OMGeeky/google-apis-rs
1
0
Fork 0
mirror of https://github.com/OMGeeky/google-apis-rs.git synced 2026-02-23 15:49:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

update dependencies

Browse Source
This commit is contained in:
Sebastian Thiel
2023-01-25 11:39:00 +01:00
parent 37ccd2238d
commit 3edefb7f01
357 changed files with 128026 additions and 16259 deletions
Download Patch File Download Diff File Expand all files Collapse all files

189
etc/api/cloudkms/v1/cloudkms-api.json
View File

@@ -177,7 +177,7 @@
],
"parameters": {
"filter": {
"description": "A filter to narrow down results to a preferred subset. The filtering language accepts strings like \"displayName=tokyo\", and is documented in more detail in [AIP-160](https://google.aip.dev/160).",
"description": "A filter to narrow down results to a preferred subset. The filtering language accepts strings like `\"displayName=tokyo\"`, and is documented in more detail in [AIP-160](https://google.aip.dev/160).",
"location": "query",
"type": "string"
},
@@ -211,6 +211,100 @@
}
},
"resources": {
"ekmConfig": {
"methods": {
"getIamPolicy": {
"description": "Gets the access control policy for a resource. Returns an empty policy if the resource exists and does not have a policy set.",
"flatPath": "v1/projects/{projectsId}/locations/{locationsId}/ekmConfig:getIamPolicy",
"httpMethod": "GET",
"id": "cloudkms.projects.locations.ekmConfig.getIamPolicy",
"parameterOrder": [
"resource"
],
"parameters": {
"options.requestedPolicyVersion": {
"description": "Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
"format": "int32",
"location": "query",
"type": "integer"
},
"resource": {
"description": "REQUIRED: The resource for which the policy is being requested. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field.",
"location": "path",
"pattern": "^projects/[^/]+/locations/[^/]+/ekmConfig$",
"required": true,
"type": "string"
}
},
"path": "v1/{+resource}:getIamPolicy",
"response": {
"$ref": "Policy"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform",
"https://www.googleapis.com/auth/cloudkms"
]
},
"setIamPolicy": {
"description": "Sets the access control policy on the specified resource. Replaces any existing policy. Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED` errors.",
"flatPath": "v1/projects/{projectsId}/locations/{locationsId}/ekmConfig:setIamPolicy",
"httpMethod": "POST",
"id": "cloudkms.projects.locations.ekmConfig.setIamPolicy",
"parameterOrder": [
"resource"
],
"parameters": {
"resource": {
"description": "REQUIRED: The resource for which the policy is being specified. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field.",
"location": "path",
"pattern": "^projects/[^/]+/locations/[^/]+/ekmConfig$",
"required": true,
"type": "string"
}
},
"path": "v1/{+resource}:setIamPolicy",
"request": {
"$ref": "SetIamPolicyRequest"
},
"response": {
"$ref": "Policy"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform",
"https://www.googleapis.com/auth/cloudkms"
]
},
"testIamPermissions": {
"description": "Returns permissions that a caller has on the specified resource. If the resource does not exist, this will return an empty set of permissions, not a `NOT_FOUND` error. Note: This operation is designed to be used for building permission-aware UIs and command-line tools, not for authorization checking. This operation may \"fail open\" without warning.",
"flatPath": "v1/projects/{projectsId}/locations/{locationsId}/ekmConfig:testIamPermissions",
"httpMethod": "POST",
"id": "cloudkms.projects.locations.ekmConfig.testIamPermissions",
"parameterOrder": [
"resource"
],
"parameters": {
"resource": {
"description": "REQUIRED: The resource for which the policy detail is being requested. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field.",
"location": "path",
"pattern": "^projects/[^/]+/locations/[^/]+/ekmConfig$",
"required": true,
"type": "string"
}
},
"path": "v1/{+resource}:testIamPermissions",
"request": {
"$ref": "TestIamPermissionsRequest"
},
"response": {
