docs: update docs (#916)
* fix: re-run script
* test: fix noxfile
diff --git a/docs/dyn/cloudkms_v1.projects.locations.keyRings.cryptoKeys.html b/docs/dyn/cloudkms_v1.projects.locations.keyRings.cryptoKeys.html
index 773b300..5124453 100644
--- a/docs/dyn/cloudkms_v1.projects.locations.keyRings.cryptoKeys.html
+++ b/docs/dyn/cloudkms_v1.projects.locations.keyRings.cryptoKeys.html
@@ -95,7 +95,7 @@
<code><a href="#getIamPolicy">getIamPolicy(resource, options_requestedPolicyVersion=None, x__xgafv=None)</a></code></p>
<p class="firstline">Gets the access control policy for a resource.</p>
<p class="toc_element">
- <code><a href="#list">list(parent, filter=None, pageToken=None, pageSize=None, orderBy=None, versionView=None, x__xgafv=None)</a></code></p>
+ <code><a href="#list">list(parent, orderBy=None, versionView=None, filter=None, pageToken=None, pageSize=None, x__xgafv=None)</a></code></p>
<p class="firstline">Lists CryptoKeys.</p>
<p class="toc_element">
<code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p>
@@ -128,26 +128,173 @@
The object takes the form of:
{ # A CryptoKey represents a logical key that can be used for cryptographic
- # operations.
+ # operations.
+ #
+ # A CryptoKey is made up of zero or more versions,
+ # which represent the actual key material used in cryptographic operations.
+ "nextRotationTime": "A String", # At next_rotation_time, the Key Management Service will automatically:
#
+ # 1. Create a new version of this CryptoKey.
+ # 2. Mark the new version as primary.
+ #
+ # Key rotations performed manually via
+ # CreateCryptoKeyVersion and
+ # UpdateCryptoKeyPrimaryVersion
+ # do not affect next_rotation_time.
+ #
+ # Keys with purpose
+ # ENCRYPT_DECRYPT support
+ # automatic rotation. For other keys, this field must be omitted.
+ "labels": { # Labels with user-defined metadata. For more information, see
+ # [Labeling Keys](/kms/docs/labeling-keys).
+ "a_key": "A String",
+ },
+ "createTime": "A String", # Output only. The time at which this CryptoKey was created.
+ "rotationPeriod": "A String", # next_rotation_time will be advanced by this period when the service
+ # automatically rotates a key. Must be at least 24 hours and at most
+ # 876,000 hours.
+ #
+ # If rotation_period is set, next_rotation_time must also be set.
+ #
+ # Keys with purpose
+ # ENCRYPT_DECRYPT support
+ # automatic rotation. For other keys, this field must be omitted.
+ "primary": { # A CryptoKeyVersion represents an individual cryptographic key, and the # Output only. A copy of the "primary" CryptoKeyVersion that will be used
+ # by Encrypt when this CryptoKey is given
+ # in EncryptRequest.name.
+ #
+ # The CryptoKey's primary version can be updated via
+ # UpdateCryptoKeyPrimaryVersion.
+ #
+ # Keys with purpose
+ # ENCRYPT_DECRYPT may have a
+ # primary. For other keys, this field will be omitted.
+ # associated key material.
+ #
+ # An ENABLED version can be
+ # used for cryptographic operations.
+ #
+ # For security reasons, the raw cryptographic key material represented by a
+ # CryptoKeyVersion can never be viewed or exported. It can only be used to
+ # encrypt, decrypt, or sign data when an authorized user or application invokes
+ # Cloud KMS.
+ "createTime": "A String", # Output only. The time at which this CryptoKeyVersion was created.
+ "algorithm": "A String", # Output only. The CryptoKeyVersionAlgorithm that this
+ # CryptoKeyVersion supports.
+ "importJob": "A String", # Output only. The name of the ImportJob used to import this
+ # CryptoKeyVersion. Only present if the underlying key material was
+ # imported.
+ "externalProtectionLevelOptions": { # ExternalProtectionLevelOptions stores a group of additional fields for # ExternalProtectionLevelOptions stores a group of additional fields for
+ # configuring a CryptoKeyVersion that are specific to the
+ # EXTERNAL protection level.
+ # configuring a CryptoKeyVersion that are specific to the
+ # EXTERNAL protection level.
+ "externalKeyUri": "A String", # The URI for an external resource that this CryptoKeyVersion represents.
+ },
+ "destroyEventTime": "A String", # Output only. The time this CryptoKeyVersion's key material was
+ # destroyed. Only present if state is
+ # DESTROYED.
+ "importTime": "A String", # Output only. The time at which this CryptoKeyVersion's key material
+ # was imported.
+ "destroyTime": "A String", # Output only. The time this CryptoKeyVersion's key material is scheduled
+ # for destruction. Only present if state is
+ # DESTROY_SCHEDULED.
+ "importFailureReason": "A String", # Output only. The root cause of an import failure. Only present if
+ # state is
+ # IMPORT_FAILED.
+ "state": "A String", # The current state of the CryptoKeyVersion.
+ "name": "A String", # Output only. The resource name for this CryptoKeyVersion in the format
+ # `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.
+ "attestation": { # Contains an HSM-generated attestation about a key operation. For more # Output only. Statement that was generated and signed by the HSM at key
+ # creation time. Use this statement to verify attributes of the key as stored
+ # on the HSM, independently of Google. Only provided for key versions with
+ # protection_level HSM.
+ # information, see [Verifying attestations]
+ # (https://cloud.google.com/kms/docs/attest-key).
+ "format": "A String", # Output only. The format of the attestation data.
+ "content": "A String", # Output only. The attestation data provided by the HSM when the key
+ # operation was performed.
+ },
+ "generateTime": "A String", # Output only. The time this CryptoKeyVersion's key material was
+ # generated.
+ "protectionLevel": "A String", # Output only. The ProtectionLevel describing how crypto operations are
+ # performed with this CryptoKeyVersion.
+ },
+ "name": "A String", # Output only. The resource name for this CryptoKey in the format
+ # `projects/*/locations/*/keyRings/*/cryptoKeys/*`.
+ "versionTemplate": { # A CryptoKeyVersionTemplate specifies the properties to use when creating # A template describing settings for new CryptoKeyVersion instances.
+ # The properties of new CryptoKeyVersion instances created by either
+ # CreateCryptoKeyVersion or
+ # auto-rotation are controlled by this template.
+ # a new CryptoKeyVersion, either manually with
+ # CreateCryptoKeyVersion or
+ # automatically as a result of auto-rotation.
+ "algorithm": "A String", # Required. Algorithm to use
+ # when creating a CryptoKeyVersion based on this template.
+ #
+ # For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both
+ # this field is omitted and CryptoKey.purpose is
+ # ENCRYPT_DECRYPT.
+ "protectionLevel": "A String", # ProtectionLevel to use when creating a CryptoKeyVersion based on
+ # this template. Immutable. Defaults to SOFTWARE.
+ },
+ "purpose": "A String", # Immutable. The immutable purpose of this CryptoKey.
+}
+
+ cryptoKeyId: string, Required. It must be unique within a KeyRing and match the regular
+expression `[a-zA-Z0-9_-]{1,63}`
+ skipInitialVersionCreation: boolean, If set to true, the request will create a CryptoKey without any
+CryptoKeyVersions. You must manually call
+CreateCryptoKeyVersion or
+ImportCryptoKeyVersion
+before you can use this CryptoKey.
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # A CryptoKey represents a logical key that can be used for cryptographic
+ # operations.
+ #
# A CryptoKey is made up of zero or more versions,
# which represent the actual key material used in cryptographic operations.
+ "nextRotationTime": "A String", # At next_rotation_time, the Key Management Service will automatically:
+ #
+ # 1. Create a new version of this CryptoKey.
+ # 2. Mark the new version as primary.
+ #
+ # Key rotations performed manually via
+ # CreateCryptoKeyVersion and
+ # UpdateCryptoKeyPrimaryVersion
+ # do not affect next_rotation_time.
+ #
+ # Keys with purpose
+ # ENCRYPT_DECRYPT support
+ # automatic rotation. For other keys, this field must be omitted.
+ "labels": { # Labels with user-defined metadata. For more information, see
+ # [Labeling Keys](/kms/docs/labeling-keys).
+ "a_key": "A String",
+ },
+ "createTime": "A String", # Output only. The time at which this CryptoKey was created.
"rotationPeriod": "A String", # next_rotation_time will be advanced by this period when the service
# automatically rotates a key. Must be at least 24 hours and at most
# 876,000 hours.
- #
+ #
# If rotation_period is set, next_rotation_time must also be set.
- #
+ #
# Keys with purpose
# ENCRYPT_DECRYPT support
# automatic rotation. For other keys, this field must be omitted.
"primary": { # A CryptoKeyVersion represents an individual cryptographic key, and the # Output only. A copy of the "primary" CryptoKeyVersion that will be used
# by Encrypt when this CryptoKey is given
# in EncryptRequest.name.
- #
+ #
# The CryptoKey's primary version can be updated via
# UpdateCryptoKeyPrimaryVersion.
- #
+ #
# Keys with purpose
# ENCRYPT_DECRYPT may have a
# primary. For other keys, this field will be omitted.
@@ -160,34 +307,6 @@
# CryptoKeyVersion can never be viewed or exported. It can only be used to
# encrypt, decrypt, or sign data when an authorized user or application invokes
# Cloud KMS.
- "importTime": "A String", # Output only. The time at which this CryptoKeyVersion's key material
- # was imported.
- "destroyEventTime": "A String", # Output only. The time this CryptoKeyVersion's key material was
- # destroyed. Only present if state is
- # DESTROYED.
- "destroyTime": "A String", # Output only. The time this CryptoKeyVersion's key material is scheduled
- # for destruction. Only present if state is
- # DESTROY_SCHEDULED.
- "importFailureReason": "A String", # Output only. The root cause of an import failure. Only present if
- # state is
- # IMPORT_FAILED.
- "state": "A String", # The current state of the CryptoKeyVersion.
- "attestation": { # Contains an HSM-generated attestation about a key operation. For more # Output only. Statement that was generated and signed by the HSM at key
- # creation time. Use this statement to verify attributes of the key as stored
- # on the HSM, independently of Google. Only provided for key versions with
- # protection_level HSM.
- # information, see [Verifying attestations]
- # (https://cloud.google.com/kms/docs/attest-key).
- "format": "A String", # Output only. The format of the attestation data.
- "content": "A String", # Output only. The attestation data provided by the HSM when the key
- # operation was performed.
- },
- "name": "A String", # Output only. The resource name for this CryptoKeyVersion in the format
- # `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.
- "generateTime": "A String", # Output only. The time this CryptoKeyVersion's key material was
- # generated.
- "protectionLevel": "A String", # Output only. The ProtectionLevel describing how crypto operations are
- # performed with this CryptoKeyVersion.
"createTime": "A String", # Output only. The time at which this CryptoKeyVersion was created.
"algorithm": "A String", # Output only. The CryptoKeyVersionAlgorithm that this
# CryptoKeyVersion supports.
@@ -201,6 +320,34 @@
# EXTERNAL protection level.
"externalKeyUri": "A String", # The URI for an external resource that this CryptoKeyVersion represents.
