blob: 773b300051931a6713729ebd35b2adf20693c6d5 [file] [log] [blame]
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -04001<html><body>
2<style>
3
4body, h1, h2, h3, div, span, p, pre, a {
5 margin: 0;
6 padding: 0;
7 border: 0;
8 font-weight: inherit;
9 font-style: inherit;
10 font-size: 100%;
11 font-family: inherit;
12 vertical-align: baseline;
13}
14
15body {
16 font-size: 13px;
17 padding: 1em;
18}
19
20h1 {
21 font-size: 26px;
22 margin-bottom: 1em;
23}
24
25h2 {
26 font-size: 24px;
27 margin-bottom: 1em;
28}
29
30h3 {
31 font-size: 20px;
32 margin-bottom: 1em;
33 margin-top: 1em;
34}
35
36pre, code {
37 line-height: 1.5;
38 font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace;
39}
40
41pre {
42 margin-top: 0.5em;
43}
44
45h1, h2, h3, p {
46 font-family: Arial, sans serif;
47}
48
49h1, h2, h3 {
50 border-bottom: solid #CCC 1px;
51}
52
53.toc_element {
54 margin-top: 0.5em;
55}
56
57.firstline {
58 margin-left: 2 em;
59}
60
61.method {
62 margin-top: 1em;
63 border: solid 1px #CCC;
64 padding: 1em;
65 background: #EEE;
66}
67
68.details {
69 font-weight: bold;
70 font-size: 14px;
71}
72
73</style>
74
Bu Sun Kim715bd7f2019-06-14 16:50:42 -070075<h1><a href="cloudkms_v1.html">Cloud Key Management Service (KMS) API</a> . <a href="cloudkms_v1.projects.html">projects</a> . <a href="cloudkms_v1.projects.locations.html">locations</a> . <a href="cloudkms_v1.projects.locations.keyRings.html">keyRings</a> . <a href="cloudkms_v1.projects.locations.keyRings.cryptoKeys.html">cryptoKeys</a></h1>
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -040076<h2>Instance Methods</h2>
77<p class="toc_element">
78 <code><a href="cloudkms_v1.projects.locations.keyRings.cryptoKeys.cryptoKeyVersions.html">cryptoKeyVersions()</a></code>
79</p>
80<p class="firstline">Returns the cryptoKeyVersions Resource.</p>
81
82<p class="toc_element">
Bu Sun Kim65020912020-05-20 12:08:20 -070083 <code><a href="#create">create(parent, body=None, cryptoKeyId=None, skipInitialVersionCreation=None, x__xgafv=None)</a></code></p>
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -040084<p class="firstline">Create a new CryptoKey within a KeyRing.</p>
85<p class="toc_element">
Dan O'Mearadd494642020-05-01 07:42:23 -070086 <code><a href="#decrypt">decrypt(name, body=None, x__xgafv=None)</a></code></p>
Bu Sun Kim715bd7f2019-06-14 16:50:42 -070087<p class="firstline">Decrypts data that was protected by Encrypt. The CryptoKey.purpose</p>
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -040088<p class="toc_element">
Dan O'Mearadd494642020-05-01 07:42:23 -070089 <code><a href="#encrypt">encrypt(name, body=None, x__xgafv=None)</a></code></p>
Sai Cheemalapati4ba8c232017-06-06 18:46:08 -040090<p class="firstline">Encrypts data, so that it can only be recovered by a call to Decrypt.</p>
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -040091<p class="toc_element">
92 <code><a href="#get">get(name, x__xgafv=None)</a></code></p>
93<p class="firstline">Returns metadata for a given CryptoKey, as well as its</p>
94<p class="toc_element">
Dan O'Mearadd494642020-05-01 07:42:23 -070095 <code><a href="#getIamPolicy">getIamPolicy(resource, options_requestedPolicyVersion=None, x__xgafv=None)</a></code></p>
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -040096<p class="firstline">Gets the access control policy for a resource.</p>
97<p class="toc_element">
Bu Sun Kim65020912020-05-20 12:08:20 -070098 <code><a href="#list">list(parent, filter=None, pageToken=None, pageSize=None, orderBy=None, versionView=None, x__xgafv=None)</a></code></p>
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -040099<p class="firstline">Lists CryptoKeys.</p>
100<p class="toc_element">
101 <code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p>