"$ref": "TestIamPermissionsResponse"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform",
"https://www.googleapis.com/auth/cloudkms"
]
}
}
},
"ekmConnections": {
"methods": {
"create": {
@@ -289,7 +383,7 @@
"type": "integer"
},
"resource": {
"description": "REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field.",
"description": "REQUIRED: The resource for which the policy is being requested. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field.",
"location": "path",
"pattern": "^projects/[^/]+/locations/[^/]+/ekmConnections/[^/]+$",
"required": true,
@@ -397,7 +491,7 @@
],
"parameters": {
"resource": {
"description": "REQUIRED: The resource for which the policy is being specified. See the operation documentation for the appropriate value for this field.",
"description": "REQUIRED: The resource for which the policy is being specified. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field.",
"location": "path",
"pattern": "^projects/[^/]+/locations/[^/]+/ekmConnections/[^/]+$",
"required": true,
@@ -426,7 +520,7 @@
],
"parameters": {
"resource": {
"description": "REQUIRED: The resource for which the policy detail is being requested. See the operation documentation for the appropriate value for this field.",
"description": "REQUIRED: The resource for which the policy detail is being requested. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field.",
"location": "path",
"pattern": "^projects/[^/]+/locations/[^/]+/ekmConnections/[^/]+$",
"required": true,
@@ -525,7 +619,7 @@
"type": "integer"
},
"resource": {
"description": "REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field.",
"description": "REQUIRED: The resource for which the policy is being requested. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field.",
"location": "path",
"pattern": "^projects/[^/]+/locations/[^/]+/keyRings/[^/]+$",
"required": true,
@@ -598,7 +692,7 @@
],
"parameters": {
"resource": {
"description": "REQUIRED: The resource for which the policy is being specified. See the operation documentation for the appropriate value for this field.",
"description": "REQUIRED: The resource for which the policy is being specified. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field.",
"location": "path",
"pattern": "^projects/[^/]+/locations/[^/]+/keyRings/[^/]+$",
"required": true,
@@ -627,7 +721,7 @@
],
"parameters": {
"resource": {
"description": "REQUIRED: The resource for which the policy detail is being requested. See the operation documentation for the appropriate value for this field.",
"description": "REQUIRED: The resource for which the policy detail is being requested. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field.",
"location": "path",
"pattern": "^projects/[^/]+/locations/[^/]+/keyRings/[^/]+$",
"required": true,
@@ -789,7 +883,7 @@
"type": "integer"
},
"resource": {
"description": "REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field.",
"description": "REQUIRED: The resource for which the policy is being requested. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field.",
"location": "path",
"pattern": "^projects/[^/]+/locations/[^/]+/keyRings/[^/]+/cryptoKeys/[^/]+$",
"required": true,
@@ -910,7 +1004,7 @@
],
"parameters": {
"resource": {
"description": "REQUIRED: The resource for which the policy is being specified. See the operation documentation for the appropriate value for this field.",
"description": "REQUIRED: The resource for which the policy is being specified. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field.",
"location": "path",
"pattern": "^projects/[^/]+/locations/[^/]+/keyRings/[^/]+/cryptoKeys/[^/]+$",
"required": true,
@@ -939,7 +1033,7 @@
],
"parameters": {
"resource": {
"description": "REQUIRED: The resource for which the policy detail is being requested. See the operation documentation for the appropriate value for this field.",
"description": "REQUIRED: The resource for which the policy detail is being requested. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field.",