},
+ "destroyEventTime": "A String", # Output only. The time this CryptoKeyVersion's key material was
+ # destroyed. Only present if state is
+ # DESTROYED.
+ "importTime": "A String", # Output only. The time at which this CryptoKeyVersion's key material
+ # was imported.
+ "destroyTime": "A String", # Output only. The time this CryptoKeyVersion's key material is scheduled
+ # for destruction. Only present if state is
+ # DESTROY_SCHEDULED.
+ "importFailureReason": "A String", # Output only. The root cause of an import failure. Only present if
+ # state is
+ # IMPORT_FAILED.
+ "state": "A String", # The current state of the CryptoKeyVersion.
+ "name": "A String", # Output only. The resource name for this CryptoKeyVersion in the format
+ # `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.
+ "attestation": { # Contains an HSM-generated attestation about a key operation. For more # Output only. Statement that was generated and signed by the HSM at key
+ # creation time. Use this statement to verify attributes of the key as stored
+ # on the HSM, independently of Google. Only provided for key versions with
+ # protection_level HSM.
+ # information, see [Verifying attestations]
+ # (https://cloud.google.com/kms/docs/attest-key).
+ "format": "A String", # Output only. The format of the attestation data.
+ "content": "A String", # Output only. The attestation data provided by the HSM when the key
+ # operation was performed.
+ },
+ "generateTime": "A String", # Output only. The time this CryptoKeyVersion's key material was
+ # generated.
+ "protectionLevel": "A String", # Output only. The ProtectionLevel describing how crypto operations are
+ # performed with this CryptoKeyVersion.
},
"name": "A String", # Output only. The resource name for this CryptoKey in the format
# `projects/*/locations/*/keyRings/*/cryptoKeys/*`.
@@ -221,154 +368,7 @@
# this template. Immutable. Defaults to SOFTWARE.
},
"purpose": "A String", # Immutable. The immutable purpose of this CryptoKey.
- "nextRotationTime": "A String", # At next_rotation_time, the Key Management Service will automatically:
- #
- # 1. Create a new version of this CryptoKey.
- # 2. Mark the new version as primary.
- #
- # Key rotations performed manually via
- # CreateCryptoKeyVersion and
- # UpdateCryptoKeyPrimaryVersion
- # do not affect next_rotation_time.
- #
- # Keys with purpose
- # ENCRYPT_DECRYPT support
- # automatic rotation. For other keys, this field must be omitted.
- "labels": { # Labels with user-defined metadata. For more information, see
- # [Labeling Keys](/kms/docs/labeling-keys).
- "a_key": "A String",
- },
- "createTime": "A String", # Output only. The time at which this CryptoKey was created.
- }
-
- cryptoKeyId: string, Required. It must be unique within a KeyRing and match the regular
-expression `[a-zA-Z0-9_-]{1,63}`
- skipInitialVersionCreation: boolean, If set to true, the request will create a CryptoKey without any
-CryptoKeyVersions. You must manually call
-CreateCryptoKeyVersion or
-ImportCryptoKeyVersion
-before you can use this CryptoKey.
- x__xgafv: string, V1 error format.
- Allowed values
- 1 - v1 error format
- 2 - v2 error format
-
-Returns:
- An object of the form:
-
- { # A CryptoKey represents a logical key that can be used for cryptographic
- # operations.
- #
- # A CryptoKey is made up of zero or more versions,
- # which represent the actual key material used in cryptographic operations.
- "rotationPeriod": "A String", # next_rotation_time will be advanced by this period when the service
- # automatically rotates a key. Must be at least 24 hours and at most
- # 876,000 hours.
- #
- # If rotation_period is set, next_rotation_time must also be set.
- #
- # Keys with purpose
- # ENCRYPT_DECRYPT support
- # automatic rotation. For other keys, this field must be omitted.
- "primary": { # A CryptoKeyVersion represents an individual cryptographic key, and the # Output only. A copy of the "primary" CryptoKeyVersion that will be used
- # by Encrypt when this CryptoKey is given
- # in EncryptRequest.name.
- #
- # The CryptoKey's primary version can be updated via
- # UpdateCryptoKeyPrimaryVersion.
- #
- # Keys with purpose
- # ENCRYPT_DECRYPT may have a
- # primary. For other keys, this field will be omitted.
- # associated key material.
- #
- # An ENABLED version can be
- # used for cryptographic operations.
- #
- # For security reasons, the raw cryptographic key material represented by a
- # CryptoKeyVersion can never be viewed or exported. It can only be used to
- # encrypt, decrypt, or sign data when an authorized user or application invokes
- # Cloud KMS.
- "importTime": "A String", # Output only. The time at which this CryptoKeyVersion's key material
- # was imported.
- "destroyEventTime": "A String", # Output only. The time this CryptoKeyVersion's key material was
- # destroyed. Only present if state is
- # DESTROYED.
- "destroyTime": "A String", # Output only. The time this CryptoKeyVersion's key material is scheduled
- # for destruction. Only present if state is
- # DESTROY_SCHEDULED.
- "importFailureReason": "A String", # Output only. The root cause of an import failure. Only present if
- # state is
- # IMPORT_FAILED.
- "state": "A String", # The current state of the CryptoKeyVersion.
- "attestation": { # Contains an HSM-generated attestation about a key operation. For more # Output only. Statement that was generated and signed by the HSM at key
- # creation time. Use this statement to verify attributes of the key as stored
- # on the HSM, independently of Google. Only provided for key versions with
- # protection_level HSM.
- # information, see [Verifying attestations]
- # (https://cloud.google.com/kms/docs/attest-key).
- "format": "A String", # Output only. The format of the attestation data.
- "content": "A String", # Output only. The attestation data provided by the HSM when the key
- # operation was performed.
- },
- "name": "A String", # Output only. The resource name for this CryptoKeyVersion in the format
- # `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.
- "generateTime": "A String", # Output only. The time this CryptoKeyVersion's key material was
- # generated.
- "protectionLevel": "A String", # Output only. The ProtectionLevel describing how crypto operations are
- # performed with this CryptoKeyVersion.
- "createTime": "A String", # Output only. The time at which this CryptoKeyVersion was created.
- "algorithm": "A String", # Output only. The CryptoKeyVersionAlgorithm that this
- # CryptoKeyVersion supports.
- "importJob": "A String", # Output only. The name of the ImportJob used to import this
- # CryptoKeyVersion. Only present if the underlying key material was
- # imported.
- "externalProtectionLevelOptions": { # ExternalProtectionLevelOptions stores a group of additional fields for # ExternalProtectionLevelOptions stores a group of additional fields for
- # configuring a CryptoKeyVersion that are specific to the
- # EXTERNAL protection level.
- # configuring a CryptoKeyVersion that are specific to the
- # EXTERNAL protection level.
- "externalKeyUri": "A String", # The URI for an external resource that this CryptoKeyVersion represents.
- },
- },
- "name": "A String", # Output only. The resource name for this CryptoKey in the format
- # `projects/*/locations/*/keyRings/*/cryptoKeys/*`.
- "versionTemplate": { # A CryptoKeyVersionTemplate specifies the properties to use when creating # A template describing settings for new CryptoKeyVersion instances.
- # The properties of new CryptoKeyVersion instances created by either
- # CreateCryptoKeyVersion or
- # auto-rotation are controlled by this template.
- # a new CryptoKeyVersion, either manually with
- # CreateCryptoKeyVersion or
- # automatically as a result of auto-rotation.
- "algorithm": "A String", # Required. Algorithm to use
- # when creating a CryptoKeyVersion based on this template.
- #
- # For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both
- # this field is omitted and CryptoKey.purpose is
- # ENCRYPT_DECRYPT.
- "protectionLevel": "A String", # ProtectionLevel to use when creating a CryptoKeyVersion based on
- # this template. Immutable. Defaults to SOFTWARE.
- },
- "purpose": "A String", # Immutable. The immutable purpose of this CryptoKey.
- "nextRotationTime": "A String", # At next_rotation_time, the Key Management Service will automatically:
- #
- # 1. Create a new version of this CryptoKey.
- # 2. Mark the new version as primary.
- #
- # Key rotations performed manually via
- # CreateCryptoKeyVersion and
- # UpdateCryptoKeyPrimaryVersion
- # do not affect next_rotation_time.
- #
- # Keys with purpose
- # ENCRYPT_DECRYPT support
- # automatic rotation. For other keys, this field must be omitted.
- "labels": { # Labels with user-defined metadata. For more information, see
- # [Labeling Keys](/kms/docs/labeling-keys).
- "a_key": "A String",
- },
- "createTime": "A String", # Output only. The time at which this CryptoKey was created.
- }</pre>
+ }</pre>
</div>
<div class="method">
@@ -446,9 +446,9 @@
An object of the form:
{ # Response message for KeyManagementService.Encrypt.
+ "ciphertext": "A String", # The encrypted data.
"name": "A String", # The resource name of the CryptoKeyVersion used in encryption. Check
# this field to verify that the intended resource was used for encryption.
- "ciphertext": "A String", # The encrypted data.
}</pre>
</div>
@@ -468,118 +468,118 @@
An object of the form:
{ # A CryptoKey represents a logical key that can be used for cryptographic
- # operations.
+ # operations.
+ #
+ # A CryptoKey is made up of zero or more versions,
+ # which represent the actual key material used in cryptographic operations.
+ "nextRotationTime": "A String", # At next_rotation_time, the Key Management Service will automatically:
#
- # A CryptoKey is made up of zero or more versions,
- # which represent the actual key material used in cryptographic operations.
- "rotationPeriod": "A String", # next_rotation_time will be advanced by this period when the service
- # automatically rotates a key. Must be at least 24 hours and at most
- # 876,000 hours.
- #
- # If rotation_period is set, next_rotation_time must also be set.
- #
- # Keys with purpose
- # ENCRYPT_DECRYPT support
- # automatic rotation. For other keys, this field must be omitted.
- "primary": { # A CryptoKeyVersion represents an individual cryptographic key, and the # Output only. A copy of the "primary" CryptoKeyVersion that will be used
- # by Encrypt when this CryptoKey is given
- # in EncryptRequest.name.
- #
- # The CryptoKey's primary version can be updated via
- # UpdateCryptoKeyPrimaryVersion.
- #
- # Keys with purpose
- # ENCRYPT_DECRYPT may have a
- # primary. For other keys, this field will be omitted.
- # associated key material.
- #
- # An ENABLED version can be
- # used for cryptographic operations.
- #
- # For security reasons, the raw cryptographic key material represented by a
- # CryptoKeyVersion can never be viewed or exported. It can only be used to
- # encrypt, decrypt, or sign data when an authorized user or application invokes
- # Cloud KMS.
- "importTime": "A String", # Output only. The time at which this CryptoKeyVersion's key material
- # was imported.
- "destroyEventTime": "A String", # Output only. The time this CryptoKeyVersion's key material was
- # destroyed. Only present if state is
- # DESTROYED.
- "destroyTime": "A String", # Output only. The time this CryptoKeyVersion's key material is scheduled
- # for destruction. Only present if state is
- # DESTROY_SCHEDULED.
- "importFailureReason": "A String", # Output only. The root cause of an import failure. Only present if
- # state is
- # IMPORT_FAILED.