102<p class="firstline">Retrieves the next page of results.</p>
103<p class="toc_element">
Dan O'Mearadd494642020-05-01 07:42:23 -0700104 <code><a href="#patch">patch(name, body=None, updateMask=None, x__xgafv=None)</a></code></p>
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400105<p class="firstline">Update a CryptoKey.</p>
106<p class="toc_element">
Dan O'Mearadd494642020-05-01 07:42:23 -0700107 <code><a href="#setIamPolicy">setIamPolicy(resource, body=None, x__xgafv=None)</a></code></p>
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400108<p class="firstline">Sets the access control policy on the specified resource. Replaces any</p>
109<p class="toc_element">
Dan O'Mearadd494642020-05-01 07:42:23 -0700110 <code><a href="#testIamPermissions">testIamPermissions(resource, body=None, x__xgafv=None)</a></code></p>
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400111<p class="firstline">Returns permissions that a caller has on the specified resource.</p>
112<p class="toc_element">
Dan O'Mearadd494642020-05-01 07:42:23 -0700113 <code><a href="#updatePrimaryVersion">updatePrimaryVersion(name, body=None, x__xgafv=None)</a></code></p>
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700114<p class="firstline">Update the version of a CryptoKey that will be used in Encrypt.</p>
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400115<h3>Method Details</h3>
116<div class="method">
Bu Sun Kim65020912020-05-20 12:08:20 -0700117 <code class="details" id="create">create(parent, body=None, cryptoKeyId=None, skipInitialVersionCreation=None, x__xgafv=None)</code>
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400118 <pre>Create a new CryptoKey within a KeyRing.
119
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700120CryptoKey.purpose and
121CryptoKey.version_template.algorithm
122are required.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400123
124Args:
125 parent: string, Required. The name of the KeyRing associated with the
126CryptoKeys. (required)
Dan O'Mearadd494642020-05-01 07:42:23 -0700127 body: object, The request body.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400128 The object takes the form of:
129
130{ # A CryptoKey represents a logical key that can be used for cryptographic
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400131 # operations.
Bu Sun Kim65020912020-05-20 12:08:20 -0700132 #
133 # A CryptoKey is made up of zero or more versions,
134 # which represent the actual key material used in cryptographic operations.
135 &quot;rotationPeriod&quot;: &quot;A String&quot;, # next_rotation_time will be advanced by this period when the service
Dan O'Mearadd494642020-05-01 07:42:23 -0700136 # automatically rotates a key. Must be at least 24 hours and at most
137 # 876,000 hours.
Bu Sun Kim65020912020-05-20 12:08:20 -0700138 #
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400139 # If rotation_period is set, next_rotation_time must also be set.
Bu Sun Kim65020912020-05-20 12:08:20 -0700140 #
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700141 # Keys with purpose
142 # ENCRYPT_DECRYPT support
143 # automatic rotation. For other keys, this field must be omitted.
Bu Sun Kim65020912020-05-20 12:08:20 -0700144 &quot;primary&quot;: { # A CryptoKeyVersion represents an individual cryptographic key, and the # Output only. A copy of the &quot;primary&quot; CryptoKeyVersion that will be used
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400145 # by Encrypt when this CryptoKey is given
146 # in EncryptRequest.name.
Bu Sun Kim65020912020-05-20 12:08:20 -0700147 #
148 # The CryptoKey&#x27;s primary version can be updated via
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400149 # UpdateCryptoKeyPrimaryVersion.
