OMGeeky/google-apis-rs
1
0
Fork 0
mirror of https://github.com/OMGeeky/google-apis-rs.git synced 2026-01-06 19:45:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

update all json files

Browse Source
This commit is contained in:
Sebastian Thiel
2020-04-12 18:55:37 +08:00
parent ea3b428364
commit aacc30f08d
260 changed files with 138411 additions and 26293 deletions
Download Patch File Download Diff File Expand all files Collapse all files

172
etc/api/cloudkms/v1/cloudkms-api.json
View File

@@ -25,6 +25,7 @@
},
"id": "cloudkms:v1",
"kind": "discovery#restDescription",
"mtlsRootUrl": "https://cloudkms.mtls.googleapis.com/",
"name": "cloudkms",
"ownerDomain": "google.com",
"ownerName": "Google",
@@ -227,7 +228,7 @@
],
"parameters": {
"name": {
"description": "The name of the KeyRing to get.",
"description": "Required. The name of the KeyRing to get.",
"location": "path",
"pattern": "^projects/[^/]+/locations/[^/]+/keyRings/[^/]+$",
"required": true,
@@ -253,7 +254,7 @@
],
"parameters": {
"options.requestedPolicyVersion": {
"description": "Optional. The policy format version to be returned.\nAcceptable values are 0 and 1.\nIf the value is 0, or the field is omitted, policy format version 1 will be\nreturned.",
"description": "Optional. The policy format version to be returned.\n\nValid values are 0, 1, and 3. Requests specifying an invalid value will be\nrejected.\n\nRequests for policies with any conditional bindings must specify version 3.\nPolicies without any conditional bindings may specify any valid value or\nleave the field unset.",
"format": "int32",
"location": "query",
"type": "integer"
@@ -285,23 +286,23 @@
],
"parameters": {
"filter": {
"description": "Optional. Only include resources that match the filter in the response\n(https://cloud.google.com/kms/docs/sorting-and-filtering).",
"description": "Optional. Only include resources that match the filter in the response. For\nmore information, see\n[Sorting and filtering list\nresults](https://cloud.google.com/kms/docs/sorting-and-filtering).",
"location": "query",
"type": "string"
},
"orderBy": {
"description": "Optional. Specify how the results should be sorted. If not specified, the\nresults will be sorted in the default order\n(https://cloud.google.com/kms/docs/sorting-and-filtering).",
"description": "Optional. Specify how the results should be sorted. If not specified, the\nresults will be sorted in the default order. For more information, see\n[Sorting and filtering list\nresults](https://cloud.google.com/kms/docs/sorting-and-filtering).",
"location": "query",
"type": "string"
},
"pageSize": {
"description": "Optional limit on the number of KeyRings to include in the\nresponse. Further KeyRings can subsequently be obtained by\nincluding the ListKeyRingsResponse.next_page_token in a subsequent\nrequest. If unspecified, the server will pick an appropriate default.",
"description": "Optional. Optional limit on the number of KeyRings to include in the\nresponse. Further KeyRings can subsequently be obtained by\nincluding the ListKeyRingsResponse.next_page_token in a subsequent\nrequest. If unspecified, the server will pick an appropriate default.",
"format": "int32",
"location": "query",
"type": "integer"
},
"pageToken": {
"description": "Optional pagination token, returned earlier via\nListKeyRingsResponse.next_page_token.",
"description": "Optional. Optional pagination token, returned earlier via\nListKeyRingsResponse.next_page_token.",
"location": "query",
"type": "string"
},
@@ -323,7 +324,7 @@
]
},
"setIamPolicy": {
"description": "Sets the access control policy on the specified resource. Replaces any\nexisting policy.",
"description": "Sets the access control policy on the specified resource. Replaces any\nexisting policy.\n\nCan return Public Errors: NOT_FOUND, INVALID_ARGUMENT and PERMISSION_DENIED",
"flatPath": "v1/projects/{projectsId}/locations/{locationsId}/keyRings/{keyRingsId}:setIamPolicy",
"httpMethod": "POST",
"id": "cloudkms.projects.locations.keyRings.setIamPolicy",
@@ -464,7 +465,7 @@
"name": {
"description": "Required. The resource name of the CryptoKey or CryptoKeyVersion\nto use for encryption.\n\nIf a CryptoKey is specified, the server will use its\nprimary version.",
"location": "path",
"pattern": "^projects/[^/]+/locations/[^/]+/keyRings/[^/]+/cryptoKeys/.+$",
"pattern": "^projects/[^/]+/locations/[^/]+/keyRings/[^/]+/cryptoKeys/.*$",
"required": true,
"type": "string"
}
@@ -491,7 +492,7 @@
],
"parameters": {
"name": {
"description": "The name of the CryptoKey to get.",
"description": "Required. The name of the CryptoKey to get.",
"location": "path",
"pattern": "^projects/[^/]+/locations/[^/]+/keyRings/[^/]+/cryptoKeys/[^/]+$",
"required": true,
@@ -517,7 +518,7 @@
],
"parameters": {
"options.requestedPolicyVersion": {
"description": "Optional. The policy format version to be returned.\nAcceptable values are 0 and 1.\nIf the value is 0, or the field is omitted, policy format version 1 will be\nreturned.",
"description": "Optional. The policy format version to be returned.\n\nValid values are 0, 1, and 3. Requests specifying an invalid value will be\nrejected.\n\nRequests for policies with any conditional bindings must specify version 3.\nPolicies without any conditional bindings may specify any valid value or\nleave the field unset.",
"format": "int32",
"location": "query",
"type": "integer"
@@ -549,23 +550,23 @@
],
"parameters": {
"filter": {
"description": "Optional. Only include resources that match the filter in the response\n(https://cloud.google.com/kms/docs/sorting-and-filtering).",