- "state": "A String", # The current state of the CryptoKeyVersion.
- "attestation": { # Contains an HSM-generated attestation about a key operation. For more # Output only. Statement that was generated and signed by the HSM at key
- # creation time. Use this statement to verify attributes of the key as stored
- # on the HSM, independently of Google. Only provided for key versions with
- # protection_level HSM.
- # information, see [Verifying attestations]
- # (https://cloud.google.com/kms/docs/attest-key).
- "format": "A String", # Output only. The format of the attestation data.
- "content": "A String", # Output only. The attestation data provided by the HSM when the key
- # operation was performed.
- },
- "name": "A String", # Output only. The resource name for this CryptoKeyVersion in the format
- # `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.
- "generateTime": "A String", # Output only. The time this CryptoKeyVersion's key material was
- # generated.
- "protectionLevel": "A String", # Output only. The ProtectionLevel describing how crypto operations are
- # performed with this CryptoKeyVersion.
- "createTime": "A String", # Output only. The time at which this CryptoKeyVersion was created.
- "algorithm": "A String", # Output only. The CryptoKeyVersionAlgorithm that this
- # CryptoKeyVersion supports.
- "importJob": "A String", # Output only. The name of the ImportJob used to import this
- # CryptoKeyVersion. Only present if the underlying key material was
- # imported.
- "externalProtectionLevelOptions": { # ExternalProtectionLevelOptions stores a group of additional fields for # ExternalProtectionLevelOptions stores a group of additional fields for
- # configuring a CryptoKeyVersion that are specific to the
- # EXTERNAL protection level.
- # configuring a CryptoKeyVersion that are specific to the
- # EXTERNAL protection level.
- "externalKeyUri": "A String", # The URI for an external resource that this CryptoKeyVersion represents.
- },
+ # 1. Create a new version of this CryptoKey.
+ # 2. Mark the new version as primary.
+ #
+ # Key rotations performed manually via
+ # CreateCryptoKeyVersion and
+ # UpdateCryptoKeyPrimaryVersion
+ # do not affect next_rotation_time.
+ #
+ # Keys with purpose
+ # ENCRYPT_DECRYPT support
+ # automatic rotation. For other keys, this field must be omitted.
+ "labels": { # Labels with user-defined metadata. For more information, see
+ # [Labeling Keys](/kms/docs/labeling-keys).
+ "a_key": "A String",
+ },
+ "createTime": "A String", # Output only. The time at which this CryptoKey was created.
+ "rotationPeriod": "A String", # next_rotation_time will be advanced by this period when the service
+ # automatically rotates a key. Must be at least 24 hours and at most
+ # 876,000 hours.
+ #
+ # If rotation_period is set, next_rotation_time must also be set.
+ #
+ # Keys with purpose
+ # ENCRYPT_DECRYPT support
+ # automatic rotation. For other keys, this field must be omitted.
+ "primary": { # A CryptoKeyVersion represents an individual cryptographic key, and the # Output only. A copy of the "primary" CryptoKeyVersion that will be used
+ # by Encrypt when this CryptoKey is given
+ # in EncryptRequest.name.
+ #
+ # The CryptoKey's primary version can be updated via
+ # UpdateCryptoKeyPrimaryVersion.
+ #
+ # Keys with purpose
+ # ENCRYPT_DECRYPT may have a
+ # primary. For other keys, this field will be omitted.
+ # associated key material.
+ #
+ # An ENABLED version can be
+ # used for cryptographic operations.
+ #
+ # For security reasons, the raw cryptographic key material represented by a
+ # CryptoKeyVersion can never be viewed or exported. It can only be used to
+ # encrypt, decrypt, or sign data when an authorized user or application invokes
+ # Cloud KMS.
+ "createTime": "A String", # Output only. The time at which this CryptoKeyVersion was created.
+ "algorithm": "A String", # Output only. The CryptoKeyVersionAlgorithm that this
+ # CryptoKeyVersion supports.
+ "importJob": "A String", # Output only. The name of the ImportJob used to import this
+ # CryptoKeyVersion. Only present if the underlying key material was
+ # imported.
+ "externalProtectionLevelOptions": { # ExternalProtectionLevelOptions stores a group of additional fields for # ExternalProtectionLevelOptions stores a group of additional fields for
+ # configuring a CryptoKeyVersion that are specific to the
+ # EXTERNAL protection level.
+ # configuring a CryptoKeyVersion that are specific to the
+ # EXTERNAL protection level.
+ "externalKeyUri": "A String", # The URI for an external resource that this CryptoKeyVersion represents.
},
- "name": "A String", # Output only. The resource name for this CryptoKey in the format
- # `projects/*/locations/*/keyRings/*/cryptoKeys/*`.
- "versionTemplate": { # A CryptoKeyVersionTemplate specifies the properties to use when creating # A template describing settings for new CryptoKeyVersion instances.
- # The properties of new CryptoKeyVersion instances created by either
- # CreateCryptoKeyVersion or
- # auto-rotation are controlled by this template.
- # a new CryptoKeyVersion, either manually with
- # CreateCryptoKeyVersion or
- # automatically as a result of auto-rotation.
- "algorithm": "A String", # Required. Algorithm to use
- # when creating a CryptoKeyVersion based on this template.
- #
- # For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both
- # this field is omitted and CryptoKey.purpose is
- # ENCRYPT_DECRYPT.
- "protectionLevel": "A String", # ProtectionLevel to use when creating a CryptoKeyVersion based on
- # this template. Immutable. Defaults to SOFTWARE.
+ "destroyEventTime": "A String", # Output only. The time this CryptoKeyVersion's key material was
+ # destroyed. Only present if state is
+ # DESTROYED.
+ "importTime": "A String", # Output only. The time at which this CryptoKeyVersion's key material
+ # was imported.
+ "destroyTime": "A String", # Output only. The time this CryptoKeyVersion's key material is scheduled
+ # for destruction. Only present if state is
+ # DESTROY_SCHEDULED.
+ "importFailureReason": "A String", # Output only. The root cause of an import failure. Only present if
+ # state is
+ # IMPORT_FAILED.
+ "state": "A String", # The current state of the CryptoKeyVersion.
+ "name": "A String", # Output only. The resource name for this CryptoKeyVersion in the format
+ # `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.
+ "attestation": { # Contains an HSM-generated attestation about a key operation. For more # Output only. Statement that was generated and signed by the HSM at key
+ # creation time. Use this statement to verify attributes of the key as stored
+ # on the HSM, independently of Google. Only provided for key versions with
+ # protection_level HSM.
+ # information, see [Verifying attestations]
+ # (https://cloud.google.com/kms/docs/attest-key).
+ "format": "A String", # Output only. The format of the attestation data.
+ "content": "A String", # Output only. The attestation data provided by the HSM when the key
+ # operation was performed.
},
- "purpose": "A String", # Immutable. The immutable purpose of this CryptoKey.
- "nextRotationTime": "A String", # At next_rotation_time, the Key Management Service will automatically:
+ "generateTime": "A String", # Output only. The time this CryptoKeyVersion's key material was
+ # generated.
+ "protectionLevel": "A String", # Output only. The ProtectionLevel describing how crypto operations are
+ # performed with this CryptoKeyVersion.
+ },
+ "name": "A String", # Output only. The resource name for this CryptoKey in the format
+ # `projects/*/locations/*/keyRings/*/cryptoKeys/*`.
+ "versionTemplate": { # A CryptoKeyVersionTemplate specifies the properties to use when creating # A template describing settings for new CryptoKeyVersion instances.
+ # The properties of new CryptoKeyVersion instances created by either
+ # CreateCryptoKeyVersion or
+ # auto-rotation are controlled by this template.
+ # a new CryptoKeyVersion, either manually with
+ # CreateCryptoKeyVersion or
+ # automatically as a result of auto-rotation.
+ "algorithm": "A String", # Required. Algorithm to use
+ # when creating a CryptoKeyVersion based on this template.
#
- # 1. Create a new version of this CryptoKey.
- # 2. Mark the new version as primary.
- #
- # Key rotations performed manually via
- # CreateCryptoKeyVersion and
- # UpdateCryptoKeyPrimaryVersion
- # do not affect next_rotation_time.
- #
- # Keys with purpose
- # ENCRYPT_DECRYPT support
- # automatic rotation. For other keys, this field must be omitted.
- "labels": { # Labels with user-defined metadata. For more information, see
- # [Labeling Keys](/kms/docs/labeling-keys).
- "a_key": "A String",
- },
- "createTime": "A String", # Output only. The time at which this CryptoKey was created.
- }</pre>
+ # For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both
+ # this field is omitted and CryptoKey.purpose is
+ # ENCRYPT_DECRYPT.
+ "protectionLevel": "A String", # ProtectionLevel to use when creating a CryptoKeyVersion based on
+ # this template. Immutable. Defaults to SOFTWARE.
+ },
+ "purpose": "A String", # Immutable. The immutable purpose of this CryptoKey.
+ }</pre>
</div>
<div class="method">
@@ -678,6 +678,18 @@
#
# For a description of IAM and its features, see the
# [IAM documentation](https://cloud.google.com/iam/docs/).
+ "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help
+ # prevent simultaneous updates of a policy from overwriting each other.
+ # It is strongly suggested that systems make use of the `etag` in the
+ # read-modify-write cycle to perform policy updates in order to avoid race
+ # conditions: An `etag` is returned in the response to `getIamPolicy`, and
+ # systems are expected to put that etag in the request to `setIamPolicy` to
+ # ensure that their change will be applied to the same version of the policy.
+ #
+ # **Important:** If you use IAM Conditions, you must include the `etag` field
+ # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
+ # you to overwrite a version `3` policy with a version `1` policy, and all of
+ # the conditions in the version `3` policy are lost.
"version": 42, # Specifies the format of the policy.
#
# Valid values are `0`, `1`, and `3`. Requests that specify an invalid value
@@ -791,53 +803,6 @@
# `condition` that determines how and when the `bindings` are applied. Each
# of the `bindings` must contain at least one member.
{ # Associates `members` with a `role`.
- "members": [ # Specifies the identities requesting access for a Cloud Platform resource.
- # `members` can have the following values:
- #
- # * `allUsers`: A special identifier that represents anyone who is
- # on the internet; with or without a Google account.
- #
- # * `allAuthenticatedUsers`: A special identifier that represents anyone
- # who is authenticated with a Google account or a service account.
- #
- # * `user:{emailid}`: An email address that represents a specific Google
- # account. For example, `alice@example.com` .
- #
- #
- # * `serviceAccount:{emailid}`: An email address that represents a service
- # account. For example, `my-other-app@appspot.gserviceaccount.com`.
- #
- # * `group:{emailid}`: An email address that represents a Google group.
- # For example, `admins@example.com`.
- #
- # * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique
- # identifier) representing a user that has been recently deleted. For
- # example, `alice@example.com?uid=123456789012345678901`. If the user is
- # recovered, this value reverts to `user:{emailid}` and the recovered user
- # retains the role in the binding.
- #
- # * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus
- # unique identifier) representing a service account that has been recently
- # deleted. For example,
- # `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.
- # If the service account is undeleted, this value reverts to
- # `serviceAccount:{emailid}` and the undeleted service account retains the
- # role in the binding.