"location": "path",
"pattern": "^projects/[^/]+/locations/[^/]+/keyRings/[^/]+/cryptoKeys/[^/]+$",
"required": true,
@@ -1452,7 +1546,7 @@
"type": "integer"
},
"resource": {
"description": "REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field.",
"description": "REQUIRED: The resource for which the policy is being requested. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field.",
"location": "path",
"pattern": "^projects/[^/]+/locations/[^/]+/keyRings/[^/]+/importJobs/[^/]+$",
"required": true,
@@ -1525,7 +1619,7 @@
],
"parameters": {
"resource": {
"description": "REQUIRED: The resource for which the policy is being specified. See the operation documentation for the appropriate value for this field.",
"description": "REQUIRED: The resource for which the policy is being specified. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field.",
"location": "path",
"pattern": "^projects/[^/]+/locations/[^/]+/keyRings/[^/]+/importJobs/[^/]+$",
"required": true,
@@ -1554,7 +1648,7 @@
],
"parameters": {
"resource": {
"description": "REQUIRED: The resource for which the policy detail is being requested. See the operation documentation for the appropriate value for this field.",
"description": "REQUIRED: The resource for which the policy detail is being requested. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field.",
"location": "path",
"pattern": "^projects/[^/]+/locations/[^/]+/keyRings/[^/]+/importJobs/[^/]+$",
"required": true,
@@ -1582,7 +1676,7 @@
}
}
},
"revision": "20220225",
"revision": "20230106",
"rootUrl": "https://cloudkms.googleapis.com/",
"schemas": {
"AsymmetricDecryptRequest": {
@@ -1715,7 +1809,7 @@
"type": "object"
},
"AuditConfig": {
"description": "Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { \"audit_configs\": [ { \"service\": \"allServices\", \"audit_log_configs\": [ { \"log_type\": \"DATA_READ\", \"exempted_members\": [ \"user:jose@example.com\" ] }, { \"log_type\": \"DATA_WRITE\" }, { \"log_type\": \"ADMIN_READ\" } ] }, { \"service\": \"sampleservice.googleapis.com\", \"audit_log_configs\": [ { \"log_type\": \"DATA_READ\" }, { \"log_type\": \"DATA_WRITE\", \"exempted_members\": [ \"user:aliya@example.com\" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts jose@example.com from DATA_READ logging, and aliya@example.com from DATA_WRITE logging.",
"description": "Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { \"audit_configs\": [ { \"service\": \"allServices\", \"audit_log_configs\": [ { \"log_type\": \"DATA_READ\", \"exempted_members\": [ \"user:jose@example.com\" ] }, { \"log_type\": \"DATA_WRITE\" }, { \"log_type\": \"ADMIN_READ\" } ] }, { \"service\": \"sampleservice.googleapis.com\", \"audit_log_configs\": [ { \"log_type\": \"DATA_READ\" }, { \"log_type\": \"DATA_WRITE\", \"exempted_members\": [ \"user:aliya@example.com\" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts `jose@example.com` from DATA_READ logging, and `aliya@example.com` from DATA_WRITE logging.",
"id": "AuditConfig",
"properties": {
"auditLogConfigs": {
@@ -1771,7 +1865,7 @@
"description": "The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies)."
},
"members": {
"description": "Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. ",
"description": "Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. ",
"items": {
"type": "string"
},
@@ -1975,6 +2069,10 @@
"EC_SIGN_P384_SHA384",
"EC_SIGN_SECP256K1_SHA256",
"HMAC_SHA256",
"HMAC_SHA1",
"HMAC_SHA384",
"HMAC_SHA512",
"HMAC_SHA224",
"EXTERNAL_SYMMETRIC_ENCRYPTION"
],
"enumDescriptions": [
@@ -2002,6 +2100,10 @@
"ECDSA on the NIST P-384 curve with a SHA384 digest.",
"ECDSA on the non-NIST secp256k1 curve. This curve is only supported for HSM protection level.",
"HMAC-SHA256 signing with a 256 bit key.",
"HMAC-SHA1 signing with a 160 bit key.",
"HMAC-SHA384 signing with a 384 bit key.",
"HMAC-SHA512 signing with a 512 bit key.",
"HMAC-SHA224 signing with a 224 bit key.",
"Algorithm representing symmetric encryption by an external key manager."
