |
| } |
| } |
| |
| class ProjectsLocationsSingleTenantHsmInstancesResource { |
| final commons.ApiRequester _requester; |
| |
| ProjectsLocationsSingleTenantHsmInstancesProposalsResource get proposals => |
| ProjectsLocationsSingleTenantHsmInstancesProposalsResource(_requester); |
| |
| ProjectsLocationsSingleTenantHsmInstancesResource(commons.ApiRequester client) |
| : _requester = client; |
| |
| /// Creates a new SingleTenantHsmInstance in a given Project and Location. |
| /// |
| /// User must create a RegisterTwoFactorAuthKeys proposal with this |
| /// single-tenant HSM instance to finish setup of the instance. |
| /// |
| /// [request] - The metadata request object. |
| /// |
| /// Request parameters: |
| /// |
| /// [parent] - Required. The resource name of the location associated with the |
| /// SingleTenantHsmInstance, in the format `projects / * /locations / * `. |
| /// Value must have pattern `^projects/\[^/\]+/locations/\[^/\]+$`. |
| /// |
| /// [singleTenantHsmInstanceId] - Optional. It must be unique within a |
| /// location and match the regular expression `[a-zA-Z0-9_-]{1,63}`. |
| /// |
| /// [$fields] - Selector specifying which fields to include in a partial |
| /// response. |
| /// |
| /// Completes with a [Operation]. |
| /// |
| /// Completes with a [commons.ApiRequestError] if the API endpoint returned an |
| /// error. |
| /// |
| /// If the used [http.Client] completes with an error when making a REST call, |
| /// this method will complete with the same error. |
| async.Future<Operation> create( |
| SingleTenantHsmInstance request, |
| core.String parent, { |
| core.String? singleTenantHsmInstanceId, |
| core.String? $fields, |
| }) async { |
| final body_ = convert.json.encode(request); |
| final queryParams_ = <core.String, core.List<core.String>>{ |
| 'singleTenantHsmInstanceId': ?singleTenantHsmInstanceId == null |
| ? null |
| : [singleTenantHsmInstanceId], |
| 'fields': ?$fields == null ? null : [$fields], |
| }; |
| |
| final url_ = |
| 'v1/' + core.Uri.encodeFull('$parent') + '/singleTenantHsmInstances'; |
| |
| final response_ = await _requester.request( |
| url_, |
| 'POST', |
| body: body_, |
| queryParams: queryParams_, |
| ); |
| return Operation.fromJson(response_ as core.Map<core.String, core.dynamic>); |
| } |
| |
| /// Returns metadata for a given SingleTenantHsmInstance. |
| /// |
| /// Request parameters: |
| /// |
| /// [name] - Required. The name of the SingleTenantHsmInstance to get. |
| /// Value must have pattern |
| /// `^projects/\[^/\]+/locations/\[^/\]+/singleTenantHsmInstances/\[^/\]+$`. |
| /// |
| /// [$fields] - Selector specifying which fields to include in a partial |
| /// response. |
| /// |
| /// Completes with a [SingleTenantHsmInstance]. |
| /// |
| /// Completes with a [commons.ApiRequestError] if the API endpoint returned an |
| /// error. |
| /// |
| /// If the used [http.Client] completes with an error when making a REST call, |
| /// this method will complete with the same error. |
| async.Future<SingleTenantHsmInstance> get( |
| core.String name, { |
| core.String? $fields, |
| }) async { |
| final queryParams_ = <core.String, core.List<core.String>>{ |
| 'fields': ?$fields == null ? null : [$fields], |
| }; |
| |
| final url_ = 'v1/' + core.Uri.encodeFull('$name'); |
| |
| final response_ = await _requester.request( |
| url_, |
| 'GET', |
| queryParams: queryParams_, |
| ); |
| return SingleTenantHsmInstance.fromJson( |
| response_ as core.Map<core.String, core.dynamic>, |
| ); |
| } |
| |
| /// Lists SingleTenantHsmInstances. |
| /// |
| /// Request parameters: |
| /// |
| /// [parent] - Required. The resource name of the location associated with the |
| /// SingleTenantHsmInstances to list, in the format `projects / * /locations / |
| /// * `. |
| /// Value must have pattern `^projects/\[^/\]+/locations/\[^/\]+$`. |
| /// |
| /// [filter] - Optional. Only include resources that match the filter in the |
| /// response. For more information, see |
| /// [Sorting and filtering list results](https://cloud.google.com/kms/docs/sorting-and-filtering). |
| /// |
| /// [orderBy] - Optional. Specify how the results should be sorted. If not |
| /// specified, the results will be sorted in the default order. For more |
| /// information, see |
| /// [Sorting and filtering list results](https://cloud.google.com/kms/docs/sorting-and-filtering). |
| /// |
| /// [pageSize] - Optional. Optional limit on the number of |
| /// SingleTenantHsmInstances to include in the response. Further |
| /// SingleTenantHsmInstances can subsequently be obtained by including the |
| /// ListSingleTenantHsmInstancesResponse.next_page_token in a subsequent |
| /// request. If unspecified, the server will pick an appropriate default. |
| /// |
| /// [pageToken] - Optional. Optional pagination token, returned earlier via |
| /// ListSingleTenantHsmInstancesResponse.next_page_token. |
| /// |
| /// [showDeleted] - Optional. If set to true, |
| /// HsmManagement.ListSingleTenantHsmInstances will also return |
| /// SingleTenantHsmInstances in DELETED state. |
| /// |
| /// [$fields] - Selector specifying which fields to include in a partial |
| /// response. |
| /// |
| /// Completes with a [ListSingleTenantHsmInstancesResponse]. |
| /// |
| /// Completes with a [commons.ApiRequestError] if the API endpoint returned an |
| /// error. |
| /// |
| /// If the used [http.Client] completes with an error when making a REST call, |
| /// this method will complete with the same error. |
| async.Future<ListSingleTenantHsmInstancesResponse> list( |
| core.String parent, { |
| core.String? filter, |
| core.String? orderBy, |
| core.int? pageSize, |
| core.String? pageToken, |
| core.bool? showDeleted, |
| core.String? $fields, |
| }) async { |
| final queryParams_ = <core.String, core.List<core.String>>{ |
| 'filter': ?filter == null ? null : [filter], |
| 'orderBy': ?orderBy == null ? null : [orderBy], |
| 'pageSize': ?pageSize == null ? null : ['${pageSize}'], |
| 'pageToken': ?pageToken == null ? null : [pageToken], |
| 'showDeleted': ?showDeleted == null ? null : ['${showDeleted}'], |
| 'fields': ?$fields == null ? null : [$fields], |
| }; |
| |
| final url_ = |
| 'v1/' + core.Uri.encodeFull('$parent') + '/singleTenantHsmInstances'; |
| |
| final response_ = await _requester.request( |
| url_, |
| 'GET', |
| queryParams: queryParams_, |
| ); |
| return ListSingleTenantHsmInstancesResponse.fromJson( |
| response_ as core.Map<core.String, core.dynamic>, |
| ); |
| } |
| } |
| |
| class ProjectsLocationsSingleTenantHsmInstancesProposalsResource { |
| final commons.ApiRequester _requester; |
| |
| ProjectsLocationsSingleTenantHsmInstancesProposalsResource( |
| commons.ApiRequester client, |
| ) : _requester = client; |
| |
| /// Approves a SingleTenantHsmInstanceProposal for a given |
| /// SingleTenantHsmInstance. |
| /// |
| /// The proposal must be in the PENDING state. |
| /// |
| /// [request] - The metadata request object. |
| /// |
| /// Request parameters: |
| /// |
| /// [name] - Required. The name of the SingleTenantHsmInstanceProposal to |
| /// approve. |
| /// Value must have pattern |
| /// `^projects/\[^/\]+/locations/\[^/\]+/singleTenantHsmInstances/\[^/\]+/proposals/\[^/\]+$`. |
| /// |
| /// [$fields] - Selector specifying which fields to include in a partial |
| /// response. |
| /// |
| /// Completes with a [ApproveSingleTenantHsmInstanceProposalResponse]. |
| /// |
| /// Completes with a [commons.ApiRequestError] if the API endpoint returned an |
| /// error. |
| /// |
| /// If the used [http.Client] completes with an error when making a REST call, |
| /// this method will complete with the same error. |
| async.Future<ApproveSingleTenantHsmInstanceProposalResponse> approve( |
| ApproveSingleTenantHsmInstanceProposalRequest request, |
| core.String name, { |
| core.String? $fields, |
| }) async { |
| final body_ = convert.json.encode(request); |
| final queryParams_ = <core.String, core.List<core.String>>{ |
| 'fields': ?$fields == null ? null : [$fields], |
| }; |
| |
| final url_ = 'v1/' + core.Uri.encodeFull('$name') + ':approve'; |
| |
| final response_ = await _requester.request( |
| url_, |
| 'POST', |
| body: body_, |
| queryParams: queryParams_, |
| ); |
| return ApproveSingleTenantHsmInstanceProposalResponse.fromJson( |
| response_ as core.Map<core.String, core.dynamic>, |
| ); |
| } |
| |
| /// Creates a new SingleTenantHsmInstanceProposal for a given |
| /// SingleTenantHsmInstance. |
| /// |
| /// [request] - The metadata request object. |
| /// |
| /// Request parameters: |
| /// |
| /// [parent] - Required. The name of the SingleTenantHsmInstance associated |
| /// with the SingleTenantHsmInstanceProposals. |
| /// Value must have pattern |
| /// `^projects/\[^/\]+/locations/\[^/\]+/singleTenantHsmInstances/\[^/\]+$`. |
| /// |
| /// [singleTenantHsmInstanceProposalId] - Optional. It must be unique within a |
| /// location and match the regular expression `[a-zA-Z0-9_-]{1,63}`. |
| /// |
| /// [$fields] - Selector specifying which fields to include in a partial |
| /// response. |
| /// |
| /// Completes with a [Operation]. |
| /// |
| /// Completes with a [commons.ApiRequestError] if the API endpoint returned an |
| /// error. |
| /// |
| /// If the used [http.Client] completes with an error when making a REST call, |
| /// this method will complete with the same error. |
| async.Future<Operation> create( |
| SingleTenantHsmInstanceProposal request, |
| core.String parent, { |
| core.String? singleTenantHsmInstanceProposalId, |
| core.String? $fields, |
| }) async { |
| final body_ = convert.json.encode(request); |
| final queryParams_ = <core.String, core.List<core.String>>{ |
| 'singleTenantHsmInstanceProposalId': |
| ?singleTenantHsmInstanceProposalId == null |
| ? null |
| : [singleTenantHsmInstanceProposalId], |
| 'fields': ?$fields == null ? null : [$fields], |
| }; |
| |
| final url_ = 'v1/' + core.Uri.encodeFull('$parent') + '/proposals'; |
| |
| final response_ = await _requester.request( |
| url_, |
| 'POST', |
| body: body_, |
| queryParams: queryParams_, |
| ); |
| return Operation.fromJson(response_ as core.Map<core.String, core.dynamic>); |
| } |
| |
| /// Deletes a SingleTenantHsmInstanceProposal. |
| /// |
| /// Request parameters: |
| /// |
| /// [name] - Required. The name of the SingleTenantHsmInstanceProposal to |
| /// delete. |
| /// Value must have pattern |
| /// `^projects/\[^/\]+/locations/\[^/\]+/singleTenantHsmInstances/\[^/\]+/proposals/\[^/\]+$`. |
| /// |
| /// [$fields] - Selector specifying which fields to include in a partial |
| /// response. |
| /// |
| /// Completes with a [Empty]. |
| /// |
| /// Completes with a [commons.ApiRequestError] if the API endpoint returned an |
| /// error. |
| /// |
| /// If the used [http.Client] completes with an error when making a REST call, |
| /// this method will complete with the same error. |
| async.Future<Empty> delete(core.String name, {core.String? $fields}) async { |
| final queryParams_ = <core.String, core.List<core.String>>{ |
| 'fields': ?$fields == null ? null : [$fields], |
| }; |
| |
| final url_ = 'v1/' + core.Uri.encodeFull('$name'); |
| |
| final response_ = await _requester.request( |
| url_, |
| 'DELETE', |
| queryParams: queryParams_, |
| ); |
| return Empty.fromJson(response_ as core.Map<core.String, core.dynamic>); |
| } |
| |
| /// Executes a SingleTenantHsmInstanceProposal for a given |
| /// SingleTenantHsmInstance. |
| /// |
| /// The proposal must be in the APPROVED state. |
| /// |
| /// [request] - The metadata request object. |
| /// |
| /// Request parameters: |
| /// |
| /// [name] - Required. The name of the SingleTenantHsmInstanceProposal to |
| /// execute. |
| /// Value must have pattern |
| /// `^projects/\[^/\]+/locations/\[^/\]+/singleTenantHsmInstances/\[^/\]+/proposals/\[^/\]+$`. |
| /// |
| /// [$fields] - Selector specifying which fields to include in a partial |
| /// response. |
| /// |
| /// Completes with a [Operation]. |
| /// |
| /// Completes with a [commons.ApiRequestError] if the API endpoint returned an |
| /// error. |
| /// |
| /// If the used [http.Client] completes with an error when making a REST call, |
| /// this method will complete with the same error. |
| async.Future<Operation> execute( |
| ExecuteSingleTenantHsmInstanceProposalRequest request, |
| core.String name, { |
| core.String? $fields, |
| }) async { |
| final body_ = convert.json.encode(request); |
| final queryParams_ = <core.String, core.List<core.String>>{ |
| 'fields': ?$fields == null ? null : [$fields], |
| }; |
| |
| final url_ = 'v1/' + core.Uri.encodeFull('$name') + ':execute'; |
| |
| final response_ = await _requester.request( |
| url_, |
| 'POST', |
| body: body_, |
| queryParams: queryParams_, |
| ); |
| return Operation.fromJson(response_ as core.Map<core.String, core.dynamic>); |
| } |
| |
| /// Returns metadata for a given SingleTenantHsmInstanceProposal. |
| /// |
| /// Request parameters: |
| /// |
| /// [name] - Required. The name of the SingleTenantHsmInstanceProposal to get. |
| /// Value must have pattern |
| /// `^projects/\[^/\]+/locations/\[^/\]+/singleTenantHsmInstances/\[^/\]+/proposals/\[^/\]+$`. |
| /// |
| /// [$fields] - Selector specifying which fields to include in a partial |
| /// response. |
| /// |
| /// Completes with a [SingleTenantHsmInstanceProposal]. |
| /// |
| /// Completes with a [commons.ApiRequestError] if the API endpoint returned an |
| /// error. |
| /// |
| /// If the used [http.Client] completes with an error when making a REST call, |
| /// this method will complete with the same error. |
| async.Future<SingleTenantHsmInstanceProposal> get( |
| core.String name, { |
| core.String? $fields, |
| }) async { |
| final queryParams_ = <core.String, core.List<core.String>>{ |
| 'fields': ?$fields == null ? null : [$fields], |
| }; |
| |
| final url_ = 'v1/' + core.Uri.encodeFull('$name'); |
| |
| final response_ = await _requester.request( |
| url_, |
| 'GET', |
| queryParams: queryParams_, |
| ); |
| return SingleTenantHsmInstanceProposal.fromJson( |
| response_ as core.Map<core.String, core.dynamic>, |
| ); |
| } |
| |
| /// Lists SingleTenantHsmInstanceProposals. |
| /// |
| /// Request parameters: |
| /// |
| /// [parent] - Required. The resource name of the single tenant HSM instance |
| /// associated with the SingleTenantHsmInstanceProposals to list, in the |
| /// format `projects / * /locations / * /singleTenantHsmInstances / * `. |
| /// Value must have pattern |
| /// `^projects/\[^/\]+/locations/\[^/\]+/singleTenantHsmInstances/\[^/\]+$`. |
| /// |
| /// [filter] - Optional. Only include resources that match the filter in the |
| /// response. For more information, see |
| /// [Sorting and filtering list results](https://cloud.google.com/kms/docs/sorting-and-filtering). |
| /// |
| /// [orderBy] - Optional. Specify how the results should be sorted. If not |
| /// specified, the results will be sorted in the default order. For more |
| /// information, see |
| /// [Sorting and filtering list results](https://cloud.google.com/kms/docs/sorting-and-filtering). |
| /// |
| /// [pageSize] - Optional. Optional limit on the number of |
| /// SingleTenantHsmInstanceProposals to include in the response. Further |
| /// SingleTenantHsmInstanceProposals can subsequently be obtained by including |
| /// the ListSingleTenantHsmInstanceProposalsResponse.next_page_token in a |
| /// subsequent request. If unspecified, the server will pick an appropriate |
| /// default. |
| /// |
| /// [pageToken] - Optional. Optional pagination token, returned earlier via |
| /// ListSingleTenantHsmInstanceProposalsResponse.next_page_token. |
| /// |
| /// [showDeleted] - Optional. If set to true, |
| /// HsmManagement.ListSingleTenantHsmInstanceProposals will also return |
| /// SingleTenantHsmInstanceProposals in DELETED state. |
| /// |
| /// [$fields] - Selector specifying which fields to include in a partial |
| /// response. |
| /// |
| /// Completes with a [ListSingleTenantHsmInstanceProposalsResponse]. |
| /// |
| /// Completes with a [commons.ApiRequestError] if the API endpoint returned an |
| /// error. |
| /// |
| /// If the used [http.Client] completes with an error when making a REST call, |
| /// this method will complete with the same error. |
| async.Future<ListSingleTenantHsmInstanceProposalsResponse> list( |
| core.String parent, { |
| core.String? filter, |
| core.String? orderBy, |
| core.int? pageSize, |
| core.String? pageToken, |
| core.bool? showDeleted, |
| core.String? $fields, |
| }) async { |
| final queryParams_ = <core.String, core.List<core.String>>{ |
| 'filter': ?filter == null ? null : [filter], |
| 'orderBy': ?orderBy == null ? null : [orderBy], |
| 'pageSize': ?pageSize == null ? null : ['${pageSize}'], |
| 'pageToken': ?pageToken == null ? null : [pageToken], |
| 'showDeleted': ?showDeleted == null ? null : ['${showDeleted}'], |
| 'fields': ?$fields == null ? null : [$fields], |
| }; |
| |
| final url_ = 'v1/' + core.Uri.encodeFull('$parent') + '/proposals'; |
| |
| final response_ = await _requester.request( |
| url_, |
| 'GET', |
| queryParams: queryParams_, |
| ); |
| return ListSingleTenantHsmInstanceProposalsResponse.fromJson( |
| response_ as core.Map<core.String, core.dynamic>, |
| ); |
| } |
| } |
| |
| /// Add a quorum member to the SingleTenantHsmInstance. |
| /// |
| /// This will increase the total_approver_count by 1. The |
| /// SingleTenantHsmInstance must be in the ACTIVE state to perform this |
| /// operation. |
| class AddQuorumMember { |
| /// The public key associated with the 2FA key for the new quorum member to |
| /// add. |
| /// |
| /// Public keys must be associated with RSA 2048 keys. |
| /// |
| /// Required. |
| core.String? twoFactorPublicKeyPem; |
| |
| AddQuorumMember({this.twoFactorPublicKeyPem}); |
| |
| AddQuorumMember.fromJson(core.Map json_) |
| : this( |
| twoFactorPublicKeyPem: json_['twoFactorPublicKeyPem'] as core.String?, |
| ); |
| |
| core.Map<core.String, core.dynamic> toJson() { |
| final twoFactorPublicKeyPem = this.twoFactorPublicKeyPem; |
| return {'twoFactorPublicKeyPem': ?twoFactorPublicKeyPem}; |
| } |
| } |
| |
| /// Request message for HsmManagement.ApproveSingleTenantHsmInstanceProposal. |
| class ApproveSingleTenantHsmInstanceProposalRequest { |
| /// The reply to QuorumParameters for approving the proposal. |
| /// |
| /// Required. |
| QuorumReply? quorumReply; |
| |
| /// The reply to RequiredActionQuorumParameters for approving the proposal. |
| /// |
| /// Required. |
| RequiredActionQuorumReply? requiredActionQuorumReply; |
| |
| ApproveSingleTenantHsmInstanceProposalRequest({ |
| this.quorumReply, |
| this.requiredActionQuorumReply, |
| }); |
| |
| ApproveSingleTenantHsmInstanceProposalRequest.fromJson(core.Map json_) |
| : this( |
| quorumReply: json_.containsKey('quorumReply') |
| ? QuorumReply.fromJson( |
| json_['quorumReply'] as core.Map<core.String, core.dynamic>, |
| ) |
| : null, |
| requiredActionQuorumReply: |
| json_.containsKey('requiredActionQuorumReply') |
| ? RequiredActionQuorumReply.fromJson( |
| json_['requiredActionQuorumReply'] |
| as core.Map<core.String, core.dynamic>, |
| ) |
| : null, |
| ); |
| |
| core.Map<core.String, core.dynamic> toJson() { |
| final quorumReply = this.quorumReply; |
| final requiredActionQuorumReply = this.requiredActionQuorumReply; |
| return { |
| 'quorumReply': ?quorumReply, |
| 'requiredActionQuorumReply': ?requiredActionQuorumReply, |
| }; |
| } |
| } |
| |
| /// Response message for HsmManagement.ApproveSingleTenantHsmInstanceProposal. |
| typedef ApproveSingleTenantHsmInstanceProposalResponse = $Empty; |
| |
| /// Request message for KeyManagementService.AsymmetricDecrypt. |
| class AsymmetricDecryptRequest { |
| /// The data encrypted with the named CryptoKeyVersion's public key using |
| /// OAEP. |
| /// |
| /// Required. |
| core.String? ciphertext; |
| core.List<core.int> get ciphertextAsBytes => |
| convert.base64.decode(ciphertext!); |
| |
| set ciphertextAsBytes(core.List<core.int> bytes_) { |
| ciphertext = convert.base64 |
| .encode(bytes_) |
| .replaceAll('/', '_') |
| .replaceAll('+', '-'); |
| } |
| |
| /// An optional CRC32C checksum of the AsymmetricDecryptRequest.ciphertext. |
| /// |
| /// If specified, KeyManagementService will verify the integrity of the |
| /// received AsymmetricDecryptRequest.ciphertext using this checksum. |
| /// KeyManagementService will report an error if the checksum verification |
| /// fails. If you receive a checksum error, your client should verify that |
| /// CRC32C(AsymmetricDecryptRequest.ciphertext) is equal to |
| /// AsymmetricDecryptRequest.ciphertext_crc32c, and if so, perform a limited |
| /// number of retries. A persistent mismatch may indicate an issue in your |
| /// computation of the CRC32C checksum. Note: This field is defined as int64 |
| /// for reasons of compatibility across different languages. However, it is a |
| /// non-negative integer, which will never exceed 2^32-1, and can be safely |
| /// downconverted to uint32 in languages that support this type. |
| /// |
| /// Optional. |
| core.String? ciphertextCrc32c; |
| |
| AsymmetricDecryptRequest({this.ciphertext, this.ciphertextCrc32c}); |
| |
| AsymmetricDecryptRequest.fromJson(core.Map json_) |
| : this( |
| ciphertext: json_['ciphertext'] as core.String?, |
| ciphertextCrc32c: json_['ciphertextCrc32c'] as core.String?, |
| ); |
| |
| core.Map<core.String, core.dynamic> toJson() { |
| final ciphertext = this.ciphertext; |
| final ciphertextCrc32c = this.ciphertextCrc32c; |
| return {'ciphertext': ?ciphertext, 'ciphertextCrc32c': ?ciphertextCrc32c}; |
| } |
| } |
| |
| /// Response message for KeyManagementService.AsymmetricDecrypt. |
| class AsymmetricDecryptResponse { |
| /// The decrypted data originally encrypted with the matching public key. |
| core.String? plaintext; |
| core.List<core.int> get plaintextAsBytes => convert.base64.decode(plaintext!); |
| |
| set plaintextAsBytes(core.List<core.int> bytes_) { |
| plaintext = convert.base64 |
| .encode(bytes_) |
| .replaceAll('/', '_') |
| .replaceAll('+', '-'); |
| } |
| |
| /// Integrity verification field. |
| /// |
| /// A CRC32C checksum of the returned AsymmetricDecryptResponse.plaintext. An |
| /// integrity check of AsymmetricDecryptResponse.plaintext can be performed by |
| /// computing the CRC32C checksum of AsymmetricDecryptResponse.plaintext and |
| /// comparing your results to this field. Discard the response in case of |
| /// non-matching checksum values, and perform a limited number of retries. A |
| /// persistent mismatch may indicate an issue in your computation of the |
| /// CRC32C checksum. Note: This field is defined as int64 for reasons of |
| /// compatibility across different languages. However, it is a non-negative |
| /// integer, which will never exceed 2^32-1, and can be safely downconverted |
| /// to uint32 in languages that support this type. |
| core.String? plaintextCrc32c; |
| |
| /// The ProtectionLevel of the CryptoKeyVersion used in decryption. |
| /// Possible string values are: |
| /// - "PROTECTION_LEVEL_UNSPECIFIED" : Not specified. |
| /// - "SOFTWARE" : Crypto operations are performed in software. |
| /// - "HSM" : Crypto operations are performed in a Hardware Security Module. |
| /// - "EXTERNAL" : Crypto operations are performed by an external key manager. |
| /// - "EXTERNAL_VPC" : Crypto operations are performed in an EKM-over-VPC |
| /// backend. |
| /// - "HSM_SINGLE_TENANT" : Crypto operations are performed in a single-tenant |
| /// HSM. |
| core.String? protectionLevel; |
| |
| /// Integrity verification field. |
| /// |
| /// A flag indicating whether AsymmetricDecryptRequest.ciphertext_crc32c was |
| /// received by KeyManagementService and used for the integrity verification |
| /// of the ciphertext. A false value of this field indicates either that |
| /// AsymmetricDecryptRequest.ciphertext_crc32c was left unset or that it was |
| /// not delivered to KeyManagementService. If you've set |
| /// AsymmetricDecryptRequest.ciphertext_crc32c but this field is still false, |
| /// discard the response and perform a limited number of retries. |
| core.bool? verifiedCiphertextCrc32c; |
| |
| AsymmetricDecryptResponse({ |
| this.plaintext, |
| this.plaintextCrc32c, |
| this.protectionLevel, |
| this.verifiedCiphertextCrc32c, |
| }); |
| |
| AsymmetricDecryptResponse.fromJson(core.Map json_) |
| : this( |
| plaintext: json_['plaintext'] as core.String?, |
| plaintextCrc32c: json_['plaintextCrc32c'] as core.String?, |
| protectionLevel: json_['protectionLevel'] as core.String?, |
| verifiedCiphertextCrc32c: |
| json_['verifiedCiphertextCrc32c'] as core.bool?, |
| ); |
| |
| core.Map<core.String, core.dynamic> toJson() { |
| final plaintext = this.plaintext; |
| final plaintextCrc32c = this.plaintextCrc32c; |
| final protectionLevel = this.protectionLevel; |
| final verifiedCiphertextCrc32c = this.verifiedCiphertextCrc32c; |
| return { |
| 'plaintext': ?plaintext, |
| 'plaintextCrc32c': ?plaintextCrc32c, |
| 'protectionLevel': ?protectionLevel, |
| 'verifiedCiphertextCrc32c': ?verifiedCiphertextCrc32c, |
| }; |
| } |
| } |
| |
| /// Request message for KeyManagementService.AsymmetricSign. |
| class AsymmetricSignRequest { |
| /// The data to sign. |
| /// |
| /// It can't be supplied if AsymmetricSignRequest.digest is supplied. |
| /// |
| /// Optional. |
| core.String? data; |
| core.List<core.int> get dataAsBytes => convert.base64.decode(data!); |
| |
| set dataAsBytes(core.List<core.int> bytes_) { |
| data = convert.base64 |
| .encode(bytes_) |
| .replaceAll('/', '_') |
| .replaceAll('+', '-'); |
| } |
| |
| /// An optional CRC32C checksum of the AsymmetricSignRequest.data. |
| /// |
| /// If specified, KeyManagementService will verify the integrity of the |
| /// received AsymmetricSignRequest.data using this checksum. |
| /// KeyManagementService will report an error if the checksum verification |
| /// fails. If you receive a checksum error, your client should verify that |
| /// CRC32C(AsymmetricSignRequest.data) is equal to |
| /// AsymmetricSignRequest.data_crc32c, and if so, perform a limited number of |
| /// retries. A persistent mismatch may indicate an issue in your computation |
| /// of the CRC32C checksum. Note: This field is defined as int64 for reasons |
| /// of compatibility across different languages. However, it is a non-negative |
| /// integer, which will never exceed 2^32-1, and can be safely downconverted |
| /// to uint32 in languages that support this type. |
| /// |
| /// Optional. |
| core.String? dataCrc32c; |
| |
| /// The digest of the data to sign. |
| /// |
| /// The digest must be produced with the same digest algorithm as specified by |
| /// the key version's algorithm. This field may not be supplied if |
| /// AsymmetricSignRequest.data is supplied. |
| /// |
| /// Optional. |
| Digest? digest; |
| |
| /// An optional CRC32C checksum of the AsymmetricSignRequest.digest. |
| /// |
| /// If specified, KeyManagementService will verify the integrity of the |
| /// received AsymmetricSignRequest.digest using this checksum. |
| /// KeyManagementService will report an error if the checksum verification |
| /// fails. If you receive a checksum error, your client should verify that |
| /// CRC32C(AsymmetricSignRequest.digest) is equal to |
| /// AsymmetricSignRequest.digest_crc32c, and if so, perform a limited number |
| /// of retries. A persistent mismatch may indicate an issue in your |
| /// computation of the CRC32C checksum. Note: This field is defined as int64 |
| /// for reasons of compatibility across different languages. However, it is a |
| /// non-negative integer, which will never exceed 2^32-1, and can be safely |
| /// downconverted to uint32 in languages that support this type. |
| /// |
| /// Optional. |
| core.String? digestCrc32c; |
| |
| AsymmetricSignRequest({ |
| this.data, |
| this.dataCrc32c, |
| this.digest, |
| this.digestCrc32c, |
| }); |
| |
| AsymmetricSignRequest.fromJson(core.Map json_) |
| : this( |
| data: json_['data'] as core.String?, |
| dataCrc32c: json_['dataCrc32c'] as core.String?, |
| digest: json_.containsKey('digest') |
| ? Digest.fromJson( |
| json_['digest'] as core.Map<core.String, core.dynamic>, |
| ) |
| : null, |
| digestCrc32c: json_['digestCrc32c'] as core.String?, |
| ); |
| |
| core.Map<core.String, core.dynamic> toJson() { |
| final data = this.data; |
| final dataCrc32c = this.dataCrc32c; |
| final digest = this.digest; |
| final digestCrc32c = this.digestCrc32c; |
| return { |
| 'data': ?data, |
| 'dataCrc32c': ?dataCrc32c, |
| 'digest': ?digest, |
| 'digestCrc32c': ?digestCrc32c, |
| }; |
| } |
| } |
| |
| /// Response message for KeyManagementService.AsymmetricSign. |
| class AsymmetricSignResponse { |
| /// The resource name of the CryptoKeyVersion used for signing. |
| /// |
| /// Check this field to verify that the intended resource was used for |
| /// signing. |
| core.String? name; |
| |
| /// The ProtectionLevel of the CryptoKeyVersion used for signing. |
| /// Possible string values are: |
| /// - "PROTECTION_LEVEL_UNSPECIFIED" : Not specified. |
| /// - "SOFTWARE" : Crypto operations are performed in software. |
| /// - "HSM" : Crypto operations are performed in a Hardware Security Module. |
| /// - "EXTERNAL" : Crypto operations are performed by an external key manager. |
| /// - "EXTERNAL_VPC" : Crypto operations are performed in an EKM-over-VPC |
| /// backend. |
| /// - "HSM_SINGLE_TENANT" : Crypto operations are performed in a single-tenant |
| /// HSM. |
| core.String? protectionLevel; |
| |
| /// The created signature. |
| core.String? signature; |
| core.List<core.int> get signatureAsBytes => convert.base64.decode(signature!); |
| |
| set signatureAsBytes(core.List<core.int> bytes_) { |
| signature = convert.base64 |
| .encode(bytes_) |
| .replaceAll('/', '_') |
| .replaceAll('+', '-'); |
| } |
| |
| /// Integrity verification field. |
| /// |
| /// A CRC32C checksum of the returned AsymmetricSignResponse.signature. An |
| /// integrity check of AsymmetricSignResponse.signature can be performed by |
| /// computing the CRC32C checksum of AsymmetricSignResponse.signature and |
| /// comparing your results to this field. Discard the response in case of |
| /// non-matching checksum values, and perform a limited number of retries. A |
| /// persistent mismatch may indicate an issue in your computation of the |
| /// CRC32C checksum. Note: This field is defined as int64 for reasons of |
| /// compatibility across different languages. However, it is a non-negative |
| /// integer, which will never exceed 2^32-1, and can be safely downconverted |
| /// to uint32 in languages that support this type. |
| core.String? signatureCrc32c; |
| |
| /// Integrity verification field. |
| /// |
| /// A flag indicating whether AsymmetricSignRequest.data_crc32c was received |
| /// by KeyManagementService and used for the integrity verification of the |
| /// data. A false value of this field indicates either that |