- #
- # * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique
- # identifier) representing a Google group that has been recently
- # deleted. For example, `admins@example.com?uid=123456789012345678901`. If
- # the group is recovered, this value reverts to `group:{emailid}` and the
- # recovered group retains the role in the binding.
- #
- #
- # * `domain:{domain}`: The G Suite domain (primary) that represents all the
- # users of that domain. For example, `google.com` or `example.com`.
- #
- "A String",
- ],
- "role": "A String", # Role that is assigned to `members`.
- # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
"condition": { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.
#
# If the condition evaluates to `true`, then this binding applies to the
@@ -890,30 +855,70 @@
"expression": "A String", # Textual representation of an expression in Common Expression Language
# syntax.
},
+ "members": [ # Specifies the identities requesting access for a Cloud Platform resource.
+ # `members` can have the following values:
+ #
+ # * `allUsers`: A special identifier that represents anyone who is
+ # on the internet; with or without a Google account.
+ #
+ # * `allAuthenticatedUsers`: A special identifier that represents anyone
+ # who is authenticated with a Google account or a service account.
+ #
+ # * `user:{emailid}`: An email address that represents a specific Google
+ # account. For example, `alice@example.com` .
+ #
+ #
+ # * `serviceAccount:{emailid}`: An email address that represents a service
+ # account. For example, `my-other-app@appspot.gserviceaccount.com`.
+ #
+ # * `group:{emailid}`: An email address that represents a Google group.
+ # For example, `admins@example.com`.
+ #
+ # * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique
+ # identifier) representing a user that has been recently deleted. For
+ # example, `alice@example.com?uid=123456789012345678901`. If the user is
+ # recovered, this value reverts to `user:{emailid}` and the recovered user
+ # retains the role in the binding.
+ #
+ # * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus
+ # unique identifier) representing a service account that has been recently
+ # deleted. For example,
+ # `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.
+ # If the service account is undeleted, this value reverts to
+ # `serviceAccount:{emailid}` and the undeleted service account retains the
+ # role in the binding.
+ #
+ # * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique
+ # identifier) representing a Google group that has been recently
+ # deleted. For example, `admins@example.com?uid=123456789012345678901`. If
+ # the group is recovered, this value reverts to `group:{emailid}` and the
+ # recovered group retains the role in the binding.
+ #
+ #
+ # * `domain:{domain}`: The G Suite domain (primary) that represents all the
+ # users of that domain. For example, `google.com` or `example.com`.
+ #
+ "A String",
+ ],
+ "role": "A String", # Role that is assigned to `members`.
+ # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
},
],
- "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help
- # prevent simultaneous updates of a policy from overwriting each other.
- # It is strongly suggested that systems make use of the `etag` in the
- # read-modify-write cycle to perform policy updates in order to avoid race
- # conditions: An `etag` is returned in the response to `getIamPolicy`, and
- # systems are expected to put that etag in the request to `setIamPolicy` to
- # ensure that their change will be applied to the same version of the policy.
- #
- # **Important:** If you use IAM Conditions, you must include the `etag` field
- # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
- # you to overwrite a version `3` policy with a version `1` policy, and all of
- # the conditions in the version `3` policy are lost.
}</pre>
</div>
<div class="method">
- <code class="details" id="list">list(parent, filter=None, pageToken=None, pageSize=None, orderBy=None, versionView=None, x__xgafv=None)</code>
+ <code class="details" id="list">list(parent, orderBy=None, versionView=None, filter=None, pageToken=None, pageSize=None, x__xgafv=None)</code>
<pre>Lists CryptoKeys.
Args:
parent: string, Required. The resource name of the KeyRing to list, in the format
`projects/*/locations/*/keyRings/*`. (required)
+ orderBy: string, Optional. Specify how the results should be sorted. If not specified, the
+results will be sorted in the default order. For more information, see
+[Sorting and filtering list
+results](https://cloud.google.com/kms/docs/sorting-and-filtering).
+ versionView: string, The fields of the primary version to include in the response.
filter: string, Optional. Only include resources that match the filter in the response. For
more information, see
[Sorting and filtering list
@@ -924,11 +929,6 @@
response. Further CryptoKeys can subsequently be obtained by
including the ListCryptoKeysResponse.next_page_token in a subsequent
request. If unspecified, the server will pick an appropriate default.
- orderBy: string, Optional. Specify how the results should be sorted. If not specified, the
-results will be sorted in the default order. For more information, see
-[Sorting and filtering list
-results](https://cloud.google.com/kms/docs/sorting-and-filtering).
- versionView: string, The fields of the primary version to include in the response.
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
@@ -942,118 +942,118 @@
# ListCryptoKeysRequest.page_token to retrieve the next page of results.
"cryptoKeys": [ # The list of CryptoKeys.
{ # A CryptoKey represents a logical key that can be used for cryptographic
- # operations.
+ # operations.
+ #
+ # A CryptoKey is made up of zero or more versions,
+ # which represent the actual key material used in cryptographic operations.
+ "nextRotationTime": "A String", # At next_rotation_time, the Key Management Service will automatically:
#
- # A CryptoKey is made up of zero or more versions,
- # which represent the actual key material used in cryptographic operations.
- "rotationPeriod": "A String", # next_rotation_time will be advanced by this period when the service
- # automatically rotates a key. Must be at least 24 hours and at most
- # 876,000 hours.
- #
- # If rotation_period is set, next_rotation_time must also be set.
- #
- # Keys with purpose
- # ENCRYPT_DECRYPT support
- # automatic rotation. For other keys, this field must be omitted.
- "primary": { # A CryptoKeyVersion represents an individual cryptographic key, and the # Output only. A copy of the "primary" CryptoKeyVersion that will be used
- # by Encrypt when this CryptoKey is given
- # in EncryptRequest.name.
- #
- # The CryptoKey's primary version can be updated via
- # UpdateCryptoKeyPrimaryVersion.
- #
- # Keys with purpose
- # ENCRYPT_DECRYPT may have a
- # primary. For other keys, this field will be omitted.
- # associated key material.
- #
- # An ENABLED version can be
- # used for cryptographic operations.
- #
- # For security reasons, the raw cryptographic key material represented by a
- # CryptoKeyVersion can never be viewed or exported. It can only be used to
- # encrypt, decrypt, or sign data when an authorized user or application invokes
- # Cloud KMS.
- "importTime": "A String", # Output only. The time at which this CryptoKeyVersion's key material
- # was imported.
- "destroyEventTime": "A String", # Output only. The time this CryptoKeyVersion's key material was
- # destroyed. Only present if state is
- # DESTROYED.
- "destroyTime": "A String", # Output only. The time this CryptoKeyVersion's key material is scheduled
- # for destruction. Only present if state is
- # DESTROY_SCHEDULED.
- "importFailureReason": "A String", # Output only. The root cause of an import failure. Only present if
- # state is
- # IMPORT_FAILED.
- "state": "A String", # The current state of the CryptoKeyVersion.
- "attestation": { # Contains an HSM-generated attestation about a key operation. For more # Output only. Statement that was generated and signed by the HSM at key
- # creation time. Use this statement to verify attributes of the key as stored
- # on the HSM, independently of Google. Only provided for key versions with
- # protection_level HSM.
- # information, see [Verifying attestations]
- # (https://cloud.google.com/kms/docs/attest-key).
- "format": "A String", # Output only. The format of the attestation data.
- "content": "A String", # Output only. The attestation data provided by the HSM when the key
- # operation was performed.
- },
- "name": "A String", # Output only. The resource name for this CryptoKeyVersion in the format
- # `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.
- "generateTime": "A String", # Output only. The time this CryptoKeyVersion's key material was
- # generated.
- "protectionLevel": "A String", # Output only. The ProtectionLevel describing how crypto operations are
- # performed with this CryptoKeyVersion.
- "createTime": "A String", # Output only. The time at which this CryptoKeyVersion was created.
- "algorithm": "A String", # Output only. The CryptoKeyVersionAlgorithm that this
- # CryptoKeyVersion supports.
- "importJob": "A String", # Output only. The name of the ImportJob used to import this
- # CryptoKeyVersion. Only present if the underlying key material was
- # imported.
- "externalProtectionLevelOptions": { # ExternalProtectionLevelOptions stores a group of additional fields for # ExternalProtectionLevelOptions stores a group of additional fields for
- # configuring a CryptoKeyVersion that are specific to the
- # EXTERNAL protection level.
- # configuring a CryptoKeyVersion that are specific to the
- # EXTERNAL protection level.
- "externalKeyUri": "A String", # The URI for an external resource that this CryptoKeyVersion represents.
- },
- },
- "name": "A String", # Output only. The resource name for this CryptoKey in the format
- # `projects/*/locations/*/keyRings/*/cryptoKeys/*`.
- "versionTemplate": { # A CryptoKeyVersionTemplate specifies the properties to use when creating # A template describing settings for new CryptoKeyVersion instances.
- # The properties of new CryptoKeyVersion instances created by either
- # CreateCryptoKeyVersion or
- # auto-rotation are controlled by this template.
- # a new CryptoKeyVersion, either manually with
- # CreateCryptoKeyVersion or
- # automatically as a result of auto-rotation.
- "algorithm": "A String", # Required. Algorithm to use
- # when creating a CryptoKeyVersion based on this template.
- #
- # For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both
- # this field is omitted and CryptoKey.purpose is
- # ENCRYPT_DECRYPT.
- "protectionLevel": "A String", # ProtectionLevel to use when creating a CryptoKeyVersion based on
- # this template. Immutable. Defaults to SOFTWARE.
- },
- "purpose": "A String", # Immutable. The immutable purpose of this CryptoKey.
- "nextRotationTime": "A String", # At next_rotation_time, the Key Management Service will automatically:
- #
- # 1. Create a new version of this CryptoKey.
- # 2. Mark the new version as primary.
- #
- # Key rotations performed manually via
- # CreateCryptoKeyVersion and
- # UpdateCryptoKeyPrimaryVersion
- # do not affect next_rotation_time.
- #
- # Keys with purpose
- # ENCRYPT_DECRYPT support
- # automatic rotation. For other keys, this field must be omitted.
- "labels": { # Labels with user-defined metadata. For more information, see
- # [Labeling Keys](/kms/docs/labeling-keys).
- "a_key": "A String",
- },
- "createTime": "A String", # Output only. The time at which this CryptoKey was created.
+ # 1. Create a new version of this CryptoKey.
+ # 2. Mark the new version as primary.
+ #
+ # Key rotations performed manually via
+ # CreateCryptoKeyVersion and
+ # UpdateCryptoKeyPrimaryVersion
+ # do not affect next_rotation_time.
+ #
+ # Keys with purpose
+ # ENCRYPT_DECRYPT support
+ # automatic rotation. For other keys, this field must be omitted.
+ "labels": { # Labels with user-defined metadata. For more information, see
+ # [Labeling Keys](/kms/docs/labeling-keys).
+ "a_key": "A String",
},
+ "createTime": "A String", # Output only. The time at which this CryptoKey was created.
+ "rotationPeriod": "A String", # next_rotation_time will be advanced by this period when the service
+ # automatically rotates a key. Must be at least 24 hours and at most
+ # 876,000 hours.