Bu Sun Kim65020912020-05-20 12:08:20 -0700150 #
Dan O'Mearadd494642020-05-01 07:42:23 -0700151 # Keys with purpose
152 # ENCRYPT_DECRYPT may have a
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700153 # primary. For other keys, this field will be omitted.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400154 # associated key material.
155 #
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700156 # An ENABLED version can be
157 # used for cryptographic operations.
158 #
159 # For security reasons, the raw cryptographic key material represented by a
160 # CryptoKeyVersion can never be viewed or exported. It can only be used to
161 # encrypt, decrypt, or sign data when an authorized user or application invokes
162 # Cloud KMS.
Bu Sun Kim65020912020-05-20 12:08:20 -0700163 &quot;importTime&quot;: &quot;A String&quot;, # Output only. The time at which this CryptoKeyVersion&#x27;s key material
164 # was imported.
165 &quot;destroyEventTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material was
166 # destroyed. Only present if state is
167 # DESTROYED.
168 &quot;destroyTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material is scheduled
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400169 # for destruction. Only present if state is
170 # DESTROY_SCHEDULED.
Bu Sun Kim65020912020-05-20 12:08:20 -0700171 &quot;importFailureReason&quot;: &quot;A String&quot;, # Output only. The root cause of an import failure. Only present if
Dan O'Mearadd494642020-05-01 07:42:23 -0700172 # state is
173 # IMPORT_FAILED.
Bu Sun Kim65020912020-05-20 12:08:20 -0700174 &quot;state&quot;: &quot;A String&quot;, # The current state of the CryptoKeyVersion.
175 &quot;attestation&quot;: { # Contains an HSM-generated attestation about a key operation. For more # Output only. Statement that was generated and signed by the HSM at key
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700176 # creation time. Use this statement to verify attributes of the key as stored
177 # on the HSM, independently of Google. Only provided for key versions with
178 # protection_level HSM.
179 # information, see [Verifying attestations]
180 # (https://cloud.google.com/kms/docs/attest-key).
Bu Sun Kim65020912020-05-20 12:08:20 -0700181 &quot;format&quot;: &quot;A String&quot;, # Output only. The format of the attestation data.
182 &quot;content&quot;: &quot;A String&quot;, # Output only. The attestation data provided by the HSM when the key
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700183 # operation was performed.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700184 },
Bu Sun Kim65020912020-05-20 12:08:20 -0700185 &quot;name&quot;: &quot;A String&quot;, # Output only. The resource name for this CryptoKeyVersion in the format
186 # `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.
187 &quot;generateTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material was
188 # generated.
189 &quot;protectionLevel&quot;: &quot;A String&quot;, # Output only. The ProtectionLevel describing how crypto operations are
190 # performed with this CryptoKeyVersion.
191 &quot;createTime&quot;: &quot;A String&quot;, # Output only. The time at which this CryptoKeyVersion was created.
192 &quot;algorithm&quot;: &quot;A String&quot;, # Output only. The CryptoKeyVersionAlgorithm that this
193 # CryptoKeyVersion supports.
194 &quot;importJob&quot;: &quot;A String&quot;, # Output only. The name of the ImportJob used to import this
Dan O'Mearadd494642020-05-01 07:42:23 -0700195 # CryptoKeyVersion. Only present if the underlying key material was
196 # imported.
Bu Sun Kim65020912020-05-20 12:08:20 -0700197 &quot;externalProtectionLevelOptions&quot;: { # ExternalProtectionLevelOptions stores a group of additional fields for # ExternalProtectionLevelOptions stores a group of additional fields for
Dan O'Mearadd494642020-05-01 07:42:23 -0700198 # configuring a CryptoKeyVersion that are specific to the
199 # EXTERNAL protection level.
200 # configuring a CryptoKeyVersion that are specific to the
201 # EXTERNAL protection level.