| /// AsymmetricSignRequest.data_crc32c was left unset or that it was not |
| /// delivered to KeyManagementService. If you've set |
| /// AsymmetricSignRequest.data_crc32c but this field is still false, discard |
| /// the response and perform a limited number of retries. |
| core.bool? verifiedDataCrc32c; |
| |
| /// Integrity verification field. |
| /// |
| /// A flag indicating whether AsymmetricSignRequest.digest_crc32c was received |
| /// by KeyManagementService and used for the integrity verification of the |
| /// digest. A false value of this field indicates either that |
| /// AsymmetricSignRequest.digest_crc32c was left unset or that it was not |
| /// delivered to KeyManagementService. If you've set |
| /// AsymmetricSignRequest.digest_crc32c but this field is still false, discard |
| /// the response and perform a limited number of retries. |
| core.bool? verifiedDigestCrc32c; |
| |
| AsymmetricSignResponse({ |
| this.name, |
| this.protectionLevel, |
| this.signature, |
| this.signatureCrc32c, |
| this.verifiedDataCrc32c, |
| this.verifiedDigestCrc32c, |
| }); |
| |
| AsymmetricSignResponse.fromJson(core.Map json_) |
| : this( |
| name: json_['name'] as core.String?, |
| protectionLevel: json_['protectionLevel'] as core.String?, |
| signature: json_['signature'] as core.String?, |
| signatureCrc32c: json_['signatureCrc32c'] as core.String?, |
| verifiedDataCrc32c: json_['verifiedDataCrc32c'] as core.bool?, |
| verifiedDigestCrc32c: json_['verifiedDigestCrc32c'] as core.bool?, |
| ); |
| |
| core.Map<core.String, core.dynamic> toJson() { |
| final name = this.name; |
| final protectionLevel = this.protectionLevel; |
| final signature = this.signature; |
| final signatureCrc32c = this.signatureCrc32c; |
| final verifiedDataCrc32c = this.verifiedDataCrc32c; |
| final verifiedDigestCrc32c = this.verifiedDigestCrc32c; |
| return { |
| 'name': ?name, |
| 'protectionLevel': ?protectionLevel, |
| 'signature': ?signature, |
| 'signatureCrc32c': ?signatureCrc32c, |
| 'verifiedDataCrc32c': ?verifiedDataCrc32c, |
| 'verifiedDigestCrc32c': ?verifiedDigestCrc32c, |
| }; |
| } |
| } |
| |
| /// Specifies the audit configuration for a service. |
| /// |
| /// The configuration determines which permission types are logged, and what |
| /// identities, if any, are exempted from logging. An AuditConfig must have one |
| /// or more AuditLogConfigs. If there are AuditConfigs for both `allServices` |
| /// and a specific service, the union of the two AuditConfigs is used for that |
| /// service: the log_types specified in each AuditConfig are enabled, and the |
| /// exempted_members in each AuditLogConfig are exempted. Example Policy with |
| /// multiple AuditConfigs: { "audit_configs": \[ { "service": "allServices", |
| /// "audit_log_configs": \[ { "log_type": "DATA_READ", "exempted_members": \[ |
| /// "user:jose@example.com" \] }, { "log_type": "DATA_WRITE" }, { "log_type": |
| /// "ADMIN_READ" } \] }, { "service": "sampleservice.googleapis.com", |
| /// "audit_log_configs": \[ { "log_type": "DATA_READ" }, { "log_type": |
| /// "DATA_WRITE", "exempted_members": \[ "user:aliya@example.com" \] } \] } \] } |
| /// For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ |
| /// logging. It also exempts `jose@example.com` from DATA_READ logging, and |
| /// `aliya@example.com` from DATA_WRITE logging. |
| class AuditConfig { |
| /// The configuration for logging of each type of permission. |
| core.List<AuditLogConfig>? auditLogConfigs; |
| |
| /// Specifies a service that will be enabled for audit logging. |
| /// |
| /// For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. |
| /// `allServices` is a special value that covers all services. |
| core.String? service; |
| |
| AuditConfig({this.auditLogConfigs, this.service}); |
| |
| AuditConfig.fromJson(core.Map json_) |
| : this( |
| auditLogConfigs: (json_['auditLogConfigs'] as core.List?) |
| ?.map( |
| (value) => AuditLogConfig.fromJson( |
| value as core.Map<core.String, core.dynamic>, |
| ), |
| ) |
| .toList(), |
| service: json_['service'] as core.String?, |
| ); |
| |
| core.Map<core.String, core.dynamic> toJson() { |
| final auditLogConfigs = this.auditLogConfigs; |
| final service = this.service; |
| return {'auditLogConfigs': ?auditLogConfigs, 'service': ?service}; |
| } |
| } |
| |
| /// Provides the configuration for logging a type of permissions. |
| /// |
| /// Example: { "audit_log_configs": \[ { "log_type": "DATA_READ", |
| /// "exempted_members": \[ "user:jose@example.com" \] }, { "log_type": |
| /// "DATA_WRITE" } \] } This enables 'DATA_READ' and 'DATA_WRITE' logging, while |
| /// exempting jose@example.com from DATA_READ logging. |
| typedef AuditLogConfig = $AuditLogConfig; |
| |
| /// Cloud KMS Autokey configuration for a folder. |
| class AutokeyConfig { |
| /// A checksum computed by the server based on the value of other fields. |
| /// |
| /// This may be sent on update requests to ensure that the client has an |
| /// up-to-date value before proceeding. The request will be rejected with an |
| /// ABORTED error on a mismatched etag. |
| /// |
| /// Optional. |
| core.String? etag; |
| |
| /// Name of the key project, e.g. `projects/{PROJECT_ID}` or |
| /// `projects/{PROJECT_NUMBER}`, where Cloud KMS Autokey will provision a new |
| /// CryptoKey when a KeyHandle is created. |
| /// |
| /// On UpdateAutokeyConfig, the caller will require |
| /// `cloudkms.cryptoKeys.setIamPolicy` permission on this key project. Once |
| /// configured, for Cloud KMS Autokey to function properly, this key project |
| /// must have the Cloud KMS API activated and the Cloud KMS Service Agent for |
| /// this key project must be granted the `cloudkms.admin` role (or pertinent |
| /// permissions). A request with an empty key project field will clear the |
| /// configuration. |
| /// |
| /// Optional. |
| core.String? keyProject; |
| |
| /// KeyProjectResolutionMode for the AutokeyConfig. |
| /// |
| /// Valid values are `DEDICATED_KEY_PROJECT`, `RESOURCE_PROJECT`, or |
| /// `DISABLED`. |
| /// |
| /// Optional. |
| /// Possible string values are: |
| /// - "KEY_PROJECT_RESOLUTION_MODE_UNSPECIFIED" : Default value. |
| /// KeyProjectResolutionMode when not specified will act as |
| /// `DEDICATED_KEY_PROJECT`. |
| /// - "DEDICATED_KEY_PROJECT" : Keys are created in a dedicated project |
| /// specified by `key_project`. |
| /// - "RESOURCE_PROJECT" : Keys are created in the same project as the |
| /// resource requesting the key. The `key_project` must not be set when this |
| /// mode is used. |
| /// - "DISABLED" : Disables the AutokeyConfig. When this mode is set, any |
| /// AutokeyConfig from higher levels in the resource hierarchy are ignored for |
| /// this resource and its descendants. This setting can be overridden by a |
| /// more specific configuration at a lower level. For example, if Autokey is |
| /// disabled on a folder, it can be re-enabled on a sub-folder or project |
| /// within that folder by setting a different mode (e.g., |
| /// DEDICATED_KEY_PROJECT or RESOURCE_PROJECT). |
| core.String? keyProjectResolutionMode; |
| |
| /// Identifier. |
| /// |
| /// Name of the AutokeyConfig resource, e.g. |
| /// `folders/{FOLDER_NUMBER}/autokeyConfig` or |
| /// `projects/{PROJECT_NUMBER}/autokeyConfig`. |
| core.String? name; |
| |
| /// The state for the AutokeyConfig. |
| /// |
| /// Output only. |
| /// Possible string values are: |
| /// - "STATE_UNSPECIFIED" : The state of the AutokeyConfig is unspecified. |
| /// - "ACTIVE" : The AutokeyConfig is currently active. |
| /// - "KEY_PROJECT_DELETED" : A previously configured key project has been |
| /// deleted and the current AutokeyConfig is unusable. |
| /// - "UNINITIALIZED" : The AutokeyConfig is not yet initialized or has been |
| /// reset to its default uninitialized state. |
| core.String? state; |
| |
| AutokeyConfig({ |
| this.etag, |
| this.keyProject, |
| this.keyProjectResolutionMode, |
| this.name, |
| this.state, |
| }); |
| |
| AutokeyConfig.fromJson(core.Map json_) |
| : this( |
| etag: json_['etag'] as core.String?, |
| keyProject: json_['keyProject'] as core.String?, |
| keyProjectResolutionMode: |
| json_['keyProjectResolutionMode'] as core.String?, |
| name: json_['name'] as core.String?, |
| state: json_['state'] as core.String?, |
| ); |
| |
| core.Map<core.String, core.dynamic> toJson() { |
| final etag = this.etag; |
| final keyProject = this.keyProject; |
| final keyProjectResolutionMode = this.keyProjectResolutionMode; |
| final name = this.name; |
| final state = this.state; |
| return { |
| 'etag': ?etag, |
| 'keyProject': ?keyProject, |
| 'keyProjectResolutionMode': ?keyProjectResolutionMode, |
| 'name': ?name, |
| 'state': ?state, |
| }; |
| } |
| } |
| |
| /// Associates `members`, or principals, with a `role`. |
| class Binding { |
| /// The condition that is associated with this binding. |
| /// |
| /// If the condition evaluates to `true`, then this binding applies to the |
| /// current request. If the condition evaluates to `false`, then this binding |
| /// does not apply to the current request. However, a different role binding |
| /// might grant the same role to one or more of the principals in this |
| /// binding. To learn which resources support conditions in their IAM |
| /// policies, see the |
| /// [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). |
| Expr? condition; |
| |
| /// Specifies the principals requesting access for a Google Cloud resource. |
| /// |
| /// `members` can have the following values: * `allUsers`: A special |
| /// identifier that represents anyone who is on the internet; with or without |
| /// a Google account. * `allAuthenticatedUsers`: A special identifier that |
| /// represents anyone who is authenticated with a Google account or a service |
| /// account. Does not include identities that come from external identity |
| /// providers (IdPs) through identity federation. * `user:{emailid}`: An email |
| /// address that represents a specific Google account. For example, |
| /// `alice@example.com` . * `serviceAccount:{emailid}`: An email address that |
| /// represents a Google service account. For example, |
| /// `my-other-app@appspot.gserviceaccount.com`. * |
| /// `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An |
| /// identifier for a |
| /// [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). |
| /// For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * |
| /// `group:{emailid}`: An email address that represents a Google group. For |
| /// example, `admins@example.com`. * `domain:{domain}`: The G Suite domain |
| /// (primary) that represents all the users of that domain. For example, |
| /// `google.com` or `example.com`. * |
| /// `principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: |
| /// A single identity in a workforce identity pool. * |
| /// `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/group/{group_id}`: |
| /// All workforce identities in a group. * |
| /// `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: |
| /// All workforce identities with a specific attribute value. * |
| /// `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id} |
| /// / * `: All identities in a workforce identity pool. * |
| /// `principal://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value}`: |
| /// A single identity in a workload identity pool. * |
| /// `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/group/{group_id}`: |
| /// A workload identity pool group. * |
| /// `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: |
| /// All identities in a workload identity pool with a certain attribute. * |
| /// `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id} |
| /// / * `: All identities in a workload identity pool. * |
| /// `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique |
| /// identifier) representing a user that has been recently deleted. For |
| /// example, `alice@example.com?uid=123456789012345678901`. If the user is |
| /// recovered, this value reverts to `user:{emailid}` and the recovered user |
| /// retains the role in the binding. * |
| /// `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus |
| /// unique identifier) representing a service account that has been recently |
| /// deleted. For example, |
| /// `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If |
| /// the service account is undeleted, this value reverts to |
| /// `serviceAccount:{emailid}` and the undeleted service account retains the |
| /// role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email |
| /// address (plus unique identifier) representing a Google group that has been |
| /// recently deleted. For example, |
| /// `admins@example.com?uid=123456789012345678901`. If the group is recovered, |
| /// this value reverts to `group:{emailid}` and the recovered group retains |
| /// the role in the binding. * |
| /// `deleted:principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: |
| /// Deleted single identity in a workforce identity pool. For example, |
| /// `deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-pool-id/subject/my-subject-attribute-value`. |
| core.List<core.String>? members; |
| |
| /// Role that is assigned to the list of `members`, or principals. |
| /// |
| /// For example, `roles/viewer`, `roles/editor`, or `roles/owner`. For an |
| /// overview of the IAM roles and permissions, see the |
| /// [IAM documentation](https://cloud.google.com/iam/docs/roles-overview). For |
| /// a list of the available pre-defined roles, see |
| /// [here](https://cloud.google.com/iam/docs/understanding-roles). |
| core.String? role; |
| |
| Binding({this.condition, this.members, this.role}); |
| |
| Binding.fromJson(core.Map json_) |
| : this( |
| condition: json_.containsKey('condition') |
| ? Expr.fromJson( |
| json_['condition'] as core.Map<core.String, core.dynamic>, |
| ) |
| : null, |
| members: (json_['members'] as core.List?) |
| ?.map((value) => value as core.String) |
| .toList(), |
| role: json_['role'] as core.String?, |
| ); |
| |
| core.Map<core.String, core.dynamic> toJson() { |
| final condition = this.condition; |
| final members = this.members; |
| final role = this.role; |
| return {'condition': ?condition, 'members': ?members, 'role': ?role}; |
| } |
| } |
| |
| /// A Certificate represents an X.509 certificate used to authenticate HTTPS |
| /// connections to EKM replicas. |
| class Certificate { |
| /// The issuer distinguished name in RFC 2253 format. |
| /// |
| /// Only present if parsed is true. |
| /// |
| /// Output only. |
| core.String? issuer; |
| |
| /// The certificate is not valid after this time. |
| /// |
| /// Only present if parsed is true. |
| /// |
| /// Output only. |
| core.String? notAfterTime; |
| |
| /// The certificate is not valid before this time. |
| /// |
| /// Only present if parsed is true. |
| /// |
| /// Output only. |
| core.String? notBeforeTime; |
| |
| /// True if the certificate was parsed successfully. |
| /// |
| /// Output only. |
| core.bool? parsed; |
| |
| /// The raw certificate bytes in DER format. |
| /// |
| /// Required. |
| core.String? rawDer; |
| core.List<core.int> get rawDerAsBytes => convert.base64.decode(rawDer!); |
| |
| set rawDerAsBytes(core.List<core.int> bytes_) { |
| rawDer = convert.base64 |
| .encode(bytes_) |
| .replaceAll('/', '_') |
| .replaceAll('+', '-'); |
| } |
| |
| /// The certificate serial number as a hex string. |
| /// |
| /// Only present if parsed is true. |
| /// |
| /// Output only. |
| core.String? serialNumber; |
| |
| /// The SHA-256 certificate fingerprint as a hex string. |
| /// |
| /// Only present if parsed is true. |
| /// |
| /// Output only. |
| core.String? sha256Fingerprint; |
| |
| /// The subject distinguished name in RFC 2253 format. |
| /// |
| /// Only present if parsed is true. |
| /// |
| /// Output only. |
| core.String? subject; |
| |
| /// The subject Alternative DNS names. |
| /// |
| /// Only present if parsed is true. |
| /// |
| /// Output only. |
| core.List<core.String>? subjectAlternativeDnsNames; |
| |
| Certificate({ |
| this.issuer, |
| this.notAfterTime, |
| this.notBeforeTime, |
| this.parsed, |
| this.rawDer, |
| this.serialNumber, |
| this.sha256Fingerprint, |
| this.subject, |
| this.subjectAlternativeDnsNames, |
| }); |
| |
| Certificate.fromJson(core.Map json_) |
| : this( |
| issuer: json_['issuer'] as core.String?, |
| notAfterTime: json_['notAfterTime'] as core.String?, |
| notBeforeTime: json_['notBeforeTime'] as core.String?, |
| parsed: json_['parsed'] as core.bool?, |
| rawDer: json_['rawDer'] as core.String?, |
| serialNumber: json_['serialNumber'] as core.String?, |
| sha256Fingerprint: json_['sha256Fingerprint'] as core.String?, |
| subject: json_['subject'] as core.String?, |
| subjectAlternativeDnsNames: |
| (json_['subjectAlternativeDnsNames'] as core.List?) |
| ?.map((value) => value as core.String) |
| .toList(), |
| ); |
| |
| core.Map<core.String, core.dynamic> toJson() { |
| final issuer = this.issuer; |
| final notAfterTime = this.notAfterTime; |
| final notBeforeTime = this.notBeforeTime; |
| final parsed = this.parsed; |
| final rawDer = this.rawDer; |
| final serialNumber = this.serialNumber; |
| final sha256Fingerprint = this.sha256Fingerprint; |
| final subject = this.subject; |
| final subjectAlternativeDnsNames = this.subjectAlternativeDnsNames; |
| return { |
| 'issuer': ?issuer, |
| 'notAfterTime': ?notAfterTime, |
| 'notBeforeTime': ?notBeforeTime, |
| 'parsed': ?parsed, |
| 'rawDer': ?rawDer, |
| 'serialNumber': ?serialNumber, |
| 'sha256Fingerprint': ?sha256Fingerprint, |
| 'subject': ?subject, |
| 'subjectAlternativeDnsNames': ?subjectAlternativeDnsNames, |
| }; |
| } |
| } |
| |
| /// Certificate chains needed to verify the attestation. |
| /// |
| /// Certificates in chains are PEM-encoded and are ordered based on |
| /// https://tools.ietf.org/html/rfc5246#section-7.4.2. |
| typedef CertificateChains = $CertificateChains; |
| |
| /// A challenge to be signed by a 2FA key. |
| class Challenge { |
| /// The challenge to be signed by the 2FA key indicated by the public key. |
| /// |
| /// Output only. |
| core.String? challenge; |
| core.List<core.int> get challengeAsBytes => convert.base64.decode(challenge!); |
| |
| set challengeAsBytes(core.List<core.int> bytes_) { |
| challenge = convert.base64 |
| .encode(bytes_) |
| .replaceAll('/', '_') |
| .replaceAll('+', '-'); |
| } |
| |
| /// The public key associated with the 2FA key that should sign the challenge. |
| /// |
| /// Output only. |
| core.String? publicKeyPem; |
| |
| Challenge({this.challenge, this.publicKeyPem}); |
| |
| Challenge.fromJson(core.Map json_) |
| : this( |
| challenge: json_['challenge'] as core.String?, |
| publicKeyPem: json_['publicKeyPem'] as core.String?, |
| ); |
| |
| core.Map<core.String, core.dynamic> toJson() { |
| final challenge = this.challenge; |
| final publicKeyPem = this.publicKeyPem; |
| return {'challenge': ?challenge, 'publicKeyPem': ?publicKeyPem}; |
| } |
| } |
| |
| /// A reply to a challenge signed by a 2FA key. |
| class ChallengeReply { |
| /// The public key associated with the 2FA key. |
| /// |
| /// Required. |
| core.String? publicKeyPem; |
| |
| /// The signed challenge associated with the 2FA key. |
| /// |
| /// The signature must be RSASSA-PKCS1 v1.5 with a SHA256 digest. |
| /// |
| /// Required. |
| core.String? signedChallenge; |
| core.List<core.int> get signedChallengeAsBytes => |
| convert.base64.decode(signedChallenge!); |
| |
| set signedChallengeAsBytes(core.List<core.int> bytes_) { |
| signedChallenge = convert.base64 |
| .encode(bytes_) |
| .replaceAll('/', '_') |
| .replaceAll('+', '-'); |
| } |
| |
| ChallengeReply({this.publicKeyPem, this.signedChallenge}); |
| |
| ChallengeReply.fromJson(core.Map json_) |
| : this( |
| publicKeyPem: json_['publicKeyPem'] as core.String?, |
| signedChallenge: json_['signedChallenge'] as core.String?, |
| ); |
| |
| core.Map<core.String, core.dynamic> toJson() { |
| final publicKeyPem = this.publicKeyPem; |
| final signedChallenge = this.signedChallenge; |
| return {'publicKeyPem': ?publicKeyPem, 'signedChallenge': ?signedChallenge}; |
| } |
| } |
| |
| /// Data with integrity verification field. |
| class ChecksummedData { |
| /// Integrity verification field. |
| /// |
| /// A CRC32C checksum of the returned ChecksummedData.data. An integrity check |
| /// of ChecksummedData.data can be performed by computing the CRC32C checksum |
| /// of ChecksummedData.data and comparing your results to this field. Discard |
| /// the response in case of non-matching checksum values, and perform a |
| /// limited number of retries. A persistent mismatch may indicate an issue in |
| /// your computation of the CRC32C checksum. Note: This field is defined as |
| /// int64 for reasons of compatibility across different languages. However, it |
| /// is a non-negative integer, which will never exceed `2^32-1`, and can be |
| /// safely downconverted to uint32 in languages that support this type. |
| core.String? crc32cChecksum; |
| |
| /// Raw Data. |
| core.String? data; |
| core.List<core.int> get dataAsBytes => convert.base64.decode(data!); |
| |
| set dataAsBytes(core.List<core.int> bytes_) { |
| data = convert.base64 |
| .encode(bytes_) |
| .replaceAll('/', '_') |
| .replaceAll('+', '-'); |
| } |
| |
| ChecksummedData({this.crc32cChecksum, this.data}); |
| |
| ChecksummedData.fromJson(core.Map json_) |
| : this( |
| crc32cChecksum: json_['crc32cChecksum'] as core.String?, |
| data: json_['data'] as core.String?, |
| ); |
| |
| core.Map<core.String, core.dynamic> toJson() { |
| final crc32cChecksum = this.crc32cChecksum; |
| final data = this.data; |
| return {'crc32cChecksum': ?crc32cChecksum, 'data': ?data}; |
| } |
| } |
| |
| /// A CryptoKey represents a logical key that can be used for cryptographic |
| /// operations. |
| /// |
| /// A CryptoKey is made up of zero or more versions, which represent the actual |
| /// key material used in cryptographic operations. |
| class CryptoKey { |
| /// The time at which this CryptoKey was created. |
| /// |
| /// Output only. |
| core.String? createTime; |
| |
| /// The resource name of the backend environment where the key material for |
| /// all CryptoKeyVersions associated with this CryptoKey reside and where all |
| /// related cryptographic operations are performed. |
| /// |
| /// Only applicable if CryptoKeyVersions have a ProtectionLevel of |
| /// EXTERNAL_VPC, with the resource name in the format `projects / * |
| /// /locations / * /ekmConnections / * `. Only applicable if CryptoKeyVersions |
| /// have a ProtectionLevel of HSM_SINGLE_TENANT, with the resource name in the |
| /// format `projects / * /locations / * /singleTenantHsmInstances / * `. Note, |
| /// this list is non-exhaustive and may apply to additional ProtectionLevels |
| /// in the future. |
| /// |
| /// Immutable. |
| core.String? cryptoKeyBackend; |
| |
| /// The period of time that versions of this key spend in the |
| /// DESTROY_SCHEDULED state before transitioning to DESTROYED. |
| /// |
| /// If not specified at creation time, the default duration is 30 days. |
| /// |
| /// Immutable. |
| core.String? destroyScheduledDuration; |
| |
| /// Whether this key may contain imported versions only. |
| /// |
| /// Immutable. |
| core.bool? importOnly; |
| |
| /// The policy used for Key Access Justifications Policy Enforcement. |
| /// |
| /// If this field is present and this key is enrolled in Key Access |
| /// Justifications Policy Enforcement, the policy will be evaluated in |
| /// encrypt, decrypt, and sign operations, and the operation will fail if |
| /// rejected by the policy. The policy is defined by specifying zero or more |
| /// allowed justification codes. |
| /// https://cloud.google.com/assured-workloads/key-access-justifications/docs/justification-codes |
| /// By default, this field is absent, and all justification codes are allowed. |
| /// If the `key_access_justifications_policy.allowed_access_reasons` is empty |
| /// (zero allowed justification code), all encrypt, decrypt, and sign |
| /// operations will fail. |
| /// |
| /// Optional. |
| KeyAccessJustificationsPolicy? keyAccessJustificationsPolicy; |
| |
| /// Labels with user-defined metadata. |
| /// |
| /// For more information, see |
| /// [Labeling Keys](https://cloud.google.com/kms/docs/labeling-keys). |
| core.Map<core.String, core.String>? labels; |
| |
| /// The resource name for this CryptoKey in the format `projects / * |
| /// /locations / * /keyRings / * /cryptoKeys / * `. |
| /// |
| /// Output only. |
| core.String? name; |
| |
| /// At next_rotation_time, the Key Management Service will automatically: 1. |
| /// |
| /// Create a new version of this CryptoKey. 2. Mark the new version as |
| /// primary. Key rotations performed manually via CreateCryptoKeyVersion and |
| /// UpdateCryptoKeyPrimaryVersion do not affect next_rotation_time. Keys with |
| /// purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this |
| /// field must be omitted. |
| core.String? nextRotationTime; |
| |
| /// A copy of the "primary" CryptoKeyVersion that will be used by Encrypt when |
| /// this CryptoKey is given in EncryptRequest.name. |
| /// |
| /// The CryptoKey's primary version can be updated via |
| /// UpdateCryptoKeyPrimaryVersion. Keys with purpose ENCRYPT_DECRYPT may have |
| /// a primary. For other keys, this field will be omitted. |
| /// |
| /// Output only. |
| CryptoKeyVersion? primary; |
| |
| /// The immutable purpose of this CryptoKey. |
| /// |
| /// Immutable. |
| /// Possible string values are: |
| /// - "CRYPTO_KEY_PURPOSE_UNSPECIFIED" : Not specified. |
| /// - "ENCRYPT_DECRYPT" : CryptoKeys with this purpose may be used with |
| /// Encrypt and Decrypt. |
| /// - "ASYMMETRIC_SIGN" : CryptoKeys with this purpose may be used with |
| /// AsymmetricSign and GetPublicKey. |
| /// - "ASYMMETRIC_DECRYPT" : CryptoKeys with this purpose may be used with |
| /// AsymmetricDecrypt and GetPublicKey. |
| /// - "RAW_ENCRYPT_DECRYPT" : CryptoKeys with this purpose may be used with |
| /// RawEncrypt and RawDecrypt. This purpose is meant to be used for |
| /// interoperable symmetric encryption and does not support automatic |
| /// CryptoKey rotation. |
| /// - "MAC" : CryptoKeys with this purpose may be used with MacSign. |
| /// - "KEY_ENCAPSULATION" : CryptoKeys with this purpose may be used with |
| /// GetPublicKey and Decapsulate. |
| core.String? purpose; |
| |
| /// next_rotation_time will be advanced by this period when the service |
| /// automatically rotates a key. |
| /// |
| /// Must be at least 24 hours and at most 876,000 hours. If rotation_period is |
| /// set, next_rotation_time must also be set. Keys with purpose |
| /// ENCRYPT_DECRYPT support automatic rotation. For other keys, this field |
| /// must be omitted. |
| core.String? rotationPeriod; |
| |
| /// A template describing settings for new CryptoKeyVersion instances. |
| /// |
| /// The properties of new CryptoKeyVersion instances created by either |
| /// CreateCryptoKeyVersion or auto-rotation are controlled by this template. |
| CryptoKeyVersionTemplate? versionTemplate; |
| |
| CryptoKey({ |
| this.createTime, |
| this.cryptoKeyBackend, |
| this.destroyScheduledDuration, |
| this.importOnly, |
| this.keyAccessJustificationsPolicy, |
| this.labels, |
| this.name, |
| this.nextRotationTime, |
| this.primary, |
| this.purpose, |
| this.rotationPeriod, |
| this.versionTemplate, |
| }); |
| |
| CryptoKey.fromJson(core.Map json_) |
| : this( |
| createTime: json_['createTime'] as core.String?, |
| cryptoKeyBackend: json_['cryptoKeyBackend'] as core.String?, |
| destroyScheduledDuration: |
| json_['destroyScheduledDuration'] as core.String?, |
| importOnly: json_['importOnly'] as core.bool?, |
| keyAccessJustificationsPolicy: |
| json_.containsKey('keyAccessJustificationsPolicy') |
| ? KeyAccessJustificationsPolicy.fromJson( |
| json_['keyAccessJustificationsPolicy'] |
| as core.Map<core.String, core.dynamic>, |
| ) |
| : null, |
| labels: (json_['labels'] as core.Map<core.String, core.dynamic>?)?.map( |
| (key, value) => core.MapEntry(key, value as core.String), |
| ), |
| name: json_['name'] as core.String?, |
| nextRotationTime: json_['nextRotationTime'] as core.String?, |
| primary: json_.containsKey('primary') |
| ? CryptoKeyVersion.fromJson( |
| json_['primary'] as core.Map<core.String, core.dynamic>, |
| ) |
| : null, |
| purpose: json_['purpose'] as core.String?, |
| rotationPeriod: json_['rotationPeriod'] as core.String?, |
| versionTemplate: json_.containsKey('versionTemplate') |
| ? CryptoKeyVersionTemplate.fromJson( |
| json_['versionTemplate'] as core.Map<core.String, core.dynamic>, |
| ) |
| : null, |
| ); |
| |
| core.Map<core.String, core.dynamic> toJson() { |
| final createTime = this.createTime; |
| final cryptoKeyBackend = this.cryptoKeyBackend; |
| final destroyScheduledDuration = this.destroyScheduledDuration; |
| final importOnly = this.importOnly; |
| final keyAccessJustificationsPolicy = this.keyAccessJustificationsPolicy; |
| final labels = this.labels; |
| final name = this.name; |
| final nextRotationTime = this.nextRotationTime; |
| final primary = this.primary; |
| final purpose = this.purpose; |
| final rotationPeriod = this.rotationPeriod; |
| final versionTemplate = this.versionTemplate; |
| return { |
| 'createTime': ?createTime, |
| 'cryptoKeyBackend': ?cryptoKeyBackend, |
| 'destroyScheduledDuration': ?destroyScheduledDuration, |
| 'importOnly': ?importOnly, |
| 'keyAccessJustificationsPolicy': ?keyAccessJustificationsPolicy, |
| 'labels': ?labels, |
| 'name': ?name, |
| 'nextRotationTime': ?nextRotationTime, |
| 'primary': ?primary, |
| 'purpose': ?purpose, |
| 'rotationPeriod': ?rotationPeriod, |
| 'versionTemplate': ?versionTemplate, |
| }; |
| } |
| } |
| |
| /// A CryptoKeyVersion represents an individual cryptographic key, and the |
| /// associated key material. |
| /// |
| /// An ENABLED version can be used for cryptographic operations. For security |
| /// reasons, the raw cryptographic key material represented by a |
| /// CryptoKeyVersion can never be viewed or exported. It can only be used to |
| /// encrypt, decrypt, or sign data when an authorized user or application |
| /// invokes Cloud KMS. |
| class CryptoKeyVersion { |
| /// The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports. |
| /// |
| /// Output only. |
| /// Possible string values are: |
| /// - "CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED" : Not specified. |
| /// - "GOOGLE_SYMMETRIC_ENCRYPTION" : Creates symmetric encryption keys. |
| /// - "AES_128_GCM" : AES-GCM (Galois Counter Mode) using 128-bit keys. |
| /// - "AES_256_GCM" : AES-GCM (Galois Counter Mode) using 256-bit keys. |
| /// - "AES_128_CBC" : AES-CBC (Cipher Block Chaining Mode) using 128-bit keys. |
| /// - "AES_256_CBC" : AES-CBC (Cipher Block Chaining Mode) using 256-bit keys. |
| /// - "AES_128_CTR" : AES-CTR (Counter Mode) using 128-bit keys. |