+ #
+ # If rotation_period is set, next_rotation_time must also be set.
+ #
+ # Keys with purpose
+ # ENCRYPT_DECRYPT support
+ # automatic rotation. For other keys, this field must be omitted.
+ "primary": { # A CryptoKeyVersion represents an individual cryptographic key, and the # Output only. A copy of the "primary" CryptoKeyVersion that will be used
+ # by Encrypt when this CryptoKey is given
+ # in EncryptRequest.name.
+ #
+ # The CryptoKey's primary version can be updated via
+ # UpdateCryptoKeyPrimaryVersion.
+ #
+ # Keys with purpose
+ # ENCRYPT_DECRYPT may have a
+ # primary. For other keys, this field will be omitted.
+ # associated key material.
+ #
+ # An ENABLED version can be
+ # used for cryptographic operations.
+ #
+ # For security reasons, the raw cryptographic key material represented by a
+ # CryptoKeyVersion can never be viewed or exported. It can only be used to
+ # encrypt, decrypt, or sign data when an authorized user or application invokes
+ # Cloud KMS.
+ "createTime": "A String", # Output only. The time at which this CryptoKeyVersion was created.
+ "algorithm": "A String", # Output only. The CryptoKeyVersionAlgorithm that this
+ # CryptoKeyVersion supports.
+ "importJob": "A String", # Output only. The name of the ImportJob used to import this
+ # CryptoKeyVersion. Only present if the underlying key material was
+ # imported.
+ "externalProtectionLevelOptions": { # ExternalProtectionLevelOptions stores a group of additional fields for # ExternalProtectionLevelOptions stores a group of additional fields for
+ # configuring a CryptoKeyVersion that are specific to the
+ # EXTERNAL protection level.
+ # configuring a CryptoKeyVersion that are specific to the
+ # EXTERNAL protection level.
+ "externalKeyUri": "A String", # The URI for an external resource that this CryptoKeyVersion represents.
+ },
+ "destroyEventTime": "A String", # Output only. The time this CryptoKeyVersion's key material was
+ # destroyed. Only present if state is
+ # DESTROYED.
+ "importTime": "A String", # Output only. The time at which this CryptoKeyVersion's key material
+ # was imported.
+ "destroyTime": "A String", # Output only. The time this CryptoKeyVersion's key material is scheduled
+ # for destruction. Only present if state is
+ # DESTROY_SCHEDULED.
+ "importFailureReason": "A String", # Output only. The root cause of an import failure. Only present if
+ # state is
+ # IMPORT_FAILED.
+ "state": "A String", # The current state of the CryptoKeyVersion.
+ "name": "A String", # Output only. The resource name for this CryptoKeyVersion in the format
+ # `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.
+ "attestation": { # Contains an HSM-generated attestation about a key operation. For more # Output only. Statement that was generated and signed by the HSM at key
+ # creation time. Use this statement to verify attributes of the key as stored
+ # on the HSM, independently of Google. Only provided for key versions with
+ # protection_level HSM.
+ # information, see [Verifying attestations]
+ # (https://cloud.google.com/kms/docs/attest-key).
+ "format": "A String", # Output only. The format of the attestation data.
+ "content": "A String", # Output only. The attestation data provided by the HSM when the key
+ # operation was performed.
+ },
+ "generateTime": "A String", # Output only. The time this CryptoKeyVersion's key material was
+ # generated.
+ "protectionLevel": "A String", # Output only. The ProtectionLevel describing how crypto operations are
+ # performed with this CryptoKeyVersion.
+ },
+ "name": "A String", # Output only. The resource name for this CryptoKey in the format
+ # `projects/*/locations/*/keyRings/*/cryptoKeys/*`.
+ "versionTemplate": { # A CryptoKeyVersionTemplate specifies the properties to use when creating # A template describing settings for new CryptoKeyVersion instances.
+ # The properties of new CryptoKeyVersion instances created by either
+ # CreateCryptoKeyVersion or
+ # auto-rotation are controlled by this template.
+ # a new CryptoKeyVersion, either manually with
+ # CreateCryptoKeyVersion or
+ # automatically as a result of auto-rotation.
+ "algorithm": "A String", # Required. Algorithm to use
+ # when creating a CryptoKeyVersion based on this template.
+ #
+ # For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both
+ # this field is omitted and CryptoKey.purpose is
+ # ENCRYPT_DECRYPT.
+ "protectionLevel": "A String", # ProtectionLevel to use when creating a CryptoKeyVersion based on
+ # this template. Immutable. Defaults to SOFTWARE.
+ },
+ "purpose": "A String", # Immutable. The immutable purpose of this CryptoKey.
+ },
],
"totalSize": 42, # The total number of CryptoKeys that matched the query.
}</pre>
@@ -1084,26 +1084,167 @@
The object takes the form of:
{ # A CryptoKey represents a logical key that can be used for cryptographic
- # operations.
+ # operations.
+ #
+ # A CryptoKey is made up of zero or more versions,
+ # which represent the actual key material used in cryptographic operations.
+ "nextRotationTime": "A String", # At next_rotation_time, the Key Management Service will automatically:
#
+ # 1. Create a new version of this CryptoKey.
+ # 2. Mark the new version as primary.
+ #
+ # Key rotations performed manually via
+ # CreateCryptoKeyVersion and
+ # UpdateCryptoKeyPrimaryVersion
+ # do not affect next_rotation_time.
+ #
+ # Keys with purpose
+ # ENCRYPT_DECRYPT support
+ # automatic rotation. For other keys, this field must be omitted.
+ "labels": { # Labels with user-defined metadata. For more information, see
+ # [Labeling Keys](/kms/docs/labeling-keys).
+ "a_key": "A String",
+ },
+ "createTime": "A String", # Output only. The time at which this CryptoKey was created.
+ "rotationPeriod": "A String", # next_rotation_time will be advanced by this period when the service
+ # automatically rotates a key. Must be at least 24 hours and at most
+ # 876,000 hours.
+ #
+ # If rotation_period is set, next_rotation_time must also be set.
+ #
+ # Keys with purpose
+ # ENCRYPT_DECRYPT support
+ # automatic rotation. For other keys, this field must be omitted.
+ "primary": { # A CryptoKeyVersion represents an individual cryptographic key, and the # Output only. A copy of the "primary" CryptoKeyVersion that will be used
+ # by Encrypt when this CryptoKey is given
+ # in EncryptRequest.name.
+ #
+ # The CryptoKey's primary version can be updated via
+ # UpdateCryptoKeyPrimaryVersion.
+ #
+ # Keys with purpose
+ # ENCRYPT_DECRYPT may have a
+ # primary. For other keys, this field will be omitted.
+ # associated key material.
+ #
+ # An ENABLED version can be
+ # used for cryptographic operations.
+ #
+ # For security reasons, the raw cryptographic key material represented by a
+ # CryptoKeyVersion can never be viewed or exported. It can only be used to
+ # encrypt, decrypt, or sign data when an authorized user or application invokes
+ # Cloud KMS.
+ "createTime": "A String", # Output only. The time at which this CryptoKeyVersion was created.
+ "algorithm": "A String", # Output only. The CryptoKeyVersionAlgorithm that this
+ # CryptoKeyVersion supports.
+ "importJob": "A String", # Output only. The name of the ImportJob used to import this
+ # CryptoKeyVersion. Only present if the underlying key material was
+ # imported.
+ "externalProtectionLevelOptions": { # ExternalProtectionLevelOptions stores a group of additional fields for # ExternalProtectionLevelOptions stores a group of additional fields for
+ # configuring a CryptoKeyVersion that are specific to the
+ # EXTERNAL protection level.
+ # configuring a CryptoKeyVersion that are specific to the
+ # EXTERNAL protection level.
+ "externalKeyUri": "A String", # The URI for an external resource that this CryptoKeyVersion represents.
+ },
+ "destroyEventTime": "A String", # Output only. The time this CryptoKeyVersion's key material was
+ # destroyed. Only present if state is
+ # DESTROYED.
+ "importTime": "A String", # Output only. The time at which this CryptoKeyVersion's key material
+ # was imported.
+ "destroyTime": "A String", # Output only. The time this CryptoKeyVersion's key material is scheduled
+ # for destruction. Only present if state is
+ # DESTROY_SCHEDULED.
+ "importFailureReason": "A String", # Output only. The root cause of an import failure. Only present if
+ # state is
+ # IMPORT_FAILED.
+ "state": "A String", # The current state of the CryptoKeyVersion.
+ "name": "A String", # Output only. The resource name for this CryptoKeyVersion in the format
+ # `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.
+ "attestation": { # Contains an HSM-generated attestation about a key operation. For more # Output only. Statement that was generated and signed by the HSM at key
+ # creation time. Use this statement to verify attributes of the key as stored
+ # on the HSM, independently of Google. Only provided for key versions with
+ # protection_level HSM.
+ # information, see [Verifying attestations]
+ # (https://cloud.google.com/kms/docs/attest-key).
+ "format": "A String", # Output only. The format of the attestation data.
+ "content": "A String", # Output only. The attestation data provided by the HSM when the key
+ # operation was performed.
+ },
+ "generateTime": "A String", # Output only. The time this CryptoKeyVersion's key material was
+ # generated.
+ "protectionLevel": "A String", # Output only. The ProtectionLevel describing how crypto operations are
+ # performed with this CryptoKeyVersion.
+ },
+ "name": "A String", # Output only. The resource name for this CryptoKey in the format
+ # `projects/*/locations/*/keyRings/*/cryptoKeys/*`.
+ "versionTemplate": { # A CryptoKeyVersionTemplate specifies the properties to use when creating # A template describing settings for new CryptoKeyVersion instances.
+ # The properties of new CryptoKeyVersion instances created by either
+ # CreateCryptoKeyVersion or
+ # auto-rotation are controlled by this template.
+ # a new CryptoKeyVersion, either manually with
+ # CreateCryptoKeyVersion or
+ # automatically as a result of auto-rotation.
+ "algorithm": "A String", # Required. Algorithm to use
+ # when creating a CryptoKeyVersion based on this template.
+ #
+ # For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both
+ # this field is omitted and CryptoKey.purpose is
+ # ENCRYPT_DECRYPT.
+ "protectionLevel": "A String", # ProtectionLevel to use when creating a CryptoKeyVersion based on
+ # this template. Immutable. Defaults to SOFTWARE.
+ },
+ "purpose": "A String", # Immutable. The immutable purpose of this CryptoKey.
+}
+
+ updateMask: string, Required. List of fields to be updated in this request.
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # A CryptoKey represents a logical key that can be used for cryptographic
+ # operations.
+ #
# A CryptoKey is made up of zero or more versions,
# which represent the actual key material used in cryptographic operations.
+ "nextRotationTime": "A String", # At next_rotation_time, the Key Management Service will automatically:
+ #
+ # 1. Create a new version of this CryptoKey.
+ # 2. Mark the new version as primary.
+ #
+ # Key rotations performed manually via
+ # CreateCryptoKeyVersion and
+ # UpdateCryptoKeyPrimaryVersion
+ # do not affect next_rotation_time.
+ #
+ # Keys with purpose
+ # ENCRYPT_DECRYPT support
+ # automatic rotation. For other keys, this field must be omitted.