],
"readOnly": true,
@@ -2143,6 +2245,10 @@
"EC_SIGN_P384_SHA384",
"EC_SIGN_SECP256K1_SHA256",
"HMAC_SHA256",
"HMAC_SHA1",
"HMAC_SHA384",
"HMAC_SHA512",
"HMAC_SHA224",
"EXTERNAL_SYMMETRIC_ENCRYPTION"
],
"enumDescriptions": [
@@ -2170,6 +2276,10 @@
"ECDSA on the NIST P-384 curve with a SHA384 digest.",
"ECDSA on the non-NIST secp256k1 curve. This curve is only supported for HSM protection level.",
"HMAC-SHA256 signing with a 256 bit key.",
"HMAC-SHA1 signing with a 160 bit key.",
"HMAC-SHA384 signing with a 384 bit key.",
"HMAC-SHA512 signing with a 512 bit key.",
"HMAC-SHA224 signing with a 224 bit key.",
"Algorithm representing symmetric encryption by an external key manager."
],
"type": "string"
@@ -2300,7 +2410,7 @@
"type": "string"
},
"etag": {
"description": "This checksum is computed by the server based on the value of other fields, and may be sent on update requests to ensure the client has an up-to-date value before proceeding.",
"description": "Optional. Etag of the currently stored EkmConnection.",
"type": "string"
},
"name": {
@@ -2323,7 +2433,7 @@
"id": "EncryptRequest",
"properties": {
"additionalAuthenticatedData": {
"description": "Optional. Optional data that, if specified, must also be provided during decryption through DecryptRequest.additional_authenticated_data. The maximum size depends on the key version's protection_level. For SOFTWARE keys, the AAD must be no larger than 64KiB. For HSM keys, the combined length of the plaintext and additional_authenticated_data fields must be no larger than 8KiB.",
"description": "Optional. Optional data that, if specified, must also be provided during decryption through DecryptRequest.additional_authenticated_data. The maximum size depends on the key version's protection_level. For SOFTWARE, EXTERNAL, and EXTERNAL_VPC keys the AAD must be no larger than 64KiB. For HSM keys, the combined length of the plaintext and additional_authenticated_data fields must be no larger than 8KiB.",
"format": "byte",
"type": "string"
},
@@ -2333,7 +2443,7 @@
"type": "string"
},
"plaintext": {
"description": "Required. The data to encrypt. Must be no larger than 64KiB. The maximum size depends on the key version's protection_level. For SOFTWARE keys, the plaintext must be no larger than 64KiB. For HSM keys, the combined length of the plaintext and additional_authenticated_data fields must be no larger than 8KiB.",
"description": "Required. The data to encrypt. Must be no larger than 64KiB. The maximum size depends on the key version's protection_level. For SOFTWARE, EXTERNAL, and EXTERNAL_VPC keys, the plaintext must be no larger than 64KiB. For HSM keys, the combined length of the plaintext and additional_authenticated_data fields must be no larger than 8KiB.",
"format": "byte",
"type": "string"
},
@@ -2508,6 +2618,10 @@
"EC_SIGN_P384_SHA384",
"EC_SIGN_SECP256K1_SHA256",
"HMAC_SHA256",
"HMAC_SHA1",
"HMAC_SHA384",
"HMAC_SHA512",
"HMAC_SHA224",
"EXTERNAL_SYMMETRIC_ENCRYPTION"
],
"enumDescriptions": [
@@ -2535,6 +2649,10 @@
"ECDSA on the NIST P-384 curve with a SHA384 digest.",
"ECDSA on the non-NIST secp256k1 curve. This curve is only supported for HSM protection level.",
"HMAC-SHA256 signing with a 256 bit key.",
"HMAC-SHA1 signing with a 160 bit key.",
"HMAC-SHA384 signing with a 384 bit key.",
"HMAC-SHA512 signing with a 512 bit key.",
"HMAC-SHA224 signing with a 224 bit key.",
"Algorithm representing symmetric encryption by an external key manager."