Bu Sun Kim65020912020-05-20 12:08:20 -0700202 &quot;externalKeyUri&quot;: &quot;A String&quot;, # The URI for an external resource that this CryptoKeyVersion represents.
Dan O'Mearadd494642020-05-01 07:42:23 -0700203 },
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400204 },
Bu Sun Kim65020912020-05-20 12:08:20 -0700205 &quot;name&quot;: &quot;A String&quot;, # Output only. The resource name for this CryptoKey in the format
206 # `projects/*/locations/*/keyRings/*/cryptoKeys/*`.
207 &quot;versionTemplate&quot;: { # A CryptoKeyVersionTemplate specifies the properties to use when creating # A template describing settings for new CryptoKeyVersion instances.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700208 # The properties of new CryptoKeyVersion instances created by either
209 # CreateCryptoKeyVersion or
210 # auto-rotation are controlled by this template.
211 # a new CryptoKeyVersion, either manually with
212 # CreateCryptoKeyVersion or
213 # automatically as a result of auto-rotation.
Bu Sun Kim65020912020-05-20 12:08:20 -0700214 &quot;algorithm&quot;: &quot;A String&quot;, # Required. Algorithm to use
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700215 # when creating a CryptoKeyVersion based on this template.
216 #
217 # For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both
218 # this field is omitted and CryptoKey.purpose is
219 # ENCRYPT_DECRYPT.
Bu Sun Kim65020912020-05-20 12:08:20 -0700220 &quot;protectionLevel&quot;: &quot;A String&quot;, # ProtectionLevel to use when creating a CryptoKeyVersion based on
221 # this template. Immutable. Defaults to SOFTWARE.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700222 },
Bu Sun Kim65020912020-05-20 12:08:20 -0700223 &quot;purpose&quot;: &quot;A String&quot;, # Immutable. The immutable purpose of this CryptoKey.
224 &quot;nextRotationTime&quot;: &quot;A String&quot;, # At next_rotation_time, the Key Management Service will automatically:
225 #
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400226 # 1. Create a new version of this CryptoKey.
227 # 2. Mark the new version as primary.
Bu Sun Kim65020912020-05-20 12:08:20 -0700228 #
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400229 # Key rotations performed manually via
230 # CreateCryptoKeyVersion and
231 # UpdateCryptoKeyPrimaryVersion
232 # do not affect next_rotation_time.
Bu Sun Kim65020912020-05-20 12:08:20 -0700233 #
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700234 # Keys with purpose
235 # ENCRYPT_DECRYPT support
236 # automatic rotation. For other keys, this field must be omitted.
Bu Sun Kim65020912020-05-20 12:08:20 -0700237 &quot;labels&quot;: { # Labels with user-defined metadata. For more information, see
238 # [Labeling Keys](/kms/docs/labeling-keys).
239 &quot;a_key&quot;: &quot;A String&quot;,
240 },
241 &quot;createTime&quot;: &quot;A String&quot;, # Output only. The time at which this CryptoKey was created.
242 }
243
244 cryptoKeyId: string, Required. It must be unique within a KeyRing and match the regular
245expression `[a-zA-Z0-9_-]{1,63}`
246 skipInitialVersionCreation: boolean, If set to true, the request will create a CryptoKey without any
247CryptoKeyVersions. You must manually call
248CreateCryptoKeyVersion or
249ImportCryptoKeyVersion
250before you can use this CryptoKey.
251 x__xgafv: string, V1 error format.
252 Allowed values
253 1 - v1 error format
254 2 - v2 error format
255
256Returns:
257 An object of the form:
258
259 { # A CryptoKey represents a logical key that can be used for cryptographic
260 # operations.
261 #
262 # A CryptoKey is made up of zero or more versions,
263 # which represent the actual key material used in cryptographic operations.
264 &quot;rotationPeriod&quot;: &quot;A String&quot;, # next_rotation_time will be advanced by this period when the service
265 # automatically rotates a key. Must be at least 24 hours and at most
266 # 876,000 hours.