+ "labels": { # Labels with user-defined metadata. For more information, see
+ # [Labeling Keys](/kms/docs/labeling-keys).
+ "a_key": "A String",
+ },
+ "createTime": "A String", # Output only. The time at which this CryptoKey was created.
"rotationPeriod": "A String", # next_rotation_time will be advanced by this period when the service
# automatically rotates a key. Must be at least 24 hours and at most
# 876,000 hours.
- #
+ #
# If rotation_period is set, next_rotation_time must also be set.
- #
+ #
# Keys with purpose
# ENCRYPT_DECRYPT support
# automatic rotation. For other keys, this field must be omitted.
"primary": { # A CryptoKeyVersion represents an individual cryptographic key, and the # Output only. A copy of the "primary" CryptoKeyVersion that will be used
# by Encrypt when this CryptoKey is given
# in EncryptRequest.name.
- #
+ #
# The CryptoKey's primary version can be updated via
# UpdateCryptoKeyPrimaryVersion.
- #
+ #
# Keys with purpose
# ENCRYPT_DECRYPT may have a
# primary. For other keys, this field will be omitted.
@@ -1116,34 +1257,6 @@
# CryptoKeyVersion can never be viewed or exported. It can only be used to
# encrypt, decrypt, or sign data when an authorized user or application invokes
# Cloud KMS.
- "importTime": "A String", # Output only. The time at which this CryptoKeyVersion's key material
- # was imported.
- "destroyEventTime": "A String", # Output only. The time this CryptoKeyVersion's key material was
- # destroyed. Only present if state is
- # DESTROYED.
- "destroyTime": "A String", # Output only. The time this CryptoKeyVersion's key material is scheduled
- # for destruction. Only present if state is
- # DESTROY_SCHEDULED.
- "importFailureReason": "A String", # Output only. The root cause of an import failure. Only present if
- # state is
- # IMPORT_FAILED.
- "state": "A String", # The current state of the CryptoKeyVersion.
- "attestation": { # Contains an HSM-generated attestation about a key operation. For more # Output only. Statement that was generated and signed by the HSM at key
- # creation time. Use this statement to verify attributes of the key as stored
- # on the HSM, independently of Google. Only provided for key versions with
- # protection_level HSM.
- # information, see [Verifying attestations]
- # (https://cloud.google.com/kms/docs/attest-key).
- "format": "A String", # Output only. The format of the attestation data.
- "content": "A String", # Output only. The attestation data provided by the HSM when the key
- # operation was performed.
- },
- "name": "A String", # Output only. The resource name for this CryptoKeyVersion in the format
- # `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.
- "generateTime": "A String", # Output only. The time this CryptoKeyVersion's key material was
- # generated.
- "protectionLevel": "A String", # Output only. The ProtectionLevel describing how crypto operations are
- # performed with this CryptoKeyVersion.
"createTime": "A String", # Output only. The time at which this CryptoKeyVersion was created.
"algorithm": "A String", # Output only. The CryptoKeyVersionAlgorithm that this
# CryptoKeyVersion supports.
@@ -1157,6 +1270,34 @@
# EXTERNAL protection level.
"externalKeyUri": "A String", # The URI for an external resource that this CryptoKeyVersion represents.
},
+ "destroyEventTime": "A String", # Output only. The time this CryptoKeyVersion's key material was
+ # destroyed. Only present if state is
+ # DESTROYED.
+ "importTime": "A String", # Output only. The time at which this CryptoKeyVersion's key material
+ # was imported.
+ "destroyTime": "A String", # Output only. The time this CryptoKeyVersion's key material is scheduled
+ # for destruction. Only present if state is
+ # DESTROY_SCHEDULED.
+ "importFailureReason": "A String", # Output only. The root cause of an import failure. Only present if
+ # state is
+ # IMPORT_FAILED.
+ "state": "A String", # The current state of the CryptoKeyVersion.
+ "name": "A String", # Output only. The resource name for this CryptoKeyVersion in the format
+ # `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.
+ "attestation": { # Contains an HSM-generated attestation about a key operation. For more # Output only. Statement that was generated and signed by the HSM at key
+ # creation time. Use this statement to verify attributes of the key as stored
+ # on the HSM, independently of Google. Only provided for key versions with
+ # protection_level HSM.
+ # information, see [Verifying attestations]
+ # (https://cloud.google.com/kms/docs/attest-key).
+ "format": "A String", # Output only. The format of the attestation data.
+ "content": "A String", # Output only. The attestation data provided by the HSM when the key
+ # operation was performed.
+ },
+ "generateTime": "A String", # Output only. The time this CryptoKeyVersion's key material was
+ # generated.
+ "protectionLevel": "A String", # Output only. The ProtectionLevel describing how crypto operations are
+ # performed with this CryptoKeyVersion.
},
"name": "A String", # Output only. The resource name for this CryptoKey in the format
# `projects/*/locations/*/keyRings/*/cryptoKeys/*`.
@@ -1177,148 +1318,7 @@
# this template. Immutable. Defaults to SOFTWARE.
},
"purpose": "A String", # Immutable. The immutable purpose of this CryptoKey.
- "nextRotationTime": "A String", # At next_rotation_time, the Key Management Service will automatically:
- #
- # 1. Create a new version of this CryptoKey.
- # 2. Mark the new version as primary.
- #
- # Key rotations performed manually via
- # CreateCryptoKeyVersion and
- # UpdateCryptoKeyPrimaryVersion
- # do not affect next_rotation_time.
- #
- # Keys with purpose
- # ENCRYPT_DECRYPT support
- # automatic rotation. For other keys, this field must be omitted.
- "labels": { # Labels with user-defined metadata. For more information, see
- # [Labeling Keys](/kms/docs/labeling-keys).
- "a_key": "A String",
- },
- "createTime": "A String", # Output only. The time at which this CryptoKey was created.
- }
-
- updateMask: string, Required. List of fields to be updated in this request.
- x__xgafv: string, V1 error format.
- Allowed values
- 1 - v1 error format
- 2 - v2 error format
-
-Returns:
- An object of the form:
-
- { # A CryptoKey represents a logical key that can be used for cryptographic
- # operations.
- #
- # A CryptoKey is made up of zero or more versions,
- # which represent the actual key material used in cryptographic operations.
- "rotationPeriod": "A String", # next_rotation_time will be advanced by this period when the service
- # automatically rotates a key. Must be at least 24 hours and at most
- # 876,000 hours.
- #
- # If rotation_period is set, next_rotation_time must also be set.
- #
- # Keys with purpose
- # ENCRYPT_DECRYPT support
- # automatic rotation. For other keys, this field must be omitted.
- "primary": { # A CryptoKeyVersion represents an individual cryptographic key, and the # Output only. A copy of the "primary" CryptoKeyVersion that will be used
- # by Encrypt when this CryptoKey is given
- # in EncryptRequest.name.
- #
- # The CryptoKey's primary version can be updated via
- # UpdateCryptoKeyPrimaryVersion.
- #
- # Keys with purpose
- # ENCRYPT_DECRYPT may have a
- # primary. For other keys, this field will be omitted.
- # associated key material.
- #
- # An ENABLED version can be
- # used for cryptographic operations.
- #
- # For security reasons, the raw cryptographic key material represented by a
- # CryptoKeyVersion can never be viewed or exported. It can only be used to
- # encrypt, decrypt, or sign data when an authorized user or application invokes
- # Cloud KMS.
- "importTime": "A String", # Output only. The time at which this CryptoKeyVersion's key material
- # was imported.
- "destroyEventTime": "A String", # Output only. The time this CryptoKeyVersion's key material was
- # destroyed. Only present if state is
- # DESTROYED.
- "destroyTime": "A String", # Output only. The time this CryptoKeyVersion's key material is scheduled
- # for destruction. Only present if state is
- # DESTROY_SCHEDULED.
- "importFailureReason": "A String", # Output only. The root cause of an import failure. Only present if
- # state is
- # IMPORT_FAILED.
- "state": "A String", # The current state of the CryptoKeyVersion.
- "attestation": { # Contains an HSM-generated attestation about a key operation. For more # Output only. Statement that was generated and signed by the HSM at key
- # creation time. Use this statement to verify attributes of the key as stored
- # on the HSM, independently of Google. Only provided for key versions with
- # protection_level HSM.
- # information, see [Verifying attestations]
- # (https://cloud.google.com/kms/docs/attest-key).
- "format": "A String", # Output only. The format of the attestation data.
- "content": "A String", # Output only. The attestation data provided by the HSM when the key
- # operation was performed.
- },
- "name": "A String", # Output only. The resource name for this CryptoKeyVersion in the format
- # `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.
- "generateTime": "A String", # Output only. The time this CryptoKeyVersion's key material was
- # generated.
- "protectionLevel": "A String", # Output only. The ProtectionLevel describing how crypto operations are
- # performed with this CryptoKeyVersion.
- "createTime": "A String", # Output only. The time at which this CryptoKeyVersion was created.
- "algorithm": "A String", # Output only. The CryptoKeyVersionAlgorithm that this
- # CryptoKeyVersion supports.
- "importJob": "A String", # Output only. The name of the ImportJob used to import this
- # CryptoKeyVersion. Only present if the underlying key material was
- # imported.
- "externalProtectionLevelOptions": { # ExternalProtectionLevelOptions stores a group of additional fields for # ExternalProtectionLevelOptions stores a group of additional fields for
- # configuring a CryptoKeyVersion that are specific to the
- # EXTERNAL protection level.
- # configuring a CryptoKeyVersion that are specific to the
- # EXTERNAL protection level.
- "externalKeyUri": "A String", # The URI for an external resource that this CryptoKeyVersion represents.
- },
- },
- "name": "A String", # Output only. The resource name for this CryptoKey in the format
- # `projects/*/locations/*/keyRings/*/cryptoKeys/*`.
- "versionTemplate": { # A CryptoKeyVersionTemplate specifies the properties to use when creating # A template describing settings for new CryptoKeyVersion instances.
- # The properties of new CryptoKeyVersion instances created by either
- # CreateCryptoKeyVersion or
- # auto-rotation are controlled by this template.
- # a new CryptoKeyVersion, either manually with
- # CreateCryptoKeyVersion or
- # automatically as a result of auto-rotation.
- "algorithm": "A String", # Required. Algorithm to use
- # when creating a CryptoKeyVersion based on this template.
- #
- # For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both
- # this field is omitted and CryptoKey.purpose is
- # ENCRYPT_DECRYPT.
- "protectionLevel": "A String", # ProtectionLevel to use when creating a CryptoKeyVersion based on
- # this template. Immutable. Defaults to SOFTWARE.
- },
- "purpose": "A String", # Immutable. The immutable purpose of this CryptoKey.
- "nextRotationTime": "A String", # At next_rotation_time, the Key Management Service will automatically:
- #
- # 1. Create a new version of this CryptoKey.
- # 2. Mark the new version as primary.
- #
- # Key rotations performed manually via
- # CreateCryptoKeyVersion and
- # UpdateCryptoKeyPrimaryVersion
- # do not affect next_rotation_time.
- #
- # Keys with purpose
- # ENCRYPT_DECRYPT support
- # automatic rotation. For other keys, this field must be omitted.