],
"type": "string"
@@ -2548,7 +2666,12 @@
"type": "string"
},
"rsaAesWrappedKey": {
"description": "Wrapped key material produced with RSA_OAEP_3072_SHA1_AES_256 or RSA_OAEP_4096_SHA1_AES_256. This field contains the concatenation of two wrapped keys: 1. An ephemeral AES-256 wrapping key wrapped with the public_key using RSAES-OAEP with SHA-1/SHA-256, MGF1 with SHA-1/SHA-256, and an empty label. 2. The key to be imported, wrapped with the ephemeral AES-256 key using AES-KWP (RFC 5649). If importing symmetric key material, it is expected that the unwrapped key contains plain bytes. If importing asymmetric key material, it is expected that the unwrapped key is in PKCS#8-encoded DER format (the PrivateKeyInfo structure from RFC 5208). This format is the same as the format produced by PKCS#11 mechanism CKM_RSA_AES_KEY_WRAP.",
"description": "Optional. This field has the same meaning as wrapped_key. Prefer to use that field in new work. Either that field or this field (but not both) must be specified.",
"format": "byte",
"type": "string"
},
"wrappedKey": {
"description": "Optional. The wrapped key material to import. Before wrapping, key material must be formatted. If importing symmetric key material, the expected key material format is plain bytes. If importing asymmetric key material, the expected key material format is PKCS#8-encoded DER (the PrivateKeyInfo structure from RFC 5208). When wrapping with import methods (RSA_OAEP_3072_SHA1_AES_256 or RSA_OAEP_4096_SHA1_AES_256 or RSA_OAEP_3072_SHA256_AES_256 or RSA_OAEP_4096_SHA256_AES_256), this field must contain the concatenation of: 1. An ephemeral AES-256 wrapping key wrapped with the public_key using RSAES-OAEP with SHA-1/SHA-256, MGF1 with SHA-1/SHA-256, and an empty label. 2. The formatted key to be imported, wrapped with the ephemeral AES-256 key using AES-KWP (RFC 5649). This format is the same as the format produced by PKCS#11 mechanism CKM_RSA_AES_KEY_WRAP. When wrapping with import methods (RSA_OAEP_3072_SHA256 or RSA_OAEP_4096_SHA256), this field must contain the formatted key to be imported, wrapped with the public_key using RSAES-OAEP with SHA-256, MGF1 with SHA-256, and an empty label.",
"format": "byte",
"type": "string"
}
@@ -2593,12 +2716,20 @@
"enum": [
"IMPORT_METHOD_UNSPECIFIED",
"RSA_OAEP_3072_SHA1_AES_256",
"RSA_OAEP_4096_SHA1_AES_256"
"RSA_OAEP_4096_SHA1_AES_256",
"RSA_OAEP_3072_SHA256_AES_256",
"RSA_OAEP_4096_SHA256_AES_256",
"RSA_OAEP_3072_SHA256",
"RSA_OAEP_4096_SHA256"
],
"enumDescriptions": [
"Not specified.",
"This ImportMethod represents the CKM_RSA_AES_KEY_WRAP key wrapping scheme defined in the PKCS #11 standard. In summary, this involves wrapping the raw key with an ephemeral AES key, and wrapping the ephemeral AES key with a 3072 bit RSA key. For more details, see [RSA AES key wrap mechanism](http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/cos01/pkcs11-curr-v2.40-cos01.html#_Toc408226908).",
"This ImportMethod represents the CKM_RSA_AES_KEY_WRAP key wrapping scheme defined in the PKCS #11 standard. In summary, this involves wrapping the raw key with an ephemeral AES key, and wrapping the ephemeral AES key with a 4096 bit RSA key. For more details, see [RSA AES key wrap mechanism](http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/cos01/pkcs11-curr-v2.40-cos01.html#_Toc408226908)."