"description": "Optional. Only include resources that match the filter in the response. For\nmore information, see\n[Sorting and filtering list\nresults](https://cloud.google.com/kms/docs/sorting-and-filtering).",
"location": "query",
"type": "string"
},
"orderBy": {
"description": "Optional. Specify how the results should be sorted. If not specified, the\nresults will be sorted in the default order\n(https://cloud.google.com/kms/docs/sorting-and-filtering).",
"description": "Optional. Specify how the results should be sorted. If not specified, the\nresults will be sorted in the default order. For more information, see\n[Sorting and filtering list\nresults](https://cloud.google.com/kms/docs/sorting-and-filtering).",
"location": "query",
"type": "string"
},
"pageSize": {
"description": "Optional limit on the number of CryptoKeys to include in the\nresponse. Further CryptoKeys can subsequently be obtained by\nincluding the ListCryptoKeysResponse.next_page_token in a subsequent\nrequest. If unspecified, the server will pick an appropriate default.",
"description": "Optional. Optional limit on the number of CryptoKeys to include in the\nresponse. Further CryptoKeys can subsequently be obtained by\nincluding the ListCryptoKeysResponse.next_page_token in a subsequent\nrequest. If unspecified, the server will pick an appropriate default.",
"format": "int32",
"location": "query",
"type": "integer"
},
"pageToken": {
"description": "Optional pagination token, returned earlier via\nListCryptoKeysResponse.next_page_token.",
"description": "Optional. Optional pagination token, returned earlier via\nListCryptoKeysResponse.next_page_token.",
"location": "query",
"type": "string"
},
@@ -612,7 +613,7 @@
"type": "string"
},
"updateMask": {
"description": "Required list of fields to be updated in this request.",
"description": "Required. List of fields to be updated in this request.",
"format": "google-fieldmask",
"location": "query",
"type": "string"
@@ -631,7 +632,7 @@
]
},
"setIamPolicy": {
"description": "Sets the access control policy on the specified resource. Replaces any\nexisting policy.",
"description": "Sets the access control policy on the specified resource. Replaces any\nexisting policy.\n\nCan return Public Errors: NOT_FOUND, INVALID_ARGUMENT and PERMISSION_DENIED",
"flatPath": "v1/projects/{projectsId}/locations/{locationsId}/keyRings/{keyRingsId}/cryptoKeys/{cryptoKeysId}:setIamPolicy",
"httpMethod": "POST",
"id": "cloudkms.projects.locations.keyRings.cryptoKeys.setIamPolicy",
@@ -698,7 +699,7 @@
],
"parameters": {
"name": {
"description": "The resource name of the CryptoKey to update.",
"description": "Required. The resource name of the CryptoKey to update.",
"location": "path",
"pattern": "^projects/[^/]+/locations/[^/]+/keyRings/[^/]+/cryptoKeys/[^/]+$",
"required": true,
@@ -818,7 +819,7 @@
],
"parameters": {
"name": {
"description": "The resource name of the CryptoKeyVersion to destroy.",
"description": "Required. The resource name of the CryptoKeyVersion to destroy.",
"location": "path",
"pattern": "^projects/[^/]+/locations/[^/]+/keyRings/[^/]+/cryptoKeys/[^/]+/cryptoKeyVersions/[^/]+$",
"required": true,
@@ -847,7 +848,7 @@
],
"parameters": {
"name": {
"description": "The name of the CryptoKeyVersion to get.",
"description": "Required. The name of the CryptoKeyVersion to get.",
"location": "path",
"pattern": "^projects/[^/]+/locations/[^/]+/keyRings/[^/]+/cryptoKeys/[^/]+/cryptoKeyVersions/[^/]+$",
"required": true,
@@ -873,7 +874,7 @@
],
"parameters": {
"name": {
"description": "The name of the CryptoKeyVersion public key to\nget.",
"description": "Required. The name of the CryptoKeyVersion public key to\nget.",
"location": "path",
"pattern": "^projects/[^/]+/locations/[^/]+/keyRings/[^/]+/cryptoKeys/[^/]+/cryptoKeyVersions/[^/]+$",
"required": true,
@@ -928,23 +929,23 @@
],
"parameters": {
"filter": {
"description": "Optional. Only include resources that match the filter in the response\n(https://cloud.google.com/kms/docs/sorting-and-filtering).",
"description": "Optional. Only include resources that match the filter in the response. For\nmore information, see\n[Sorting and filtering list\nresults](https://cloud.google.com/kms/docs/sorting-and-filtering).",
"location": "query",
"type": "string"
},
"orderBy": {
"description": "Optional. Specify how the results should be sorted. If not specified, the\nresults will be sorted in the default order\n(https://cloud.google.com/kms/docs/sorting-and-filtering).",
"description": "Optional. Specify how the results should be sorted. If not specified, the\nresults will be sorted in the default order. For more information, see\n[Sorting and filtering list\nresults](https://cloud.google.com/kms/docs/sorting-and-filtering).",
"location": "query",
"type": "string"
},
"pageSize": {
"description": "Optional limit on the number of CryptoKeyVersions to\ninclude in the response. Further CryptoKeyVersions can\nsubsequently be obtained by including the\nListCryptoKeyVersionsResponse.next_page_token in a subsequent request.\nIf unspecified, the server will pick an appropriate default.",
"description": "Optional. Optional limit on the number of CryptoKeyVersions to\ninclude in the response. Further CryptoKeyVersions can\nsubsequently be obtained by including the\nListCryptoKeyVersionsResponse.next_page_token in a subsequent request.\nIf unspecified, the server will pick an appropriate default.",
"format": "int32",
"location": "query",
"type": "integer"
},
"pageToken": {
"description": "Optional pagination token, returned earlier via\nListCryptoKeyVersionsResponse.next_page_token.",