- "labels": { # Labels with user-defined metadata. For more information, see
- # [Labeling Keys](/kms/docs/labeling-keys).
- "a_key": "A String",
- },
- "createTime": "A String", # Output only. The time at which this CryptoKey was created.
- }</pre>
+ }</pre>
</div>
<div class="method">
@@ -1405,6 +1405,18 @@
#
# For a description of IAM and its features, see the
# [IAM documentation](https://cloud.google.com/iam/docs/).
+ "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help
+ # prevent simultaneous updates of a policy from overwriting each other.
+ # It is strongly suggested that systems make use of the `etag` in the
+ # read-modify-write cycle to perform policy updates in order to avoid race
+ # conditions: An `etag` is returned in the response to `getIamPolicy`, and
+ # systems are expected to put that etag in the request to `setIamPolicy` to
+ # ensure that their change will be applied to the same version of the policy.
+ #
+ # **Important:** If you use IAM Conditions, you must include the `etag` field
+ # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
+ # you to overwrite a version `3` policy with a version `1` policy, and all of
+ # the conditions in the version `3` policy are lost.
"version": 42, # Specifies the format of the policy.
#
# Valid values are `0`, `1`, and `3`. Requests that specify an invalid value
@@ -1518,53 +1530,6 @@
# `condition` that determines how and when the `bindings` are applied. Each
# of the `bindings` must contain at least one member.
{ # Associates `members` with a `role`.
- "members": [ # Specifies the identities requesting access for a Cloud Platform resource.
- # `members` can have the following values:
- #
- # * `allUsers`: A special identifier that represents anyone who is
- # on the internet; with or without a Google account.
- #
- # * `allAuthenticatedUsers`: A special identifier that represents anyone
- # who is authenticated with a Google account or a service account.
- #
- # * `user:{emailid}`: An email address that represents a specific Google
- # account. For example, `alice@example.com` .
- #
- #
- # * `serviceAccount:{emailid}`: An email address that represents a service
- # account. For example, `my-other-app@appspot.gserviceaccount.com`.
- #
- # * `group:{emailid}`: An email address that represents a Google group.
- # For example, `admins@example.com`.
- #
- # * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique
- # identifier) representing a user that has been recently deleted. For
- # example, `alice@example.com?uid=123456789012345678901`. If the user is
- # recovered, this value reverts to `user:{emailid}` and the recovered user
- # retains the role in the binding.
- #
- # * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus
- # unique identifier) representing a service account that has been recently
- # deleted. For example,
- # `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.
- # If the service account is undeleted, this value reverts to
- # `serviceAccount:{emailid}` and the undeleted service account retains the
- # role in the binding.
- #
- # * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique
- # identifier) representing a Google group that has been recently
- # deleted. For example, `admins@example.com?uid=123456789012345678901`. If
- # the group is recovered, this value reverts to `group:{emailid}` and the
- # recovered group retains the role in the binding.
- #
- #
- # * `domain:{domain}`: The G Suite domain (primary) that represents all the
- # users of that domain. For example, `google.com` or `example.com`.
- #
- "A String",
- ],
- "role": "A String", # Role that is assigned to `members`.
- # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
"condition": { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.
#
# If the condition evaluates to `true`, then this binding applies to the
@@ -1617,20 +1582,55 @@
"expression": "A String", # Textual representation of an expression in Common Expression Language
# syntax.
},
+ "members": [ # Specifies the identities requesting access for a Cloud Platform resource.
+ # `members` can have the following values:
+ #
+ # * `allUsers`: A special identifier that represents anyone who is
+ # on the internet; with or without a Google account.
+ #
+ # * `allAuthenticatedUsers`: A special identifier that represents anyone
+ # who is authenticated with a Google account or a service account.
+ #
+ # * `user:{emailid}`: An email address that represents a specific Google
+ # account. For example, `alice@example.com` .
+ #
+ #
+ # * `serviceAccount:{emailid}`: An email address that represents a service
+ # account. For example, `my-other-app@appspot.gserviceaccount.com`.
+ #
+ # * `group:{emailid}`: An email address that represents a Google group.
+ # For example, `admins@example.com`.
+ #
+ # * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique
+ # identifier) representing a user that has been recently deleted. For
+ # example, `alice@example.com?uid=123456789012345678901`. If the user is
+ # recovered, this value reverts to `user:{emailid}` and the recovered user
+ # retains the role in the binding.
+ #
+ # * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus
+ # unique identifier) representing a service account that has been recently
+ # deleted. For example,
+ # `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.
+ # If the service account is undeleted, this value reverts to
+ # `serviceAccount:{emailid}` and the undeleted service account retains the
+ # role in the binding.
+ #
+ # * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique
+ # identifier) representing a Google group that has been recently
+ # deleted. For example, `admins@example.com?uid=123456789012345678901`. If
+ # the group is recovered, this value reverts to `group:{emailid}` and the
+ # recovered group retains the role in the binding.
+ #
+ #
+ # * `domain:{domain}`: The G Suite domain (primary) that represents all the
+ # users of that domain. For example, `google.com` or `example.com`.
+ #
+ "A String",
+ ],
+ "role": "A String", # Role that is assigned to `members`.
+ # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
},
],
- "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help
- # prevent simultaneous updates of a policy from overwriting each other.
- # It is strongly suggested that systems make use of the `etag` in the
- # read-modify-write cycle to perform policy updates in order to avoid race
- # conditions: An `etag` is returned in the response to `getIamPolicy`, and
- # systems are expected to put that etag in the request to `setIamPolicy` to
- # ensure that their change will be applied to the same version of the policy.
- #
- # **Important:** If you use IAM Conditions, you must include the `etag` field
- # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
- # you to overwrite a version `3` policy with a version `1` policy, and all of
- # the conditions in the version `3` policy are lost.
},
"updateMask": "A String", # OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only
# the fields in the mask will be modified. If no mask is provided, the
@@ -1714,6 +1714,18 @@
#
# For a description of IAM and its features, see the
# [IAM documentation](https://cloud.google.com/iam/docs/).
+ "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help
+ # prevent simultaneous updates of a policy from overwriting each other.
+ # It is strongly suggested that systems make use of the `etag` in the
+ # read-modify-write cycle to perform policy updates in order to avoid race
+ # conditions: An `etag` is returned in the response to `getIamPolicy`, and
+ # systems are expected to put that etag in the request to `setIamPolicy` to
+ # ensure that their change will be applied to the same version of the policy.
+ #
+ # **Important:** If you use IAM Conditions, you must include the `etag` field
+ # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
+ # you to overwrite a version `3` policy with a version `1` policy, and all of
+ # the conditions in the version `3` policy are lost.
"version": 42, # Specifies the format of the policy.
#
# Valid values are `0`, `1`, and `3`. Requests that specify an invalid value
@@ -1827,53 +1839,6 @@
# `condition` that determines how and when the `bindings` are applied. Each
# of the `bindings` must contain at least one member.
{ # Associates `members` with a `role`.
- "members": [ # Specifies the identities requesting access for a Cloud Platform resource.
- # `members` can have the following values:
- #
- # * `allUsers`: A special identifier that represents anyone who is
- # on the internet; with or without a Google account.
- #
- # * `allAuthenticatedUsers`: A special identifier that represents anyone
- # who is authenticated with a Google account or a service account.
- #
- # * `user:{emailid}`: An email address that represents a specific Google
- # account. For example, `alice@example.com` .
- #
- #
- # * `serviceAccount:{emailid}`: An email address that represents a service
- # account. For example, `my-other-app@appspot.gserviceaccount.com`.
- #
- # * `group:{emailid}`: An email address that represents a Google group.
- # For example, `admins@example.com`.
- #
- # * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique
- # identifier) representing a user that has been recently deleted. For
- # example, `alice@example.com?uid=123456789012345678901`. If the user is
- # recovered, this value reverts to `user:{emailid}` and the recovered user
- # retains the role in the binding.
- #
- # * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus
- # unique identifier) representing a service account that has been recently
- # deleted. For example,
- # `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.
- # If the service account is undeleted, this value reverts to
- # `serviceAccount:{emailid}` and the undeleted service account retains the
- # role in the binding.
- #
- # * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique
- # identifier) representing a Google group that has been recently
- # deleted. For example, `admins@example.com?uid=123456789012345678901`. If
- # the group is recovered, this value reverts to `group:{emailid}` and the
- # recovered group retains the role in the binding.
- #
- #
- # * `domain:{domain}`: The G Suite domain (primary) that represents all the
- # users of that domain. For example, `google.com` or `example.com`.
- #
- "A String",
- ],
- "role": "A String", # Role that is assigned to `members`.
- # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
"condition": { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.
#
# If the condition evaluates to `true`, then this binding applies to the
@@ -1926,20 +1891,55 @@
"expression": "A String", # Textual representation of an expression in Common Expression Language
# syntax.
},
+ "members": [ # Specifies the identities requesting access for a Cloud Platform resource.
+ # `members` can have the following values:
+ #
+ # * `allUsers`: A special identifier that represents anyone who is
+ # on the internet; with or without a Google account.
+ #
+ # * `allAuthenticatedUsers`: A special identifier that represents anyone
+ # who is authenticated with a Google account or a service account.
+ #
+ # * `user:{emailid}`: An email address that represents a specific Google
+ # account. For example, `alice@example.com` .
+ #
+ #
+ # * `serviceAccount:{emailid}`: An email address that represents a service
+ # account. For example, `my-other-app@appspot.gserviceaccount.com`.
+ #
+ # * `group:{emailid}`: An email address that represents a Google group.
+ # For example, `admins@example.com`.
+ #
+ # * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique
+ # identifier) representing a user that has been recently deleted. For
+ # example, `alice@example.com?uid=123456789012345678901`. If the user is
+ # recovered, this value reverts to `user:{emailid}` and the recovered user
+ # retains the role in the binding.
+ #
+ # * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus
+ # unique identifier) representing a service account that has been recently
+ # deleted. For example,
+ # `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.
+ # If the service account is undeleted, this value reverts to
+ # `serviceAccount:{emailid}` and the undeleted service account retains the
+ # role in the binding.
+ #
+ # * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique
+ # identifier) representing a Google group that has been recently
+ # deleted. For example, `admins@example.com?uid=123456789012345678901`. If
+ # the group is recovered, this value reverts to `group:{emailid}` and the
+ # recovered group retains the role in the binding.
+ #
+ #
+ # * `domain:{domain}`: The G Suite domain (primary) that represents all the
+ # users of that domain. For example, `google.com` or `example.com`.
+ #
+ "A String",
+ ],
+ "role": "A String", # Role that is assigned to `members`.
+ # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
},
],
- "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help
- # prevent simultaneous updates of a policy from overwriting each other.
- # It is strongly suggested that systems make use of the `etag` in the
- # read-modify-write cycle to perform policy updates in order to avoid race
- # conditions: An `etag` is returned in the response to `getIamPolicy`, and
- # systems are expected to put that etag in the request to `setIamPolicy` to
- # ensure that their change will be applied to the same version of the policy.
- #
- # **Important:** If you use IAM Conditions, you must include the `etag` field
- # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
- # you to overwrite a version `3` policy with a version `1` policy, and all of
- # the conditions in the version `3` policy are lost.