| /// - "AES_256_CTR" : AES-CTR (Counter Mode) using 256-bit keys. |
| /// - "RSA_SIGN_PSS_2048_SHA256" : RSASSA-PSS 2048 bit key with a SHA256 |
| /// digest. |
| /// - "RSA_SIGN_PSS_3072_SHA256" : RSASSA-PSS 3072 bit key with a SHA256 |
| /// digest. |
| /// - "RSA_SIGN_PSS_4096_SHA256" : RSASSA-PSS 4096 bit key with a SHA256 |
| /// digest. |
| /// - "RSA_SIGN_PSS_4096_SHA512" : RSASSA-PSS 4096 bit key with a SHA512 |
| /// digest. |
| /// - "RSA_SIGN_PKCS1_2048_SHA256" : RSASSA-PKCS1-v1_5 with a 2048 bit key and |
| /// a SHA256 digest. |
| /// - "RSA_SIGN_PKCS1_3072_SHA256" : RSASSA-PKCS1-v1_5 with a 3072 bit key and |
| /// a SHA256 digest. |
| /// - "RSA_SIGN_PKCS1_4096_SHA256" : RSASSA-PKCS1-v1_5 with a 4096 bit key and |
| /// a SHA256 digest. |
| /// - "RSA_SIGN_PKCS1_4096_SHA512" : RSASSA-PKCS1-v1_5 with a 4096 bit key and |
| /// a SHA512 digest. |
| /// - "RSA_SIGN_RAW_PKCS1_2048" : RSASSA-PKCS1-v1_5 signing without encoding, |
| /// with a 2048 bit key. |
| /// - "RSA_SIGN_RAW_PKCS1_3072" : RSASSA-PKCS1-v1_5 signing without encoding, |
| /// with a 3072 bit key. |
| /// - "RSA_SIGN_RAW_PKCS1_4096" : RSASSA-PKCS1-v1_5 signing without encoding, |
| /// with a 4096 bit key. |
| /// - "RSA_DECRYPT_OAEP_2048_SHA256" : RSAES-OAEP 2048 bit key with a SHA256 |
| /// digest. |
| /// - "RSA_DECRYPT_OAEP_3072_SHA256" : RSAES-OAEP 3072 bit key with a SHA256 |
| /// digest. |
| /// - "RSA_DECRYPT_OAEP_4096_SHA256" : RSAES-OAEP 4096 bit key with a SHA256 |
| /// digest. |
| /// - "RSA_DECRYPT_OAEP_4096_SHA512" : RSAES-OAEP 4096 bit key with a SHA512 |
| /// digest. |
| /// - "RSA_DECRYPT_OAEP_2048_SHA1" : RSAES-OAEP 2048 bit key with a SHA1 |
| /// digest. |
| /// - "RSA_DECRYPT_OAEP_3072_SHA1" : RSAES-OAEP 3072 bit key with a SHA1 |
| /// digest. |
| /// - "RSA_DECRYPT_OAEP_4096_SHA1" : RSAES-OAEP 4096 bit key with a SHA1 |
| /// digest. |
| /// - "EC_SIGN_P256_SHA256" : ECDSA on the NIST P-256 curve with a SHA256 |
| /// digest. Other hash functions can also be used: |
| /// https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms |
| /// - "EC_SIGN_P384_SHA384" : ECDSA on the NIST P-384 curve with a SHA384 |
| /// digest. Other hash functions can also be used: |
| /// https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms |
| /// - "EC_SIGN_SECP256K1_SHA256" : ECDSA on the non-NIST secp256k1 curve. This |
| /// curve is only supported for HSM protection level. Other hash functions can |
| /// also be used: |
| /// https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms |
| /// - "EC_SIGN_ED25519" : EdDSA on the Curve25519 in pure mode (taking data as |
| /// input). |
| /// - "HMAC_SHA256" : HMAC-SHA256 signing with a 256 bit key. |
| /// - "HMAC_SHA1" : HMAC-SHA1 signing with a 160 bit key. |
| /// - "HMAC_SHA384" : HMAC-SHA384 signing with a 384 bit key. |
| /// - "HMAC_SHA512" : HMAC-SHA512 signing with a 512 bit key. |
| /// - "HMAC_SHA224" : HMAC-SHA224 signing with a 224 bit key. |
| /// - "EXTERNAL_SYMMETRIC_ENCRYPTION" : Algorithm representing symmetric |
| /// encryption by an external key manager. |
| /// - "ML_KEM_768" : ML-KEM-768 (FIPS 203) |
| /// - "ML_KEM_1024" : ML-KEM-1024 (FIPS 203) |
| /// - "KEM_XWING" : X-Wing hybrid KEM combining ML-KEM-768 with X25519 |
| /// following datatracker.ietf.org/doc/draft-connolly-cfrg-xwing-kem/. |
| /// - "PQ_SIGN_ML_DSA_44" : The post-quantum Module-Lattice-Based Digital |
| /// Signature Algorithm, at security level 1. Randomized version. |
| /// - "PQ_SIGN_ML_DSA_65" : The post-quantum Module-Lattice-Based Digital |
| /// Signature Algorithm, at security level 3. Randomized version. |
| /// - "PQ_SIGN_ML_DSA_87" : The post-quantum Module-Lattice-Based Digital |
| /// Signature Algorithm, at security level 5. Randomized version. |
| /// - "PQ_SIGN_SLH_DSA_SHA2_128S" : The post-quantum stateless hash-based |
| /// digital signature algorithm, at security level 1. Randomized version. |
| /// - "PQ_SIGN_HASH_SLH_DSA_SHA2_128S_SHA256" : The post-quantum stateless |
| /// hash-based digital signature algorithm, at security level 1. Randomized |
| /// pre-hash version supporting SHA256 digests. |
| /// - "PQ_SIGN_ML_DSA_44_EXTERNAL_MU" : The post-quantum Module-Lattice-Based |
| /// Digital Signature Algorithm, at security level 1. Randomized version |
| /// supporting externally-computed message representatives. |
| /// - "PQ_SIGN_ML_DSA_65_EXTERNAL_MU" : The post-quantum Module-Lattice-Based |
| /// Digital Signature Algorithm, at security level 3. Randomized version |
| /// supporting externally-computed message representatives. |
| /// - "PQ_SIGN_ML_DSA_87_EXTERNAL_MU" : The post-quantum Module-Lattice-Based |
| /// Digital Signature Algorithm, at security level 5. Randomized version |
| /// supporting externally-computed message representatives. |
| core.String? algorithm; |
| |
| /// Statement that was generated and signed by the HSM at key creation time. |
| /// |
| /// Use this statement to verify attributes of the key as stored on the HSM, |
| /// independently of Google. Only provided for key versions with |
| /// protection_level HSM. |
| /// |
| /// Output only. |
| KeyOperationAttestation? attestation; |
| |
| /// The time at which this CryptoKeyVersion was created. |
| /// |
| /// Output only. |
| core.String? createTime; |
| |
| /// The time this CryptoKeyVersion's key material was destroyed. |
| /// |
| /// Only present if state is DESTROYED. |
| /// |
| /// Output only. |
| core.String? destroyEventTime; |
| |
| /// The time this CryptoKeyVersion's key material is scheduled for |
| /// destruction. |
| /// |
| /// Only present if state is DESTROY_SCHEDULED. |
| /// |
| /// Output only. |
| core.String? destroyTime; |
| |
| /// The root cause of the most recent external destruction failure. |
| /// |
| /// Only present if state is EXTERNAL_DESTRUCTION_FAILED. |
| /// |
| /// Output only. |
| core.String? externalDestructionFailureReason; |
| |
| /// ExternalProtectionLevelOptions stores a group of additional fields for |
| /// configuring a CryptoKeyVersion that are specific to the EXTERNAL |
| /// protection level and EXTERNAL_VPC protection levels. |
| ExternalProtectionLevelOptions? externalProtectionLevelOptions; |
| |
| /// The time this CryptoKeyVersion's key material was generated. |
| /// |
| /// Output only. |
| core.String? generateTime; |
| |
| /// The root cause of the most recent generation failure. |
| /// |
| /// Only present if state is GENERATION_FAILED. |
| /// |
| /// Output only. |
| core.String? generationFailureReason; |
| |
| /// The root cause of the most recent import failure. |
| /// |
| /// Only present if state is IMPORT_FAILED. |
| /// |
| /// Output only. |
| core.String? importFailureReason; |
| |
| /// The name of the ImportJob used in the most recent import of this |
| /// CryptoKeyVersion. |
| /// |
| /// Only present if the underlying key material was imported. |
| /// |
| /// Output only. |
| core.String? importJob; |
| |
| /// The time at which this CryptoKeyVersion's key material was most recently |
| /// imported. |
| /// |
| /// Output only. |
| core.String? importTime; |
| |
| /// The resource name for this CryptoKeyVersion in the format `projects / * |
| /// /locations / * /keyRings / * /cryptoKeys / * /cryptoKeyVersions / * `. |
| /// |
| /// Output only. |
| core.String? name; |
| |
| /// The ProtectionLevel describing how crypto operations are performed with |
| /// this CryptoKeyVersion. |
| /// |
| /// Output only. |
| /// Possible string values are: |
| /// - "PROTECTION_LEVEL_UNSPECIFIED" : Not specified. |
| /// - "SOFTWARE" : Crypto operations are performed in software. |
| /// - "HSM" : Crypto operations are performed in a Hardware Security Module. |
| /// - "EXTERNAL" : Crypto operations are performed by an external key manager. |
| /// - "EXTERNAL_VPC" : Crypto operations are performed in an EKM-over-VPC |
| /// backend. |
| /// - "HSM_SINGLE_TENANT" : Crypto operations are performed in a single-tenant |
| /// HSM. |
| core.String? protectionLevel; |
| |
| /// Whether or not this key version is eligible for reimport, by being |
| /// specified as a target in ImportCryptoKeyVersionRequest.crypto_key_version. |
| /// |
| /// Output only. |
| core.bool? reimportEligible; |
| |
| /// The current state of the CryptoKeyVersion. |
| /// Possible string values are: |
| /// - "CRYPTO_KEY_VERSION_STATE_UNSPECIFIED" : Not specified. |
| /// - "PENDING_GENERATION" : This version is still being generated. It may not |
| /// be used, enabled, disabled, or destroyed yet. Cloud KMS will automatically |
| /// mark this version ENABLED as soon as the version is ready. |
| /// - "ENABLED" : This version may be used for cryptographic operations. |
| /// - "DISABLED" : This version may not be used, but the key material is still |
| /// available, and the version can be placed back into the ENABLED state. |
| /// - "DESTROYED" : The key material of this version is destroyed and no |
| /// longer stored. This version may only become ENABLED again if this version |
| /// is reimport_eligible and the original key material is reimported with a |
| /// call to KeyManagementService.ImportCryptoKeyVersion. |
| /// - "DESTROY_SCHEDULED" : This version is scheduled for destruction, and |
| /// will be destroyed soon. Call RestoreCryptoKeyVersion to put it back into |
| /// the DISABLED state. |
| /// - "PENDING_IMPORT" : This version is still being imported. It may not be |
| /// used, enabled, disabled, or destroyed yet. Cloud KMS will automatically |
| /// mark this version ENABLED as soon as the version is ready. |
| /// - "IMPORT_FAILED" : This version was not imported successfully. It may not |
| /// be used, enabled, disabled, or destroyed. The submitted key material has |
| /// been discarded. Additional details can be found in |
| /// CryptoKeyVersion.import_failure_reason. |
| /// - "GENERATION_FAILED" : This version was not generated successfully. It |
| /// may not be used, enabled, disabled, or destroyed. Additional details can |
| /// be found in CryptoKeyVersion.generation_failure_reason. |
| /// - "PENDING_EXTERNAL_DESTRUCTION" : This version was destroyed, and it may |
| /// not be used or enabled again. Cloud KMS is waiting for the corresponding |
| /// key material residing in an external key manager to be destroyed. |
| /// - "EXTERNAL_DESTRUCTION_FAILED" : This version was destroyed, and it may |
| /// not be used or enabled again. However, Cloud KMS could not confirm that |
| /// the corresponding key material residing in an external key manager was |
| /// destroyed. Additional details can be found in |
| /// CryptoKeyVersion.external_destruction_failure_reason. |
| core.String? state; |
| |
| CryptoKeyVersion({ |
| this.algorithm, |
| this.attestation, |
| this.createTime, |
| this.destroyEventTime, |
| this.destroyTime, |
| this.externalDestructionFailureReason, |
| this.externalProtectionLevelOptions, |
| this.generateTime, |
| this.generationFailureReason, |
| this.importFailureReason, |
| this.importJob, |
| this.importTime, |
| this.name, |
| this.protectionLevel, |
| this.reimportEligible, |
| this.state, |
| }); |
| |
| CryptoKeyVersion.fromJson(core.Map json_) |
| : this( |
| algorithm: json_['algorithm'] as core.String?, |
| attestation: json_.containsKey('attestation') |
| ? KeyOperationAttestation.fromJson( |
| json_['attestation'] as core.Map<core.String, core.dynamic>, |
| ) |
| : null, |
| createTime: json_['createTime'] as core.String?, |
| destroyEventTime: json_['destroyEventTime'] as core.String?, |
| destroyTime: json_['destroyTime'] as core.String?, |
| externalDestructionFailureReason: |
| json_['externalDestructionFailureReason'] as core.String?, |
| externalProtectionLevelOptions: |
| json_.containsKey('externalProtectionLevelOptions') |
| ? ExternalProtectionLevelOptions.fromJson( |
| json_['externalProtectionLevelOptions'] |
| as core.Map<core.String, core.dynamic>, |
| ) |
| : null, |
| generateTime: json_['generateTime'] as core.String?, |
| generationFailureReason: |
| json_['generationFailureReason'] as core.String?, |
| importFailureReason: json_['importFailureReason'] as core.String?, |
| importJob: json_['importJob'] as core.String?, |
| importTime: json_['importTime'] as core.String?, |
| name: json_['name'] as core.String?, |
| protectionLevel: json_['protectionLevel'] as core.String?, |
| reimportEligible: json_['reimportEligible'] as core.bool?, |
| state: json_['state'] as core.String?, |
| ); |
| |
| core.Map<core.String, core.dynamic> toJson() { |
| final algorithm = this.algorithm; |
| final attestation = this.attestation; |
| final createTime = this.createTime; |
| final destroyEventTime = this.destroyEventTime; |
| final destroyTime = this.destroyTime; |
| final externalDestructionFailureReason = |
| this.externalDestructionFailureReason; |
| final externalProtectionLevelOptions = this.externalProtectionLevelOptions; |
| final generateTime = this.generateTime; |
| final generationFailureReason = this.generationFailureReason; |
| final importFailureReason = this.importFailureReason; |
| final importJob = this.importJob; |
| final importTime = this.importTime; |
| final name = this.name; |
| final protectionLevel = this.protectionLevel; |
| final reimportEligible = this.reimportEligible; |
| final state = this.state; |
| return { |
| 'algorithm': ?algorithm, |
| 'attestation': ?attestation, |
| 'createTime': ?createTime, |
| 'destroyEventTime': ?destroyEventTime, |
| 'destroyTime': ?destroyTime, |
| 'externalDestructionFailureReason': ?externalDestructionFailureReason, |
| 'externalProtectionLevelOptions': ?externalProtectionLevelOptions, |
| 'generateTime': ?generateTime, |
| 'generationFailureReason': ?generationFailureReason, |
| 'importFailureReason': ?importFailureReason, |
| 'importJob': ?importJob, |
| 'importTime': ?importTime, |
| 'name': ?name, |
| 'protectionLevel': ?protectionLevel, |
| 'reimportEligible': ?reimportEligible, |
| 'state': ?state, |
| }; |
| } |
| } |
| |
| /// A CryptoKeyVersionTemplate specifies the properties to use when creating a |
| /// new CryptoKeyVersion, either manually with CreateCryptoKeyVersion or |
| /// automatically as a result of auto-rotation. |
| typedef CryptoKeyVersionTemplate = $CryptoKeyVersionTemplate; |
| |
| /// Request message for KeyManagementService.Decapsulate. |
| class DecapsulateRequest { |
| /// The ciphertext produced from encapsulation with the named CryptoKeyVersion |
| /// public key(s). |
| /// |
| /// Required. |
| core.String? ciphertext; |
| core.List<core.int> get ciphertextAsBytes => |
| convert.base64.decode(ciphertext!); |
| |
| set ciphertextAsBytes(core.List<core.int> bytes_) { |
| ciphertext = convert.base64 |
| .encode(bytes_) |
| .replaceAll('/', '_') |
| .replaceAll('+', '-'); |
| } |
| |
| /// A CRC32C checksum of the DecapsulateRequest.ciphertext. |
| /// |
| /// If specified, KeyManagementService will verify the integrity of the |
| /// received DecapsulateRequest.ciphertext using this checksum. |
| /// KeyManagementService will report an error if the checksum verification |
| /// fails. If you receive a checksum error, your client should verify that |
| /// CRC32C(DecapsulateRequest.ciphertext) is equal to |
| /// DecapsulateRequest.ciphertext_crc32c, and if so, perform a limited number |
| /// of retries. A persistent mismatch may indicate an issue in your |
| /// computation of the CRC32C checksum. Note: This field is defined as int64 |
| /// for reasons of compatibility across different languages. However, it is a |
| /// non-negative integer, which will never exceed 2^32-1, and can be safely |
| /// downconverted to uint32 in languages that support this type. |
| /// |
| /// Optional. |
| core.String? ciphertextCrc32c; |
| |
| DecapsulateRequest({this.ciphertext, this.ciphertextCrc32c}); |
| |
| DecapsulateRequest.fromJson(core.Map json_) |
| : this( |
| ciphertext: json_['ciphertext'] as core.String?, |
| ciphertextCrc32c: json_['ciphertextCrc32c'] as core.String?, |
| ); |
| |
| core.Map<core.String, core.dynamic> toJson() { |
| final ciphertext = this.ciphertext; |
| final ciphertextCrc32c = this.ciphertextCrc32c; |
| return {'ciphertext': ?ciphertext, 'ciphertextCrc32c': ?ciphertextCrc32c}; |
| } |
| } |
| |
| /// Response message for KeyManagementService.Decapsulate. |
| class DecapsulateResponse { |
| /// The resource name of the CryptoKeyVersion used for decapsulation. |
| /// |
| /// Check this field to verify that the intended resource was used for |
| /// decapsulation. |
| core.String? name; |
| |
| /// The ProtectionLevel of the CryptoKeyVersion used in decapsulation. |
| /// Possible string values are: |
| /// - "PROTECTION_LEVEL_UNSPECIFIED" : Not specified. |
| /// - "SOFTWARE" : Crypto operations are performed in software. |
| /// - "HSM" : Crypto operations are performed in a Hardware Security Module. |
| /// - "EXTERNAL" : Crypto operations are performed by an external key manager. |
| /// - "EXTERNAL_VPC" : Crypto operations are performed in an EKM-over-VPC |
| /// backend. |
| /// - "HSM_SINGLE_TENANT" : Crypto operations are performed in a single-tenant |
| /// HSM. |
| core.String? protectionLevel; |
| |
| /// The decapsulated shared_secret originally encapsulated with the matching |
| /// public key. |
| core.String? sharedSecret; |
| core.List<core.int> get sharedSecretAsBytes => |
| convert.base64.decode(sharedSecret!); |
| |
| set sharedSecretAsBytes(core.List<core.int> bytes_) { |
| sharedSecret = convert.base64 |
| .encode(bytes_) |
| .replaceAll('/', '_') |
| .replaceAll('+', '-'); |
| } |
| |
| /// Integrity verification field. |
| /// |
| /// A CRC32C checksum of the returned DecapsulateResponse.shared_secret. An |
| /// integrity check of DecapsulateResponse.shared_secret can be performed by |
| /// computing the CRC32C checksum of DecapsulateResponse.shared_secret and |
| /// comparing your results to this field. Discard the response in case of |
| /// non-matching checksum values, and perform a limited number of retries. A |
| /// persistent mismatch may indicate an issue in your computation of the |
| /// CRC32C checksum. Note: receiving this response message indicates that |
| /// KeyManagementService is able to successfully decrypt the ciphertext. Note: |
| /// This field is defined as int64 for reasons of compatibility across |
| /// different languages. However, it is a non-negative integer, which will |
| /// never exceed 2^32-1, and can be safely downconverted to uint32 in |
| /// languages that support this type. |
| core.String? sharedSecretCrc32c; |
| |
| /// Integrity verification field. |
| /// |
| /// A flag indicating whether DecapsulateRequest.ciphertext_crc32c was |
| /// received by KeyManagementService and used for the integrity verification |
| /// of the ciphertext. A false value of this field indicates either that |
| /// DecapsulateRequest.ciphertext_crc32c was left unset or that it was not |
| /// delivered to KeyManagementService. If you've set |
| /// DecapsulateRequest.ciphertext_crc32c but this field is still false, |
| /// discard the response and perform a limited number of retries. |
| core.bool? verifiedCiphertextCrc32c; |
| |
| DecapsulateResponse({ |
| this.name, |
| this.protectionLevel, |
| this.sharedSecret, |
| this.sharedSecretCrc32c, |
| this.verifiedCiphertextCrc32c, |
| }); |
| |
| DecapsulateResponse.fromJson(core.Map json_) |
| : this( |
| name: json_['name'] as core.String?, |
| protectionLevel: json_['protectionLevel'] as core.String?, |
| sharedSecret: json_['sharedSecret'] as core.String?, |
| sharedSecretCrc32c: json_['sharedSecretCrc32c'] as core.String?, |
| verifiedCiphertextCrc32c: |
| json_['verifiedCiphertextCrc32c'] as core.bool?, |
| ); |
| |
| core.Map<core.String, core.dynamic> toJson() { |
| final name = this.name; |
| final protectionLevel = this.protectionLevel; |
| final sharedSecret = this.sharedSecret; |
| final sharedSecretCrc32c = this.sharedSecretCrc32c; |
| final verifiedCiphertextCrc32c = this.verifiedCiphertextCrc32c; |
| return { |
| 'name': ?name, |
| 'protectionLevel': ?protectionLevel, |
| 'sharedSecret': ?sharedSecret, |
| 'sharedSecretCrc32c': ?sharedSecretCrc32c, |
| 'verifiedCiphertextCrc32c': ?verifiedCiphertextCrc32c, |
| }; |
| } |
| } |
| |
| /// Request message for KeyManagementService.Decrypt. |
| class DecryptRequest { |
| /// Optional data that must match the data originally supplied in |
| /// EncryptRequest.additional_authenticated_data. |
| /// |
| /// Optional. |
| core.String? additionalAuthenticatedData; |
| core.List<core.int> get additionalAuthenticatedDataAsBytes => |
| convert.base64.decode(additionalAuthenticatedData!); |
| |
| set additionalAuthenticatedDataAsBytes(core.List<core.int> bytes_) { |
| additionalAuthenticatedData = convert.base64 |
| .encode(bytes_) |
| .replaceAll('/', '_') |
| .replaceAll('+', '-'); |
| } |
| |
| /// An optional CRC32C checksum of the |
| /// DecryptRequest.additional_authenticated_data. |
| /// |
| /// If specified, KeyManagementService will verify the integrity of the |
| /// received DecryptRequest.additional_authenticated_data using this checksum. |
| /// KeyManagementService will report an error if the checksum verification |
| /// fails. If you receive a checksum error, your client should verify that |
| /// CRC32C(DecryptRequest.additional_authenticated_data) is equal to |
| /// DecryptRequest.additional_authenticated_data_crc32c, and if so, perform a |
| /// limited number of retries. A persistent mismatch may indicate an issue in |
| /// your computation of the CRC32C checksum. Note: This field is defined as |
| /// int64 for reasons of compatibility across different languages. However, it |
| /// is a non-negative integer, which will never exceed 2^32-1, and can be |
| /// safely downconverted to uint32 in languages that support this type. |
| /// |
| /// Optional. |
| core.String? additionalAuthenticatedDataCrc32c; |
| |
| /// The encrypted data originally returned in EncryptResponse.ciphertext. |
| /// |
| /// Required. |
| core.String? ciphertext; |
| core.List<core.int> get ciphertextAsBytes => |
| convert.base64.decode(ciphertext!); |
| |
| set ciphertextAsBytes(core.List<core.int> bytes_) { |
| ciphertext = convert.base64 |
| .encode(bytes_) |
| .replaceAll('/', '_') |
| .replaceAll('+', '-'); |
| } |
| |
| /// An optional CRC32C checksum of the DecryptRequest.ciphertext. |
| /// |
| /// If specified, KeyManagementService will verify the integrity of the |
| /// received DecryptRequest.ciphertext using this checksum. |
| /// KeyManagementService will report an error if the checksum verification |
| /// fails. If you receive a checksum error, your client should verify that |
| /// CRC32C(DecryptRequest.ciphertext) is equal to |
| /// DecryptRequest.ciphertext_crc32c, and if so, perform a limited number of |
| /// retries. A persistent mismatch may indicate an issue in your computation |
| /// of the CRC32C checksum. Note: This field is defined as int64 for reasons |
| /// of compatibility across different languages. However, it is a non-negative |
| /// integer, which will never exceed 2^32-1, and can be safely downconverted |
| /// to uint32 in languages that support this type. |
| /// |
| /// Optional. |
| core.String? ciphertextCrc32c; |
| |
| DecryptRequest({ |
| this.additionalAuthenticatedData, |
| this.additionalAuthenticatedDataCrc32c, |
| this.ciphertext, |
| this.ciphertextCrc32c, |
| }); |
| |
| DecryptRequest.fromJson(core.Map json_) |
| : this( |
| additionalAuthenticatedData: |
| json_['additionalAuthenticatedData'] as core.String?, |
| additionalAuthenticatedDataCrc32c: |
| json_['additionalAuthenticatedDataCrc32c'] as core.String?, |
| ciphertext: json_['ciphertext'] as core.String?, |
| ciphertextCrc32c: json_['ciphertextCrc32c'] as core.String?, |
| ); |
| |
| core.Map<core.String, core.dynamic> toJson() { |
| final additionalAuthenticatedData = this.additionalAuthenticatedData; |
| final additionalAuthenticatedDataCrc32c = |
| this.additionalAuthenticatedDataCrc32c; |
| final ciphertext = this.ciphertext; |
| final ciphertextCrc32c = this.ciphertextCrc32c; |
| return { |
| 'additionalAuthenticatedData': ?additionalAuthenticatedData, |
| 'additionalAuthenticatedDataCrc32c': ?additionalAuthenticatedDataCrc32c, |
| 'ciphertext': ?ciphertext, |
| 'ciphertextCrc32c': ?ciphertextCrc32c, |
| }; |
| } |
| } |
| |
| /// Response message for KeyManagementService.Decrypt. |
| class DecryptResponse { |
| /// The decrypted data originally supplied in EncryptRequest.plaintext. |
| core.String? plaintext; |
| core.List<core.int> get plaintextAsBytes => convert.base64.decode(plaintext!); |
| |
| set plaintextAsBytes(core.List<core.int> bytes_) { |
| plaintext = convert.base64 |
| .encode(bytes_) |
| .replaceAll('/', '_') |
| .replaceAll('+', '-'); |
| } |
| |
| /// Integrity verification field. |
| /// |
| /// A CRC32C checksum of the returned DecryptResponse.plaintext. An integrity |
| /// check of DecryptResponse.plaintext can be performed by computing the |
| /// CRC32C checksum of DecryptResponse.plaintext and comparing your results to |
| /// this field. Discard the response in case of non-matching checksum values, |
| /// and perform a limited number of retries. A persistent mismatch may |
| /// indicate an issue in your computation of the CRC32C checksum. Note: |
| /// receiving this response message indicates that KeyManagementService is |
| /// able to successfully decrypt the ciphertext. Note: This field is defined |
| /// as int64 for reasons of compatibility across different languages. However, |
| /// it is a non-negative integer, which will never exceed 2^32-1, and can be |
| /// safely downconverted to uint32 in languages that support this type. |
| core.String? plaintextCrc32c; |
| |
| /// The ProtectionLevel of the CryptoKeyVersion used in decryption. |
| /// Possible string values are: |
| /// - "PROTECTION_LEVEL_UNSPECIFIED" : Not specified. |
| /// - "SOFTWARE" : Crypto operations are performed in software. |
| /// - "HSM" : Crypto operations are performed in a Hardware Security Module. |
| /// - "EXTERNAL" : Crypto operations are performed by an external key manager. |
| /// - "EXTERNAL_VPC" : Crypto operations are performed in an EKM-over-VPC |
| /// backend. |
| /// - "HSM_SINGLE_TENANT" : Crypto operations are performed in a single-tenant |
| /// HSM. |
| core.String? protectionLevel; |
| |
| /// Whether the Decryption was performed using the primary key version. |
| core.bool? usedPrimary; |
| |
| DecryptResponse({ |
| this.plaintext, |
| this.plaintextCrc32c, |
| this.protectionLevel, |
| this.usedPrimary, |
| }); |
| |
| DecryptResponse.fromJson(core.Map json_) |
| : this( |
| plaintext: json_['plaintext'] as core.String?, |
| plaintextCrc32c: json_['plaintextCrc32c'] as core.String?, |
| protectionLevel: json_['protectionLevel'] as core.String?, |
| usedPrimary: json_['usedPrimary'] as core.bool?, |
| ); |
| |
| core.Map<core.String, core.dynamic> toJson() { |
| final plaintext = this.plaintext; |
| final plaintextCrc32c = this.plaintextCrc32c; |
| final protectionLevel = this.protectionLevel; |
| final usedPrimary = this.usedPrimary; |
| return { |
| 'plaintext': ?plaintext, |
| 'plaintextCrc32c': ?plaintextCrc32c, |
| 'protectionLevel': ?protectionLevel, |
| 'usedPrimary': ?usedPrimary, |
| }; |
| } |
| } |
| |
| /// Delete the SingleTenantHsmInstance. |
| /// |
| /// Deleting a SingleTenantHsmInstance will make all CryptoKeys attached to the |
| /// SingleTenantHsmInstance unusable. The SingleTenantHsmInstance must not be in |
| /// the DELETING or DELETED state to perform this operation. |
| typedef DeleteSingleTenantHsmInstance = $Empty; |
| |
| /// Request message for KeyManagementService.DestroyCryptoKeyVersion. |
| typedef DestroyCryptoKeyVersionRequest = $Empty; |
| |
| /// A Digest holds a cryptographic message digest. |
| class Digest { |
| /// A message digest produced with SHAKE-256, to be used with ML-DSA |
| /// external-μ algorithms only. |
| /// |
| /// See "message representative" note in section 6.2, algorithm 7 of the |
| /// FIPS-204 standard: https://doi.org/10.6028/nist.fips.204 |
| core.String? externalMu; |
| core.List<core.int> get externalMuAsBytes => |
| convert.base64.decode(externalMu!); |
| |
| set externalMuAsBytes(core.List<core.int> bytes_) { |
| externalMu = convert.base64 |
| .encode(bytes_) |
| .replaceAll('/', '_') |
| .replaceAll('+', '-'); |
| } |
| |
| /// A message digest produced with the SHA-256 algorithm. |
| core.String? sha256; |
| core.List<core.int> get sha256AsBytes => convert.base64.decode(sha256!); |
| |
| set sha256AsBytes(core.List<core.int> bytes_) { |
| sha256 = convert.base64 |
| .encode(bytes_) |
| .replaceAll('/', '_') |
| .replaceAll('+', '-'); |
| } |
| |
| /// A message digest produced with the SHA-384 algorithm. |
| core.String? sha384; |
| core.List<core.int> get sha384AsBytes => convert.base64.decode(sha384!); |
| |
| set sha384AsBytes(core.List<core.int> bytes_) { |
| sha384 = convert.base64 |
| .encode(bytes_) |
| .replaceAll('/', '_') |
| .replaceAll('+', '-'); |
| } |
| |
| /// A message digest produced with the SHA-512 algorithm. |
| core.String? sha512; |
| core.List<core.int> get sha512AsBytes => convert.base64.decode(sha512!); |
| |
| set sha512AsBytes(core.List<core.int> bytes_) { |
| sha512 = convert.base64 |
| .encode(bytes_) |
| .replaceAll('/', '_') |
| .replaceAll('+', '-'); |
| } |
| |
| Digest({this.externalMu, this.sha256, this.sha384, this.sha512}); |
| |
| Digest.fromJson(core.Map json_) |
| : this( |
| externalMu: json_['externalMu'] as core.String?, |
| sha256: json_['sha256'] as core.String?, |
| sha384: json_['sha384'] as core.String?, |
| sha512: json_['sha512'] as core.String?, |
| ); |
| |
| core.Map<core.String, core.dynamic> toJson() { |
| final externalMu = this.externalMu; |
| final sha256 = this.sha256; |
| final sha384 = this.sha384; |
| final sha512 = this.sha512; |
| return { |
| 'externalMu': ?externalMu, |
| 'sha256': ?sha256, |
| 'sha384': ?sha384, |
| 'sha512': ?sha512, |
| }; |
| } |
| } |
| |
| /// Disable the SingleTenantHsmInstance. |
| /// |
| /// The SingleTenantHsmInstance must be in the ACTIVE state to perform this |
| /// operation. |
| typedef DisableSingleTenantHsmInstance = $Empty; |
| |
| /// An EkmConfig is a singleton resource that represents configuration |
| /// parameters that apply to all CryptoKeys and CryptoKeyVersions with a |
| /// ProtectionLevel of EXTERNAL_VPC in a given project and location. |
| class EkmConfig { |
| /// Resource name of the default EkmConnection. |
| /// |
| /// Setting this field to the empty string removes the default. |
| /// |
| /// Optional. |
| core.String? defaultEkmConnection; |
| |
| /// The resource name for the EkmConfig in the format `projects / * /locations |
| /// / * /ekmConfig`. |
| /// |
| /// Output only. |
| core.String? name; |
| |
| EkmConfig({this.defaultEkmConnection, this.name}); |
| |
| EkmConfig.fromJson(core.Map json_) |
| : this( |
| defaultEkmConnection: json_['defaultEkmConnection'] as core.String?, |