"description": "Optional. Optional pagination token, returned earlier via\nListCryptoKeyVersionsResponse.next_page_token.",
"location": "query",
"type": "string"
},
@@ -991,7 +992,7 @@
"type": "string"
},
"updateMask": {
"description": "Required list of fields to be updated in this request.",
"description": "Required. List of fields to be updated in this request.",
"format": "google-fieldmask",
"location": "query",
"type": "string"
@@ -1019,7 +1020,7 @@
],
"parameters": {
"name": {
"description": "The resource name of the CryptoKeyVersion to restore.",
"description": "Required. The resource name of the CryptoKeyVersion to restore.",
"location": "path",
"pattern": "^projects/[^/]+/locations/[^/]+/keyRings/[^/]+/cryptoKeys/[^/]+/cryptoKeyVersions/[^/]+$",
"required": true,
@@ -1088,7 +1089,7 @@
],
"parameters": {
"name": {
"description": "The name of the ImportJob to get.",
"description": "Required. The name of the ImportJob to get.",
"location": "path",
"pattern": "^projects/[^/]+/locations/[^/]+/keyRings/[^/]+/importJobs/[^/]+$",
"required": true,
@@ -1114,7 +1115,7 @@
],
"parameters": {
"options.requestedPolicyVersion": {
"description": "Optional. The policy format version to be returned.\nAcceptable values are 0 and 1.\nIf the value is 0, or the field is omitted, policy format version 1 will be\nreturned.",
"description": "Optional. The policy format version to be returned.\n\nValid values are 0, 1, and 3. Requests specifying an invalid value will be\nrejected.\n\nRequests for policies with any conditional bindings must specify version 3.\nPolicies without any conditional bindings may specify any valid value or\nleave the field unset.",
"format": "int32",
"location": "query",
"type": "integer"
@@ -1146,23 +1147,23 @@
],
"parameters": {
"filter": {
"description": "Optional. Only include resources that match the filter in the response\n(https://cloud.google.com/kms/docs/sorting-and-filtering).",
"description": "Optional. Only include resources that match the filter in the response. For\nmore information, see\n[Sorting and filtering list\nresults](https://cloud.google.com/kms/docs/sorting-and-filtering).",
"location": "query",
"type": "string"
},
"orderBy": {
"description": "Optional. Specify how the results should be sorted. If not specified, the\nresults will be sorted in the default order\n(https://cloud.google.com/kms/docs/sorting-and-filtering).",
"description": "Optional. Specify how the results should be sorted. If not specified, the\nresults will be sorted in the default order. For more information, see\n[Sorting and filtering list\nresults](https://cloud.google.com/kms/docs/sorting-and-filtering).",
"location": "query",
"type": "string"
},
"pageSize": {
"description": "Optional limit on the number of ImportJobs to include in the\nresponse. Further ImportJobs can subsequently be obtained by\nincluding the ListImportJobsResponse.next_page_token in a subsequent\nrequest. If unspecified, the server will pick an appropriate default.",
"description": "Optional. Optional limit on the number of ImportJobs to include in the\nresponse. Further ImportJobs can subsequently be obtained by\nincluding the ListImportJobsResponse.next_page_token in a subsequent\nrequest. If unspecified, the server will pick an appropriate default.",
"format": "int32",
"location": "query",
"type": "integer"
},
"pageToken": {
"description": "Optional pagination token, returned earlier via\nListImportJobsResponse.next_page_token.",
"description": "Optional. Optional pagination token, returned earlier via\nListImportJobsResponse.next_page_token.",
"location": "query",
"type": "string"
},
@@ -1184,7 +1185,7 @@
]
},
"setIamPolicy": {
"description": "Sets the access control policy on the specified resource. Replaces any\nexisting policy.",
"description": "Sets the access control policy on the specified resource. Replaces any\nexisting policy.\n\nCan return Public Errors: NOT_FOUND, INVALID_ARGUMENT and PERMISSION_DENIED",
"flatPath": "v1/projects/{projectsId}/locations/{locationsId}/keyRings/{keyRingsId}/importJobs/{importJobsId}:setIamPolicy",
"httpMethod": "POST",
"id": "cloudkms.projects.locations.keyRings.importJobs.setIamPolicy",
@@ -1250,7 +1251,7 @@
}
}
},
"revision": "20190626",
"revision": "20200313",
"rootUrl": "https://cloudkms.googleapis.com/",
"schemas": {
"AsymmetricDecryptRequest": {
@@ -1301,7 +1302,7 @@
"type": "object"
},
"AuditConfig": {
"description": "Specifies the audit configuration for a service.\nThe configuration determines which permission types are logged, and what\nidentities, if any, are exempted from logging.\nAn AuditConfig must have one or more AuditLogConfigs.\n\nIf there are AuditConfigs for both `allServices` and a specific service,\nthe union of the two AuditConfigs is used for that service: the log_types\nspecified in each AuditConfig are enabled, and the exempted_members in each\nAuditLogConfig are exempted.\n\nExample Policy with multiple AuditConfigs:\n\n {\n \"audit_configs\": [\n {\n \"service\": \"allServices\"\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\n \"user:foo@gmail.com\"\n ]\n },\n {\n \"log_type\": \"DATA_WRITE\",\n },\n {\n \"log_type\": \"ADMIN_READ\",\n }\n ]\n },\n {\n \"service\": \"fooservice.googleapis.com\"\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n },\n {\n \"log_type\": \"DATA_WRITE\",\n \"exempted_members\": [\n \"user:bar@gmail.com\"\n ]\n }\n ]\n }\n ]\n }\n\nFor fooservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ\nlogging. It also exempts foo@gmail.com from DATA_READ logging, and\nbar@gmail.com from DATA_WRITE logging.",