}</pre>
</div>
@@ -2008,118 +2008,118 @@
An object of the form:
{ # A CryptoKey represents a logical key that can be used for cryptographic
- # operations.
+ # operations.
+ #
+ # A CryptoKey is made up of zero or more versions,
+ # which represent the actual key material used in cryptographic operations.
+ "nextRotationTime": "A String", # At next_rotation_time, the Key Management Service will automatically:
#
- # A CryptoKey is made up of zero or more versions,
- # which represent the actual key material used in cryptographic operations.
- "rotationPeriod": "A String", # next_rotation_time will be advanced by this period when the service
- # automatically rotates a key. Must be at least 24 hours and at most
- # 876,000 hours.
- #
- # If rotation_period is set, next_rotation_time must also be set.
- #
- # Keys with purpose
- # ENCRYPT_DECRYPT support
- # automatic rotation. For other keys, this field must be omitted.
- "primary": { # A CryptoKeyVersion represents an individual cryptographic key, and the # Output only. A copy of the "primary" CryptoKeyVersion that will be used
- # by Encrypt when this CryptoKey is given
- # in EncryptRequest.name.
- #
- # The CryptoKey's primary version can be updated via
- # UpdateCryptoKeyPrimaryVersion.
- #
- # Keys with purpose
- # ENCRYPT_DECRYPT may have a
- # primary. For other keys, this field will be omitted.
- # associated key material.
- #
- # An ENABLED version can be
- # used for cryptographic operations.
- #
- # For security reasons, the raw cryptographic key material represented by a
- # CryptoKeyVersion can never be viewed or exported. It can only be used to
- # encrypt, decrypt, or sign data when an authorized user or application invokes
- # Cloud KMS.
- "importTime": "A String", # Output only. The time at which this CryptoKeyVersion's key material
- # was imported.
- "destroyEventTime": "A String", # Output only. The time this CryptoKeyVersion's key material was
- # destroyed. Only present if state is
- # DESTROYED.
- "destroyTime": "A String", # Output only. The time this CryptoKeyVersion's key material is scheduled
- # for destruction. Only present if state is
- # DESTROY_SCHEDULED.
- "importFailureReason": "A String", # Output only. The root cause of an import failure. Only present if
- # state is
- # IMPORT_FAILED.
- "state": "A String", # The current state of the CryptoKeyVersion.
- "attestation": { # Contains an HSM-generated attestation about a key operation. For more # Output only. Statement that was generated and signed by the HSM at key
- # creation time. Use this statement to verify attributes of the key as stored
- # on the HSM, independently of Google. Only provided for key versions with
- # protection_level HSM.
- # information, see [Verifying attestations]
- # (https://cloud.google.com/kms/docs/attest-key).
- "format": "A String", # Output only. The format of the attestation data.
- "content": "A String", # Output only. The attestation data provided by the HSM when the key
- # operation was performed.
- },
- "name": "A String", # Output only. The resource name for this CryptoKeyVersion in the format
- # `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.
- "generateTime": "A String", # Output only. The time this CryptoKeyVersion's key material was
- # generated.
- "protectionLevel": "A String", # Output only. The ProtectionLevel describing how crypto operations are
- # performed with this CryptoKeyVersion.
- "createTime": "A String", # Output only. The time at which this CryptoKeyVersion was created.
- "algorithm": "A String", # Output only. The CryptoKeyVersionAlgorithm that this
- # CryptoKeyVersion supports.
- "importJob": "A String", # Output only. The name of the ImportJob used to import this
- # CryptoKeyVersion. Only present if the underlying key material was
- # imported.
- "externalProtectionLevelOptions": { # ExternalProtectionLevelOptions stores a group of additional fields for # ExternalProtectionLevelOptions stores a group of additional fields for
- # configuring a CryptoKeyVersion that are specific to the
- # EXTERNAL protection level.
- # configuring a CryptoKeyVersion that are specific to the
- # EXTERNAL protection level.
- "externalKeyUri": "A String", # The URI for an external resource that this CryptoKeyVersion represents.
- },
+ # 1. Create a new version of this CryptoKey.
+ # 2. Mark the new version as primary.
+ #
+ # Key rotations performed manually via
+ # CreateCryptoKeyVersion and
+ # UpdateCryptoKeyPrimaryVersion
+ # do not affect next_rotation_time.
+ #
+ # Keys with purpose
+ # ENCRYPT_DECRYPT support
+ # automatic rotation. For other keys, this field must be omitted.
+ "labels": { # Labels with user-defined metadata. For more information, see
+ # [Labeling Keys](/kms/docs/labeling-keys).
+ "a_key": "A String",
+ },
+ "createTime": "A String", # Output only. The time at which this CryptoKey was created.
+ "rotationPeriod": "A String", # next_rotation_time will be advanced by this period when the service
+ # automatically rotates a key. Must be at least 24 hours and at most
+ # 876,000 hours.
+ #
+ # If rotation_period is set, next_rotation_time must also be set.
+ #
+ # Keys with purpose
+ # ENCRYPT_DECRYPT support
+ # automatic rotation. For other keys, this field must be omitted.
+ "primary": { # A CryptoKeyVersion represents an individual cryptographic key, and the # Output only. A copy of the "primary" CryptoKeyVersion that will be used
+ # by Encrypt when this CryptoKey is given
+ # in EncryptRequest.name.
+ #
+ # The CryptoKey's primary version can be updated via
+ # UpdateCryptoKeyPrimaryVersion.
+ #
+ # Keys with purpose
+ # ENCRYPT_DECRYPT may have a
+ # primary. For other keys, this field will be omitted.
+ # associated key material.
+ #
+ # An ENABLED version can be
+ # used for cryptographic operations.
+ #
+ # For security reasons, the raw cryptographic key material represented by a
+ # CryptoKeyVersion can never be viewed or exported. It can only be used to
+ # encrypt, decrypt, or sign data when an authorized user or application invokes
+ # Cloud KMS.
+ "createTime": "A String", # Output only. The time at which this CryptoKeyVersion was created.
+ "algorithm": "A String", # Output only. The CryptoKeyVersionAlgorithm that this
+ # CryptoKeyVersion supports.
+ "importJob": "A String", # Output only. The name of the ImportJob used to import this
+ # CryptoKeyVersion. Only present if the underlying key material was
+ # imported.
+ "externalProtectionLevelOptions": { # ExternalProtectionLevelOptions stores a group of additional fields for # ExternalProtectionLevelOptions stores a group of additional fields for
+ # configuring a CryptoKeyVersion that are specific to the
+ # EXTERNAL protection level.
+ # configuring a CryptoKeyVersion that are specific to the
+ # EXTERNAL protection level.
+ "externalKeyUri": "A String", # The URI for an external resource that this CryptoKeyVersion represents.
},
- "name": "A String", # Output only. The resource name for this CryptoKey in the format
- # `projects/*/locations/*/keyRings/*/cryptoKeys/*`.
- "versionTemplate": { # A CryptoKeyVersionTemplate specifies the properties to use when creating # A template describing settings for new CryptoKeyVersion instances.
- # The properties of new CryptoKeyVersion instances created by either
- # CreateCryptoKeyVersion or
- # auto-rotation are controlled by this template.
- # a new CryptoKeyVersion, either manually with
- # CreateCryptoKeyVersion or
- # automatically as a result of auto-rotation.
- "algorithm": "A String", # Required. Algorithm to use
- # when creating a CryptoKeyVersion based on this template.
- #
- # For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both
- # this field is omitted and CryptoKey.purpose is
- # ENCRYPT_DECRYPT.
- "protectionLevel": "A String", # ProtectionLevel to use when creating a CryptoKeyVersion based on
- # this template. Immutable. Defaults to SOFTWARE.
+ "destroyEventTime": "A String", # Output only. The time this CryptoKeyVersion's key material was
+ # destroyed. Only present if state is
+ # DESTROYED.
+ "importTime": "A String", # Output only. The time at which this CryptoKeyVersion's key material
+ # was imported.
+ "destroyTime": "A String", # Output only. The time this CryptoKeyVersion's key material is scheduled
+ # for destruction. Only present if state is
+ # DESTROY_SCHEDULED.
+ "importFailureReason": "A String", # Output only. The root cause of an import failure. Only present if
+ # state is
+ # IMPORT_FAILED.
+ "state": "A String", # The current state of the CryptoKeyVersion.
+ "name": "A String", # Output only. The resource name for this CryptoKeyVersion in the format
+ # `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.
+ "attestation": { # Contains an HSM-generated attestation about a key operation. For more # Output only. Statement that was generated and signed by the HSM at key
+ # creation time. Use this statement to verify attributes of the key as stored
+ # on the HSM, independently of Google. Only provided for key versions with
+ # protection_level HSM.
+ # information, see [Verifying attestations]
+ # (https://cloud.google.com/kms/docs/attest-key).
+ "format": "A String", # Output only. The format of the attestation data.
+ "content": "A String", # Output only. The attestation data provided by the HSM when the key
+ # operation was performed.
},
- "purpose": "A String", # Immutable. The immutable purpose of this CryptoKey.
- "nextRotationTime": "A String", # At next_rotation_time, the Key Management Service will automatically:
+ "generateTime": "A String", # Output only. The time this CryptoKeyVersion's key material was
+ # generated.
+ "protectionLevel": "A String", # Output only. The ProtectionLevel describing how crypto operations are
+ # performed with this CryptoKeyVersion.
+ },
+ "name": "A String", # Output only. The resource name for this CryptoKey in the format
+ # `projects/*/locations/*/keyRings/*/cryptoKeys/*`.
+ "versionTemplate": { # A CryptoKeyVersionTemplate specifies the properties to use when creating # A template describing settings for new CryptoKeyVersion instances.
+ # The properties of new CryptoKeyVersion instances created by either
+ # CreateCryptoKeyVersion or
+ # auto-rotation are controlled by this template.
+ # a new CryptoKeyVersion, either manually with
+ # CreateCryptoKeyVersion or
+ # automatically as a result of auto-rotation.
+ "algorithm": "A String", # Required. Algorithm to use
+ # when creating a CryptoKeyVersion based on this template.
#
- # 1. Create a new version of this CryptoKey.
- # 2. Mark the new version as primary.
- #
- # Key rotations performed manually via
- # CreateCryptoKeyVersion and
- # UpdateCryptoKeyPrimaryVersion
- # do not affect next_rotation_time.
- #
- # Keys with purpose
- # ENCRYPT_DECRYPT support
- # automatic rotation. For other keys, this field must be omitted.
- "labels": { # Labels with user-defined metadata. For more information, see
- # [Labeling Keys](/kms/docs/labeling-keys).
- "a_key": "A String",
- },
- "createTime": "A String", # Output only. The time at which this CryptoKey was created.
- }</pre>
+ # For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both
+ # this field is omitted and CryptoKey.purpose is
+ # ENCRYPT_DECRYPT.
+ "protectionLevel": "A String", # ProtectionLevel to use when creating a CryptoKeyVersion based on
+ # this template. Immutable. Defaults to SOFTWARE.
+ },
+ "purpose": "A String", # Immutable. The immutable purpose of this CryptoKey.
+ }</pre>
</div>
</body></html>
\ No newline at end of file