| name: json_['name'] as core.String?, |
| ); |
| |
| core.Map<core.String, core.dynamic> toJson() { |
| final defaultEkmConnection = this.defaultEkmConnection; |
| final name = this.name; |
| return {'defaultEkmConnection': ?defaultEkmConnection, 'name': ?name}; |
| } |
| } |
| |
| /// An EkmConnection represents an individual EKM connection. |
| /// |
| /// It can be used for creating CryptoKeys and CryptoKeyVersions with a |
| /// ProtectionLevel of EXTERNAL_VPC, as well as performing cryptographic |
| /// operations using keys created within the EkmConnection. |
| class EkmConnection { |
| /// The time at which the EkmConnection was created. |
| /// |
| /// Output only. |
| core.String? createTime; |
| |
| /// Identifies the EKM Crypto Space that this EkmConnection maps to. |
| /// |
| /// Note: This field is required if KeyManagementMode is CLOUD_KMS. |
| /// |
| /// Optional. |
| core.String? cryptoSpacePath; |
| |
| /// Etag of the currently stored EkmConnection. |
| /// |
| /// Optional. |
| core.String? etag; |
| |
| /// Describes who can perform control plane operations on the EKM. |
| /// |
| /// If unset, this defaults to MANUAL. |
| /// |
| /// Optional. |
| /// Possible string values are: |
| /// - "KEY_MANAGEMENT_MODE_UNSPECIFIED" : Not specified. |
| /// - "MANUAL" : EKM-side key management operations on CryptoKeys created with |
| /// this EkmConnection must be initiated from the EKM directly and cannot be |
| /// performed from Cloud KMS. This means that: * When creating a |
| /// CryptoKeyVersion associated with this EkmConnection, the caller must |
| /// supply the key path of pre-existing external key material that will be |
| /// linked to the CryptoKeyVersion. * Destruction of external key material |
| /// cannot be requested via the Cloud KMS API and must be performed directly |
| /// in the EKM. * Automatic rotation of key material is not supported. |
| /// - "CLOUD_KMS" : All CryptoKeys created with this EkmConnection use |
| /// EKM-side key management operations initiated from Cloud KMS. This means |
| /// that: * When a CryptoKeyVersion associated with this EkmConnection is |
| /// created, the EKM automatically generates new key material and a new key |
| /// path. The caller cannot supply the key path of pre-existing external key |
| /// material. * Destruction of external key material associated with this |
| /// EkmConnection can be requested by calling DestroyCryptoKeyVersion. * |
| /// Automatic rotation of key material is supported. |
| core.String? keyManagementMode; |
| |
| /// The resource name for the EkmConnection in the format `projects / * |
| /// /locations / * /ekmConnections / * `. |
| /// |
| /// Output only. |
| core.String? name; |
| |
| /// A list of ServiceResolvers where the EKM can be reached. |
| /// |
| /// There should be one ServiceResolver per EKM replica. Currently, only a |
| /// single ServiceResolver is supported. |
| /// |
| /// Optional. |
| core.List<ServiceResolver>? serviceResolvers; |
| |
| EkmConnection({ |
| this.createTime, |
| this.cryptoSpacePath, |
| this.etag, |
| this.keyManagementMode, |
| this.name, |
| this.serviceResolvers, |
| }); |
| |
| EkmConnection.fromJson(core.Map json_) |
| : this( |
| createTime: json_['createTime'] as core.String?, |
| cryptoSpacePath: json_['cryptoSpacePath'] as core.String?, |
| etag: json_['etag'] as core.String?, |
| keyManagementMode: json_['keyManagementMode'] as core.String?, |
| name: json_['name'] as core.String?, |
| serviceResolvers: (json_['serviceResolvers'] as core.List?) |
| ?.map( |
| (value) => ServiceResolver.fromJson( |
| value as core.Map<core.String, core.dynamic>, |
| ), |
| ) |
| .toList(), |
| ); |
| |
| core.Map<core.String, core.dynamic> toJson() { |
| final createTime = this.createTime; |
| final cryptoSpacePath = this.cryptoSpacePath; |
| final etag = this.etag; |
| final keyManagementMode = this.keyManagementMode; |
| final name = this.name; |
| final serviceResolvers = this.serviceResolvers; |
| return { |
| 'createTime': ?createTime, |
| 'cryptoSpacePath': ?cryptoSpacePath, |
| 'etag': ?etag, |
| 'keyManagementMode': ?keyManagementMode, |
| 'name': ?name, |
| 'serviceResolvers': ?serviceResolvers, |
| }; |
| } |
| } |
| |
| /// A generic empty message that you can re-use to avoid defining duplicated |
| /// empty messages in your APIs. |
| /// |
| /// A typical example is to use it as the request or the response type of an API |
| /// method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns |
| /// (google.protobuf.Empty); } |
| typedef Empty = $Empty; |
| |
| /// Enable the SingleTenantHsmInstance. |
| /// |
| /// The SingleTenantHsmInstance must be in the DISABLED state to perform this |
| /// operation. |
| typedef EnableSingleTenantHsmInstance = $Empty; |
| |
| /// Request message for KeyManagementService.Encrypt. |
| class EncryptRequest { |
| /// Optional data that, if specified, must also be provided during decryption |
| /// through DecryptRequest.additional_authenticated_data. |
| /// |
| /// The maximum size depends on the key version's protection_level. For |
| /// SOFTWARE, EXTERNAL, and EXTERNAL_VPC keys the AAD must be no larger than |
| /// 64KiB. For HSM keys, the combined length of the plaintext and |
| /// additional_authenticated_data fields must be no larger than 8KiB. |
| /// |
| /// Optional. |
| core.String? additionalAuthenticatedData; |
| core.List<core.int> get additionalAuthenticatedDataAsBytes => |
| convert.base64.decode(additionalAuthenticatedData!); |
| |
| set additionalAuthenticatedDataAsBytes(core.List<core.int> bytes_) { |
| additionalAuthenticatedData = convert.base64 |
| .encode(bytes_) |
| .replaceAll('/', '_') |
| .replaceAll('+', '-'); |
| } |
| |
| /// An optional CRC32C checksum of the |
| /// EncryptRequest.additional_authenticated_data. |
| /// |
| /// If specified, KeyManagementService will verify the integrity of the |
| /// received EncryptRequest.additional_authenticated_data using this checksum. |
| /// KeyManagementService will report an error if the checksum verification |
| /// fails. If you receive a checksum error, your client should verify that |
| /// CRC32C(EncryptRequest.additional_authenticated_data) is equal to |
| /// EncryptRequest.additional_authenticated_data_crc32c, and if so, perform a |
| /// limited number of retries. A persistent mismatch may indicate an issue in |
| /// your computation of the CRC32C checksum. Note: This field is defined as |
| /// int64 for reasons of compatibility across different languages. However, it |
| /// is a non-negative integer, which will never exceed 2^32-1, and can be |
| /// safely downconverted to uint32 in languages that support this type. |
| /// |
| /// Optional. |
| core.String? additionalAuthenticatedDataCrc32c; |
| |
| /// The data to encrypt. |
| /// |
| /// Must be no larger than 64KiB. The maximum size depends on the key |
| /// version's protection_level. For SOFTWARE, EXTERNAL, and EXTERNAL_VPC keys, |
| /// the plaintext must be no larger than 64KiB. For HSM keys, the combined |
| /// length of the plaintext and additional_authenticated_data fields must be |
| /// no larger than 8KiB. |
| /// |
| /// Required. |
| core.String? plaintext; |
| core.List<core.int> get plaintextAsBytes => convert.base64.decode(plaintext!); |
| |
| set plaintextAsBytes(core.List<core.int> bytes_) { |
| plaintext = convert.base64 |
| .encode(bytes_) |
| .replaceAll('/', '_') |
| .replaceAll('+', '-'); |
| } |
| |
| /// An optional CRC32C checksum of the EncryptRequest.plaintext. |
| /// |
| /// If specified, KeyManagementService will verify the integrity of the |
| /// received EncryptRequest.plaintext using this checksum. |
| /// KeyManagementService will report an error if the checksum verification |
| /// fails. If you receive a checksum error, your client should verify that |
| /// CRC32C(EncryptRequest.plaintext) is equal to |
| /// EncryptRequest.plaintext_crc32c, and if so, perform a limited number of |
| /// retries. A persistent mismatch may indicate an issue in your computation |
| /// of the CRC32C checksum. Note: This field is defined as int64 for reasons |
| /// of compatibility across different languages. However, it is a non-negative |
| /// integer, which will never exceed 2^32-1, and can be safely downconverted |
| /// to uint32 in languages that support this type. |
| /// |
| /// Optional. |
| core.String? plaintextCrc32c; |
| |
| EncryptRequest({ |
| this.additionalAuthenticatedData, |
| this.additionalAuthenticatedDataCrc32c, |
| this.plaintext, |
| this.plaintextCrc32c, |
| }); |
| |
| EncryptRequest.fromJson(core.Map json_) |
| : this( |
| additionalAuthenticatedData: |
| json_['additionalAuthenticatedData'] as core.String?, |
| additionalAuthenticatedDataCrc32c: |
| json_['additionalAuthenticatedDataCrc32c'] as core.String?, |
| plaintext: json_['plaintext'] as core.String?, |
| plaintextCrc32c: json_['plaintextCrc32c'] as core.String?, |
| ); |
| |
| core.Map<core.String, core.dynamic> toJson() { |
| final additionalAuthenticatedData = this.additionalAuthenticatedData; |
| final additionalAuthenticatedDataCrc32c = |
| this.additionalAuthenticatedDataCrc32c; |
| final plaintext = this.plaintext; |
| final plaintextCrc32c = this.plaintextCrc32c; |
| return { |
| 'additionalAuthenticatedData': ?additionalAuthenticatedData, |
| 'additionalAuthenticatedDataCrc32c': ?additionalAuthenticatedDataCrc32c, |
| 'plaintext': ?plaintext, |
| 'plaintextCrc32c': ?plaintextCrc32c, |
| }; |
| } |
| } |
| |
| /// Response message for KeyManagementService.Encrypt. |
| class EncryptResponse { |
| /// The encrypted data. |
| core.String? ciphertext; |
| core.List<core.int> get ciphertextAsBytes => |
| convert.base64.decode(ciphertext!); |
| |
| set ciphertextAsBytes(core.List<core.int> bytes_) { |
| ciphertext = convert.base64 |
| .encode(bytes_) |
| .replaceAll('/', '_') |
| .replaceAll('+', '-'); |
| } |
| |
| /// Integrity verification field. |
| /// |
| /// A CRC32C checksum of the returned EncryptResponse.ciphertext. An integrity |
| /// check of EncryptResponse.ciphertext can be performed by computing the |
| /// CRC32C checksum of EncryptResponse.ciphertext and comparing your results |
| /// to this field. Discard the response in case of non-matching checksum |
| /// values, and perform a limited number of retries. A persistent mismatch may |
| /// indicate an issue in your computation of the CRC32C checksum. Note: This |
| /// field is defined as int64 for reasons of compatibility across different |
| /// languages. However, it is a non-negative integer, which will never exceed |
| /// 2^32-1, and can be safely downconverted to uint32 in languages that |
| /// support this type. |
| core.String? ciphertextCrc32c; |
| |
| /// The resource name of the CryptoKeyVersion used in encryption. |
| /// |
| /// Check this field to verify that the intended resource was used for |
| /// encryption. |
| core.String? name; |
| |
| /// The ProtectionLevel of the CryptoKeyVersion used in encryption. |
| /// Possible string values are: |
| /// - "PROTECTION_LEVEL_UNSPECIFIED" : Not specified. |
| /// - "SOFTWARE" : Crypto operations are performed in software. |
| /// - "HSM" : Crypto operations are performed in a Hardware Security Module. |
| /// - "EXTERNAL" : Crypto operations are performed by an external key manager. |
| /// - "EXTERNAL_VPC" : Crypto operations are performed in an EKM-over-VPC |
| /// backend. |
| /// - "HSM_SINGLE_TENANT" : Crypto operations are performed in a single-tenant |
| /// HSM. |
| core.String? protectionLevel; |
| |
| /// Integrity verification field. |
| /// |
| /// A flag indicating whether |
| /// EncryptRequest.additional_authenticated_data_crc32c was received by |
| /// KeyManagementService and used for the integrity verification of the AAD. A |
| /// false value of this field indicates either that |
| /// EncryptRequest.additional_authenticated_data_crc32c was left unset or that |
| /// it was not delivered to KeyManagementService. If you've set |
| /// EncryptRequest.additional_authenticated_data_crc32c but this field is |
| /// still false, discard the response and perform a limited number of retries. |
| core.bool? verifiedAdditionalAuthenticatedDataCrc32c; |
| |
| /// Integrity verification field. |
| /// |
| /// A flag indicating whether EncryptRequest.plaintext_crc32c was received by |
| /// KeyManagementService and used for the integrity verification of the |
| /// plaintext. A false value of this field indicates either that |
| /// EncryptRequest.plaintext_crc32c was left unset or that it was not |
| /// delivered to KeyManagementService. If you've set |
| /// EncryptRequest.plaintext_crc32c but this field is still false, discard the |
| /// response and perform a limited number of retries. |
| core.bool? verifiedPlaintextCrc32c; |
| |
| EncryptResponse({ |
| this.ciphertext, |
| this.ciphertextCrc32c, |
| this.name, |
| this.protectionLevel, |
| this.verifiedAdditionalAuthenticatedDataCrc32c, |
| this.verifiedPlaintextCrc32c, |
| }); |
| |
| EncryptResponse.fromJson(core.Map json_) |
| : this( |
| ciphertext: json_['ciphertext'] as core.String?, |
| ciphertextCrc32c: json_['ciphertextCrc32c'] as core.String?, |
| name: json_['name'] as core.String?, |
| protectionLevel: json_['protectionLevel'] as core.String?, |
| verifiedAdditionalAuthenticatedDataCrc32c: |
| json_['verifiedAdditionalAuthenticatedDataCrc32c'] as core.bool?, |
| verifiedPlaintextCrc32c: json_['verifiedPlaintextCrc32c'] as core.bool?, |
| ); |
| |
| core.Map<core.String, core.dynamic> toJson() { |
| final ciphertext = this.ciphertext; |
| final ciphertextCrc32c = this.ciphertextCrc32c; |
| final name = this.name; |
| final protectionLevel = this.protectionLevel; |
| final verifiedAdditionalAuthenticatedDataCrc32c = |
| this.verifiedAdditionalAuthenticatedDataCrc32c; |
| final verifiedPlaintextCrc32c = this.verifiedPlaintextCrc32c; |
| return { |
| 'ciphertext': ?ciphertext, |
| 'ciphertextCrc32c': ?ciphertextCrc32c, |
| 'name': ?name, |
| 'protectionLevel': ?protectionLevel, |
| 'verifiedAdditionalAuthenticatedDataCrc32c': |
| ?verifiedAdditionalAuthenticatedDataCrc32c, |
| 'verifiedPlaintextCrc32c': ?verifiedPlaintextCrc32c, |
| }; |
| } |
| } |
| |
| /// Request message for HsmManagement.ExecuteSingleTenantHsmInstanceProposal. |
| typedef ExecuteSingleTenantHsmInstanceProposalRequest = $Empty; |
| |
| /// Represents a textual expression in the Common Expression Language (CEL) |
| /// syntax. |
| /// |
| /// CEL is a C-like expression language. The syntax and semantics of CEL are |
| /// documented at https://github.com/google/cel-spec. Example (Comparison): |
| /// title: "Summary size limit" description: "Determines if a summary is less |
| /// than 100 chars" expression: "document.summary.size() \< 100" Example |
| /// (Equality): title: "Requestor is owner" description: "Determines if |
| /// requestor is the document owner" expression: "document.owner == |
| /// request.auth.claims.email" Example (Logic): title: "Public documents" |
| /// description: "Determine whether the document should be publicly visible" |
| /// expression: "document.type != 'private' && document.type != 'internal'" |
| /// Example (Data Manipulation): title: "Notification string" description: |
| /// "Create a notification string with a timestamp." expression: "'New message |
| /// received at ' + string(document.create_time)" The exact variables and |
| /// functions that may be referenced within an expression are determined by the |
| /// service that evaluates it. See the service documentation for additional |
| /// information. |
| typedef Expr = $Expr; |
| |
| /// ExternalProtectionLevelOptions stores a group of additional fields for |
| /// configuring a CryptoKeyVersion that are specific to the EXTERNAL protection |
| /// level and EXTERNAL_VPC protection levels. |
| typedef ExternalProtectionLevelOptions = $ExternalProtectionLevelOptions; |
| |
| /// Request message for KeyManagementService.GenerateRandomBytes. |
| class GenerateRandomBytesRequest { |
| /// The length in bytes of the amount of randomness to retrieve. |
| /// |
| /// Minimum 8 bytes, maximum 1024 bytes. |
| core.int? lengthBytes; |
| |
| /// The ProtectionLevel to use when generating the random data. |
| /// |
| /// Currently, only HSM protection level is supported. |
| /// Possible string values are: |
| /// - "PROTECTION_LEVEL_UNSPECIFIED" : Not specified. |
| /// - "SOFTWARE" : Crypto operations are performed in software. |
| /// - "HSM" : Crypto operations are performed in a Hardware Security Module. |
| /// - "EXTERNAL" : Crypto operations are performed by an external key manager. |
| /// - "EXTERNAL_VPC" : Crypto operations are performed in an EKM-over-VPC |
| /// backend. |
| /// - "HSM_SINGLE_TENANT" : Crypto operations are performed in a single-tenant |
| /// HSM. |
| core.String? protectionLevel; |
| |
| GenerateRandomBytesRequest({this.lengthBytes, this.protectionLevel}); |
| |
| GenerateRandomBytesRequest.fromJson(core.Map json_) |
| : this( |
| lengthBytes: json_['lengthBytes'] as core.int?, |
| protectionLevel: json_['protectionLevel'] as core.String?, |
| ); |
| |
| core.Map<core.String, core.dynamic> toJson() { |
| final lengthBytes = this.lengthBytes; |
| final protectionLevel = this.protectionLevel; |
| return {'lengthBytes': ?lengthBytes, 'protectionLevel': ?protectionLevel}; |
| } |
| } |
| |
| /// Response message for KeyManagementService.GenerateRandomBytes. |
| class GenerateRandomBytesResponse { |
| /// The generated data. |
| core.String? data; |
| core.List<core.int> get dataAsBytes => convert.base64.decode(data!); |
| |
| set dataAsBytes(core.List<core.int> bytes_) { |
| data = convert.base64 |
| .encode(bytes_) |
| .replaceAll('/', '_') |
| .replaceAll('+', '-'); |
| } |
| |
| /// Integrity verification field. |
| /// |
| /// A CRC32C checksum of the returned GenerateRandomBytesResponse.data. An |
| /// integrity check of GenerateRandomBytesResponse.data can be performed by |
| /// computing the CRC32C checksum of GenerateRandomBytesResponse.data and |
| /// comparing your results to this field. Discard the response in case of |
| /// non-matching checksum values, and perform a limited number of retries. A |
| /// persistent mismatch may indicate an issue in your computation of the |
| /// CRC32C checksum. Note: This field is defined as int64 for reasons of |
| /// compatibility across different languages. However, it is a non-negative |
| /// integer, which will never exceed 2^32-1, and can be safely downconverted |
| /// to uint32 in languages that support this type. |
| core.String? dataCrc32c; |
| |
| GenerateRandomBytesResponse({this.data, this.dataCrc32c}); |
| |
| GenerateRandomBytesResponse.fromJson(core.Map json_) |
| : this( |
| data: json_['data'] as core.String?, |
| dataCrc32c: json_['dataCrc32c'] as core.String?, |
| ); |
| |
| core.Map<core.String, core.dynamic> toJson() { |
| final data = this.data; |
| final dataCrc32c = this.dataCrc32c; |
| return {'data': ?data, 'dataCrc32c': ?dataCrc32c}; |
| } |
| } |
| |
| /// Request message for KeyManagementService.ImportCryptoKeyVersion. |
| class ImportCryptoKeyVersionRequest { |
| /// The algorithm of the key being imported. |
| /// |
| /// This does not need to match the version_template of the CryptoKey this |
| /// version imports into. |
| /// |
| /// Required. |
| /// Possible string values are: |
| /// - "CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED" : Not specified. |
| /// - "GOOGLE_SYMMETRIC_ENCRYPTION" : Creates symmetric encryption keys. |
| /// - "AES_128_GCM" : AES-GCM (Galois Counter Mode) using 128-bit keys. |
| /// - "AES_256_GCM" : AES-GCM (Galois Counter Mode) using 256-bit keys. |
| /// - "AES_128_CBC" : AES-CBC (Cipher Block Chaining Mode) using 128-bit keys. |
| /// - "AES_256_CBC" : AES-CBC (Cipher Block Chaining Mode) using 256-bit keys. |
| /// - "AES_128_CTR" : AES-CTR (Counter Mode) using 128-bit keys. |
| /// - "AES_256_CTR" : AES-CTR (Counter Mode) using 256-bit keys. |
| /// - "RSA_SIGN_PSS_2048_SHA256" : RSASSA-PSS 2048 bit key with a SHA256 |
| /// digest. |
| /// - "RSA_SIGN_PSS_3072_SHA256" : RSASSA-PSS 3072 bit key with a SHA256 |
| /// digest. |
| /// - "RSA_SIGN_PSS_4096_SHA256" : RSASSA-PSS 4096 bit key with a SHA256 |
| /// digest. |
| /// - "RSA_SIGN_PSS_4096_SHA512" : RSASSA-PSS 4096 bit key with a SHA512 |
| /// digest. |
| /// - "RSA_SIGN_PKCS1_2048_SHA256" : RSASSA-PKCS1-v1_5 with a 2048 bit key and |
| /// a SHA256 digest. |
| /// - "RSA_SIGN_PKCS1_3072_SHA256" : RSASSA-PKCS1-v1_5 with a 3072 bit key and |
| /// a SHA256 digest. |
| /// - "RSA_SIGN_PKCS1_4096_SHA256" : RSASSA-PKCS1-v1_5 with a 4096 bit key and |
| /// a SHA256 digest. |
| /// - "RSA_SIGN_PKCS1_4096_SHA512" : RSASSA-PKCS1-v1_5 with a 4096 bit key and |
| /// a SHA512 digest. |
| /// - "RSA_SIGN_RAW_PKCS1_2048" : RSASSA-PKCS1-v1_5 signing without encoding, |
| /// with a 2048 bit key. |
| /// - "RSA_SIGN_RAW_PKCS1_3072" : RSASSA-PKCS1-v1_5 signing without encoding, |
| /// with a 3072 bit key. |
| /// - "RSA_SIGN_RAW_PKCS1_4096" : RSASSA-PKCS1-v1_5 signing without encoding, |
| /// with a 4096 bit key. |
| /// - "RSA_DECRYPT_OAEP_2048_SHA256" : RSAES-OAEP 2048 bit key with a SHA256 |
| /// digest. |
| /// - "RSA_DECRYPT_OAEP_3072_SHA256" : RSAES-OAEP 3072 bit key with a SHA256 |
| /// digest. |
| /// - "RSA_DECRYPT_OAEP_4096_SHA256" : RSAES-OAEP 4096 bit key with a SHA256 |
| /// digest. |
| /// - "RSA_DECRYPT_OAEP_4096_SHA512" : RSAES-OAEP 4096 bit key with a SHA512 |
| /// digest. |
| /// - "RSA_DECRYPT_OAEP_2048_SHA1" : RSAES-OAEP 2048 bit key with a SHA1 |
| /// digest. |
| /// - "RSA_DECRYPT_OAEP_3072_SHA1" : RSAES-OAEP 3072 bit key with a SHA1 |
| /// digest. |
| /// - "RSA_DECRYPT_OAEP_4096_SHA1" : RSAES-OAEP 4096 bit key with a SHA1 |
| /// digest. |
| /// - "EC_SIGN_P256_SHA256" : ECDSA on the NIST P-256 curve with a SHA256 |
| /// digest. Other hash functions can also be used: |
| /// https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms |
| /// - "EC_SIGN_P384_SHA384" : ECDSA on the NIST P-384 curve with a SHA384 |
| /// digest. Other hash functions can also be used: |
| /// https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms |
| /// - "EC_SIGN_SECP256K1_SHA256" : ECDSA on the non-NIST secp256k1 curve. This |
| /// curve is only supported for HSM protection level. Other hash functions can |
| /// also be used: |
| /// https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms |
| /// - "EC_SIGN_ED25519" : EdDSA on the Curve25519 in pure mode (taking data as |
| /// input). |
| /// - "HMAC_SHA256" : HMAC-SHA256 signing with a 256 bit key. |
| /// - "HMAC_SHA1" : HMAC-SHA1 signing with a 160 bit key. |
| /// - "HMAC_SHA384" : HMAC-SHA384 signing with a 384 bit key. |
| /// - "HMAC_SHA512" : HMAC-SHA512 signing with a 512 bit key. |
| /// - "HMAC_SHA224" : HMAC-SHA224 signing with a 224 bit key. |
| /// - "EXTERNAL_SYMMETRIC_ENCRYPTION" : Algorithm representing symmetric |
| /// encryption by an external key manager. |
| /// - "ML_KEM_768" : ML-KEM-768 (FIPS 203) |
| /// - "ML_KEM_1024" : ML-KEM-1024 (FIPS 203) |
| /// - "KEM_XWING" : X-Wing hybrid KEM combining ML-KEM-768 with X25519 |
| /// following datatracker.ietf.org/doc/draft-connolly-cfrg-xwing-kem/. |
| /// - "PQ_SIGN_ML_DSA_44" : The post-quantum Module-Lattice-Based Digital |
| /// Signature Algorithm, at security level 1. Randomized version. |
| /// - "PQ_SIGN_ML_DSA_65" : The post-quantum Module-Lattice-Based Digital |
| /// Signature Algorithm, at security level 3. Randomized version. |
| /// - "PQ_SIGN_ML_DSA_87" : The post-quantum Module-Lattice-Based Digital |
| /// Signature Algorithm, at security level 5. Randomized version. |
| /// - "PQ_SIGN_SLH_DSA_SHA2_128S" : The post-quantum stateless hash-based |
| /// digital signature algorithm, at security level 1. Randomized version. |
| /// - "PQ_SIGN_HASH_SLH_DSA_SHA2_128S_SHA256" : The post-quantum stateless |
| /// hash-based digital signature algorithm, at security level 1. Randomized |
| /// pre-hash version supporting SHA256 digests. |
| /// - "PQ_SIGN_ML_DSA_44_EXTERNAL_MU" : The post-quantum Module-Lattice-Based |
| /// Digital Signature Algorithm, at security level 1. Randomized version |
| /// supporting externally-computed message representatives. |
| /// - "PQ_SIGN_ML_DSA_65_EXTERNAL_MU" : The post-quantum Module-Lattice-Based |
| /// Digital Signature Algorithm, at security level 3. Randomized version |
| /// supporting externally-computed message representatives. |
| /// - "PQ_SIGN_ML_DSA_87_EXTERNAL_MU" : The post-quantum Module-Lattice-Based |
| /// Digital Signature Algorithm, at security level 5. Randomized version |
| /// supporting externally-computed message representatives. |
| core.String? algorithm; |
| |
| /// The optional name of an existing CryptoKeyVersion to target for an import |
| /// operation. |
| /// |
| /// If this field is not present, a new CryptoKeyVersion containing the |
| /// supplied key material is created. If this field is present, the supplied |
| /// key material is imported into the existing CryptoKeyVersion. To import |
| /// into an existing CryptoKeyVersion, the CryptoKeyVersion must be a child of |
| /// ImportCryptoKeyVersionRequest.parent, have been previously created via |
| /// ImportCryptoKeyVersion, and be in DESTROYED or IMPORT_FAILED state. The |
| /// key material and algorithm must match the previous CryptoKeyVersion |
| /// exactly if the CryptoKeyVersion has ever contained key material. |
| /// |
| /// Optional. |
| core.String? cryptoKeyVersion; |
| |
| /// The name of the ImportJob that was used to wrap this key material. |
| /// |
| /// Required. |
| core.String? importJob; |
| |
| /// This field has the same meaning as wrapped_key. |
| /// |
| /// Prefer to use that field in new work. Either that field or this field (but |
| /// not both) must be specified. |
| /// |
| /// Optional. |
| core.String? rsaAesWrappedKey; |
| core.List<core.int> get rsaAesWrappedKeyAsBytes => |
| convert.base64.decode(rsaAesWrappedKey!); |
| |
| set rsaAesWrappedKeyAsBytes(core.List<core.int> bytes_) { |
| rsaAesWrappedKey = convert.base64 |
| .encode(bytes_) |
| .replaceAll('/', '_') |
| .replaceAll('+', '-'); |
| } |
| |
| /// The wrapped key material to import. |
| /// |
| /// Before wrapping, key material must be formatted. If importing symmetric |
| /// key material, the expected key material format is plain bytes. If |
| /// importing asymmetric key material, the expected key material format is |
| /// PKCS#8-encoded DER (the PrivateKeyInfo structure from RFC 5208). When |
| /// wrapping with import methods (RSA_OAEP_3072_SHA1_AES_256 or |
| /// RSA_OAEP_4096_SHA1_AES_256 or RSA_OAEP_3072_SHA256_AES_256 or |
| /// RSA_OAEP_4096_SHA256_AES_256), this field must contain the concatenation |
| /// of: 1. An ephemeral AES-256 wrapping key wrapped with the public_key using |
| /// RSAES-OAEP with SHA-1/SHA-256, MGF1 with SHA-1/SHA-256, and an empty |
| /// label. 2. The formatted key to be imported, wrapped with the ephemeral |
| /// AES-256 key using AES-KWP (RFC 5649). This format is the same as the |
| /// format produced by PKCS#11 mechanism CKM_RSA_AES_KEY_WRAP. When wrapping |
| /// with import methods (RSA_OAEP_3072_SHA256 or RSA_OAEP_4096_SHA256), this |
| /// field must contain the formatted key to be imported, wrapped with the |
| /// public_key using RSAES-OAEP with SHA-256, MGF1 with SHA-256, and an empty |
| /// label. |
| /// |
| /// Optional. |
| core.String? wrappedKey; |
| core.List<core.int> get wrappedKeyAsBytes => |
| convert.base64.decode(wrappedKey!); |
| |
| set wrappedKeyAsBytes(core.List<core.int> bytes_) { |
| wrappedKey = convert.base64 |
| .encode(bytes_) |
| .replaceAll('/', '_') |
| .replaceAll('+', '-'); |
| } |
| |
| ImportCryptoKeyVersionRequest({ |
| this.algorithm, |
| this.cryptoKeyVersion, |
| this.importJob, |
| this.rsaAesWrappedKey, |
| this.wrappedKey, |
| }); |
| |
| ImportCryptoKeyVersionRequest.fromJson(core.Map json_) |
| : this( |
| algorithm: json_['algorithm'] as core.String?, |
| cryptoKeyVersion: json_['cryptoKeyVersion'] as core.String?, |
| importJob: json_['importJob'] as core.String?, |
| rsaAesWrappedKey: json_['rsaAesWrappedKey'] as core.String?, |
| wrappedKey: json_['wrappedKey'] as core.String?, |
| ); |
| |
| core.Map<core.String, core.dynamic> toJson() { |
| final algorithm = this.algorithm; |
| final cryptoKeyVersion = this.cryptoKeyVersion; |
| final importJob = this.importJob; |
| final rsaAesWrappedKey = this.rsaAesWrappedKey; |
| final wrappedKey = this.wrappedKey; |
| return { |
| 'algorithm': ?algorithm, |
| 'cryptoKeyVersion': ?cryptoKeyVersion, |
| 'importJob': ?importJob, |
| 'rsaAesWrappedKey': ?rsaAesWrappedKey, |
| 'wrappedKey': ?wrappedKey, |
| }; |
| } |
| } |
| |
| /// An ImportJob can be used to create CryptoKeys and CryptoKeyVersions using |
| /// pre-existing key material, generated outside of Cloud KMS. |
| /// |
| /// When an ImportJob is created, Cloud KMS will generate a "wrapping key", |
| /// which is a public/private key pair. You use the wrapping key to encrypt |
| /// (also known as wrap) the pre-existing key material to protect it during the |
| /// import process. The nature of the wrapping key depends on the choice of |
| /// import_method. When the wrapping key generation is complete, the state will |
| /// be set to ACTIVE and the public_key can be fetched. The fetched public key |
| /// can then be used to wrap your pre-existing key material. Once the key |
| /// material is wrapped, it can be imported into a new CryptoKeyVersion in an |
| /// existing CryptoKey by calling ImportCryptoKeyVersion. Multiple |
| /// CryptoKeyVersions can be imported with a single ImportJob. Cloud KMS uses |
| /// the private key portion of the wrapping key to unwrap the key material. Only |
| /// Cloud KMS has access to the private key. An ImportJob expires 3 days after |
| /// it is created. Once expired, Cloud KMS will no longer be able to import or |
| /// unwrap any key material that was wrapped with the ImportJob's public key. |
| /// For more information, see |
| /// [Importing a key](https://cloud.google.com/kms/docs/importing-a-key). |
| class ImportJob { |
| /// Statement that was generated and signed by the key creator (for example, |
| /// an HSM) at key creation time. |
| /// |
| /// Use this statement to verify attributes of the key as stored on the HSM, |
| /// independently of Google. Only present if the chosen ImportMethod is one |
| /// with a protection level of HSM. |
| /// |
| /// Output only. |
| KeyOperationAttestation? attestation; |
| |
| /// The time at which this ImportJob was created. |
| /// |
| /// Output only. |
| core.String? createTime; |
| |
| /// The resource name of the backend environment where the key material for |
| /// the wrapping key resides and where all related cryptographic operations |
| /// are performed. |
| /// |
| /// Currently, this field is only populated for keys stored in |
| /// HSM_SINGLE_TENANT. Note, this list is non-exhaustive and may apply to |