267 #
268 # If rotation_period is set, next_rotation_time must also be set.
269 #
270 # Keys with purpose
271 # ENCRYPT_DECRYPT support
272 # automatic rotation. For other keys, this field must be omitted.
273 &quot;primary&quot;: { # A CryptoKeyVersion represents an individual cryptographic key, and the # Output only. A copy of the &quot;primary&quot; CryptoKeyVersion that will be used
274 # by Encrypt when this CryptoKey is given
275 # in EncryptRequest.name.
276 #
277 # The CryptoKey&#x27;s primary version can be updated via
278 # UpdateCryptoKeyPrimaryVersion.
279 #
280 # Keys with purpose
281 # ENCRYPT_DECRYPT may have a
282 # primary. For other keys, this field will be omitted.
283 # associated key material.
284 #
285 # An ENABLED version can be
286 # used for cryptographic operations.
287 #
288 # For security reasons, the raw cryptographic key material represented by a
289 # CryptoKeyVersion can never be viewed or exported. It can only be used to
290 # encrypt, decrypt, or sign data when an authorized user or application invokes
291 # Cloud KMS.
292 &quot;importTime&quot;: &quot;A String&quot;, # Output only. The time at which this CryptoKeyVersion&#x27;s key material
293 # was imported.
294 &quot;destroyEventTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material was
295 # destroyed. Only present if state is
296 # DESTROYED.
297 &quot;destroyTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material is scheduled
298 # for destruction. Only present if state is
299 # DESTROY_SCHEDULED.
300 &quot;importFailureReason&quot;: &quot;A String&quot;, # Output only. The root cause of an import failure. Only present if
301 # state is
302 # IMPORT_FAILED.
303 &quot;state&quot;: &quot;A String&quot;, # The current state of the CryptoKeyVersion.
304 &quot;attestation&quot;: { # Contains an HSM-generated attestation about a key operation. For more # Output only. Statement that was generated and signed by the HSM at key
305 # creation time. Use this statement to verify attributes of the key as stored
306 # on the HSM, independently of Google. Only provided for key versions with
307 # protection_level HSM.
308 # information, see [Verifying attestations]
309 # (https://cloud.google.com/kms/docs/attest-key).
310 &quot;format&quot;: &quot;A String&quot;, # Output only. The format of the attestation data.
311 &quot;content&quot;: &quot;A String&quot;, # Output only. The attestation data provided by the HSM when the key
312 # operation was performed.
313 },
314 &quot;name&quot;: &quot;A String&quot;, # Output only. The resource name for this CryptoKeyVersion in the format
315 # `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.
316 &quot;generateTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material was
317 # generated.
318 &quot;protectionLevel&quot;: &quot;A String&quot;, # Output only. The ProtectionLevel describing how crypto operations are
319 # performed with this CryptoKeyVersion.
320 &quot;createTime&quot;: &quot;A String&quot;, # Output only. The time at which this CryptoKeyVersion was created.
321 &quot;algorithm&quot;: &quot;A String&quot;, # Output only. The CryptoKeyVersionAlgorithm that this
322 # CryptoKeyVersion supports.
323 &quot;importJob&quot;: &quot;A String&quot;, # Output only. The name of the ImportJob used to import this
324 # CryptoKeyVersion. Only present if the underlying key material was
325 # imported.
326 &quot;externalProtectionLevelOptions&quot;: { # ExternalProtectionLevelOptions stores a group of additional fields for # ExternalProtectionLevelOptions stores a group of additional fields for
327 # configuring a CryptoKeyVersion that are specific to the
328 # EXTERNAL protection level.
329 # configuring a CryptoKeyVersion that are specific to the
330 # EXTERNAL protection level.
331 &quot;externalKeyUri&quot;: &quot;A String&quot;, # The URI for an external resource that this CryptoKeyVersion represents.