"description": "Specifies the audit configuration for a service.\nThe configuration determines which permission types are logged, and what\nidentities, if any, are exempted from logging.\nAn AuditConfig must have one or more AuditLogConfigs.\n\nIf there are AuditConfigs for both `allServices` and a specific service,\nthe union of the two AuditConfigs is used for that service: the log_types\nspecified in each AuditConfig are enabled, and the exempted_members in each\nAuditLogConfig are exempted.\n\nExample Policy with multiple AuditConfigs:\n\n {\n \"audit_configs\": [\n {\n \"service\": \"allServices\"\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\n \"user:jose@example.com\"\n ]\n },\n {\n \"log_type\": \"DATA_WRITE\",\n },\n {\n \"log_type\": \"ADMIN_READ\",\n }\n ]\n },\n {\n \"service\": \"sampleservice.googleapis.com\"\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n },\n {\n \"log_type\": \"DATA_WRITE\",\n \"exempted_members\": [\n \"user:aliya@example.com\"\n ]\n }\n ]\n }\n ]\n }\n\nFor sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ\nlogging. It also exempts jose@example.com from DATA_READ logging, and\naliya@example.com from DATA_WRITE logging.",
"id": "AuditConfig",
"properties": {
"auditLogConfigs": {
@@ -1319,7 +1320,7 @@
"type": "object"
},
"AuditLogConfig": {
"description": "Provides the configuration for logging a type of permissions.\nExample:\n\n {\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\n \"user:foo@gmail.com\"\n ]\n },\n {\n \"log_type\": \"DATA_WRITE\",\n }\n ]\n }\n\nThis enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting\nfoo@gmail.com from DATA_READ logging.",
"description": "Provides the configuration for logging a type of permissions.\nExample:\n\n {\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\n \"user:jose@example.com\"\n ]\n },\n {\n \"log_type\": \"DATA_WRITE\",\n }\n ]\n }\n\nThis enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting\njose@example.com from DATA_READ logging.",
"id": "AuditLogConfig",
"properties": {
"exemptedMembers": {
@@ -1357,7 +1358,7 @@
"description": "The condition that is associated with this binding.\nNOTE: An unsatisfied condition will not allow user access via current\nbinding. Different bindings, including their conditions, are examined\nindependently."
},
"members": {
"description": "Specifies the identities requesting access for a Cloud Platform resource.\n`members` can have the following values:\n\n* `allUsers`: A special identifier that represents anyone who is\n on the internet; with or without a Google account.\n\n* `allAuthenticatedUsers`: A special identifier that represents anyone\n who is authenticated with a Google account or a service account.\n\n* `user:{emailid}`: An email address that represents a specific Google\n account. For example, `alice@gmail.com` .\n\n\n* `serviceAccount:{emailid}`: An email address that represents a service\n account. For example, `my-other-app@appspot.gserviceaccount.com`.\n\n* `group:{emailid}`: An email address that represents a Google group.\n For example, `admins@example.com`.\n\n\n* `domain:{domain}`: The G Suite domain (primary) that represents all the\n users of that domain. For example, `google.com` or `example.com`.\n\n",
"description": "Specifies the identities requesting access for a Cloud Platform resource.\n`members` can have the following values:\n\n* `allUsers`: A special identifier that represents anyone who is\n on the internet; with or without a Google account.\n\n* `allAuthenticatedUsers`: A special identifier that represents anyone\n who is authenticated with a Google account or a service account.\n\n* `user:{emailid}`: An email address that represents a specific Google\n account. For example, `alice@example.com` .\n\n\n* `serviceAccount:{emailid}`: An email address that represents a service\n account. For example, `my-other-app@appspot.gserviceaccount.com`.\n\n* `group:{emailid}`: An email address that represents a Google group.\n For example, `admins@example.com`.\n\n* `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique\n identifier) representing a user that has been recently deleted. For\n example, `alice@example.com?uid=123456789012345678901`. If the user is\n recovered, this value reverts to `user:{emailid}` and the recovered user\n retains the role in the binding.\n\n* `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus\n unique identifier) representing a service account that has been recently\n deleted. For example,\n `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.\n If the service account is undeleted, this value reverts to\n `serviceAccount:{emailid}` and the undeleted service account retains the\n role in the binding.\n\n* `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique\n identifier) representing a Google group that has been recently\n deleted. For example, `admins@example.com?uid=123456789012345678901`. If\n the group is recovered, this value reverts to `group:{emailid}` and the\n recovered group retains the role in the binding.\n\n\n* `domain:{domain}`: The G Suite domain (primary) that represents all the\n users of that domain. For example, `google.com` or `example.com`.\n\n",
"items": {
"type": "string"
},
@@ -1397,10 +1398,10 @@
},
"primary": {
"$ref": "CryptoKeyVersion",
"description": "Output only. A copy of the \"primary\" CryptoKeyVersion that will be used\nby Encrypt when this CryptoKey is given\nin EncryptRequest.name.\n\nThe CryptoKey's primary version can be updated via\nUpdateCryptoKeyPrimaryVersion.\n\nAll keys with purpose\nENCRYPT_DECRYPT have a\nprimary. For other keys, this field will be omitted."