"This ImportMethod represents the CKM_RSA_AES_KEY_WRAP key wrapping scheme defined in the PKCS #11 standard. In summary, this involves wrapping the raw key with an ephemeral AES key, and wrapping the ephemeral AES key with a 4096 bit RSA key. For more details, see [RSA AES key wrap mechanism](http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/cos01/pkcs11-curr-v2.40-cos01.html#_Toc408226908).",
"This ImportMethod represents the CKM_RSA_AES_KEY_WRAP key wrapping scheme defined in the PKCS #11 standard. In summary, this involves wrapping the raw key with an ephemeral AES key, and wrapping the ephemeral AES key with a 3072 bit RSA key. For more details, see [RSA AES key wrap mechanism](http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/cos01/pkcs11-curr-v2.40-cos01.html#_Toc408226908).",
"This ImportMethod represents the CKM_RSA_AES_KEY_WRAP key wrapping scheme defined in the PKCS #11 standard. In summary, this involves wrapping the raw key with an ephemeral AES key, and wrapping the ephemeral AES key with a 4096 bit RSA key. For more details, see [RSA AES key wrap mechanism](http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/cos01/pkcs11-curr-v2.40-cos01.html#_Toc408226908).",
"This ImportMethod represents RSAES-OAEP with a 3072 bit RSA key. The key material to be imported is wrapped directly with the RSA key. Due to technical limitations of RSA wrapping, this method cannot be used to wrap RSA keys for import.",
"This ImportMethod represents RSAES-OAEP with a 4096 bit RSA key. The key material to be imported is wrapped directly with the RSA key. Due to technical limitations of RSA wrapping, this method cannot be used to wrap RSA keys for import."
],
"type": "string"
},
@@ -2748,7 +2879,7 @@
"type": "object"
},
"ListEkmConnectionsResponse": {
"description": "Response message for KeyManagementService.ListEkmConnections.",
"description": "Response message for EkmService.ListEkmConnections.",
"id": "ListEkmConnectionsResponse",
"properties": {
"ekmConnections": {
@@ -3077,6 +3208,10 @@
"EC_SIGN_P384_SHA384",
"EC_SIGN_SECP256K1_SHA256",
"HMAC_SHA256",
"HMAC_SHA1",
"HMAC_SHA384",
"HMAC_SHA512",
"HMAC_SHA224",
"EXTERNAL_SYMMETRIC_ENCRYPTION"
],
"enumDescriptions": [
@@ -3104,6 +3239,10 @@
"ECDSA on the NIST P-384 curve with a SHA384 digest.",
"ECDSA on the non-NIST secp256k1 curve. This curve is only supported for HSM protection level.",
"HMAC-SHA256 signing with a 256 bit key.",
"HMAC-SHA1 signing with a 160 bit key.",
"HMAC-SHA384 signing with a 384 bit key.",
"HMAC-SHA512 signing with a 512 bit key.",
"HMAC-SHA224 signing with a 224 bit key.",
"Algorithm representing symmetric encryption by an external key manager."
],
"type": "string"
@@ -3180,7 +3319,7 @@
"properties": {
"policy": {
"$ref": "Policy",
"description": "REQUIRED: The complete policy to be applied to the `resource`. The size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Cloud Platform services (such as Projects) might reject them."
"description": "REQUIRED: The complete policy to be applied to the `resource`. The size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Google Cloud services (such as Projects) might reject them."
},
"updateMask": {
"description": "OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only the fields in the mask will be modified. If no mask is provided, the following default mask is used: `paths: \"bindings, etag\"`",
@@ -3195,7 +3334,7 @@
"id": "TestIamPermissionsRequest",
"properties": {
"permissions": {
"description": "The set of permissions to check for the `resource`. Permissions with wildcards (such as '*' or 'storage.*') are not allowed. For more information see [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions).",
"description": "The set of permissions to check for the `resource`. Permissions with wildcards (such as `*` or `storage.*`) are not allowed. For more information see [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions).",
"items": {
"type": "string"
},