332 },
333 },
334 &quot;name&quot;: &quot;A String&quot;, # Output only. The resource name for this CryptoKey in the format
335 # `projects/*/locations/*/keyRings/*/cryptoKeys/*`.
336 &quot;versionTemplate&quot;: { # A CryptoKeyVersionTemplate specifies the properties to use when creating # A template describing settings for new CryptoKeyVersion instances.
337 # The properties of new CryptoKeyVersion instances created by either
338 # CreateCryptoKeyVersion or
339 # auto-rotation are controlled by this template.
340 # a new CryptoKeyVersion, either manually with
341 # CreateCryptoKeyVersion or
342 # automatically as a result of auto-rotation.
343 &quot;algorithm&quot;: &quot;A String&quot;, # Required. Algorithm to use
344 # when creating a CryptoKeyVersion based on this template.
345 #
346 # For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both
347 # this field is omitted and CryptoKey.purpose is
348 # ENCRYPT_DECRYPT.
349 &quot;protectionLevel&quot;: &quot;A String&quot;, # ProtectionLevel to use when creating a CryptoKeyVersion based on
350 # this template. Immutable. Defaults to SOFTWARE.
351 },
352 &quot;purpose&quot;: &quot;A String&quot;, # Immutable. The immutable purpose of this CryptoKey.
353 &quot;nextRotationTime&quot;: &quot;A String&quot;, # At next_rotation_time, the Key Management Service will automatically:
354 #
355 # 1. Create a new version of this CryptoKey.
356 # 2. Mark the new version as primary.
357 #
358 # Key rotations performed manually via
359 # CreateCryptoKeyVersion and
360 # UpdateCryptoKeyPrimaryVersion
361 # do not affect next_rotation_time.
362 #
363 # Keys with purpose
364 # ENCRYPT_DECRYPT support
365 # automatic rotation. For other keys, this field must be omitted.
366 &quot;labels&quot;: { # Labels with user-defined metadata. For more information, see
367 # [Labeling Keys](/kms/docs/labeling-keys).
368 &quot;a_key&quot;: &quot;A String&quot;,
369 },
370 &quot;createTime&quot;: &quot;A String&quot;, # Output only. The time at which this CryptoKey was created.
371 }</pre>
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400372</div>
373
374<div class="method">
Dan O'Mearadd494642020-05-01 07:42:23 -0700375 <code class="details" id="decrypt">decrypt(name, body=None, x__xgafv=None)</code>
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700376 <pre>Decrypts data that was protected by Encrypt. The CryptoKey.purpose
377must be ENCRYPT_DECRYPT.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400378
379Args:
380 name: string, Required. The resource name of the CryptoKey to use for decryption.
381The server will choose the appropriate version. (required)
Dan O'Mearadd494642020-05-01 07:42:23 -0700382 body: object, The request body.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400383 The object takes the form of:
384
385{ # Request message for KeyManagementService.Decrypt.
Bu Sun Kim65020912020-05-20 12:08:20 -0700386 &quot;ciphertext&quot;: &quot;A String&quot;, # Required. The encrypted data originally returned in
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400387 # EncryptResponse.ciphertext.
Bu Sun Kim65020912020-05-20 12:08:20 -0700388 &quot;additionalAuthenticatedData&quot;: &quot;A String&quot;, # Optional. Optional data that must match the data originally supplied in
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400389 # EncryptRequest.additional_authenticated_data.
390 }
391
392 x__xgafv: string, V1 error format.
393 Allowed values
394 1 - v1 error format
395 2 - v2 error format
396
397Returns:
398 An object of the form:
399
400 { # Response message for KeyManagementService.Decrypt.