"description": "Output only. A copy of the \"primary\" CryptoKeyVersion that will be used\nby Encrypt when this CryptoKey is given\nin EncryptRequest.name.\n\nThe CryptoKey's primary version can be updated via\nUpdateCryptoKeyPrimaryVersion.\n\nKeys with purpose\nENCRYPT_DECRYPT may have a\nprimary. For other keys, this field will be omitted."
},
"purpose": {
"description": "The immutable purpose of this CryptoKey.",
"description": "Immutable. The immutable purpose of this CryptoKey.",
"enum": [
"CRYPTO_KEY_PURPOSE_UNSPECIFIED",
"ENCRYPT_DECRYPT",
@@ -1449,7 +1450,8 @@
"RSA_DECRYPT_OAEP_4096_SHA256",
"RSA_DECRYPT_OAEP_4096_SHA512",
"EC_SIGN_P256_SHA256",
"EC_SIGN_P384_SHA384"
"EC_SIGN_P384_SHA384",
"EXTERNAL_SYMMETRIC_ENCRYPTION"
],
"enumDescriptions": [
"Not specified.",
@@ -1467,7 +1469,8 @@
"RSAES-OAEP 4096 bit key with a SHA256 digest.",
"RSAES-OAEP 4096 bit key with a SHA512 digest.",
"ECDSA on the NIST P-256 curve with a SHA256 digest.",
"ECDSA on the NIST P-384 curve with a SHA384 digest."
"ECDSA on the NIST P-384 curve with a SHA384 digest.",
"Algorithm representing symmetric encryption by an external key manager."
],
"type": "string"
},
@@ -1490,6 +1493,10 @@
"format": "google-datetime",
"type": "string"
},
"externalProtectionLevelOptions": {
"$ref": "ExternalProtectionLevelOptions",
"description": "ExternalProtectionLevelOptions stores a group of additional fields for\nconfiguring a CryptoKeyVersion that are specific to the\nEXTERNAL protection level."
},
"generateTime": {
"description": "Output only. The time this CryptoKeyVersion's key material was\ngenerated.",
"format": "google-datetime",
@@ -1517,12 +1524,14 @@
"enum": [
"PROTECTION_LEVEL_UNSPECIFIED",
"SOFTWARE",
"HSM"
"HSM",
"EXTERNAL"
],
"enumDescriptions": [
"Not specified.",
"Crypto operations are performed in software.",
"Crypto operations are performed in a Hardware Security Module."
"Crypto operations are performed in a Hardware Security Module.",
"Crypto operations are performed by an external key manager."
],
"type": "string"
},
@@ -1575,7 +1584,8 @@
"RSA_DECRYPT_OAEP_4096_SHA256",
"RSA_DECRYPT_OAEP_4096_SHA512",
"EC_SIGN_P256_SHA256",
"EC_SIGN_P384_SHA384"
"EC_SIGN_P384_SHA384",
"EXTERNAL_SYMMETRIC_ENCRYPTION"
],
"enumDescriptions": [
"Not specified.",
@@ -1593,7 +1603,8 @@
"RSAES-OAEP 4096 bit key with a SHA256 digest.",
"RSAES-OAEP 4096 bit key with a SHA512 digest.",
"ECDSA on the NIST P-256 curve with a SHA256 digest.",
"ECDSA on the NIST P-384 curve with a SHA384 digest."
"ECDSA on the NIST P-384 curve with a SHA384 digest.",
"Algorithm representing symmetric encryption by an external key manager."
],
"type": "string"
},
@@ -1602,12 +1613,14 @@
"enum": [
"PROTECTION_LEVEL_UNSPECIFIED",
"SOFTWARE",
"HSM"
"HSM",
"EXTERNAL"
],
"enumDescriptions": [
"Not specified.",
"Crypto operations are performed in software.",
"Crypto operations are performed in a Hardware Security Module."
"Crypto operations are performed in a Hardware Security Module.",
"Crypto operations are performed by an external key manager."