| /// additional ProtectionLevels in the future. Supported resources: * |
| /// `"projects / * /locations / * /singleTenantHsmInstances / * "` |
| /// |
| /// Immutable. |
| core.String? cryptoKeyBackend; |
| |
| /// The time this ImportJob expired. |
| /// |
| /// Only present if state is EXPIRED. |
| /// |
| /// Output only. |
| core.String? expireEventTime; |
| |
| /// The time at which this ImportJob is scheduled for expiration and can no |
| /// longer be used to import key material. |
| /// |
| /// Output only. |
| core.String? expireTime; |
| |
| /// The time this ImportJob's key material was generated. |
| /// |
| /// Output only. |
| core.String? generateTime; |
| |
| /// The wrapping method to be used for incoming key material. |
| /// |
| /// Required. Immutable. |
| /// Possible string values are: |
| /// - "IMPORT_METHOD_UNSPECIFIED" : Not specified. |
| /// - "RSA_OAEP_3072_SHA1_AES_256" : This ImportMethod represents the |
| /// CKM_RSA_AES_KEY_WRAP key wrapping scheme defined in the PKCS #11 standard. |
| /// In summary, this involves wrapping the raw key with an ephemeral AES key, |
| /// and wrapping the ephemeral AES key with a 3072 bit RSA key. For more |
| /// details, see |
| /// [RSA AES key wrap mechanism](http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/cos01/pkcs11-curr-v2.40-cos01.html#_Toc408226908). |
| /// - "RSA_OAEP_4096_SHA1_AES_256" : This ImportMethod represents the |
| /// CKM_RSA_AES_KEY_WRAP key wrapping scheme defined in the PKCS #11 standard. |
| /// In summary, this involves wrapping the raw key with an ephemeral AES key, |
| /// and wrapping the ephemeral AES key with a 4096 bit RSA key. For more |
| /// details, see |
| /// [RSA AES key wrap mechanism](http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/cos01/pkcs11-curr-v2.40-cos01.html#_Toc408226908). |
| /// - "RSA_OAEP_3072_SHA256_AES_256" : This ImportMethod represents the |
| /// CKM_RSA_AES_KEY_WRAP key wrapping scheme defined in the PKCS #11 standard. |
| /// In summary, this involves wrapping the raw key with an ephemeral AES key, |
| /// and wrapping the ephemeral AES key with a 3072 bit RSA key. For more |
| /// details, see |
| /// [RSA AES key wrap mechanism](http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/cos01/pkcs11-curr-v2.40-cos01.html#_Toc408226908). |
| /// - "RSA_OAEP_4096_SHA256_AES_256" : This ImportMethod represents the |
| /// CKM_RSA_AES_KEY_WRAP key wrapping scheme defined in the PKCS #11 standard. |
| /// In summary, this involves wrapping the raw key with an ephemeral AES key, |
| /// and wrapping the ephemeral AES key with a 4096 bit RSA key. For more |
| /// details, see |
| /// [RSA AES key wrap mechanism](http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/cos01/pkcs11-curr-v2.40-cos01.html#_Toc408226908). |
| /// - "RSA_OAEP_3072_SHA256" : This ImportMethod represents RSAES-OAEP with a |
| /// 3072 bit RSA key. The key material to be imported is wrapped directly with |
| /// the RSA key. Due to technical limitations of RSA wrapping, this method |
| /// cannot be used to wrap RSA keys for import. |
| /// - "RSA_OAEP_4096_SHA256" : This ImportMethod represents RSAES-OAEP with a |
| /// 4096 bit RSA key. The key material to be imported is wrapped directly with |
| /// the RSA key. Due to technical limitations of RSA wrapping, this method |
| /// cannot be used to wrap RSA keys for import. |
| core.String? importMethod; |
| |
| /// The resource name for this ImportJob in the format `projects / * |
| /// /locations / * /keyRings / * /importJobs / * `. |
| /// |
| /// Output only. |
| core.String? name; |
| |
| /// The protection level of the ImportJob. |
| /// |
| /// This must match the protection_level of the version_template on the |
| /// CryptoKey you attempt to import into. |
| /// |
| /// Required. Immutable. |
| /// Possible string values are: |
| /// - "PROTECTION_LEVEL_UNSPECIFIED" : Not specified. |
| /// - "SOFTWARE" : Crypto operations are performed in software. |
| /// - "HSM" : Crypto operations are performed in a Hardware Security Module. |
| /// - "EXTERNAL" : Crypto operations are performed by an external key manager. |
| /// - "EXTERNAL_VPC" : Crypto operations are performed in an EKM-over-VPC |
| /// backend. |
| /// - "HSM_SINGLE_TENANT" : Crypto operations are performed in a single-tenant |
| /// HSM. |
| core.String? protectionLevel; |
| |
| /// The public key with which to wrap key material prior to import. |
| /// |
| /// Only returned if state is ACTIVE. |
| /// |
| /// Output only. |
| WrappingPublicKey? publicKey; |
| |
| /// The current state of the ImportJob, indicating if it can be used. |
| /// |
| /// Output only. |
| /// Possible string values are: |
| /// - "IMPORT_JOB_STATE_UNSPECIFIED" : Not specified. |
| /// - "PENDING_GENERATION" : The wrapping key for this job is still being |
| /// generated. It may not be used. Cloud KMS will automatically mark this job |
| /// as ACTIVE as soon as the wrapping key is generated. |
| /// - "ACTIVE" : This job may be used in CreateCryptoKey and |
| /// CreateCryptoKeyVersion requests. |
| /// - "EXPIRED" : This job can no longer be used and may not leave this state |
| /// once entered. |
| core.String? state; |
| |
| ImportJob({ |
| this.attestation, |
| this.createTime, |
| this.cryptoKeyBackend, |
| this.expireEventTime, |
| this.expireTime, |
| this.generateTime, |
| this.importMethod, |
| this.name, |
| this.protectionLevel, |
| this.publicKey, |
| this.state, |
| }); |
| |
| ImportJob.fromJson(core.Map json_) |
| : this( |
| attestation: json_.containsKey('attestation') |
| ? KeyOperationAttestation.fromJson( |
| json_['attestation'] as core.Map<core.String, core.dynamic>, |
| ) |
| : null, |
| createTime: json_['createTime'] as core.String?, |
| cryptoKeyBackend: json_['cryptoKeyBackend'] as core.String?, |
| expireEventTime: json_['expireEventTime'] as core.String?, |
| expireTime: json_['expireTime'] as core.String?, |
| generateTime: json_['generateTime'] as core.String?, |
| importMethod: json_['importMethod'] as core.String?, |
| name: json_['name'] as core.String?, |
| protectionLevel: json_['protectionLevel'] as core.String?, |
| publicKey: json_.containsKey('publicKey') |
| ? WrappingPublicKey.fromJson( |
| json_['publicKey'] as core.Map<core.String, core.dynamic>, |
| ) |
| : null, |
| state: json_['state'] as core.String?, |
| ); |
| |
| core.Map<core.String, core.dynamic> toJson() { |
| final attestation = this.attestation; |
| final createTime = this.createTime; |
| final cryptoKeyBackend = this.cryptoKeyBackend; |
| final expireEventTime = this.expireEventTime; |
| final expireTime = this.expireTime; |
| final generateTime = this.generateTime; |
| final importMethod = this.importMethod; |
| final name = this.name; |
| final protectionLevel = this.protectionLevel; |
| final publicKey = this.publicKey; |
| final state = this.state; |
| return { |
| 'attestation': ?attestation, |
| 'createTime': ?createTime, |
| 'cryptoKeyBackend': ?cryptoKeyBackend, |
| 'expireEventTime': ?expireEventTime, |
| 'expireTime': ?expireTime, |
| 'generateTime': ?generateTime, |
| 'importMethod': ?importMethod, |
| 'name': ?name, |
| 'protectionLevel': ?protectionLevel, |
| 'publicKey': ?publicKey, |
| 'state': ?state, |
| }; |
| } |
| } |
| |
| /// Represents the configuration of a protection level for a project's Key |
| /// Access Justifications enrollment. |
| class KeyAccessJustificationsEnrollmentConfig { |
| /// Indicates whether the project has KAJ logging enabled. |
| core.bool? auditLogging; |
| |
| /// Indicates whether the project is enrolled in KAJ policy enforcement. |
| core.bool? policyEnforcement; |
| |
| KeyAccessJustificationsEnrollmentConfig({ |
| this.auditLogging, |
| this.policyEnforcement, |
| }); |
| |
| KeyAccessJustificationsEnrollmentConfig.fromJson(core.Map json_) |
| : this( |
| auditLogging: json_['auditLogging'] as core.bool?, |
| policyEnforcement: json_['policyEnforcement'] as core.bool?, |
| ); |
| |
| core.Map<core.String, core.dynamic> toJson() { |
| final auditLogging = this.auditLogging; |
| final policyEnforcement = this.policyEnforcement; |
| return { |
| 'auditLogging': ?auditLogging, |
| 'policyEnforcement': ?policyEnforcement, |
| }; |
| } |
| } |
| |
| /// A KeyAccessJustificationsPolicy specifies zero or more allowed AccessReason |
| /// values for encrypt, decrypt, and sign operations on a CryptoKey or |
| /// KeyAccessJustificationsPolicyConfig (the default Key Access Justifications |
| /// policy). |
| typedef KeyAccessJustificationsPolicy = $KeyAccessJustificationsPolicy; |
| |
| /// Represents a singleton configuration for Key Access Justifications policies. |
| class KeyAccessJustificationsPolicyConfig { |
| /// Specifies the default key access justifications (KAJ) policy used when a |
| /// CryptoKey is created in this folder. |
| /// |
| /// This is only used when a Key Access Justifications policy is not provided |
| /// in the CreateCryptoKeyRequest. This overrides any default policies in its |
| /// ancestry. If this field is unset, or is set but contains an empty |
| /// allowed_access_reasons list, no default Key Access Justifications (KAJ) |
| /// policy configuration is active. In this scenario, all newly created keys |
| /// will default to an "allow-all" policy. |
| /// |
| /// Optional. |
| KeyAccessJustificationsPolicy? defaultKeyAccessJustificationPolicy; |
| |
| /// Indicates whether this parent resource is available to default policy |
| /// feature. |
| /// |
| /// Please consult |
| /// [the prerequisite of default policy feature](https://cloud.google.com/assured-workloads/key-access-justifications/docs/set-default-policy#before) |
| /// for more details. |
| /// |
| /// Output only. |
| core.bool? defaultPolicyAvailable; |
| |
| /// Identifier. |
| /// |
| /// Represents the resource name for this KeyAccessJustificationsPolicyConfig |
| /// in the format of "{organizations|folders|projects} / * /kajPolicyConfig". |
| core.String? name; |
| |
| KeyAccessJustificationsPolicyConfig({ |
| this.defaultKeyAccessJustificationPolicy, |
| this.defaultPolicyAvailable, |
| this.name, |
| }); |
| |
| KeyAccessJustificationsPolicyConfig.fromJson(core.Map json_) |
| : this( |
| defaultKeyAccessJustificationPolicy: |
| json_.containsKey('defaultKeyAccessJustificationPolicy') |
| ? KeyAccessJustificationsPolicy.fromJson( |
| json_['defaultKeyAccessJustificationPolicy'] |
| as core.Map<core.String, core.dynamic>, |
| ) |
| : null, |
| defaultPolicyAvailable: json_['defaultPolicyAvailable'] as core.bool?, |
| name: json_['name'] as core.String?, |
| ); |
| |
| core.Map<core.String, core.dynamic> toJson() { |
| final defaultKeyAccessJustificationPolicy = |
| this.defaultKeyAccessJustificationPolicy; |
| final defaultPolicyAvailable = this.defaultPolicyAvailable; |
| final name = this.name; |
| return { |
| 'defaultKeyAccessJustificationPolicy': |
| ?defaultKeyAccessJustificationPolicy, |
| 'defaultPolicyAvailable': ?defaultPolicyAvailable, |
| 'name': ?name, |
| }; |
| } |
| } |
| |
| /// Resource-oriented representation of a request to Cloud KMS Autokey and the |
| /// resulting provisioning of a CryptoKey. |
| class KeyHandle { |
| /// Name of a CryptoKey that has been provisioned for Customer Managed |
| /// Encryption Key (CMEK) use in the KeyHandle project and location for the |
| /// requested resource type. |
| /// |
| /// The CryptoKey project will reflect the value configured in the |
| /// AutokeyConfig on the resource project's ancestor folder at the time of the |
| /// KeyHandle creation. If more than one ancestor folder has a configured |
| /// AutokeyConfig, the nearest of these configurations is used. |
| /// |
| /// Output only. |
| core.String? kmsKey; |
| |
| /// Identifier. |
| /// |
| /// Name of the KeyHandle resource, e.g. |
| /// `projects/{PROJECT_ID}/locations/{LOCATION}/keyHandles/{KEY_HANDLE_ID}`. |
| core.String? name; |
| |
| /// Indicates the resource type that the resulting CryptoKey is meant to |
| /// protect, e.g. `{SERVICE}.googleapis.com/{TYPE}`. |
| /// |
| /// See documentation for supported resource types. |
| /// |
| /// Required. |
| core.String? resourceTypeSelector; |
| |
| KeyHandle({this.kmsKey, this.name, this.resourceTypeSelector}); |
| |
| KeyHandle.fromJson(core.Map json_) |
| : this( |
| kmsKey: json_['kmsKey'] as core.String?, |
| name: json_['name'] as core.String?, |
| resourceTypeSelector: json_['resourceTypeSelector'] as core.String?, |
| ); |
| |
| core.Map<core.String, core.dynamic> toJson() { |
| final kmsKey = this.kmsKey; |
| final name = this.name; |
| final resourceTypeSelector = this.resourceTypeSelector; |
| return { |
| 'kmsKey': ?kmsKey, |
| 'name': ?name, |
| 'resourceTypeSelector': ?resourceTypeSelector, |
| }; |
| } |
| } |
| |
| /// Contains an HSM-generated attestation about a key operation. |
| /// |
| /// For more information, see |
| /// [Verifying attestations](https://cloud.google.com/kms/docs/attest-key). |
| class KeyOperationAttestation { |
| /// The certificate chains needed to validate the attestation |
| /// |
| /// Output only. |
| CertificateChains? certChains; |
| |
| /// The attestation data provided by the HSM when the key operation was |
| /// performed. |
| /// |
| /// Output only. |
| core.String? content; |
| core.List<core.int> get contentAsBytes => convert.base64.decode(content!); |
| |
| set contentAsBytes(core.List<core.int> bytes_) { |
| content = convert.base64 |
| .encode(bytes_) |
| .replaceAll('/', '_') |
| .replaceAll('+', '-'); |
| } |
| |
| /// The format of the attestation data. |
| /// |
| /// Output only. |
| /// Possible string values are: |
| /// - "ATTESTATION_FORMAT_UNSPECIFIED" : Not specified. |
| /// - "CAVIUM_V1_COMPRESSED" : Cavium HSM attestation compressed with gzip. |
| /// Note that this format is defined by Cavium and subject to change at any |
| /// time. See |
| /// https://www.marvell.com/products/security-solutions/nitrox-hs-adapters/software-key-attestation.html. |
| /// - "CAVIUM_V2_COMPRESSED" : Cavium HSM attestation V2 compressed with gzip. |
| /// This is a new format introduced in Cavium's version 3.2-08. |
| core.String? format; |
| |
| KeyOperationAttestation({this.certChains, this.content, this.format}); |
| |
| KeyOperationAttestation.fromJson(core.Map json_) |
| : this( |
| certChains: json_.containsKey('certChains') |
| ? CertificateChains.fromJson( |
| json_['certChains'] as core.Map<core.String, core.dynamic>, |
| ) |
| : null, |
| content: json_['content'] as core.String?, |
| format: json_['format'] as core.String?, |
| ); |
| |
| core.Map<core.String, core.dynamic> toJson() { |
| final certChains = this.certChains; |
| final content = this.content; |
| final format = this.format; |
| return {'certChains': ?certChains, 'content': ?content, 'format': ?format}; |
| } |
| } |
| |
| /// A KeyRing is a toplevel logical grouping of CryptoKeys. |
| class KeyRing { |
| /// The time at which this KeyRing was created. |
| /// |
| /// Output only. |
| core.String? createTime; |
| |
| /// The resource name for the KeyRing in the format `projects / * /locations / |
| /// * /keyRings / * `. |
| /// |
| /// Output only. |
| core.String? name; |
| |
| KeyRing({this.createTime, this.name}); |
| |
| KeyRing.fromJson(core.Map json_) |
| : this( |
| createTime: json_['createTime'] as core.String?, |
| name: json_['name'] as core.String?, |
| ); |
| |
| core.Map<core.String, core.dynamic> toJson() { |
| final createTime = this.createTime; |
| final name = this.name; |
| return {'createTime': ?createTime, 'name': ?name}; |
| } |
| } |
| |
| /// Response message for KeyManagementService.ListCryptoKeyVersions. |
| class ListCryptoKeyVersionsResponse { |
| /// The list of CryptoKeyVersions. |
| core.List<CryptoKeyVersion>? cryptoKeyVersions; |
| |
| /// A token to retrieve next page of results. |
| /// |
| /// Pass this value in ListCryptoKeyVersionsRequest.page_token to retrieve the |
| /// next page of results. |
| core.String? nextPageToken; |
| |
| /// The total number of CryptoKeyVersions that matched the query. |
| /// |
| /// This field is not populated if ListCryptoKeyVersionsRequest.filter is |
| /// applied. |
| core.int? totalSize; |
| |
| ListCryptoKeyVersionsResponse({ |
| this.cryptoKeyVersions, |
| this.nextPageToken, |
| this.totalSize, |
| }); |
| |
| ListCryptoKeyVersionsResponse.fromJson(core.Map json_) |
| : this( |
| cryptoKeyVersions: (json_['cryptoKeyVersions'] as core.List?) |
| ?.map( |
| (value) => CryptoKeyVersion.fromJson( |
| value as core.Map<core.String, core.dynamic>, |
| ), |
| ) |
| .toList(), |
| nextPageToken: json_['nextPageToken'] as core.String?, |
| totalSize: json_['totalSize'] as core.int?, |
| ); |
| |
| core.Map<core.String, core.dynamic> toJson() { |
| final cryptoKeyVersions = this.cryptoKeyVersions; |
| final nextPageToken = this.nextPageToken; |
| final totalSize = this.totalSize; |
| return { |
| 'cryptoKeyVersions': ?cryptoKeyVersions, |
| 'nextPageToken': ?nextPageToken, |
| 'totalSize': ?totalSize, |
| }; |
| } |
| } |
| |
| /// Response message for KeyManagementService.ListCryptoKeys. |
| class ListCryptoKeysResponse { |
| /// The list of CryptoKeys. |
| core.List<CryptoKey>? cryptoKeys; |
| |
| /// A token to retrieve next page of results. |
| /// |
| /// Pass this value in ListCryptoKeysRequest.page_token to retrieve the next |
| /// page of results. |
| core.String? nextPageToken; |
| |
| /// The total number of CryptoKeys that matched the query. |
| /// |
| /// This field is not populated if ListCryptoKeysRequest.filter is applied. |
| core.int? totalSize; |
| |
| ListCryptoKeysResponse({this.cryptoKeys, this.nextPageToken, this.totalSize}); |
| |
| ListCryptoKeysResponse.fromJson(core.Map json_) |
| : this( |
| cryptoKeys: (json_['cryptoKeys'] as core.List?) |
| ?.map( |
| (value) => CryptoKey.fromJson( |
| value as core.Map<core.String, core.dynamic>, |
| ), |
| ) |
| .toList(), |
| nextPageToken: json_['nextPageToken'] as core.String?, |
| totalSize: json_['totalSize'] as core.int?, |
| ); |
| |
| core.Map<core.String, core.dynamic> toJson() { |
| final cryptoKeys = this.cryptoKeys; |
| final nextPageToken = this.nextPageToken; |
| final totalSize = this.totalSize; |
| return { |
| 'cryptoKeys': ?cryptoKeys, |
| 'nextPageToken': ?nextPageToken, |
| 'totalSize': ?totalSize, |
| }; |
| } |
| } |
| |
| /// Response message for EkmService.ListEkmConnections. |
| class ListEkmConnectionsResponse { |
| /// The list of EkmConnections. |
| core.List<EkmConnection>? ekmConnections; |
| |
| /// A token to retrieve next page of results. |
| /// |
| /// Pass this value in ListEkmConnectionsRequest.page_token to retrieve the |
| /// next page of results. |
| core.String? nextPageToken; |
| |
| /// The total number of EkmConnections that matched the query. |
| /// |
| /// This field is not populated if ListEkmConnectionsRequest.filter is |
| /// applied. |
| core.int? totalSize; |
| |
| ListEkmConnectionsResponse({ |
| this.ekmConnections, |
| this.nextPageToken, |
| this.totalSize, |
| }); |
| |
| ListEkmConnectionsResponse.fromJson(core.Map json_) |
| : this( |
| ekmConnections: (json_['ekmConnections'] as core.List?) |
| ?.map( |
| (value) => EkmConnection.fromJson( |
| value as core.Map<core.String, core.dynamic>, |
| ), |
| ) |
| .toList(), |
| nextPageToken: json_['nextPageToken'] as core.String?, |
| totalSize: json_['totalSize'] as core.int?, |
| ); |
| |
| core.Map<core.String, core.dynamic> toJson() { |
| final ekmConnections = this.ekmConnections; |
| final nextPageToken = this.nextPageToken; |
| final totalSize = this.totalSize; |
| return { |
| 'ekmConnections': ?ekmConnections, |
| 'nextPageToken': ?nextPageToken, |
| 'totalSize': ?totalSize, |
| }; |
| } |
| } |
| |
| /// Response message for KeyManagementService.ListImportJobs. |
| class ListImportJobsResponse { |
| /// The list of ImportJobs. |
| core.List<ImportJob>? importJobs; |
| |
| /// A token to retrieve next page of results. |
| /// |
| /// Pass this value in ListImportJobsRequest.page_token to retrieve the next |
| /// page of results. |
| core.String? nextPageToken; |
| |
| /// The total number of ImportJobs that matched the query. |
| /// |
| /// This field is not populated if ListImportJobsRequest.filter is applied. |
| core.int? totalSize; |
| |
| ListImportJobsResponse({this.importJobs, this.nextPageToken, this.totalSize}); |
| |
| ListImportJobsResponse.fromJson(core.Map json_) |
| : this( |
| importJobs: (json_['importJobs'] as core.List?) |
| ?.map( |
| (value) => ImportJob.fromJson( |
| value as core.Map<core.String, core.dynamic>, |
| ), |
| ) |
| .toList(), |
| nextPageToken: json_['nextPageToken'] as core.String?, |
| totalSize: json_['totalSize'] as core.int?, |
| ); |
| |
| core.Map<core.String, core.dynamic> toJson() { |
| final importJobs = this.importJobs; |
| final nextPageToken = this.nextPageToken; |
| final totalSize = this.totalSize; |
| return { |
| 'importJobs': ?importJobs, |
| 'nextPageToken': ?nextPageToken, |
| 'totalSize': ?totalSize, |
| }; |
| } |
| } |
| |
| /// Response message for Autokey.ListKeyHandles. |
| class ListKeyHandlesResponse { |
| /// Resulting KeyHandles. |
| core.List<KeyHandle>? keyHandles; |
| |
| /// A token to retrieve next page of results. |
| /// |
| /// Pass this value in ListKeyHandlesRequest.page_token to retrieve the next |
| /// page of results. |
| core.String? nextPageToken; |
| |
| ListKeyHandlesResponse({this.keyHandles, this.nextPageToken}); |
| |
| ListKeyHandlesResponse.fromJson(core.Map json_) |
| : this( |
| keyHandles: (json_['keyHandles'] as core.List?) |
| ?.map( |
| (value) => KeyHandle.fromJson( |
| value as core.Map<core.String, core.dynamic>, |
| ), |
| ) |
| .toList(), |
| nextPageToken: json_['nextPageToken'] as core.String?, |
| ); |
| |
| core.Map<core.String, core.dynamic> toJson() { |
| final keyHandles = this.keyHandles; |
| final nextPageToken = this.nextPageToken; |
| return {'keyHandles': ?keyHandles, 'nextPageToken': ?nextPageToken}; |
| } |
| } |
| |
| /// Response message for KeyManagementService.ListKeyRings. |
| class ListKeyRingsResponse { |
| /// The list of KeyRings. |
| core.List<KeyRing>? keyRings; |
| |
| /// A token to retrieve next page of results. |
| /// |
| /// Pass this value in ListKeyRingsRequest.page_token to retrieve the next |
| /// page of results. |
| core.String? nextPageToken; |
| |
| /// The total number of KeyRings that matched the query. |
| /// |
| /// This field is not populated if ListKeyRingsRequest.filter is applied. |
| core.int? totalSize; |
| |
| ListKeyRingsResponse({this.keyRings, this.nextPageToken, this.totalSize}); |
| |
| ListKeyRingsResponse.fromJson(core.Map json_) |
| : this( |
| keyRings: (json_['keyRings'] as core.List?) |
| ?.map( |
| (value) => KeyRing.fromJson( |
| value as core.Map<core.String, core.dynamic>, |
| ), |
| ) |
| .toList(), |
| nextPageToken: json_['nextPageToken'] as core.String?, |
| totalSize: json_['totalSize'] as core.int?, |
| ); |
| |
| core.Map<core.String, core.dynamic> toJson() { |
| final keyRings = this.keyRings; |
| final nextPageToken = this.nextPageToken; |
| final totalSize = this.totalSize; |
| return { |
| 'keyRings': ?keyRings, |
| 'nextPageToken': ?nextPageToken, |
| 'totalSize': ?totalSize, |
| }; |
| } |
| } |
| |
| /// The response message for Locations.ListLocations. |
| class ListLocationsResponse { |
| /// A list of locations that matches the specified filter in the request. |
| core.List<Location>? locations; |
| |
| /// The standard List next-page token. |
| core.String? nextPageToken; |
| |
| ListLocationsResponse({this.locations, this.nextPageToken}); |
| |
| ListLocationsResponse.fromJson(core.Map json_) |
| : this( |
| locations: (json_['locations'] as core.List?) |
| ?.map( |
| (value) => Location.fromJson( |
| value as core.Map<core.String, core.dynamic>, |
| ), |
| ) |
| .toList(), |
| nextPageToken: json_['nextPageToken'] as core.String?, |
| ); |
| |
| core.Map<core.String, core.dynamic> toJson() { |
| final locations = this.locations; |
| final nextPageToken = this.nextPageToken; |
| return {'locations': ?locations, 'nextPageToken': ?nextPageToken}; |
| } |
| } |
| |
| /// Response message for KeyManagementService.ListRetiredResources. |
| class ListRetiredResourcesResponse { |
| /// A token to retrieve the next page of results. |
| /// |
| /// Pass this value in ListRetiredResourcesRequest.page_token to retrieve the |
| /// next page of results. |
| core.String? nextPageToken; |
| |
| /// The list of RetiredResources. |
| core.List<RetiredResource>? retiredResources; |
| |
| /// The total number of RetiredResources that matched the query. |
| core.String? totalSize; |
| |
| ListRetiredResourcesResponse({ |
| this.nextPageToken, |
| this.retiredResources, |
| this.totalSize, |
| }); |
| |
| ListRetiredResourcesResponse.fromJson(core.Map json_) |
| : this( |
| nextPageToken: json_['nextPageToken'] as core.String?, |
| retiredResources: (json_['retiredResources'] as core.List?) |
| ?.map( |
| (value) => RetiredResource.fromJson( |
| value as core.Map<core.String, core.dynamic>, |
| ), |
| ) |
| .toList(), |
| totalSize: json_['totalSize'] as core.String?, |
| ); |
| |
| core.Map<core.String, core.dynamic> toJson() { |
| final nextPageToken = this.nextPageToken; |
| final retiredResources = this.retiredResources; |
| final totalSize = this.totalSize; |
| return { |
| 'nextPageToken': ?nextPageToken, |
| 'retiredResources': ?retiredResources, |
| 'totalSize': ?totalSize, |
| }; |
| } |
| } |
| |
| /// Response message for HsmManagement.ListSingleTenantHsmInstanceProposals. |
| class ListSingleTenantHsmInstanceProposalsResponse { |
| /// A token to retrieve next page of results. |
| /// |
| /// Pass this value in ListSingleTenantHsmInstanceProposalsRequest.page_token |
| /// to retrieve the next page of results. |
| core.String? nextPageToken; |
| |
| /// The list of SingleTenantHsmInstanceProposals. |
| core.List<SingleTenantHsmInstanceProposal>? singleTenantHsmInstanceProposals; |
| |
| /// The total number of SingleTenantHsmInstanceProposals that matched the |
| /// query. |
| /// |
| /// This field is not populated if |
| /// ListSingleTenantHsmInstanceProposalsRequest.filter is applied. |
| core.int? totalSize; |
| |
| ListSingleTenantHsmInstanceProposalsResponse({ |
| this.nextPageToken, |
| this.singleTenantHsmInstanceProposals, |
| this.totalSize, |
| }); |
| |
| ListSingleTenantHsmInstanceProposalsResponse.fromJson(core.Map json_) |
| : this( |
| nextPageToken: json_['nextPageToken'] as core.String?, |
| singleTenantHsmInstanceProposals: |
| (json_['singleTenantHsmInstanceProposals'] as core.List?) |
| ?.map( |
| (value) => SingleTenantHsmInstanceProposal.fromJson( |
| value as core.Map<core.String, core.dynamic>, |
| ), |
| ) |
| .toList(), |
| totalSize: json_['totalSize'] as core.int?, |
| ); |
| |
| core.Map<core.String, core.dynamic> toJson() { |
| final nextPageToken = this.nextPageToken; |
| final singleTenantHsmInstanceProposals = |
| this.singleTenantHsmInstanceProposals; |
| final totalSize = this.totalSize; |
| return { |
| 'nextPageToken': ?nextPageToken, |
| 'singleTenantHsmInstanceProposals': ?singleTenantHsmInstanceProposals, |
| 'totalSize': ?totalSize, |
| }; |
| } |
| } |
| |
| /// Response message for HsmManagement.ListSingleTenantHsmInstances. |
| class ListSingleTenantHsmInstancesResponse { |
| /// A token to retrieve next page of results. |
| /// |
| /// Pass this value in ListSingleTenantHsmInstancesRequest.page_token to |
| /// retrieve the next page of results. |
| core.String? nextPageToken; |
| |
| /// The list of SingleTenantHsmInstances. |
| core.List<SingleTenantHsmInstance>? singleTenantHsmInstances; |
| |
| /// The total number of SingleTenantHsmInstances that matched the query. |
| /// |
| /// This field is not populated if ListSingleTenantHsmInstancesRequest.filter |
| /// is applied. |
| core.int? totalSize; |
| |
| ListSingleTenantHsmInstancesResponse({ |
| this.nextPageToken, |
| this.singleTenantHsmInstances, |
| this.totalSize, |
| }); |
| |
| ListSingleTenantHsmInstancesResponse.fromJson(core.Map json_) |
| : this( |
| nextPageToken: json_['nextPageToken'] as core.String?, |
| singleTenantHsmInstances: |
| (json_['singleTenantHsmInstances'] as core.List?) |
| ?.map( |
| (value) => SingleTenantHsmInstance.fromJson( |
| value as core.Map<core.String, core.dynamic>, |
| ), |
| ) |
| .toList(), |
| totalSize: json_['totalSize'] as core.int?, |
| ); |
| |
| core.Map<core.String, core.dynamic> toJson() { |
| final nextPageToken = this.nextPageToken; |
| final singleTenantHsmInstances = this.singleTenantHsmInstances; |
| final totalSize = this.totalSize; |
| return { |
| 'nextPageToken': ?nextPageToken, |
| 'singleTenantHsmInstances': ?singleTenantHsmInstances, |
| 'totalSize': ?totalSize, |
| }; |
| } |
| } |
| |
| /// A resource that represents a Google Cloud location. |
| typedef Location = $Location00; |
| |
| /// Request message for KeyManagementService.MacSign. |
| class MacSignRequest { |
| /// The data to sign. |
| /// |
| /// The MAC tag is computed over this data field based on the specific |
| /// algorithm. |
| /// |
| /// Required. |
| core.String? data; |
| core.List<core.int> get dataAsBytes => convert.base64.decode(data!); |
| |
| set dataAsBytes(core.List<core.int> bytes_) { |
| data = convert.base64 |
| .encode(bytes_) |
| .replaceAll('/', '_') |
| .replaceAll('+', '-'); |
| } |
| |
| /// An optional CRC32C checksum of the MacSignRequest.data. |
| /// |
| /// If specified, KeyManagementService will verify the integrity of the |
| /// received MacSignRequest.data using this checksum. KeyManagementService |
| /// will report an error if the checksum verification fails. If you receive a |
| /// checksum error, your client should verify that CRC32C(MacSignRequest.data) |
| /// is equal to MacSignRequest.data_crc32c, and if so, perform a limited |
| /// number of retries. A persistent mismatch may indicate an issue in your |
| /// computation of the CRC32C checksum. Note: This field is defined as int64 |
| /// for reasons of compatibility across different languages. However, it is a |
| /// non-negative integer, which will never exceed 2^32-1, and can be safely |
| /// downconverted to uint32 in languages that support this type. |
| /// |
| /// Optional. |
| core.String? dataCrc32c; |
| |
| MacSignRequest({this.data, this.dataCrc32c}); |
| |
| MacSignRequest.fromJson(core.Map json_) |
| : this( |
| data: json_['data'] as core.String?, |
| dataCrc32c: json_['dataCrc32c'] as core.String?, |
| ); |
| |
| core.Map<core.String, core.dynamic> toJson() { |
| final data = this.data; |
| final dataCrc32c = this.dataCrc32c; |
| return {'data': ?data, 'dataCrc32c': ?dataCrc32c}; |
| } |
| } |
| |
| /// Response message for KeyManagementService.MacSign. |
| class MacSignResponse { |
| /// The created signature. |
| core.String? mac; |
| core.List<core.int> get macAsBytes => convert.base64.decode(mac!); |
| |
| set macAsBytes(core.List<core.int> bytes_) { |
| mac = convert.base64 |