Bu Sun Kim65020912020-05-20 12:08:20 -0700401 &quot;plaintext&quot;: &quot;A String&quot;, # The decrypted data originally supplied in EncryptRequest.plaintext.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400402 }</pre>
403</div>
404
405<div class="method">
Dan O'Mearadd494642020-05-01 07:42:23 -0700406 <code class="details" id="encrypt">encrypt(name, body=None, x__xgafv=None)</code>
Sai Cheemalapati4ba8c232017-06-06 18:46:08 -0400407 <pre>Encrypts data, so that it can only be recovered by a call to Decrypt.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700408The CryptoKey.purpose must be
409ENCRYPT_DECRYPT.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400410
411Args:
412 name: string, Required. The resource name of the CryptoKey or CryptoKeyVersion
413to use for encryption.
414
415If a CryptoKey is specified, the server will use its
416primary version. (required)
Dan O'Mearadd494642020-05-01 07:42:23 -0700417 body: object, The request body.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400418 The object takes the form of:
419
420{ # Request message for KeyManagementService.Encrypt.
Bu Sun Kim65020912020-05-20 12:08:20 -0700421 &quot;plaintext&quot;: &quot;A String&quot;, # Required. The data to encrypt. Must be no larger than 64KiB.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700422 #
Bu Sun Kim65020912020-05-20 12:08:20 -0700423 # The maximum size depends on the key version&#x27;s
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700424 # protection_level. For
425 # SOFTWARE keys, the plaintext must be no larger
426 # than 64KiB. For HSM keys, the combined length of the
427 # plaintext and additional_authenticated_data fields must be no larger than
428 # 8KiB.
Bu Sun Kim65020912020-05-20 12:08:20 -0700429 &quot;additionalAuthenticatedData&quot;: &quot;A String&quot;, # Optional. Optional data that, if specified, must also be provided during decryption
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700430 # through DecryptRequest.additional_authenticated_data.
431 #
Bu Sun Kim65020912020-05-20 12:08:20 -0700432 # The maximum size depends on the key version&#x27;s
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700433 # protection_level. For
434 # SOFTWARE keys, the AAD must be no larger than
435 # 64KiB. For HSM keys, the combined length of the
436 # plaintext and additional_authenticated_data fields must be no larger than
437 # 8KiB.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400438 }
439
440 x__xgafv: string, V1 error format.
441 Allowed values
442 1 - v1 error format
443 2 - v2 error format
444
445Returns:
446 An object of the form:
447
448 { # Response message for KeyManagementService.Encrypt.
Bu Sun Kim65020912020-05-20 12:08:20 -0700449 &quot;name&quot;: &quot;A String&quot;, # The resource name of the CryptoKeyVersion used in encryption. Check
Dan O'Mearadd494642020-05-01 07:42:23 -0700450 # this field to verify that the intended resource was used for encryption.
Bu Sun Kim65020912020-05-20 12:08:20 -0700451 &quot;ciphertext&quot;: &quot;A String&quot;, # The encrypted data.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400452 }</pre>
453</div>
454
455<div class="method">
456 <code class="details" id="get">get(name, x__xgafv=None)</code>
457 <pre>Returns metadata for a given CryptoKey, as well as its
458primary CryptoKeyVersion.
459
460Args:
Dan O'Mearadd494642020-05-01 07:42:23 -0700461 name: string, Required. The name of the CryptoKey to get. (required)
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400462 x__xgafv: string, V1 error format.
463 Allowed values
464 1 - v1 error format
465 2 - v2 error format
466
467Returns:
468 An object of the form:
469
470 { # A CryptoKey represents a logical key that can be used for cryptographic
Bu Sun Kim65020912020-05-20 12:08:20 -0700471 # operations.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400472 #
Bu Sun Kim65020912020-05-20 12:08:20 -0700473 # A CryptoKey is made up of zero or more versions,
474 # which represent the actual key material used in cryptographic operations.