],
"type": "string"
}
@@ -1619,7 +1632,7 @@
"id": "DecryptRequest",
"properties": {
"additionalAuthenticatedData": {
"description": "Optional data that must match the data originally supplied in\nEncryptRequest.additional_authenticated_data.",
"description": "Optional. Optional data that must match the data originally supplied in\nEncryptRequest.additional_authenticated_data.",
"format": "byte",
"type": "string"
},
@@ -1676,7 +1689,7 @@
"id": "EncryptRequest",
"properties": {
"additionalAuthenticatedData": {
"description": "Optional data that, if specified, must also be provided during decryption\nthrough DecryptRequest.additional_authenticated_data.\n\nThe maximum size depends on the key version's\nprotection_level. For\nSOFTWARE keys, the AAD must be no larger than\n64KiB. For HSM keys, the combined length of the\nplaintext and additional_authenticated_data fields must be no larger than\n8KiB.",
"description": "Optional. Optional data that, if specified, must also be provided during decryption\nthrough DecryptRequest.additional_authenticated_data.\n\nThe maximum size depends on the key version's\nprotection_level. For\nSOFTWARE keys, the AAD must be no larger than\n64KiB. For HSM keys, the combined length of the\nplaintext and additional_authenticated_data fields must be no larger than\n8KiB.",
"format": "byte",
"type": "string"
},
@@ -1698,30 +1711,41 @@
"type": "string"
},
"name": {
"description": "The resource name of the CryptoKeyVersion used in encryption.",
"description": "The resource name of the CryptoKeyVersion used in encryption. Check\nthis field to verify that the intended resource was used for encryption.",
"type": "string"
}
},
"type": "object"
},
"Expr": {
"description": "Represents an expression text. Example:\n\n title: \"User account presence\"\n description: \"Determines whether the request has a user account\"\n expression: \"size(request.user) > 0\"",
"description": "Represents a textual expression in the Common Expression Language (CEL)\nsyntax. CEL is a C-like expression language. The syntax and semantics of CEL\nare documented at https://github.com/google/cel-spec.\n\nExample (Comparison):\n\n title: \"Summary size limit\"\n description: \"Determines if a summary is less than 100 chars\"\n expression: \"document.summary.size() < 100\"\n\nExample (Equality):\n\n title: \"Requestor is owner\"\n description: \"Determines if requestor is the document owner\"\n expression: \"document.owner == request.auth.claims.email\"\n\nExample (Logic):\n\n title: \"Public documents\"\n description: \"Determine whether the document should be publicly visible\"\n expression: \"document.type != 'private' && document.type != 'internal'\"\n\nExample (Data Manipulation):\n\n title: \"Notification string\"\n description: \"Create a notification string with a timestamp.\"\n expression: \"'New message received at ' + string(document.create_time)\"\n\nThe exact variables and functions that may be referenced within an expression\nare determined by the service that evaluates it. See the service\ndocumentation for additional information.",
"id": "Expr",
"properties": {
"description": {
"description": "An optional description of the expression. This is a longer text which\ndescribes the expression, e.g. when hovered over it in a UI.",
"description": "Optional. Description of the expression. This is a longer text which\ndescribes the expression, e.g. when hovered over it in a UI.",
"type": "string"
},
"expression": {
"description": "Textual representation of an expression in\nCommon Expression Language syntax.\n\nThe application context of the containing message determines which\nwell-known feature set of CEL is supported.",
"description": "Textual representation of an expression in Common Expression Language\nsyntax.",
"type": "string"
},
"location": {
"description": "An optional string indicating the location of the expression for error\nreporting, e.g. a file name and a position in the file.",
"description": "Optional. String indicating the location of the expression for error\nreporting, e.g. a file name and a position in the file.",
"type": "string"
},
"title": {
"description": "An optional title for the expression, i.e. a short string describing\nits purpose. This can be used e.g. in UIs which allow to enter the\nexpression.",
"description": "Optional. Title for the expression, i.e. a short string describing\nits purpose. This can be used e.g. in UIs which allow to enter the\nexpression.",
"type": "string"
}
},
"type": "object"
},
"ExternalProtectionLevelOptions": {
"description": "ExternalProtectionLevelOptions stores a group of additional fields for\nconfiguring a CryptoKeyVersion that are specific to the\nEXTERNAL protection level.",
"id": "ExternalProtectionLevelOptions",
"properties": {
"externalKeyUri": {
"description": "The URI for an external resource that this CryptoKeyVersion represents.",
"type": "string"
}
},
@@ -1749,7 +1773,8 @@
"RSA_DECRYPT_OAEP_4096_SHA256",
"RSA_DECRYPT_OAEP_4096_SHA512",
"EC_SIGN_P256_SHA256",
"EC_SIGN_P384_SHA384"
"EC_SIGN_P384_SHA384",
"EXTERNAL_SYMMETRIC_ENCRYPTION"
],
"enumDescriptions": [
"Not specified.",
@@ -1767,7 +1792,8 @@
"RSAES-OAEP 4096 bit key with a SHA256 digest.",
"RSAES-OAEP 4096 bit key with a SHA512 digest.",
"ECDSA on the NIST P-256 curve with a SHA256 digest.",
"ECDSA on the NIST P-384 curve with a SHA384 digest."
"ECDSA on the NIST P-384 curve with a SHA384 digest.",
"Algorithm representing symmetric encryption by an external key manager."