| .encode(bytes_) |
| .replaceAll('/', '_') |
| .replaceAll('+', '-'); |
| } |
| |
| /// Integrity verification field. |
| /// |
| /// A CRC32C checksum of the returned MacSignResponse.mac. An integrity check |
| /// of MacSignResponse.mac can be performed by computing the CRC32C checksum |
| /// of MacSignResponse.mac and comparing your results to this field. Discard |
| /// the response in case of non-matching checksum values, and perform a |
| /// limited number of retries. A persistent mismatch may indicate an issue in |
| /// your computation of the CRC32C checksum. Note: This field is defined as |
| /// int64 for reasons of compatibility across different languages. However, it |
| /// is a non-negative integer, which will never exceed 2^32-1, and can be |
| /// safely downconverted to uint32 in languages that support this type. |
| core.String? macCrc32c; |
| |
| /// The resource name of the CryptoKeyVersion used for signing. |
| /// |
| /// Check this field to verify that the intended resource was used for |
| /// signing. |
| core.String? name; |
| |
| /// The ProtectionLevel of the CryptoKeyVersion used for signing. |
| /// Possible string values are: |
| /// - "PROTECTION_LEVEL_UNSPECIFIED" : Not specified. |
| /// - "SOFTWARE" : Crypto operations are performed in software. |
| /// - "HSM" : Crypto operations are performed in a Hardware Security Module. |
| /// - "EXTERNAL" : Crypto operations are performed by an external key manager. |
| /// - "EXTERNAL_VPC" : Crypto operations are performed in an EKM-over-VPC |
| /// backend. |
| /// - "HSM_SINGLE_TENANT" : Crypto operations are performed in a single-tenant |
| /// HSM. |
| core.String? protectionLevel; |
| |
| /// Integrity verification field. |
| /// |
| /// A flag indicating whether MacSignRequest.data_crc32c was received by |
| /// KeyManagementService and used for the integrity verification of the data. |
| /// A false value of this field indicates either that |
| /// MacSignRequest.data_crc32c was left unset or that it was not delivered to |
| /// KeyManagementService. If you've set MacSignRequest.data_crc32c but this |
| /// field is still false, discard the response and perform a limited number of |
| /// retries. |
| core.bool? verifiedDataCrc32c; |
| |
| MacSignResponse({ |
| this.mac, |
| this.macCrc32c, |
| this.name, |
| this.protectionLevel, |
| this.verifiedDataCrc32c, |
| }); |
| |
| MacSignResponse.fromJson(core.Map json_) |
| : this( |
| mac: json_['mac'] as core.String?, |
| macCrc32c: json_['macCrc32c'] as core.String?, |
| name: json_['name'] as core.String?, |
| protectionLevel: json_['protectionLevel'] as core.String?, |
| verifiedDataCrc32c: json_['verifiedDataCrc32c'] as core.bool?, |
| ); |
| |
| core.Map<core.String, core.dynamic> toJson() { |
| final mac = this.mac; |
| final macCrc32c = this.macCrc32c; |
| final name = this.name; |
| final protectionLevel = this.protectionLevel; |
| final verifiedDataCrc32c = this.verifiedDataCrc32c; |
| return { |
| 'mac': ?mac, |
| 'macCrc32c': ?macCrc32c, |
| 'name': ?name, |
| 'protectionLevel': ?protectionLevel, |
| 'verifiedDataCrc32c': ?verifiedDataCrc32c, |
| }; |
| } |
| } |
| |
| /// Request message for KeyManagementService.MacVerify. |
| class MacVerifyRequest { |
| /// The data used previously as a MacSignRequest.data to generate the MAC tag. |
| /// |
| /// Required. |
| core.String? data; |
| core.List<core.int> get dataAsBytes => convert.base64.decode(data!); |
| |
| set dataAsBytes(core.List<core.int> bytes_) { |
| data = convert.base64 |
| .encode(bytes_) |
| .replaceAll('/', '_') |
| .replaceAll('+', '-'); |
| } |
| |
| /// An optional CRC32C checksum of the MacVerifyRequest.data. |
| /// |
| /// If specified, KeyManagementService will verify the integrity of the |
| /// received MacVerifyRequest.data using this checksum. KeyManagementService |
| /// will report an error if the checksum verification fails. If you receive a |
| /// checksum error, your client should verify that |
| /// CRC32C(MacVerifyRequest.data) is equal to MacVerifyRequest.data_crc32c, |
| /// and if so, perform a limited number of retries. A persistent mismatch may |
| /// indicate an issue in your computation of the CRC32C checksum. Note: This |
| /// field is defined as int64 for reasons of compatibility across different |
| /// languages. However, it is a non-negative integer, which will never exceed |
| /// 2^32-1, and can be safely downconverted to uint32 in languages that |
| /// support this type. |
| /// |
| /// Optional. |
| core.String? dataCrc32c; |
| |
| /// The signature to verify. |
| /// |
| /// Required. |
| core.String? mac; |
| core.List<core.int> get macAsBytes => convert.base64.decode(mac!); |
| |
| set macAsBytes(core.List<core.int> bytes_) { |
| mac = convert.base64 |
| .encode(bytes_) |
| .replaceAll('/', '_') |
| .replaceAll('+', '-'); |
| } |
| |
| /// An optional CRC32C checksum of the MacVerifyRequest.mac. |
| /// |
| /// If specified, KeyManagementService will verify the integrity of the |
| /// received MacVerifyRequest.mac using this checksum. KeyManagementService |
| /// will report an error if the checksum verification fails. If you receive a |
| /// checksum error, your client should verify that |
| /// CRC32C(MacVerifyRequest.mac) is equal to MacVerifyRequest.mac_crc32c, and |
| /// if so, perform a limited number of retries. A persistent mismatch may |
| /// indicate an issue in your computation of the CRC32C checksum. Note: This |
| /// field is defined as int64 for reasons of compatibility across different |
| /// languages. However, it is a non-negative integer, which will never exceed |
| /// 2^32-1, and can be safely downconverted to uint32 in languages that |
| /// support this type. |
| /// |
| /// Optional. |
| core.String? macCrc32c; |
| |
| MacVerifyRequest({this.data, this.dataCrc32c, this.mac, this.macCrc32c}); |
| |
| MacVerifyRequest.fromJson(core.Map json_) |
| : this( |
| data: json_['data'] as core.String?, |
| dataCrc32c: json_['dataCrc32c'] as core.String?, |
| mac: json_['mac'] as core.String?, |
| macCrc32c: json_['macCrc32c'] as core.String?, |
| ); |
| |
| core.Map<core.String, core.dynamic> toJson() { |
| final data = this.data; |
| final dataCrc32c = this.dataCrc32c; |
| final mac = this.mac; |
| final macCrc32c = this.macCrc32c; |
| return { |
| 'data': ?data, |
| 'dataCrc32c': ?dataCrc32c, |
| 'mac': ?mac, |
| 'macCrc32c': ?macCrc32c, |
| }; |
| } |
| } |
| |
| /// Response message for KeyManagementService.MacVerify. |
| class MacVerifyResponse { |
| /// The resource name of the CryptoKeyVersion used for verification. |
| /// |
| /// Check this field to verify that the intended resource was used for |
| /// verification. |
| core.String? name; |
| |
| /// The ProtectionLevel of the CryptoKeyVersion used for verification. |
| /// Possible string values are: |
| /// - "PROTECTION_LEVEL_UNSPECIFIED" : Not specified. |
| /// - "SOFTWARE" : Crypto operations are performed in software. |
| /// - "HSM" : Crypto operations are performed in a Hardware Security Module. |
| /// - "EXTERNAL" : Crypto operations are performed by an external key manager. |
| /// - "EXTERNAL_VPC" : Crypto operations are performed in an EKM-over-VPC |
| /// backend. |
| /// - "HSM_SINGLE_TENANT" : Crypto operations are performed in a single-tenant |
| /// HSM. |
| core.String? protectionLevel; |
| |
| /// This field indicates whether or not the verification operation for |
| /// MacVerifyRequest.mac over MacVerifyRequest.data was successful. |
| core.bool? success; |
| |
| /// Integrity verification field. |
| /// |
| /// A flag indicating whether MacVerifyRequest.data_crc32c was received by |
| /// KeyManagementService and used for the integrity verification of the data. |
| /// A false value of this field indicates either that |
| /// MacVerifyRequest.data_crc32c was left unset or that it was not delivered |
| /// to KeyManagementService. If you've set MacVerifyRequest.data_crc32c but |
| /// this field is still false, discard the response and perform a limited |
| /// number of retries. |
| core.bool? verifiedDataCrc32c; |
| |
| /// Integrity verification field. |
| /// |
| /// A flag indicating whether MacVerifyRequest.mac_crc32c was received by |
| /// KeyManagementService and used for the integrity verification of the data. |
| /// A false value of this field indicates either that |
| /// MacVerifyRequest.mac_crc32c was left unset or that it was not delivered to |
| /// KeyManagementService. If you've set MacVerifyRequest.mac_crc32c but this |
| /// field is still false, discard the response and perform a limited number of |
| /// retries. |
| core.bool? verifiedMacCrc32c; |
| |
| /// Integrity verification field. |
| /// |
| /// This value is used for the integrity verification of |
| /// \[MacVerifyResponse.success\]. If the value of this field contradicts the |
| /// value of \[MacVerifyResponse.success\], discard the response and perform a |
| /// limited number of retries. |
| core.bool? verifiedSuccessIntegrity; |
| |
| MacVerifyResponse({ |
| this.name, |
| this.protectionLevel, |
| this.success, |
| this.verifiedDataCrc32c, |
| this.verifiedMacCrc32c, |
| this.verifiedSuccessIntegrity, |
| }); |
| |
| MacVerifyResponse.fromJson(core.Map json_) |
| : this( |
| name: json_['name'] as core.String?, |
| protectionLevel: json_['protectionLevel'] as core.String?, |
| success: json_['success'] as core.bool?, |
| verifiedDataCrc32c: json_['verifiedDataCrc32c'] as core.bool?, |
| verifiedMacCrc32c: json_['verifiedMacCrc32c'] as core.bool?, |
| verifiedSuccessIntegrity: |
| json_['verifiedSuccessIntegrity'] as core.bool?, |
| ); |
| |
| core.Map<core.String, core.dynamic> toJson() { |
| final name = this.name; |
| final protectionLevel = this.protectionLevel; |
| final success = this.success; |
| final verifiedDataCrc32c = this.verifiedDataCrc32c; |
| final verifiedMacCrc32c = this.verifiedMacCrc32c; |
| final verifiedSuccessIntegrity = this.verifiedSuccessIntegrity; |
| return { |
| 'name': ?name, |
| 'protectionLevel': ?protectionLevel, |
| 'success': ?success, |
| 'verifiedDataCrc32c': ?verifiedDataCrc32c, |
| 'verifiedMacCrc32c': ?verifiedMacCrc32c, |
| 'verifiedSuccessIntegrity': ?verifiedSuccessIntegrity, |
| }; |
| } |
| } |
| |
| /// This resource represents a long-running operation that is the result of a |
| /// network API call. |
| class Operation { |
| /// If the value is `false`, it means the operation is still in progress. |
| /// |
| /// If `true`, the operation is completed, and either `error` or `response` is |
| /// available. |
| core.bool? done; |
| |
| /// The error result of the operation in case of failure or cancellation. |
| Status? error; |
| |
| /// Service-specific metadata associated with the operation. |
| /// |
| /// It typically contains progress information and common metadata such as |
| /// create time. Some services might not provide such metadata. Any method |
| /// that returns a long-running operation should document the metadata type, |
| /// if any. |
| /// |
| /// The values for Object must be JSON objects. It can consist of `num`, |
| /// `String`, `bool` and `null` as well as `Map` and `List` values. |
| core.Map<core.String, core.Object?>? metadata; |
| |
| /// The server-assigned name, which is only unique within the same service |
| /// that originally returns it. |
| /// |
| /// If you use the default HTTP mapping, the `name` should be a resource name |
| /// ending with `operations/{unique_id}`. |
| core.String? name; |
| |
| /// The normal, successful response of the operation. |
| /// |
| /// If the original method returns no data on success, such as `Delete`, the |
| /// response is `google.protobuf.Empty`. If the original method is standard |
| /// `Get`/`Create`/`Update`, the response should be the resource. For other |
| /// methods, the response should have the type `XxxResponse`, where `Xxx` is |
| /// the original method name. For example, if the original method name is |
| /// `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`. |
| /// |
| /// The values for Object must be JSON objects. It can consist of `num`, |
| /// `String`, `bool` and `null` as well as `Map` and `List` values. |
| core.Map<core.String, core.Object?>? response; |
| |
| Operation({this.done, this.error, this.metadata, this.name, this.response}); |
| |
| Operation.fromJson(core.Map json_) |
| : this( |
| done: json_['done'] as core.bool?, |
| error: json_.containsKey('error') |
| ? Status.fromJson( |
| json_['error'] as core.Map<core.String, core.dynamic>, |
| ) |
| : null, |
| metadata: json_.containsKey('metadata') |
| ? json_['metadata'] as core.Map<core.String, core.dynamic> |
| : null, |
| name: json_['name'] as core.String?, |
| response: json_.containsKey('response') |
| ? json_['response'] as core.Map<core.String, core.dynamic> |
| : null, |
| ); |
| |
| core.Map<core.String, core.dynamic> toJson() { |
| final done = this.done; |
| final error = this.error; |
| final metadata = this.metadata; |
| final name = this.name; |
| final response = this.response; |
| return { |
| 'done': ?done, |
| 'error': ?error, |
| 'metadata': ?metadata, |
| 'name': ?name, |
| 'response': ?response, |
| }; |
| } |
| } |
| |
| /// An Identity and Access Management (IAM) policy, which specifies access |
| /// controls for Google Cloud resources. |
| /// |
| /// A `Policy` is a collection of `bindings`. A `binding` binds one or more |
| /// `members`, or principals, to a single `role`. Principals can be user |
| /// accounts, service accounts, Google groups, and domains (such as G Suite). A |
| /// `role` is a named list of permissions; each `role` can be an IAM predefined |
| /// role or a user-created custom role. For some types of Google Cloud |
| /// resources, a `binding` can also specify a `condition`, which is a logical |
| /// expression that allows access to a resource only if the expression evaluates |
| /// to `true`. A condition can add constraints based on attributes of the |
| /// request, the resource, or both. To learn which resources support conditions |
| /// in their IAM policies, see the |
| /// [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). |
| /// **JSON example:** ``` { "bindings": [ { "role": |
| /// "roles/resourcemanager.organizationAdmin", "members": [ |
| /// "user:mike@example.com", "group:admins@example.com", "domain:google.com", |
| /// "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": |
| /// "roles/resourcemanager.organizationViewer", "members": [ |
| /// "user:eve@example.com" ], "condition": { "title": "expirable access", |
| /// "description": "Does not grant access after Sep 2020", "expression": |
| /// "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": |
| /// "BwWWja0YfJA=", "version": 3 } ``` **YAML example:** ``` bindings: - |
| /// members: - user:mike@example.com - group:admins@example.com - |
| /// domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com |
| /// role: roles/resourcemanager.organizationAdmin - members: - |
| /// user:eve@example.com role: roles/resourcemanager.organizationViewer |
| /// condition: title: expirable access description: Does not grant access after |
| /// Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') |
| /// etag: BwWWja0YfJA= version: 3 ``` For a description of IAM and its features, |
| /// see the [IAM documentation](https://cloud.google.com/iam/docs/). |
| class Policy { |
| /// Specifies cloud audit logging configuration for this policy. |
| core.List<AuditConfig>? auditConfigs; |
| |
| /// Associates a list of `members`, or principals, with a `role`. |
| /// |
| /// Optionally, may specify a `condition` that determines how and when the |
| /// `bindings` are applied. Each of the `bindings` must contain at least one |
| /// principal. The `bindings` in a `Policy` can refer to up to 1,500 |
| /// principals; up to 250 of these principals can be Google groups. Each |
| /// occurrence of a principal counts towards these limits. For example, if the |
| /// `bindings` grant 50 different roles to `user:alice@example.com`, and not |
| /// to any other principal, then you can add another 1,450 principals to the |
| /// `bindings` in the `Policy`. |
| core.List<Binding>? bindings; |
| |
| /// `etag` is used for optimistic concurrency control as a way to help prevent |
| /// simultaneous updates of a policy from overwriting each other. |
| /// |
| /// It is strongly suggested that systems make use of the `etag` in the |
| /// read-modify-write cycle to perform policy updates in order to avoid race |
| /// conditions: An `etag` is returned in the response to `getIamPolicy`, and |
| /// systems are expected to put that etag in the request to `setIamPolicy` to |
| /// ensure that their change will be applied to the same version of the |
| /// policy. **Important:** If you use IAM Conditions, you must include the |
| /// `etag` field whenever you call `setIamPolicy`. If you omit this field, |
| /// then IAM allows you to overwrite a version `3` policy with a version `1` |
| /// policy, and all of the conditions in the version `3` policy are lost. |
| core.String? etag; |
| core.List<core.int> get etagAsBytes => convert.base64.decode(etag!); |
| |
| set etagAsBytes(core.List<core.int> bytes_) { |
| etag = convert.base64 |
| .encode(bytes_) |
| .replaceAll('/', '_') |
| .replaceAll('+', '-'); |
| } |
| |
| /// Specifies the format of the policy. |
| /// |
| /// Valid values are `0`, `1`, and `3`. Requests that specify an invalid value |
| /// are rejected. Any operation that affects conditional role bindings must |
| /// specify version `3`. This requirement applies to the following operations: |
| /// * Getting a policy that includes a conditional role binding * Adding a |
| /// conditional role binding to a policy * Changing a conditional role binding |
| /// in a policy * Removing any role binding, with or without a condition, from |
| /// a policy that includes conditions **Important:** If you use IAM |
| /// Conditions, you must include the `etag` field whenever you call |
| /// `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a |
| /// version `3` policy with a version `1` policy, and all of the conditions in |
| /// the version `3` policy are lost. If a policy does not include any |
| /// conditions, operations on that policy may specify any valid version or |
| /// leave the field unset. To learn which resources support conditions in |
| /// their IAM policies, see the |
| /// [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). |
| core.int? version; |
| |
| Policy({this.auditConfigs, this.bindings, this.etag, this.version}); |
| |
| Policy.fromJson(core.Map json_) |
| : this( |
| auditConfigs: (json_['auditConfigs'] as core.List?) |
| ?.map( |
| (value) => AuditConfig.fromJson( |
| value as core.Map<core.String, core.dynamic>, |
| ), |
| ) |
| .toList(), |
| bindings: (json_['bindings'] as core.List?) |
| ?.map( |
| (value) => Binding.fromJson( |
| value as core.Map<core.String, core.dynamic>, |
| ), |
| ) |
| .toList(), |
| etag: json_['etag'] as core.String?, |
| version: json_['version'] as core.int?, |
| ); |
| |
| core.Map<core.String, core.dynamic> toJson() { |
| final auditConfigs = this.auditConfigs; |
| final bindings = this.bindings; |
| final etag = this.etag; |
| final version = this.version; |
| return { |
| 'auditConfigs': ?auditConfigs, |
| 'bindings': ?bindings, |
| 'etag': ?etag, |
| 'version': ?version, |
| }; |
| } |
| } |
| |
| /// The public keys for a given CryptoKeyVersion. |
| /// |
| /// Obtained via GetPublicKey. |
| class PublicKey { |
| /// The Algorithm associated with this key. |
| /// Possible string values are: |
| /// - "CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED" : Not specified. |
| /// - "GOOGLE_SYMMETRIC_ENCRYPTION" : Creates symmetric encryption keys. |
| /// - "AES_128_GCM" : AES-GCM (Galois Counter Mode) using 128-bit keys. |
| /// - "AES_256_GCM" : AES-GCM (Galois Counter Mode) using 256-bit keys. |
| /// - "AES_128_CBC" : AES-CBC (Cipher Block Chaining Mode) using 128-bit keys. |
| /// - "AES_256_CBC" : AES-CBC (Cipher Block Chaining Mode) using 256-bit keys. |
| /// - "AES_128_CTR" : AES-CTR (Counter Mode) using 128-bit keys. |
| /// - "AES_256_CTR" : AES-CTR (Counter Mode) using 256-bit keys. |
| /// - "RSA_SIGN_PSS_2048_SHA256" : RSASSA-PSS 2048 bit key with a SHA256 |
| /// digest. |
| /// - "RSA_SIGN_PSS_3072_SHA256" : RSASSA-PSS 3072 bit key with a SHA256 |
| /// digest. |
| /// - "RSA_SIGN_PSS_4096_SHA256" : RSASSA-PSS 4096 bit key with a SHA256 |
| /// digest. |
| /// - "RSA_SIGN_PSS_4096_SHA512" : RSASSA-PSS 4096 bit key with a SHA512 |
| /// digest. |
| /// - "RSA_SIGN_PKCS1_2048_SHA256" : RSASSA-PKCS1-v1_5 with a 2048 bit key and |
| /// a SHA256 digest. |
| /// - "RSA_SIGN_PKCS1_3072_SHA256" : RSASSA-PKCS1-v1_5 with a 3072 bit key and |
| /// a SHA256 digest. |
| /// - "RSA_SIGN_PKCS1_4096_SHA256" : RSASSA-PKCS1-v1_5 with a 4096 bit key and |
| /// a SHA256 digest. |
| /// - "RSA_SIGN_PKCS1_4096_SHA512" : RSASSA-PKCS1-v1_5 with a 4096 bit key and |
| /// a SHA512 digest. |
| /// - "RSA_SIGN_RAW_PKCS1_2048" : RSASSA-PKCS1-v1_5 signing without encoding, |
| /// with a 2048 bit key. |
| /// - "RSA_SIGN_RAW_PKCS1_3072" : RSASSA-PKCS1-v1_5 signing without encoding, |
| /// with a 3072 bit key. |
| /// - "RSA_SIGN_RAW_PKCS1_4096" : RSASSA-PKCS1-v1_5 signing without encoding, |
| /// with a 4096 bit key. |
| /// - "RSA_DECRYPT_OAEP_2048_SHA256" : RSAES-OAEP 2048 bit key with a SHA256 |
| /// digest. |
| /// - "RSA_DECRYPT_OAEP_3072_SHA256" : RSAES-OAEP 3072 bit key with a SHA256 |
| /// digest. |
| /// - "RSA_DECRYPT_OAEP_4096_SHA256" : RSAES-OAEP 4096 bit key with a SHA256 |
| /// digest. |
| /// - "RSA_DECRYPT_OAEP_4096_SHA512" : RSAES-OAEP 4096 bit key with a SHA512 |
| /// digest. |
| /// - "RSA_DECRYPT_OAEP_2048_SHA1" : RSAES-OAEP 2048 bit key with a SHA1 |
| /// digest. |
| /// - "RSA_DECRYPT_OAEP_3072_SHA1" : RSAES-OAEP 3072 bit key with a SHA1 |
| /// digest. |
| /// - "RSA_DECRYPT_OAEP_4096_SHA1" : RSAES-OAEP 4096 bit key with a SHA1 |
| /// digest. |
| /// - "EC_SIGN_P256_SHA256" : ECDSA on the NIST P-256 curve with a SHA256 |
| /// digest. Other hash functions can also be used: |
| /// https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms |
| /// - "EC_SIGN_P384_SHA384" : ECDSA on the NIST P-384 curve with a SHA384 |
| /// digest. Other hash functions can also be used: |
| /// https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms |
| /// - "EC_SIGN_SECP256K1_SHA256" : ECDSA on the non-NIST secp256k1 curve. This |
| /// curve is only supported for HSM protection level. Other hash functions can |
| /// also be used: |
| /// https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms |
| /// - "EC_SIGN_ED25519" : EdDSA on the Curve25519 in pure mode (taking data as |
| /// input). |
| /// - "HMAC_SHA256" : HMAC-SHA256 signing with a 256 bit key. |
| /// - "HMAC_SHA1" : HMAC-SHA1 signing with a 160 bit key. |
| /// - "HMAC_SHA384" : HMAC-SHA384 signing with a 384 bit key. |
| /// - "HMAC_SHA512" : HMAC-SHA512 signing with a 512 bit key. |
| /// - "HMAC_SHA224" : HMAC-SHA224 signing with a 224 bit key. |
| /// - "EXTERNAL_SYMMETRIC_ENCRYPTION" : Algorithm representing symmetric |
| /// encryption by an external key manager. |
| /// - "ML_KEM_768" : ML-KEM-768 (FIPS 203) |
| /// - "ML_KEM_1024" : ML-KEM-1024 (FIPS 203) |
| /// - "KEM_XWING" : X-Wing hybrid KEM combining ML-KEM-768 with X25519 |
| /// following datatracker.ietf.org/doc/draft-connolly-cfrg-xwing-kem/. |
| /// - "PQ_SIGN_ML_DSA_44" : The post-quantum Module-Lattice-Based Digital |
| /// Signature Algorithm, at security level 1. Randomized version. |
| /// - "PQ_SIGN_ML_DSA_65" : The post-quantum Module-Lattice-Based Digital |
| /// Signature Algorithm, at security level 3. Randomized version. |
| /// - "PQ_SIGN_ML_DSA_87" : The post-quantum Module-Lattice-Based Digital |
| /// Signature Algorithm, at security level 5. Randomized version. |
| /// - "PQ_SIGN_SLH_DSA_SHA2_128S" : The post-quantum stateless hash-based |
| /// digital signature algorithm, at security level 1. Randomized version. |
| /// - "PQ_SIGN_HASH_SLH_DSA_SHA2_128S_SHA256" : The post-quantum stateless |
| /// hash-based digital signature algorithm, at security level 1. Randomized |
| /// pre-hash version supporting SHA256 digests. |
| /// - "PQ_SIGN_ML_DSA_44_EXTERNAL_MU" : The post-quantum Module-Lattice-Based |
| /// Digital Signature Algorithm, at security level 1. Randomized version |
| /// supporting externally-computed message representatives. |
| /// - "PQ_SIGN_ML_DSA_65_EXTERNAL_MU" : The post-quantum Module-Lattice-Based |
| /// Digital Signature Algorithm, at security level 3. Randomized version |
| /// supporting externally-computed message representatives. |
| /// - "PQ_SIGN_ML_DSA_87_EXTERNAL_MU" : The post-quantum Module-Lattice-Based |
| /// Digital Signature Algorithm, at security level 5. Randomized version |
| /// supporting externally-computed message representatives. |
| core.String? algorithm; |
| |
| /// The name of the CryptoKeyVersion public key. |
| /// |
| /// Provided here for verification. NOTE: This field is in Beta. |
| core.String? name; |
| |
| /// The public key, encoded in PEM format. |
| /// |
| /// For more information, see the |
| /// [RFC 7468](https://tools.ietf.org/html/rfc7468) sections for |
| /// [General Considerations](https://tools.ietf.org/html/rfc7468#section-2) |
| /// and |
| /// [Textual Encoding of Subject Public Key Info](https://tools.ietf.org/html/rfc7468#section-13). |
| core.String? pem; |
| |
| /// Integrity verification field. |
| /// |
| /// A CRC32C checksum of the returned PublicKey.pem. An integrity check of |
| /// PublicKey.pem can be performed by computing the CRC32C checksum of |
| /// PublicKey.pem and comparing your results to this field. Discard the |
| /// response in case of non-matching checksum values, and perform a limited |
| /// number of retries. A persistent mismatch may indicate an issue in your |
| /// computation of the CRC32C checksum. Note: This field is defined as int64 |
| /// for reasons of compatibility across different languages. However, it is a |
| /// non-negative integer, which will never exceed `2^32-1`, and can be safely |
| /// downconverted to uint32 in languages that support this type. NOTE: This |
| /// field is in Beta. |
| core.String? pemCrc32c; |
| |
| /// The ProtectionLevel of the CryptoKeyVersion public key. |
| /// Possible string values are: |
| /// - "PROTECTION_LEVEL_UNSPECIFIED" : Not specified. |
| /// - "SOFTWARE" : Crypto operations are performed in software. |
| /// - "HSM" : Crypto operations are performed in a Hardware Security Module. |
| /// - "EXTERNAL" : Crypto operations are performed by an external key manager. |
| /// - "EXTERNAL_VPC" : Crypto operations are performed in an EKM-over-VPC |
| /// backend. |
| /// - "HSM_SINGLE_TENANT" : Crypto operations are performed in a single-tenant |
| /// HSM. |
| core.String? protectionLevel; |
| |
| /// This field contains the public key (with integrity verification), |
| /// formatted according to the public_key_format field. |
| ChecksummedData? publicKey; |
| |
| /// The PublicKey format specified by the customer through the |
| /// public_key_format field. |
| /// Possible string values are: |
| /// - "PUBLIC_KEY_FORMAT_UNSPECIFIED" : If the public_key_format field is not |
| /// specified: - For PQC algorithms, an error will be returned. - For non-PQC |
| /// algorithms, the default format is PEM, and the field pem will be |
| /// populated. Otherwise, the public key will be exported through the |
| /// public_key field in the requested format. |
| /// - "PEM" : The returned public key will be encoded in PEM format. See the |
| /// [RFC7468](https://tools.ietf.org/html/rfc7468) sections for |
| /// [General Considerations](https://tools.ietf.org/html/rfc7468#section-2) |
| /// and |
| /// [Textual Encoding of Subject Public Key Info](https://tools.ietf.org/html/rfc7468#section-13) |
| /// for more information. |
| /// - "DER" : The returned public key will be encoded in DER format (the |
| /// PrivateKeyInfo structure from RFC 5208). |
| /// - "NIST_PQC" : This is supported only for PQC algorithms. The key material |
| /// is returned in the format defined by NIST PQC standards (FIPS 203, FIPS |
| /// 204, and FIPS 205). |
| /// - "XWING_RAW_BYTES" : The returned public key is in raw bytes format |
| /// defined in its standard |
| /// https://datatracker.ietf.org/doc/draft-connolly-cfrg-xwing-kem. |
| core.String? publicKeyFormat; |
| |
| PublicKey({ |
| this.algorithm, |
| this.name, |
| this.pem, |
| this.pemCrc32c, |
| this.protectionLevel, |
| this.publicKey, |
| this.publicKeyFormat, |
| }); |
| |
| PublicKey.fromJson(core.Map json_) |
| : this( |
| algorithm: json_['algorithm'] as core.String?, |
| name: json_['name'] as core.String?, |
| pem: json_['pem'] as core.String?, |
| pemCrc32c: json_['pemCrc32c'] as core.String?, |
| protectionLevel: json_['protectionLevel'] as core.String?, |
| publicKey: json_.containsKey('publicKey') |
| ? ChecksummedData.fromJson( |
| json_['publicKey'] as core.Map<core.String, core.dynamic>, |
| ) |
| : null, |
| publicKeyFormat: json_['publicKeyFormat'] as core.String?, |
| ); |
| |
| core.Map<core.String, core.dynamic> toJson() { |
| final algorithm = this.algorithm; |
| final name = this.name; |
| final pem = this.pem; |
| final pemCrc32c = this.pemCrc32c; |
| final protectionLevel = this.protectionLevel; |
| final publicKey = this.publicKey; |
| final publicKeyFormat = this.publicKeyFormat; |
| return { |
| 'algorithm': ?algorithm, |
| 'name': ?name, |
| 'pem': ?pem, |
| 'pemCrc32c': ?pemCrc32c, |
| 'protectionLevel': ?protectionLevel, |
| 'publicKey': ?publicKey, |
| 'publicKeyFormat': ?publicKeyFormat, |
| }; |
| } |
| } |
| |
| /// Configuration for M of N quorum auth. |
| class QuorumAuth { |
| /// The required numbers of approvers. |
| /// |
| /// The M value used for M of N quorum auth. Must be greater than or equal to |
| /// 2 and less than or equal to total_approver_count - 1. |
| /// |
| /// Output only. |
| core.int? requiredApproverCount; |
| |
| /// The total number of approvers. |
| /// |
| /// This is the N value used for M of N quorum auth. Must be greater than or |
| /// equal to 3 and less than or equal to 16. |
| /// |
| /// Required. |
| core.int? totalApproverCount; |
| |
| /// The public keys associated with the 2FA keys for M of N quorum auth. |
| /// |
| /// Output only. |
| core.List<core.String>? twoFactorPublicKeyPems; |
| |
| QuorumAuth({ |
| this.requiredApproverCount, |
| this.totalApproverCount, |
| this.twoFactorPublicKeyPems, |
| }); |
| |
| QuorumAuth.fromJson(core.Map json_) |
| : this( |
| requiredApproverCount: json_['requiredApproverCount'] as core.int?, |
| totalApproverCount: json_['totalApproverCount'] as core.int?, |
| twoFactorPublicKeyPems: (json_['twoFactorPublicKeyPems'] as core.List?) |
| ?.map((value) => value as core.String) |
| .toList(), |
| ); |
| |
| core.Map<core.String, core.dynamic> toJson() { |