],
"type": "string"
},
@@ -1776,7 +1802,7 @@
"type": "string"
},
"rsaAesWrappedKey": {
"description": "Wrapped key material produced with\nRSA_OAEP_3072_SHA1_AES_256\nor\nRSA_OAEP_4096_SHA1_AES_256.\n\nThis field contains the concatenation of two wrapped keys:\n<ol>\n <li>An ephemeral AES-256 wrapping key wrapped with the\n public_key using RSAES-OAEP with SHA-1,\n MGF1 with SHA-1, and an empty label.\n </li>\n <li>The key to be imported, wrapped with the ephemeral AES-256 key\n using AES-KWP (RFC 5649).\n </li>\n</ol>\n\nThis format is the same as the format produced by PKCS#11 mechanism\nCKM_RSA_AES_KEY_WRAP.",
"description": "Wrapped key material produced with\nRSA_OAEP_3072_SHA1_AES_256\nor\nRSA_OAEP_4096_SHA1_AES_256.\n\nThis field contains the concatenation of two wrapped keys:\n<ol>\n <li>An ephemeral AES-256 wrapping key wrapped with the\n public_key using RSAES-OAEP with SHA-1,\n MGF1 with SHA-1, and an empty label.\n </li>\n <li>The key to be imported, wrapped with the ephemeral AES-256 key\n using AES-KWP (RFC 5649).\n </li>\n</ol>\n\nIf importing symmetric key material, it is expected that the unwrapped\nkey contains plain bytes. If importing asymmetric key material, it is\nexpected that the unwrapped key is in PKCS#8-encoded DER format (the\nPrivateKeyInfo structure from RFC 5208).\n\nThis format is the same as the format produced by PKCS#11 mechanism\nCKM_RSA_AES_KEY_WRAP.",
"format": "byte",
"type": "string"
}
@@ -1812,7 +1838,7 @@
"type": "string"
},
"importMethod": {
"description": "Required and immutable. The wrapping method to be used for incoming\nkey material.",
"description": "Required. Immutable. The wrapping method to be used for incoming key material.",
"enum": [
"IMPORT_METHOD_UNSPECIFIED",
"RSA_OAEP_3072_SHA1_AES_256",
@@ -1830,16 +1856,18 @@
"type": "string"
},
"protectionLevel": {
"description": "Required and immutable. The protection level of the ImportJob. This\nmust match the\nprotection_level of the\nversion_template on the CryptoKey you\nattempt to import into.",
"description": "Required. Immutable. The protection level of the ImportJob. This must match the\nprotection_level of the\nversion_template on the CryptoKey you\nattempt to import into.",
"enum": [
"PROTECTION_LEVEL_UNSPECIFIED",
"SOFTWARE",
"HSM"
"HSM",
"EXTERNAL"
],
"enumDescriptions": [
"Not specified.",
"Crypto operations are performed in software.",
"Crypto operations are performed in a Hardware Security Module."
"Crypto operations are performed in a Hardware Security Module.",
"Crypto operations are performed by an external key manager."
],
"type": "string"
},
@@ -2056,6 +2084,10 @@
"description": "Cloud KMS metadata for the given google.cloud.location.Location.",
"id": "LocationMetadata",
"properties": {
"ekmAvailable": {
"description": "Indicates whether CryptoKeys with\nprotection_level\nEXTERNAL can be created in this location.",
"type": "boolean"
},
"hsmAvailable": {
"description": "Indicates whether CryptoKeys with\nprotection_level\nHSM can be created in this location.",
"type": "boolean"
@@ -2064,7 +2096,7 @@
"type": "object"
},
"Policy": {
"description": "Defines an Identity and Access Management (IAM) policy. It is used to\nspecify access control policies for Cloud Platform resources.\n\n\nA `Policy` consists of a list of `bindings`. A `binding` binds a list of\n`members` to a `role`, where the members can be user accounts, Google groups,\nGoogle domains, and service accounts. A `role` is a named list of permissions\ndefined by IAM.\n\n**JSON Example**\n\n {\n \"bindings\": [\n {\n \"role\": \"roles/owner\",\n \"members\": [\n \"user:mike@example.com\",\n \"group:admins@example.com\",\n \"domain:google.com\",\n \"serviceAccount:my-other-app@appspot.gserviceaccount.com\"\n ]\n },\n {\n \"role\": \"roles/viewer\",\n \"members\": [\"user:sean@example.com\"]\n }\n ]\n }\n\n**YAML Example**\n\n bindings:\n - members:\n - user:mike@example.com\n - group:admins@example.com\n - domain:google.com\n - serviceAccount:my-other-app@appspot.gserviceaccount.com\n role: roles/owner\n - members:\n - user:sean@example.com\n role: roles/viewer\n\n\nFor a description of IAM and its features, see the\n[IAM developer's guide](https://cloud.google.com/iam/docs).",
"description": "An Identity and Access Management (IAM) policy, which specifies access\ncontrols for Google Cloud resources.\n\n\nA `Policy` is a collection of `bindings`. A `binding` binds one or more\n`members` to a single `role`. Members can be user accounts, service accounts,\nGoogle groups, and domains (such as G Suite). A `role` is a named list of\npermissions; each `role` can be an IAM predefined role or a user-created\ncustom role.\n\nOptionally, a `binding` can specify a `condition`, which is a logical\nexpression that allows access to a resource only if the expression evaluates\nto `true`. A condition can add constraints based on attributes of the\nrequest, the resource, or both.