| final requiredApproverCount = this.requiredApproverCount; |
| final totalApproverCount = this.totalApproverCount; |
| final twoFactorPublicKeyPems = this.twoFactorPublicKeyPems; |
| return { |
| 'requiredApproverCount': ?requiredApproverCount, |
| 'totalApproverCount': ?totalApproverCount, |
| 'twoFactorPublicKeyPems': ?twoFactorPublicKeyPems, |
| }; |
| } |
| } |
| |
| /// Parameters of quorum approval for the SingleTenantHsmInstanceProposal. |
| class QuorumParameters { |
| /// The public keys associated with the 2FA keys that have already approved |
| /// the SingleTenantHsmInstanceProposal by signing the challenge. |
| /// |
| /// Output only. |
| core.List<core.String>? approvedTwoFactorPublicKeyPems; |
| |
| /// The challenges to be signed by 2FA keys for quorum auth. |
| /// |
| /// M of N of these challenges are required to be signed to approve the |
| /// operation. |
| /// |
| /// Output only. |
| core.List<Challenge>? challenges; |
| |
| /// The required numbers of approvers. |
| /// |
| /// This is the M value used for M of N quorum auth. It is less than the |
| /// number of public keys. |
| /// |
| /// Output only. |
| core.int? requiredApproverCount; |
| |
| QuorumParameters({ |
| this.approvedTwoFactorPublicKeyPems, |
| this.challenges, |
| this.requiredApproverCount, |
| }); |
| |
| QuorumParameters.fromJson(core.Map json_) |
| : this( |
| approvedTwoFactorPublicKeyPems: |
| (json_['approvedTwoFactorPublicKeyPems'] as core.List?) |
| ?.map((value) => value as core.String) |
| .toList(), |
| challenges: (json_['challenges'] as core.List?) |
| ?.map( |
| (value) => Challenge.fromJson( |
| value as core.Map<core.String, core.dynamic>, |
| ), |
| ) |
| .toList(), |
| requiredApproverCount: json_['requiredApproverCount'] as core.int?, |
| ); |
| |
| core.Map<core.String, core.dynamic> toJson() { |
| final approvedTwoFactorPublicKeyPems = this.approvedTwoFactorPublicKeyPems; |
| final challenges = this.challenges; |
| final requiredApproverCount = this.requiredApproverCount; |
| return { |
| 'approvedTwoFactorPublicKeyPems': ?approvedTwoFactorPublicKeyPems, |
| 'challenges': ?challenges, |
| 'requiredApproverCount': ?requiredApproverCount, |
| }; |
| } |
| } |
| |
| /// The reply to QuorumParameters for approving the proposal. |
| class QuorumReply { |
| /// The challenge replies to approve the proposal. |
| /// |
| /// Challenge replies can be sent across multiple requests. The proposal will |
| /// be approved when required_approver_count challenge replies are provided. |
| /// |
| /// Required. |
| core.List<ChallengeReply>? challengeReplies; |
| |
| QuorumReply({this.challengeReplies}); |
| |
| QuorumReply.fromJson(core.Map json_) |
| : this( |
| challengeReplies: (json_['challengeReplies'] as core.List?) |
| ?.map( |
| (value) => ChallengeReply.fromJson( |
| value as core.Map<core.String, core.dynamic>, |
| ), |
| ) |
| .toList(), |
| ); |
| |
| core.Map<core.String, core.dynamic> toJson() { |
| final challengeReplies = this.challengeReplies; |
| return {'challengeReplies': ?challengeReplies}; |
| } |
| } |
| |
| /// Request message for KeyManagementService.RawDecrypt. |
| class RawDecryptRequest { |
| /// Optional data that must match the data originally supplied in |
| /// RawEncryptRequest.additional_authenticated_data. |
| /// |
| /// Optional. |
| core.String? additionalAuthenticatedData; |
| core.List<core.int> get additionalAuthenticatedDataAsBytes => |
| convert.base64.decode(additionalAuthenticatedData!); |
| |
| set additionalAuthenticatedDataAsBytes(core.List<core.int> bytes_) { |
| additionalAuthenticatedData = convert.base64 |
| .encode(bytes_) |
| .replaceAll('/', '_') |
| .replaceAll('+', '-'); |
| } |
| |
| /// An optional CRC32C checksum of the |
| /// RawDecryptRequest.additional_authenticated_data. |
| /// |
| /// If specified, KeyManagementService will verify the integrity of the |
| /// received additional_authenticated_data using this checksum. |
| /// KeyManagementService will report an error if the checksum verification |
| /// fails. If you receive a checksum error, your client should verify that |
| /// CRC32C(additional_authenticated_data) is equal to |
| /// additional_authenticated_data_crc32c, and if so, perform a limited number |
| /// of retries. A persistent mismatch may indicate an issue in your |
| /// computation of the CRC32C checksum. Note: This field is defined as int64 |
| /// for reasons of compatibility across different languages. However, it is a |
| /// non-negative integer, which will never exceed 2^32-1, and can be safely |
| /// downconverted to uint32 in languages that support this type. |
| /// |
| /// Optional. |
| core.String? additionalAuthenticatedDataCrc32c; |
| |
| /// The encrypted data originally returned in RawEncryptResponse.ciphertext. |
| /// |
| /// Required. |
| core.String? ciphertext; |
| core.List<core.int> get ciphertextAsBytes => |
| convert.base64.decode(ciphertext!); |
| |
| set ciphertextAsBytes(core.List<core.int> bytes_) { |
| ciphertext = convert.base64 |
| .encode(bytes_) |
| .replaceAll('/', '_') |
| .replaceAll('+', '-'); |
| } |
| |
| /// An optional CRC32C checksum of the RawDecryptRequest.ciphertext. |
| /// |
| /// If specified, KeyManagementService will verify the integrity of the |
| /// received ciphertext using this checksum. KeyManagementService will report |
| /// an error if the checksum verification fails. If you receive a checksum |
| /// error, your client should verify that CRC32C(ciphertext) is equal to |
| /// ciphertext_crc32c, and if so, perform a limited number of retries. A |
| /// persistent mismatch may indicate an issue in your computation of the |
| /// CRC32C checksum. Note: This field is defined as int64 for reasons of |
| /// compatibility across different languages. However, it is a non-negative |
| /// integer, which will never exceed 2^32-1, and can be safely downconverted |
| /// to uint32 in languages that support this type. |
| /// |
| /// Optional. |
| core.String? ciphertextCrc32c; |
| |
| /// The initialization vector (IV) used during encryption, which must match |
| /// the data originally provided in RawEncryptResponse.initialization_vector. |
| /// |
| /// Required. |
| core.String? initializationVector; |
| core.List<core.int> get initializationVectorAsBytes => |
| convert.base64.decode(initializationVector!); |
| |
| set initializationVectorAsBytes(core.List<core.int> bytes_) { |
| initializationVector = convert.base64 |
| .encode(bytes_) |
| .replaceAll('/', '_') |
| .replaceAll('+', '-'); |
| } |
| |
| /// An optional CRC32C checksum of the |
| /// RawDecryptRequest.initialization_vector. |
| /// |
| /// If specified, KeyManagementService will verify the integrity of the |
| /// received initialization_vector using this checksum. KeyManagementService |
| /// will report an error if the checksum verification fails. If you receive a |
| /// checksum error, your client should verify that |
| /// CRC32C(initialization_vector) is equal to initialization_vector_crc32c, |
| /// and if so, perform a limited number of retries. A persistent mismatch may |
| /// indicate an issue in your computation of the CRC32C checksum. Note: This |
| /// field is defined as int64 for reasons of compatibility across different |
| /// languages. However, it is a non-negative integer, which will never exceed |
| /// 2^32-1, and can be safely downconverted to uint32 in languages that |
| /// support this type. |
| /// |
| /// Optional. |
| core.String? initializationVectorCrc32c; |
| |
| /// The length of the authentication tag that is appended to the end of the |
| /// ciphertext. |
| /// |
| /// If unspecified (0), the default value for the key's algorithm will be used |
| /// (for AES-GCM, the default value is 16). |
| core.int? tagLength; |
| |
| RawDecryptRequest({ |
| this.additionalAuthenticatedData, |
| this.additionalAuthenticatedDataCrc32c, |
| this.ciphertext, |
| this.ciphertextCrc32c, |
| this.initializationVector, |
| this.initializationVectorCrc32c, |
| this.tagLength, |
| }); |
| |
| RawDecryptRequest.fromJson(core.Map json_) |
| : this( |
| additionalAuthenticatedData: |
| json_['additionalAuthenticatedData'] as core.String?, |
| additionalAuthenticatedDataCrc32c: |
| json_['additionalAuthenticatedDataCrc32c'] as core.String?, |
| ciphertext: json_['ciphertext'] as core.String?, |
| ciphertextCrc32c: json_['ciphertextCrc32c'] as core.String?, |
| initializationVector: json_['initializationVector'] as core.String?, |
| initializationVectorCrc32c: |
| json_['initializationVectorCrc32c'] as core.String?, |
| tagLength: json_['tagLength'] as core.int?, |
| ); |
| |
| core.Map<core.String, core.dynamic> toJson() { |
| final additionalAuthenticatedData = this.additionalAuthenticatedData; |
| final additionalAuthenticatedDataCrc32c = |
| this.additionalAuthenticatedDataCrc32c; |
| final ciphertext = this.ciphertext; |
| final ciphertextCrc32c = this.ciphertextCrc32c; |
| final initializationVector = this.initializationVector; |
| final initializationVectorCrc32c = this.initializationVectorCrc32c; |
| final tagLength = this.tagLength; |
| return { |
| 'additionalAuthenticatedData': ?additionalAuthenticatedData, |
| 'additionalAuthenticatedDataCrc32c': ?additionalAuthenticatedDataCrc32c, |
| 'ciphertext': ?ciphertext, |
| 'ciphertextCrc32c': ?ciphertextCrc32c, |
| 'initializationVector': ?initializationVector, |
| 'initializationVectorCrc32c': ?initializationVectorCrc32c, |
| 'tagLength': ?tagLength, |
| }; |
| } |
| } |
| |
| /// Response message for KeyManagementService.RawDecrypt. |
| class RawDecryptResponse { |
| /// The decrypted data. |
| core.String? plaintext; |
| core.List<core.int> get plaintextAsBytes => convert.base64.decode(plaintext!); |
| |
| set plaintextAsBytes(core.List<core.int> bytes_) { |
| plaintext = convert.base64 |
| .encode(bytes_) |
| .replaceAll('/', '_') |
| .replaceAll('+', '-'); |
| } |
| |
| /// Integrity verification field. |
| /// |
| /// A CRC32C checksum of the returned RawDecryptResponse.plaintext. An |
| /// integrity check of plaintext can be performed by computing the CRC32C |
| /// checksum of plaintext and comparing your results to this field. Discard |
| /// the response in case of non-matching checksum values, and perform a |
| /// limited number of retries. A persistent mismatch may indicate an issue in |
| /// your computation of the CRC32C checksum. Note: receiving this response |
| /// message indicates that KeyManagementService is able to successfully |
| /// decrypt the ciphertext. Note: This field is defined as int64 for reasons |
| /// of compatibility across different languages. However, it is a non-negative |
| /// integer, which will never exceed 2^32-1, and can be safely downconverted |
| /// to uint32 in languages that support this type. |
| core.String? plaintextCrc32c; |
| |
| /// The ProtectionLevel of the CryptoKeyVersion used in decryption. |
| /// Possible string values are: |
| /// - "PROTECTION_LEVEL_UNSPECIFIED" : Not specified. |
| /// - "SOFTWARE" : Crypto operations are performed in software. |
| /// - "HSM" : Crypto operations are performed in a Hardware Security Module. |
| /// - "EXTERNAL" : Crypto operations are performed by an external key manager. |
| /// - "EXTERNAL_VPC" : Crypto operations are performed in an EKM-over-VPC |
| /// backend. |
| /// - "HSM_SINGLE_TENANT" : Crypto operations are performed in a single-tenant |
| /// HSM. |
| core.String? protectionLevel; |
| |
| /// Integrity verification field. |
| /// |
| /// A flag indicating whether |
| /// RawDecryptRequest.additional_authenticated_data_crc32c was received by |
| /// KeyManagementService and used for the integrity verification of |
| /// additional_authenticated_data. A false value of this field indicates |
| /// either that // RawDecryptRequest.additional_authenticated_data_crc32c was |
| /// left unset or that it was not delivered to KeyManagementService. If you've |
| /// set RawDecryptRequest.additional_authenticated_data_crc32c but this field |
| /// is still false, discard the response and perform a limited number of |
| /// retries. |
| core.bool? verifiedAdditionalAuthenticatedDataCrc32c; |
| |
| /// Integrity verification field. |
| /// |
| /// A flag indicating whether RawDecryptRequest.ciphertext_crc32c was received |
| /// by KeyManagementService and used for the integrity verification of the |
| /// ciphertext. A false value of this field indicates either that |
| /// RawDecryptRequest.ciphertext_crc32c was left unset or that it was not |
| /// delivered to KeyManagementService. If you've set |
| /// RawDecryptRequest.ciphertext_crc32c but this field is still false, discard |
| /// the response and perform a limited number of retries. |
| core.bool? verifiedCiphertextCrc32c; |
| |
| /// Integrity verification field. |
| /// |
| /// A flag indicating whether RawDecryptRequest.initialization_vector_crc32c |
| /// was received by KeyManagementService and used for the integrity |
| /// verification of initialization_vector. A false value of this field |
| /// indicates either that RawDecryptRequest.initialization_vector_crc32c was |
| /// left unset or that it was not delivered to KeyManagementService. If you've |
| /// set RawDecryptRequest.initialization_vector_crc32c but this field is still |
| /// false, discard the response and perform a limited number of retries. |
| core.bool? verifiedInitializationVectorCrc32c; |
| |
| RawDecryptResponse({ |
| this.plaintext, |
| this.plaintextCrc32c, |
| this.protectionLevel, |
| this.verifiedAdditionalAuthenticatedDataCrc32c, |
| this.verifiedCiphertextCrc32c, |
| this.verifiedInitializationVectorCrc32c, |
| }); |
| |
| RawDecryptResponse.fromJson(core.Map json_) |
| : this( |
| plaintext: json_['plaintext'] as core.String?, |
| plaintextCrc32c: json_['plaintextCrc32c'] as core.String?, |
| protectionLevel: json_['protectionLevel'] as core.String?, |
| verifiedAdditionalAuthenticatedDataCrc32c: |
| json_['verifiedAdditionalAuthenticatedDataCrc32c'] as core.bool?, |
| verifiedCiphertextCrc32c: |
| json_['verifiedCiphertextCrc32c'] as core.bool?, |
| verifiedInitializationVectorCrc32c: |
| json_['verifiedInitializationVectorCrc32c'] as core.bool?, |
| ); |
| |
| core.Map<core.String, core.dynamic> toJson() { |
| final plaintext = this.plaintext; |
| final plaintextCrc32c = this.plaintextCrc32c; |
| final protectionLevel = this.protectionLevel; |
| final verifiedAdditionalAuthenticatedDataCrc32c = |
| this.verifiedAdditionalAuthenticatedDataCrc32c; |
| final verifiedCiphertextCrc32c = this.verifiedCiphertextCrc32c; |
| final verifiedInitializationVectorCrc32c = |
| this.verifiedInitializationVectorCrc32c; |
| return { |
| 'plaintext': ?plaintext, |
| 'plaintextCrc32c': ?plaintextCrc32c, |
| 'protectionLevel': ?protectionLevel, |
| 'verifiedAdditionalAuthenticatedDataCrc32c': |
| ?verifiedAdditionalAuthenticatedDataCrc32c, |
| 'verifiedCiphertextCrc32c': ?verifiedCiphertextCrc32c, |
| 'verifiedInitializationVectorCrc32c': ?verifiedInitializationVectorCrc32c, |
| }; |
| } |
| } |
| |
| /// Request message for KeyManagementService.RawEncrypt. |
| class RawEncryptRequest { |
| /// Optional data that, if specified, must also be provided during decryption |
| /// through RawDecryptRequest.additional_authenticated_data. |
| /// |
| /// This field may only be used in conjunction with an algorithm that accepts |
| /// additional authenticated data (for example, AES-GCM). The maximum size |
| /// depends on the key version's protection_level. For SOFTWARE keys, the |
| /// plaintext must be no larger than 64KiB. For HSM keys, the combined length |
| /// of the plaintext and additional_authenticated_data fields must be no |
| /// larger than 8KiB. |
| /// |
| /// Optional. |
| core.String? additionalAuthenticatedData; |
| core.List<core.int> get additionalAuthenticatedDataAsBytes => |
| convert.base64.decode(additionalAuthenticatedData!); |
| |
| set additionalAuthenticatedDataAsBytes(core.List<core.int> bytes_) { |
| additionalAuthenticatedData = convert.base64 |
| .encode(bytes_) |
| .replaceAll('/', '_') |
| .replaceAll('+', '-'); |
| } |
| |
| /// An optional CRC32C checksum of the |
| /// RawEncryptRequest.additional_authenticated_data. |
| /// |
| /// If specified, KeyManagementService will verify the integrity of the |
| /// received additional_authenticated_data using this checksum. |
| /// KeyManagementService will report an error if the checksum verification |
| /// fails. If you receive a checksum error, your client should verify that |
| /// CRC32C(additional_authenticated_data) is equal to |
| /// additional_authenticated_data_crc32c, and if so, perform a limited number |
| /// of retries. A persistent mismatch may indicate an issue in your |
| /// computation of the CRC32C checksum. Note: This field is defined as int64 |
| /// for reasons of compatibility across different languages. However, it is a |
| /// non-negative integer, which will never exceed 2^32-1, and can be safely |
| /// downconverted to uint32 in languages that support this type. |
| /// |
| /// Optional. |
| core.String? additionalAuthenticatedDataCrc32c; |
| |
| /// A customer-supplied initialization vector that will be used for |
| /// encryption. |
| /// |
| /// If it is not provided for AES-CBC and AES-CTR, one will be generated. It |
| /// will be returned in RawEncryptResponse.initialization_vector. |
| /// |
| /// Optional. |
| core.String? initializationVector; |
| core.List<core.int> get initializationVectorAsBytes => |
| convert.base64.decode(initializationVector!); |
| |
| set initializationVectorAsBytes(core.List<core.int> bytes_) { |
| initializationVector = convert.base64 |
| .encode(bytes_) |
| .replaceAll('/', '_') |
| .replaceAll('+', '-'); |
| } |
| |
| /// An optional CRC32C checksum of the |
| /// RawEncryptRequest.initialization_vector. |
| /// |
| /// If specified, KeyManagementService will verify the integrity of the |
| /// received initialization_vector using this checksum. KeyManagementService |
| /// will report an error if the checksum verification fails. If you receive a |
| /// checksum error, your client should verify that |
| /// CRC32C(initialization_vector) is equal to initialization_vector_crc32c, |
| /// and if so, perform a limited number of retries. A persistent mismatch may |
| /// indicate an issue in your computation of the CRC32C checksum. Note: This |
| /// field is defined as int64 for reasons of compatibility across different |
| /// languages. However, it is a non-negative integer, which will never exceed |
| /// 2^32-1, and can be safely downconverted to uint32 in languages that |
| /// support this type. |
| /// |
| /// Optional. |
| core.String? initializationVectorCrc32c; |
| |
| /// The data to encrypt. |
| /// |
| /// Must be no larger than 64KiB. The maximum size depends on the key |
| /// version's protection_level. For SOFTWARE keys, the plaintext must be no |
| /// larger than 64KiB. For HSM keys, the combined length of the plaintext and |
| /// additional_authenticated_data fields must be no larger than 8KiB. |
| /// |
| /// Required. |
| core.String? plaintext; |
| core.List<core.int> get plaintextAsBytes => convert.base64.decode(plaintext!); |
| |
| set plaintextAsBytes(core.List<core.int> bytes_) { |
| plaintext = convert.base64 |
| .encode(bytes_) |
| .replaceAll('/', '_') |
| .replaceAll('+', '-'); |
| } |
| |
| /// An optional CRC32C checksum of the RawEncryptRequest.plaintext. |
| /// |
| /// If specified, KeyManagementService will verify the integrity of the |
| /// received plaintext using this checksum. KeyManagementService will report |
| /// an error if the checksum verification fails. If you receive a checksum |
| /// error, your client should verify that CRC32C(plaintext) is equal to |
| /// plaintext_crc32c, and if so, perform a limited number of retries. A |
| /// persistent mismatch may indicate an issue in your computation of the |
| /// CRC32C checksum. Note: This field is defined as int64 for reasons of |
| /// compatibility across different languages. However, it is a non-negative |
| /// integer, which will never exceed 2^32-1, and can be safely downconverted |
| /// to uint32 in languages that support this type. |
| /// |
| /// Optional. |
| core.String? plaintextCrc32c; |
| |
| RawEncryptRequest({ |
| this.additionalAuthenticatedData, |
| this.additionalAuthenticatedDataCrc32c, |
| this.initializationVector, |
| this.initializationVectorCrc32c, |
| this.plaintext, |
| this.plaintextCrc32c, |
| }); |
| |
| RawEncryptRequest.fromJson(core.Map json_) |
| : this( |
| additionalAuthenticatedData: |
| json_['additionalAuthenticatedData'] as core.String?, |
| additionalAuthenticatedDataCrc32c: |
| json_['additionalAuthenticatedDataCrc32c'] as core.String?, |
| initializationVector: json_['initializationVector'] as core.String?, |
| initializationVectorCrc32c: |
| json_['initializationVectorCrc32c'] as core.String?, |
| plaintext: json_['plaintext'] as core.String?, |
| plaintextCrc32c: json_['plaintextCrc32c'] as core.String?, |
| ); |
| |
| core.Map<core.String, core.dynamic> toJson() { |
| final additionalAuthenticatedData = this.additionalAuthenticatedData; |
| final additionalAuthenticatedDataCrc32c = |
| this.additionalAuthenticatedDataCrc32c; |
| final initializationVector = this.initializationVector; |
| final initializationVectorCrc32c = this.initializationVectorCrc32c; |
| final plaintext = this.plaintext; |
| final plaintextCrc32c = this.plaintextCrc32c; |
| return { |
| 'additionalAuthenticatedData': ?additionalAuthenticatedData, |
| 'additionalAuthenticatedDataCrc32c': ?additionalAuthenticatedDataCrc32c, |
| 'initializationVector': ?initializationVector, |
| 'initializationVectorCrc32c': ?initializationVectorCrc32c, |
| 'plaintext': ?plaintext, |
| 'plaintextCrc32c': ?plaintextCrc32c, |
| }; |
| } |
| } |
| |
| /// Response message for KeyManagementService.RawEncrypt. |
| class RawEncryptResponse { |
| /// The encrypted data. |
| /// |
| /// In the case of AES-GCM, the authentication tag is the tag_length bytes at |
| /// the end of this field. |
| core.String? ciphertext; |
| core.List<core.int> get ciphertextAsBytes => |
| convert.base64.decode(ciphertext!); |
| |
| set ciphertextAsBytes(core.List<core.int> bytes_) { |
| ciphertext = convert.base64 |
| .encode(bytes_) |
| .replaceAll('/', '_') |
| .replaceAll('+', '-'); |
| } |
| |
| /// Integrity verification field. |
| /// |
| /// A CRC32C checksum of the returned RawEncryptResponse.ciphertext. An |
| /// integrity check of ciphertext can be performed by computing the CRC32C |
| /// checksum of ciphertext and comparing your results to this field. Discard |
| /// the response in case of non-matching checksum values, and perform a |
| /// limited number of retries. A persistent mismatch may indicate an issue in |
| /// your computation of the CRC32C checksum. Note: This field is defined as |
| /// int64 for reasons of compatibility across different languages. However, it |
| /// is a non-negative integer, which will never exceed 2^32-1, and can be |
| /// safely downconverted to uint32 in languages that support this type. |
| core.String? ciphertextCrc32c; |
| |
| /// The initialization vector (IV) generated by the service during encryption. |
| /// |
| /// This value must be stored and provided in |
| /// RawDecryptRequest.initialization_vector at decryption time. |
| core.String? initializationVector; |
| core.List<core.int> get initializationVectorAsBytes => |
| convert.base64.decode(initializationVector!); |
| |
| set initializationVectorAsBytes(core.List<core.int> bytes_) { |
| initializationVector = convert.base64 |
| .encode(bytes_) |
| .replaceAll('/', '_') |
| .replaceAll('+', '-'); |
| } |
| |
| /// Integrity verification field. |
| /// |
| /// A CRC32C checksum of the returned |
| /// RawEncryptResponse.initialization_vector. An integrity check of |
| /// initialization_vector can be performed by computing the CRC32C checksum of |
| /// initialization_vector and comparing your results to this field. Discard |
| /// the response in case of non-matching checksum values, and perform a |
| /// limited number of retries. A persistent mismatch may indicate an issue in |
| /// your computation of the CRC32C checksum. Note: This field is defined as |
| /// int64 for reasons of compatibility across different languages. However, it |
| /// is a non-negative integer, which will never exceed 2^32-1, and can be |
| /// safely downconverted to uint32 in languages that support this type. |
| core.String? initializationVectorCrc32c; |
| |
| /// The resource name of the CryptoKeyVersion used in encryption. |
| /// |
| /// Check this field to verify that the intended resource was used for |
| /// encryption. |
| core.String? name; |
| |
| /// The ProtectionLevel of the CryptoKeyVersion used in encryption. |
| /// Possible string values are: |
| /// - "PROTECTION_LEVEL_UNSPECIFIED" : Not specified. |
| /// - "SOFTWARE" : Crypto operations are performed in software. |
| /// - "HSM" : Crypto operations are performed in a Hardware Security Module. |
| /// - "EXTERNAL" : Crypto operations are performed by an external key manager. |
| /// - "EXTERNAL_VPC" : Crypto operations are performed in an EKM-over-VPC |
| /// backend. |
| /// - "HSM_SINGLE_TENANT" : Crypto operations are performed in a single-tenant |
| /// HSM. |
| core.String? protectionLevel; |
| |
| /// The length of the authentication tag that is appended to the end of the |
| /// ciphertext. |
| core.int? tagLength; |
| |
| /// Integrity verification field. |
| /// |
| /// A flag indicating whether |
| /// RawEncryptRequest.additional_authenticated_data_crc32c was received by |
| /// KeyManagementService and used for the integrity verification of |
| /// additional_authenticated_data. A false value of this field indicates |
| /// either that // RawEncryptRequest.additional_authenticated_data_crc32c was |
| /// left unset or that it was not delivered to KeyManagementService. If you've |
| /// set RawEncryptRequest.additional_authenticated_data_crc32c but this field |
| /// is still false, discard the response and perform a limited number of |
| /// retries. |
| core.bool? verifiedAdditionalAuthenticatedDataCrc32c; |
| |
| /// Integrity verification field. |
| /// |
| /// A flag indicating whether RawEncryptRequest.initialization_vector_crc32c |
| /// was received by KeyManagementService and used for the integrity |
| /// verification of initialization_vector. A false value of this field |
| /// indicates either that RawEncryptRequest.initialization_vector_crc32c was |
| /// left unset or that it was not delivered to KeyManagementService. If you've |
| /// set RawEncryptRequest.initialization_vector_crc32c but this field is still |
| /// false, discard the response and perform a limited number of retries. |
| core.bool? verifiedInitializationVectorCrc32c; |
| |
| /// Integrity verification field. |
| /// |
| /// A flag indicating whether RawEncryptRequest.plaintext_crc32c was received |
| /// by KeyManagementService and used for the integrity verification of the |
| /// plaintext. A false value of this field indicates either that |
| /// RawEncryptRequest.plaintext_crc32c was left unset or that it was not |
| /// delivered to KeyManagementService. If you've set |
| /// RawEncryptRequest.plaintext_crc32c but this field is still false, discard |
| /// the response and perform a limited number of retries. |
| core.bool? verifiedPlaintextCrc32c; |
| |
| RawEncryptResponse({ |
| this.ciphertext, |
| this.ciphertextCrc32c, |
| this.initializationVector, |
| this.initializationVectorCrc32c, |
| this.name, |
| this.protectionLevel, |
| this.tagLength, |
| this.verifiedAdditionalAuthenticatedDataCrc32c, |
| this.verifiedInitializationVectorCrc32c, |
| this.verifiedPlaintextCrc32c, |
| }); |
| |
| RawEncryptResponse.fromJson(core.Map json_) |
| : this( |
| ciphertext: json_['ciphertext'] as core.String?, |
| ciphertextCrc32c: json_['ciphertextCrc32c'] as core.String?, |
| initializationVector: json_['initializationVector'] as core.String?, |
| initializationVectorCrc32c: |
| json_['initializationVectorCrc32c'] as core.String?, |
| name: json_['name'] as core.String?, |
| protectionLevel: json_['protectionLevel'] as core.String?, |
| tagLength: json_['tagLength'] as core.int?, |
| verifiedAdditionalAuthenticatedDataCrc32c: |
| json_['verifiedAdditionalAuthenticatedDataCrc32c'] as core.bool?, |
| verifiedInitializationVectorCrc32c: |
| json_['verifiedInitializationVectorCrc32c'] as core.bool?, |
| verifiedPlaintextCrc32c: json_['verifiedPlaintextCrc32c'] as core.bool?, |
| ); |
| |
| core.Map<core.String, core.dynamic> toJson() { |
| final ciphertext = this.ciphertext; |
| final ciphertextCrc32c = this.ciphertextCrc32c; |
| final initializationVector = this.initializationVector; |
| final initializationVectorCrc32c = this.initializationVectorCrc32c; |
| final name = this.name; |
| final protectionLevel = this.protectionLevel; |
| final tagLength = this.tagLength; |
| final verifiedAdditionalAuthenticatedDataCrc32c = |
| this.verifiedAdditionalAuthenticatedDataCrc32c; |
| final verifiedInitializationVectorCrc32c = |
| this.verifiedInitializationVectorCrc32c; |
| final verifiedPlaintextCrc32c = this.verifiedPlaintextCrc32c; |
| return { |
| 'ciphertext': ?ciphertext, |
| 'ciphertextCrc32c': ?ciphertextCrc32c, |
| 'initializationVector': ?initializationVector, |
| 'initializationVectorCrc32c': ?initializationVectorCrc32c, |
| 'name': ?name, |
| 'protectionLevel': ?protectionLevel, |
| 'tagLength': ?tagLength, |
| 'verifiedAdditionalAuthenticatedDataCrc32c': |
| ?verifiedAdditionalAuthenticatedDataCrc32c, |
| 'verifiedInitializationVectorCrc32c': ?verifiedInitializationVectorCrc32c, |
| 'verifiedPlaintextCrc32c': ?verifiedPlaintextCrc32c, |
| }; |
| } |
| } |
| |
| /// Refreshes the SingleTenantHsmInstance. |
| /// |
| /// This operation must be performed periodically to keep the |
| /// SingleTenantHsmInstance active. This operation must be performed before |
| /// unrefreshed_duration_until_disable has passed. The SingleTenantHsmInstance |
| /// must be in the ACTIVE state to perform this operation. |
| typedef RefreshSingleTenantHsmInstance = $Empty; |
| |
| /// Register 2FA keys for the SingleTenantHsmInstance. |
| /// |
| /// This operation requires all Challenges to be signed by 2FA keys. The |
| /// SingleTenantHsmInstance must be in the PENDING_TWO_FACTOR_AUTH_REGISTRATION |
| /// state to perform this operation. |
| class RegisterTwoFactorAuthKeys { |
| /// The required numbers of approvers to set for the SingleTenantHsmInstance. |
| /// |
| /// This is the M value used for M of N quorum auth. Must be greater than or |
| /// equal to 2 and less than or equal to total_approver_count - 1. |
| /// |
| /// Required. |
| core.int? requiredApproverCount; |
| |
| /// The public keys associated with the 2FA keys for M of N quorum auth. |
| /// |
| /// Public keys must be associated with RSA 2048 keys. |
| /// |
| /// Required. |
| core.List<core.String>? twoFactorPublicKeyPems; |
| |
| RegisterTwoFactorAuthKeys({ |
| this.requiredApproverCount, |
| this.twoFactorPublicKeyPems, |
| }); |
| |
| RegisterTwoFactorAuthKeys.fromJson(core.Map json_) |
| : this( |
| requiredApproverCount: json_['requiredApproverCount'] as core.int?, |
| twoFactorPublicKeyPems: (json_['twoFactorPublicKeyPems'] as core.List?) |
| ?.map((value) => value as core.String) |
| .toList(), |
| ); |
| |
| core.Map<core.String, core.dynamic> toJson() { |
| final requiredApproverCount = this.requiredApproverCount; |
| final twoFactorPublicKeyPems = this.twoFactorPublicKeyPems; |
| return { |
| 'requiredApproverCount': ?requiredApproverCount, |
| 'twoFactorPublicKeyPems': ?twoFactorPublicKeyPems, |
| }; |
| } |
| } |
| |
| /// Remove a quorum member from the SingleTenantHsmInstance. |
| /// |
| /// This will reduce total_approver_count by 1. The SingleTenantHsmInstance must |
| /// be in the ACTIVE state to perform this operation. |
| class RemoveQuorumMember { |
| /// The public key associated with the 2FA key for the quorum member to |
| /// remove. |
| /// |
| /// Public keys must be associated with RSA 2048 keys. |
| /// |
| /// Required. |
| core.String? twoFactorPublicKeyPem; |
| |
| RemoveQuorumMember({this.twoFactorPublicKeyPem}); |
| |
| RemoveQuorumMember.fromJson(core.Map json_) |
| : this( |
| twoFactorPublicKeyPem: json_['twoFactorPublicKeyPem'] as core.String?, |
| ); |
| |
| core.Map<core.String, core.dynamic> toJson() { |
| final twoFactorPublicKeyPem = this.twoFactorPublicKeyPem; |
| return {'twoFactorPublicKeyPem': ?twoFactorPublicKeyPem}; |
| } |
| } |
| |
| /// Parameters for an approval that has both required challenges and a quorum. |
| class RequiredActionQuorumParameters { |
| /// The public keys associated with the 2FA keys that have already approved |
| /// the SingleTenantHsmInstanceProposal by signing the challenge. |
| /// |
| /// Output only. |
| core.List<core.String>? approvedTwoFactorPublicKeyPems; |
| |
| /// The challenges to be signed by 2FA keys for quorum auth. |
| /// |
| /// M of N of these challenges are required to be signed to approve the |
| /// operation. |
| /// |
| /// Output only. |
| core.List<Challenge>? quorumChallenges; |
| |
| /// The required number of quorum approvers. |
| /// |
| /// This is the M value used for M of N quorum auth. It is less than the |
| /// number of public keys. |
| /// |
| /// Output only. |
| core.int? requiredApproverCount; |
| |
| /// A list of specific challenges that must be signed. |
| /// |
| /// For some operations, this will contain a single challenge. |
| /// |
| /// Output only. |
| core.List<Challenge>? requiredChallenges; |
| |
| RequiredActionQuorumParameters({ |
| this.approvedTwoFactorPublicKeyPems, |
| this.quorumChallenges, |
| this.requiredApproverCount, |
| this.requiredChallenges, |
| }); |
| |
| RequiredActionQuorumParameters.fromJson(core.Map json_) |
| : this( |
| approvedTwoFactorPublicKeyPems: |
| (json_['approvedTwoFactorPublicKeyPems'] as core.List?) |
| ?.map((value) => value as core.String) |
| .toList(), |
| quorumChallenges: (json_['quorumChallenges'] as core.List?) |
| ?.map( |
| (value) => Challenge.fromJson( |
| value as core.Map<core.String, core.dynamic>, |
| ), |
| ) |
| .toList(), |
| requiredApproverCount: json_['requiredApproverCount'] as core.int?, |
| requiredChallenges: (json_['requiredChallenges'] as core.List?) |
| ?.map( |
| (value) => Challenge.fromJson( |
| value as core.Map<core.String, core.dynamic>, |
| ), |
| ) |
| .toList(), |
| ); |
| |
| core.Map<core.String, core.dynamic> toJson() { |
| final approvedTwoFactorPublicKeyPems = this.approvedTwoFactorPublicKeyPems; |
| final quorumChallenges = this.quorumChallenges; |
| final requiredApproverCount = this.requiredApproverCount; |
| final requiredChallenges = this.requiredChallenges; |
| return { |
| 'approvedTwoFactorPublicKeyPems': ?approvedTwoFactorPublicKeyPems, |
| 'quorumChallenges': ?quorumChallenges, |
| 'requiredApproverCount': ?requiredApproverCount, |
| 'requiredChallenges': ?requiredChallenges, |
| }; |
| } |
| } |
| |
| /// The reply to RequiredActionQuorumParameters for approving the proposal. |
| class RequiredActionQuorumReply { |
| /// Quorum members' signed challenge replies. |
| /// |
| /// These can be provided across multiple requests. The proposal will be |
| /// approved when required_approver_count quorum_challenge_replies are |
| /// provided and when all required_challenge_replies are provided. |
| /// |
| /// Required. |
| core.List<ChallengeReply>? quorumChallengeReplies; |
| |
| /// All required challenges must be signed for the proposal to be approved. |
| /// |
| /// These can be sent across multiple requests. |
| /// |
| /// Required. |
| core.List<ChallengeReply>? requiredChallengeReplies; |
| |
| RequiredActionQuorumReply({ |
| this.quorumChallengeReplies, |
| this.requiredChallengeReplies, |
| }); |
| |
| RequiredActionQuorumReply.fromJson(core.Map json_) |
| : this( |
| quorumChallengeReplies: (json_['quorumChallengeReplies'] as core.List?) |
| ?.map( |
| (value) => ChallengeReply.fromJson( |
| value as core.Map<core.String, core.dynamic>, |
| ), |
| ) |
| .toList(), |
| requiredChallengeReplies: |
| (json_['requiredChallengeReplies'] as core.List?) |
| ?.map( |
| (value) => ChallengeReply.fromJson( |
| value as core.Map<core.String, core.dynamic>, |
| ), |
| ) |
| .toList(), |
| ); |
| |
| core.Map<core.String, core.dynamic> toJson() { |
| final quorumChallengeReplies = this.quorumChallengeReplies; |
| final requiredChallengeReplies = this.requiredChallengeReplies; |
| return { |
| 'quorumChallengeReplies': ?quorumChallengeReplies, |
| 'requiredChallengeReplies': ?requiredChallengeReplies, |
| }; |
| } |
| } |
| |
| /// Request message for KeyManagementService.RestoreCryptoKeyVersion. |
| typedef RestoreCryptoKeyVersionRequest = $Empty; |
| |
| /// A RetiredResource resource represents the record of a deleted CryptoKey. |
| /// |
| /// Its purpose is to provide visibility into retained user data and to prevent |
| /// reuse of these names for new CryptoKeys. |
| class RetiredResource { |
| /// The time at which the original resource was deleted and this |
| /// RetiredResource record was created. |
| /// |
| /// Output only. |
| core.String? deleteTime; |
| |
| /// Identifier. |
| /// |
| /// The resource name for this RetiredResource in the format `projects / * |
| /// /locations / * /retiredResources / * `. |
| /// |
| /// Output only. |
| core.String? name; |
| |
| /// The full resource name of the original CryptoKey that was deleted in the |
| /// format `projects / * /locations / * /keyRings / * /cryptoKeys / * `. |
| /// |
| /// Output only. |
| core.String? originalResource; |
| |
| /// The resource type of the original deleted resource. |
| /// |
| /// Output only. |
| core.String? resourceType; |
| |
| RetiredResource({ |
| this.deleteTime, |
| this.name, |
| this.originalResource, |
| this.resourceType, |
| }); |
| |
| RetiredResource.fromJson(core.Map json_) |
| : this( |
| deleteTime: json_['deleteTime'] as core.String?, |
| name: json_['name'] as core.String?, |
| originalResource: json_['originalResource'] as core.String?, |
| resourceType: json_['resourceType'] as core.String?, |
| ); |
| |
| core.Map<core.String, core.dynamic> toJson() { |
| final deleteTime = this.deleteTime; |
| final name = this.name; |
| final originalResource = this.originalResource; |
| final resourceType = this.resourceType; |
| return { |
| 'deleteTime': ?deleteTime, |
| 'name': ?name, |
| 'originalResource': ?originalResource, |
| 'resourceType': ?resourceType, |
| }; |
| } |
| } |
| |
| /// A ServiceResolver represents an EKM replica that can be reached within an |
| /// EkmConnection. |
| class ServiceResolver { |
| /// The filter applied to the endpoints of the resolved service. |
| /// |
| /// If no filter is specified, all endpoints will be considered. An endpoint |
| /// will be chosen arbitrarily from the filtered list for each request. For |
| /// endpoint filter syntax and examples, see |
| /// https://cloud.google.com/service-directory/docs/reference/rpc/google.cloud.servicedirectory.v1#resolveservicerequest. |
| /// |
| /// Optional. |
| core.String? endpointFilter; |
| |
| /// The hostname of the EKM replica used at TLS and HTTP layers. |
| /// |
| /// Required. |
| core.String? hostname; |
| |
| /// A list of leaf server certificates used to authenticate HTTPS connections |
| /// to the EKM replica. |
| /// |
| /// Currently, a maximum of 10 Certificate is supported. |
| /// |
| /// Required. |
| core.List<Certificate>? serverCertificates; |
| |
| /// The resource name of the Service Directory service pointing to an EKM |
| /// replica, in the format `projects / * /locations / * /namespaces / * |
| /// /services / * `. |
| /// |
| /// Required. |
| core.String? serviceDirectoryService; |
| |
| ServiceResolver({ |
| this.endpointFilter, |
| this.hostname, |
| this.serverCertificates, |
| this.serviceDirectoryService, |
| }); |
| |
| ServiceResolver.fromJson(core.Map json_) |
| : this( |
| endpointFilter: json_['endpointFilter'] as core.String?, |
| hostname: json_['hostname'] as core.String?, |
| serverCertificates: (json_['serverCertificates'] as core.List?) |
| ?.map( |
| (value) => Certificate.fromJson( |
| value as core.Map<core.String, core.dynamic>, |
| ), |
| ) |
| .toList(), |
| serviceDirectoryService: |
| json_['serviceDirectoryService'] as core.String?, |
| ); |
| |
| core.Map<core.String, core.dynamic> toJson() { |
| final endpointFilter = this.endpointFilter; |
| final hostname = this.hostname; |
| final serverCertificates = this.serverCertificates; |
| final serviceDirectoryService = this.serviceDirectoryService; |
| return { |
| 'endpointFilter': ?endpointFilter, |
| 'hostname': ?hostname, |
| 'serverCertificates': ?serverCertificates, |
| 'serviceDirectoryService': ?serviceDirectoryService, |
| }; |
| } |
| } |
| |
| /// Request message for `SetIamPolicy` method. |
| class SetIamPolicyRequest { |
| /// REQUIRED: The complete policy to be applied to the `resource`. |
| /// |
| /// The size of the policy is limited to a few 10s of KB. An empty policy is a |
| /// valid policy but certain Google Cloud services (such as Projects) might |
| /// reject them. |
| Policy? policy; |
| |
| /// OPTIONAL: A FieldMask specifying which fields of the policy to modify. |
| /// |
| /// Only the fields in the mask will be modified. If no mask is provided, the |
| /// following default mask is used: `paths: "bindings, etag"` |
| core.String? updateMask; |
| |
| SetIamPolicyRequest({this.policy, this.updateMask}); |
| |
| SetIamPolicyRequest.fromJson(core.Map json_) |
| : this( |
| policy: json_.containsKey('policy') |
| ? Policy.fromJson( |
| json_['policy'] as core.Map<core.String, core.dynamic>, |
| ) |
| : null, |
| updateMask: json_['updateMask'] as core.String?, |
| ); |
| |
| core.Map<core.String, core.dynamic> toJson() { |
| final policy = this.policy; |
| final updateMask = this.updateMask; |
| return {'policy': ?policy, 'updateMask': ?updateMask}; |
| } |
| } |
| |
| /// Response message for ShowEffectiveAutokeyConfig. |
| class ShowEffectiveAutokeyConfigResponse { |
| /// Name of the key project configured in the resource project's folder |
| /// ancestry. |
| core.String? keyProject; |
| |
| ShowEffectiveAutokeyConfigResponse({this.keyProject}); |
| |
| ShowEffectiveAutokeyConfigResponse.fromJson(core.Map json_) |
| : this(keyProject: json_['keyProject'] as core.String?); |
| |
| core.Map<core.String, core.dynamic> toJson() { |
| final keyProject = this.keyProject; |
| return {'keyProject': ?keyProject}; |
| } |
| } |
| |
| /// Represents a response message for |
| /// KeyAccessJustificationsConfig.ShowEffectiveKeyAccessJustificationsEnrollmentConfig |
| class ShowEffectiveKeyAccessJustificationsEnrollmentConfigResponse { |
| /// Contains the effective KeyAccessJustificationsEnrollmentConfig for |
| /// external keys. |
| KeyAccessJustificationsEnrollmentConfig? externalConfig; |
| |
| /// Contains the effective KeyAccessJustificationsEnrollmentConfig for |
| /// hardware keys. |
| KeyAccessJustificationsEnrollmentConfig? hardwareConfig; |
| |
| /// Contains the effective KeyAccessJustificationsEnrollmentConfig for |
| /// software keys. |
| KeyAccessJustificationsEnrollmentConfig? softwareConfig; |
| |
| ShowEffectiveKeyAccessJustificationsEnrollmentConfigResponse({ |
| this.externalConfig, |
| this.hardwareConfig, |
| this.softwareConfig, |
| }); |
| |
| ShowEffectiveKeyAccessJustificationsEnrollmentConfigResponse.fromJson( |
| core.Map json_, |
| ) : this( |
| externalConfig: json_.containsKey('externalConfig') |
| ? KeyAccessJustificationsEnrollmentConfig.fromJson( |
| json_['externalConfig'] as core.Map<core.String, core.dynamic>, |
| ) |
| : null, |
| hardwareConfig: json_.containsKey('hardwareConfig') |
| ? KeyAccessJustificationsEnrollmentConfig.fromJson( |
| json_['hardwareConfig'] as core.Map<core.String, core.dynamic>, |
| ) |
| : null, |
| softwareConfig: json_.containsKey('softwareConfig') |
| ? KeyAccessJustificationsEnrollmentConfig.fromJson( |
| json_['softwareConfig'] as core.Map<core.String, core.dynamic>, |
| ) |
| : null, |
| ); |
| |
| core.Map<core.String, core.dynamic> toJson() { |
| final externalConfig = this.externalConfig; |
| final hardwareConfig = this.hardwareConfig; |
| final softwareConfig = this.softwareConfig; |
| return { |
| 'externalConfig': ?externalConfig, |
| 'hardwareConfig': ?hardwareConfig, |
| 'softwareConfig': ?softwareConfig, |
| }; |
| } |
| } |
| |
| /// Represents a response message for |
| /// KeyAccessJustificationsConfig.ShowEffectiveKeyAccessJustificationsPolicyConfig. |
| class ShowEffectiveKeyAccessJustificationsPolicyConfigResponse { |
| /// Contains the effective KeyAccessJustificationsPolicyConfig. |
| KeyAccessJustificationsPolicyConfig? effectiveKajPolicy; |
| |
| ShowEffectiveKeyAccessJustificationsPolicyConfigResponse({ |
| this.effectiveKajPolicy, |
| }); |
| |
| ShowEffectiveKeyAccessJustificationsPolicyConfigResponse.fromJson( |
| core.Map json_, |
| ) : this( |
| effectiveKajPolicy: json_.containsKey('effectiveKajPolicy') |
| ? KeyAccessJustificationsPolicyConfig.fromJson( |
| json_['effectiveKajPolicy'] |
| as core.Map<core.String, core.dynamic>, |
| ) |
| : null, |
| ); |
| |
| core.Map<core.String, core.dynamic> toJson() { |
| final effectiveKajPolicy = this.effectiveKajPolicy; |
| return {'effectiveKajPolicy': ?effectiveKajPolicy}; |
| } |
| } |
| |
| /// A SingleTenantHsmInstance represents a single-tenant HSM instance. |
| /// |
| /// It can be used for creating CryptoKeys with a ProtectionLevel of |
| /// HSM_SINGLE_TENANT, as well as performing cryptographic operations using keys |
| /// created within the SingleTenantHsmInstance. |
| class SingleTenantHsmInstance { |
| /// The time at which the SingleTenantHsmInstance was created. |
| /// |
| /// Output only. |
| core.String? createTime; |
| |
| /// The time at which the SingleTenantHsmInstance was deleted. |
| /// |
| /// Output only. |
| core.String? deleteTime; |
| |
| /// The time at which the instance will be automatically disabled if not |
| /// refreshed. |
| /// |
| /// This field is updated upon creation and after each successful refresh |
| /// operation and enable. A RefreshSingleTenantHsmInstance operation must be |
| /// made via a SingleTenantHsmInstanceProposal before this time otherwise the |
| /// SingleTenantHsmInstance will become disabled. |
| /// |
| /// Output only. |
| core.String? disableTime; |
| |
| /// Indicates whether key portability is enabled for the |
| /// SingleTenantHsmInstance. |
| /// |
| /// This can only be set at creation time. Key portability features are |
| /// disabled by default and not yet available in GA. |
| /// |
| /// Optional. Immutable. |
| core.bool? keyPortabilityEnabled; |
| |
| /// Identifier. |
| /// |
| /// The resource name for this SingleTenantHsmInstance in the format `projects |
| /// / * /locations / * /singleTenantHsmInstances / * `. |
| core.String? name; |
| |
| /// The quorum auth configuration for the SingleTenantHsmInstance. |
| /// |
| /// Required. |
| QuorumAuth? quorumAuth; |
| |
| /// The state of the SingleTenantHsmInstance. |
| /// |
| /// Output only. |
| /// Possible string values are: |
| /// - "STATE_UNSPECIFIED" : Not specified. |
| /// - "CREATING" : The SingleTenantHsmInstance is being created. |
| /// - "PENDING_TWO_FACTOR_AUTH_REGISTRATION" : The SingleTenantHsmInstance is |
| /// waiting for 2FA keys to be registered. This can be done by calling |
| /// CreateSingleTenantHsmInstanceProposal with the RegisterTwoFactorAuthKeys |
| /// operation. |
| /// - "ACTIVE" : The SingleTenantHsmInstance is ready to use. A |
| /// SingleTenantHsmInstance must be in the ACTIVE state for all CryptoKeys |
| /// created within the SingleTenantHsmInstance to be usable. |
| /// - "DISABLING" : The SingleTenantHsmInstance is being disabled. |
| /// - "DISABLED" : The SingleTenantHsmInstance is disabled. |
| /// - "DELETING" : The SingleTenantHsmInstance is being deleted. Requests to |
| /// the instance will be rejected in this state. |
| /// - "DELETED" : The SingleTenantHsmInstance has been deleted. |
| /// - "FAILED" : The SingleTenantHsmInstance has failed and can not be |
| /// recovered or used. |
| core.String? state; |
| |
| /// The system-defined duration that an instance can remain unrefreshed until |
| /// it is automatically disabled. |
| /// |
| /// This will have a value of 120 days. |
| /// |
| /// Output only. |
| core.String? unrefreshedDurationUntilDisable; |
| |
| SingleTenantHsmInstance({ |
| this.createTime, |
| this.deleteTime, |
| this.disableTime, |
| this.keyPortabilityEnabled, |
| this.name, |
| this.quorumAuth, |
| this.state, |
| this.unrefreshedDurationUntilDisable, |
| }); |
| |
| SingleTenantHsmInstance.fromJson(core.Map json_) |
| : this( |
| createTime: json_['createTime'] as core.String?, |
| deleteTime: json_['deleteTime'] as core.String?, |
| disableTime: json_['disableTime'] as core.String?, |
| keyPortabilityEnabled: json_['keyPortabilityEnabled'] as core.bool?, |
| name: json_['name'] as core.String?, |
| quorumAuth: json_.containsKey('quorumAuth') |
| ? QuorumAuth.fromJson( |
| json_['quorumAuth'] as core.Map<core.String, core.dynamic>, |
| ) |
| : null, |
| state: json_['state'] as core.String?, |
| unrefreshedDurationUntilDisable: |
| json_['unrefreshedDurationUntilDisable'] as core.String?, |
| ); |
| |
| core.Map<core.String, core.dynamic> toJson() { |
| final createTime = this.createTime; |
| final deleteTime = this.deleteTime; |
| final disableTime = this.disableTime; |
| final keyPortabilityEnabled = this.keyPortabilityEnabled; |
| final name = this.name; |
| final quorumAuth = this.quorumAuth; |
| final state = this.state; |
| final unrefreshedDurationUntilDisable = |
| this.unrefreshedDurationUntilDisable; |
| return { |
| 'createTime': ?createTime, |
| 'deleteTime': ?deleteTime, |
| 'disableTime': ?disableTime, |
| 'keyPortabilityEnabled': ?keyPortabilityEnabled, |
| 'name': ?name, |
| 'quorumAuth': ?quorumAuth, |
| 'state': ?state, |
| 'unrefreshedDurationUntilDisable': ?unrefreshedDurationUntilDisable, |
| }; |
| } |
| } |
| |
| /// A SingleTenantHsmInstanceProposal represents a proposal to perform an |
| /// operation on a SingleTenantHsmInstance. |
| class SingleTenantHsmInstanceProposal { |
| /// Add a quorum member to the SingleTenantHsmInstance. |
| /// |
| /// This will increase the total_approver_count by 1. The |
| /// SingleTenantHsmInstance must be in the ACTIVE state to perform this |
| /// operation. |
| AddQuorumMember? addQuorumMember; |
| |
| /// The time at which the SingleTenantHsmInstanceProposal was created. |
| /// |
| /// Output only. |
| core.String? createTime; |
| |
| /// Delete the SingleTenantHsmInstance. |
| /// |
| /// Deleting a SingleTenantHsmInstance will make all CryptoKeys attached to |
| /// the SingleTenantHsmInstance unusable. The SingleTenantHsmInstance must be |
| /// in the DISABLED or PENDING_TWO_FACTOR_AUTH_REGISTRATION state to perform |
| /// this operation. |
| DeleteSingleTenantHsmInstance? deleteSingleTenantHsmInstance; |
| |
| /// The time at which the SingleTenantHsmInstanceProposal was deleted. |
| /// |
| /// Output only. |
| core.String? deleteTime; |
| |
| /// Disable the SingleTenantHsmInstance. |
| /// |
| /// The SingleTenantHsmInstance must be in the ACTIVE state to perform this |
| /// operation. |
| DisableSingleTenantHsmInstance? disableSingleTenantHsmInstance; |
| |
| /// Enable the SingleTenantHsmInstance. |
| /// |
| /// The SingleTenantHsmInstance must be in the DISABLED state to perform this |
| /// operation. |
| EnableSingleTenantHsmInstance? enableSingleTenantHsmInstance; |
| |
| /// The time at which the SingleTenantHsmInstanceProposal will expire if not |
| /// approved and executed. |
| core.String? expireTime; |
| |
| /// The root cause of the most recent failure. |
| /// |
| /// Only present if state is FAILED. |
| /// |
| /// Output only. |
| core.String? failureReason; |
| |
| /// Identifier. |
| /// |
| /// The resource name for this SingleTenantHsmInstance in the format `projects |
| /// / * /locations / * /singleTenantHsmInstances / * /proposals / * `. |
| core.String? name; |
| |
| /// The time at which the soft-deleted SingleTenantHsmInstanceProposal will be |
| /// permanently purged. |
| /// |
| /// This field is only populated when the state is DELETED and will be set a |
| /// time after expiration of the proposal, i.e. \>= expire_time or |
| /// (create_time + ttl). |
| /// |
| /// Output only. |
| core.String? purgeTime; |
| |
| /// The quorum approval parameters for the SingleTenantHsmInstanceProposal. |
| /// |
| /// Output only. |
| QuorumParameters? quorumParameters; |
| |
| /// Refreshes the SingleTenantHsmInstance. |
| /// |
| /// This operation must be performed periodically to keep the |
| /// SingleTenantHsmInstance active. This operation must be performed before |
| /// unrefreshed_duration_until_disable has passed. The SingleTenantHsmInstance |
| /// must be in the ACTIVE state to perform this operation. |
| RefreshSingleTenantHsmInstance? refreshSingleTenantHsmInstance; |
| |
| /// Register 2FA keys for the SingleTenantHsmInstance. |
| /// |
| /// This operation requires all N Challenges to be signed by 2FA keys. The |
| /// SingleTenantHsmInstance must be in the |
| /// PENDING_TWO_FACTOR_AUTH_REGISTRATION state to perform this operation. |
| RegisterTwoFactorAuthKeys? registerTwoFactorAuthKeys; |
| |
| /// Remove a quorum member from the SingleTenantHsmInstance. |
| /// |
| /// This will reduce total_approver_count by 1. The SingleTenantHsmInstance |
| /// must be in the ACTIVE state to perform this operation. |
| RemoveQuorumMember? removeQuorumMember; |
| |
| /// Parameters for an approval of a SingleTenantHsmInstanceProposal that has |
| /// both required challenges and a quorum. |
| /// |
| /// Output only. |
| RequiredActionQuorumParameters? requiredActionQuorumParameters; |
| |
| /// The state of the SingleTenantHsmInstanceProposal. |
| /// |
| /// Output only. |
| /// Possible string values are: |
| /// - "STATE_UNSPECIFIED" : Not specified. |
| /// - "CREATING" : The SingleTenantHsmInstanceProposal is being created. |
| /// - "PENDING" : The SingleTenantHsmInstanceProposal is pending approval. |
| /// - "APPROVED" : The SingleTenantHsmInstanceProposal has been approved. |
| /// - "RUNNING" : The SingleTenantHsmInstanceProposal is being executed. |
| /// - "SUCCEEDED" : The SingleTenantHsmInstanceProposal has been executed |
| /// successfully. |
| /// - "FAILED" : The SingleTenantHsmInstanceProposal has failed. |
| /// - "DELETED" : The SingleTenantHsmInstanceProposal has been deleted and |
| /// will be purged after the purge_time. |
| core.String? state; |
| |
| /// Input only. |
| /// |
| /// The TTL for the SingleTenantHsmInstanceProposal. Proposals will expire |
| /// after this duration. |
| core.String? ttl; |
| |
| SingleTenantHsmInstanceProposal({ |
| this.addQuorumMember, |
| this.createTime, |
| this.deleteSingleTenantHsmInstance, |
| this.deleteTime, |
| this.disableSingleTenantHsmInstance, |
| this.enableSingleTenantHsmInstance, |
| this.expireTime, |
| this.failureReason, |
| this.name, |
| this.purgeTime, |
| this.quorumParameters, |
| this.refreshSingleTenantHsmInstance, |
| this.registerTwoFactorAuthKeys, |
| this.removeQuorumMember, |
| this.requiredActionQuorumParameters, |
| this.state, |
| this.ttl, |
| }); |
| |
| SingleTenantHsmInstanceProposal.fromJson(core.Map json_) |
| : this( |
| addQuorumMember: json_.containsKey('addQuorumMember') |
| ? AddQuorumMember.fromJson( |
| json_['addQuorumMember'] as core.Map<core.String, core.dynamic>, |
| ) |
| : null, |
| createTime: json_['createTime'] as core.String?, |
| deleteSingleTenantHsmInstance: |
| json_.containsKey('deleteSingleTenantHsmInstance') |
| ? DeleteSingleTenantHsmInstance.fromJson( |
| json_['deleteSingleTenantHsmInstance'] |
| as core.Map<core.String, core.dynamic>, |
| ) |
| : null, |
| deleteTime: json_['deleteTime'] as core.String?, |
| disableSingleTenantHsmInstance: |
| json_.containsKey('disableSingleTenantHsmInstance') |
| ? DisableSingleTenantHsmInstance.fromJson( |
| json_['disableSingleTenantHsmInstance'] |
| as core.Map<core.String, core.dynamic>, |
| ) |
| : null, |
| enableSingleTenantHsmInstance: |
| json_.containsKey('enableSingleTenantHsmInstance') |
| ? EnableSingleTenantHsmInstance.fromJson( |
| json_['enableSingleTenantHsmInstance'] |
| as core.Map<core.String, core.dynamic>, |
| ) |
| : null, |
| expireTime: json_['expireTime'] as core.String?, |
| failureReason: json_['failureReason'] as core.String?, |
| name: json_['name'] as core.String?, |
| purgeTime: json_['purgeTime'] as core.String?, |
| quorumParameters: json_.containsKey('quorumParameters') |
| ? QuorumParameters.fromJson( |
| json_['quorumParameters'] |
| as core.Map<core.String, core.dynamic>, |
| ) |
| : null, |
| refreshSingleTenantHsmInstance: |
| json_.containsKey('refreshSingleTenantHsmInstance') |
| ? RefreshSingleTenantHsmInstance.fromJson( |
| json_['refreshSingleTenantHsmInstance'] |
| as core.Map<core.String, core.dynamic>, |
| ) |
| : null, |
| registerTwoFactorAuthKeys: |
| json_.containsKey('registerTwoFactorAuthKeys') |
| ? RegisterTwoFactorAuthKeys.fromJson( |
| json_['registerTwoFactorAuthKeys'] |
| as core.Map<core.String, core.dynamic>, |
| ) |
| : null, |
| removeQuorumMember: json_.containsKey('removeQuorumMember') |
| ? RemoveQuorumMember.fromJson( |
| json_['removeQuorumMember'] |
| as core.Map<core.String, core.dynamic>, |
| ) |
| : null, |
| requiredActionQuorumParameters: |
| json_.containsKey('requiredActionQuorumParameters') |
| ? RequiredActionQuorumParameters.fromJson( |
| json_['requiredActionQuorumParameters'] |
| as core.Map<core.String, core.dynamic>, |
| ) |
| : null, |
| state: json_['state'] as core.String?, |
| ttl: json_['ttl'] as core.String?, |
| ); |
| |
| core.Map<core.String, core.dynamic> toJson() { |
| final addQuorumMember = this.addQuorumMember; |
| final createTime = this.createTime; |
| final deleteSingleTenantHsmInstance = this.deleteSingleTenantHsmInstance; |
| final deleteTime = this.deleteTime; |
| final disableSingleTenantHsmInstance = this.disableSingleTenantHsmInstance; |
| final enableSingleTenantHsmInstance = this.enableSingleTenantHsmInstance; |
| final expireTime = this.expireTime; |
| final failureReason = this.failureReason; |
| final name = this.name; |
| final purgeTime = this.purgeTime; |
| final quorumParameters = this.quorumParameters; |
| final refreshSingleTenantHsmInstance = this.refreshSingleTenantHsmInstance; |
| final registerTwoFactorAuthKeys = this.registerTwoFactorAuthKeys; |
| final removeQuorumMember = this.removeQuorumMember; |
| final requiredActionQuorumParameters = this.requiredActionQuorumParameters; |
| final state = this.state; |
| final ttl = this.ttl; |
| return { |
| 'addQuorumMember': ?addQuorumMember, |
| 'createTime': ?createTime, |
| 'deleteSingleTenantHsmInstance': ?deleteSingleTenantHsmInstance, |
| 'deleteTime': ?deleteTime, |
| 'disableSingleTenantHsmInstance': ?disableSingleTenantHsmInstance, |
| 'enableSingleTenantHsmInstance': ?enableSingleTenantHsmInstance, |
| 'expireTime': ?expireTime, |
| 'failureReason': ?failureReason, |
| 'name': ?name, |
| 'purgeTime': ?purgeTime, |
| 'quorumParameters': ?quorumParameters, |
| 'refreshSingleTenantHsmInstance': ?refreshSingleTenantHsmInstance, |
| 'registerTwoFactorAuthKeys': ?registerTwoFactorAuthKeys, |
| 'removeQuorumMember': ?removeQuorumMember, |
| 'requiredActionQuorumParameters': ?requiredActionQuorumParameters, |
| 'state': ?state, |
| 'ttl': ?ttl, |
| }; |
| } |
| } |
| |
| /// The `Status` type defines a logical error model that is suitable for |
| /// different programming environments, including REST APIs and RPC APIs. |
| /// |
| /// It is used by [gRPC](https://github.com/grpc). Each `Status` message |
| /// contains three pieces of data: error code, error message, and error details. |
| /// You can find out more about this error model and how to work with it in the |
| /// [API Design Guide](https://cloud.google.com/apis/design/errors). |
| typedef Status = $Status00; |
| |
| /// Request message for `TestIamPermissions` method. |
| typedef TestIamPermissionsRequest = $TestIamPermissionsRequest00; |
| |
| /// Response message for `TestIamPermissions` method. |
| typedef TestIamPermissionsResponse = $PermissionsResponse; |
| |
| /// Request message for KeyManagementService.UpdateCryptoKeyPrimaryVersion. |
| class UpdateCryptoKeyPrimaryVersionRequest { |
| /// The id of the child CryptoKeyVersion to use as primary. |
| /// |
| /// Required. |
| core.String? cryptoKeyVersionId; |
| |
| UpdateCryptoKeyPrimaryVersionRequest({this.cryptoKeyVersionId}); |
| |
| UpdateCryptoKeyPrimaryVersionRequest.fromJson(core.Map json_) |
| : this(cryptoKeyVersionId: json_['cryptoKeyVersionId'] as core.String?); |
| |
| core.Map<core.String, core.dynamic> toJson() { |
| final cryptoKeyVersionId = this.cryptoKeyVersionId; |
| return {'cryptoKeyVersionId': ?cryptoKeyVersionId}; |
| } |
| } |
| |
| /// Response message for EkmService.VerifyConnectivity. |
| typedef VerifyConnectivityResponse = $Empty; |
| |
| /// The public key component of the wrapping key. |
| /// |
| /// For details of the type of key this public key corresponds to, see the |
| /// ImportMethod. |
| class WrappingPublicKey { |
| /// The public key, encoded in PEM format. |
| /// |
| /// For more information, see the |
| /// [RFC 7468](https://tools.ietf.org/html/rfc7468) sections for |
| /// [General Considerations](https://tools.ietf.org/html/rfc7468#section-2) |
| /// and |
| /// [Textual Encoding of Subject Public Key Info](https://tools.ietf.org/html/rfc7468#section-13). |
| core.String? pem; |
| |
| WrappingPublicKey({this.pem}); |
| |
| WrappingPublicKey.fromJson(core.Map json_) |
| : this(pem: json_['pem'] as core.String?); |
| |
| core.Map<core.String, core.dynamic> toJson() { |
| final pem = this.pem; |
| return {'pem': ?pem}; |
| } |
| } |