\n\n**JSON example:**\n\n {\n \"bindings\": [\n {\n \"role\": \"roles/resourcemanager.organizationAdmin\",\n \"members\": [\n \"user:mike@example.com\",\n \"group:admins@example.com\",\n \"domain:google.com\",\n \"serviceAccount:my-project-id@appspot.gserviceaccount.com\"\n ]\n },\n {\n \"role\": \"roles/resourcemanager.organizationViewer\",\n \"members\": [\"user:eve@example.com\"],\n \"condition\": {\n \"title\": \"expirable access\",\n \"description\": \"Does not grant access after Sep 2020\",\n \"expression\": \"request.time < timestamp('2020-10-01T00:00:00.000Z')\",\n }\n }\n ],\n \"etag\": \"BwWWja0YfJA=\",\n \"version\": 3\n }\n\n**YAML example:**\n\n bindings:\n - members:\n - user:mike@example.com\n - group:admins@example.com\n - domain:google.com\n - serviceAccount:my-project-id@appspot.gserviceaccount.com\n role: roles/resourcemanager.organizationAdmin\n - members:\n - user:eve@example.com\n role: roles/resourcemanager.organizationViewer\n condition:\n title: expirable access\n description: Does not grant access after Sep 2020\n expression: request.time < timestamp('2020-10-01T00:00:00.000Z')\n - etag: BwWWja0YfJA=\n - version: 3\n\nFor a description of IAM and its features, see the\n[IAM documentation](https://cloud.google.com/iam/docs/).",
"id": "Policy",
"properties": {
"auditConfigs": {
@@ -2075,19 +2107,19 @@
"type": "array"
},
"bindings": {
"description": "Associates a list of `members` to a `role`.\n`bindings` with no members will result in an error.",
"description": "Associates a list of `members` to a `role`. Optionally, may specify a\n`condition` that determines how and when the `bindings` are applied. Each\nof the `bindings` must contain at least one member.",
"items": {
"$ref": "Binding"
},
"type": "array"
},
"etag": {
"description": "`etag` is used for optimistic concurrency control as a way to help\nprevent simultaneous updates of a policy from overwriting each other.\nIt is strongly suggested that systems make use of the `etag` in the\nread-modify-write cycle to perform policy updates in order to avoid race\nconditions: An `etag` is returned in the response to `getIamPolicy`, and\nsystems are expected to put that etag in the request to `setIamPolicy` to\nensure that their change will be applied to the same version of the policy.\n\nIf no `etag` is provided in the call to `setIamPolicy`, then the existing\npolicy is overwritten blindly.",
"description": "`etag` is used for optimistic concurrency control as a way to help\nprevent simultaneous updates of a policy from overwriting each other.\nIt is strongly suggested that systems make use of the `etag` in the\nread-modify-write cycle to perform policy updates in order to avoid race\nconditions: An `etag` is returned in the response to `getIamPolicy`, and\nsystems are expected to put that etag in the request to `setIamPolicy` to\nensure that their change will be applied to the same version of the policy.\n\n**Important:** If you use IAM Conditions, you must include the `etag` field\nwhenever you call `setIamPolicy`. If you omit this field, then IAM allows\nyou to overwrite a version `3` policy with a version `1` policy, and all of\nthe conditions in the version `3` policy are lost.",
"format": "byte",
"type": "string"
},
"version": {
"description": "Deprecated.",
"description": "Specifies the format of the policy.\n\nValid values are `0`, `1`, and `3`. Requests that specify an invalid value\nare rejected.\n\nAny operation that affects conditional role bindings must specify version\n`3`. This requirement applies to the following operations:\n\n* Getting a policy that includes a conditional role binding\n* Adding a conditional role binding to a policy\n* Changing a conditional role binding in a policy\n* Removing any role binding, with or without a condition, from a policy\n that includes conditions\n\n**Important:** If you use IAM Conditions, you must include the `etag` field\nwhenever you call `setIamPolicy`. If you omit this field, then IAM allows\nyou to overwrite a version `3` policy with a version `1` policy, and all of\nthe conditions in the version `3` policy are lost.\n\nIf a policy does not include any conditions, operations on that policy may\nspecify any valid version or leave the field unset.",
"format": "int32",
"type": "integer"
}
@@ -2116,7 +2148,8 @@
"RSA_DECRYPT_OAEP_4096_SHA256",
"RSA_DECRYPT_OAEP_4096_SHA512",
"EC_SIGN_P256_SHA256",
"EC_SIGN_P384_SHA384"
"EC_SIGN_P384_SHA384",
"EXTERNAL_SYMMETRIC_ENCRYPTION"
],
"enumDescriptions": [
"Not specified.",
@@ -2134,7 +2167,8 @@
"RSAES-OAEP 4096 bit key with a SHA256 digest.",
"RSAES-OAEP 4096 bit key with a SHA512 digest.",
"ECDSA on the NIST P-256 curve with a SHA256 digest.",
"ECDSA on the NIST P-384 curve with a SHA384 digest."
"ECDSA on the NIST P-384 curve with a SHA384 digest.",
"Algorithm representing symmetric encryption by an external key manager."
],
"type": "string"
},
@@ -2200,7 +2234,7 @@
"id": "UpdateCryptoKeyPrimaryVersionRequest",
"properties": {
"cryptoKeyVersionId": {
"description": "The id of the child CryptoKeyVersion to use as primary.",
"description": "Required. The id of the child CryptoKeyVersion to use as primary.",
"type": "string"
}
},