475 &quot;rotationPeriod&quot;: &quot;A String&quot;, # next_rotation_time will be advanced by this period when the service
476 # automatically rotates a key. Must be at least 24 hours and at most
477 # 876,000 hours.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700478 #
Bu Sun Kim65020912020-05-20 12:08:20 -0700479 # If rotation_period is set, next_rotation_time must also be set.
480 #
481 # Keys with purpose
482 # ENCRYPT_DECRYPT support
483 # automatic rotation. For other keys, this field must be omitted.
484 &quot;primary&quot;: { # A CryptoKeyVersion represents an individual cryptographic key, and the # Output only. A copy of the &quot;primary&quot; CryptoKeyVersion that will be used
485 # by Encrypt when this CryptoKey is given
486 # in EncryptRequest.name.
487 #
488 # The CryptoKey&#x27;s primary version can be updated via
489 # UpdateCryptoKeyPrimaryVersion.
490 #
491 # Keys with purpose
492 # ENCRYPT_DECRYPT may have a
493 # primary. For other keys, this field will be omitted.
494 # associated key material.
495 #
496 # An ENABLED version can be
497 # used for cryptographic operations.
498 #
499 # For security reasons, the raw cryptographic key material represented by a
500 # CryptoKeyVersion can never be viewed or exported. It can only be used to
501 # encrypt, decrypt, or sign data when an authorized user or application invokes
502 # Cloud KMS.
503 &quot;importTime&quot;: &quot;A String&quot;, # Output only. The time at which this CryptoKeyVersion&#x27;s key material
504 # was imported.
505 &quot;destroyEventTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material was
506 # destroyed. Only present if state is
507 # DESTROYED.
508 &quot;destroyTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material is scheduled
509 # for destruction. Only present if state is
510 # DESTROY_SCHEDULED.
511 &quot;importFailureReason&quot;: &quot;A String&quot;, # Output only. The root cause of an import failure. Only present if
512 # state is
513 # IMPORT_FAILED.
514 &quot;state&quot;: &quot;A String&quot;, # The current state of the CryptoKeyVersion.
515 &quot;attestation&quot;: { # Contains an HSM-generated attestation about a key operation. For more # Output only. Statement that was generated and signed by the HSM at key
516 # creation time. Use this statement to verify attributes of the key as stored
517 # on the HSM, independently of Google. Only provided for key versions with
518 # protection_level HSM.
519 # information, see [Verifying attestations]
520 # (https://cloud.google.com/kms/docs/attest-key).
521 &quot;format&quot;: &quot;A String&quot;, # Output only. The format of the attestation data.
522 &quot;content&quot;: &quot;A String&quot;, # Output only. The attestation data provided by the HSM when the key
523 # operation was performed.
524 },
525 &quot;name&quot;: &quot;A String&quot;, # Output only. The resource name for this CryptoKeyVersion in the format
526 # `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.
527 &quot;generateTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material was
528 # generated.
529 &quot;protectionLevel&quot;: &quot;A String&quot;, # Output only. The ProtectionLevel describing how crypto operations are
530 # performed with this CryptoKeyVersion.
531 &quot;createTime&quot;: &quot;A String&quot;, # Output only. The time at which this CryptoKeyVersion was created.
532 &quot;algorithm&quot;: &quot;A String&quot;, # Output only. The CryptoKeyVersionAlgorithm that this
533 # CryptoKeyVersion supports.
534 &quot;importJob&quot;: &quot;A String&quot;, # Output only. The name of the ImportJob used to import this
535 # CryptoKeyVersion. Only present if the underlying key material was
536 # imported.
537 &quot;externalProtectionLevelOptions&quot;: { # ExternalProtectionLevelOptions stores a group of additional fields for # ExternalProtectionLevelOptions stores a group of additional fields for
538 # configuring a CryptoKeyVersion that are specific to the
539 # EXTERNAL protection level.
540 # configuring a CryptoKeyVersion that are specific to the
541 # EXTERNAL protection level.
542 &quot;externalKeyUri&quot;: &quot;A String&quot;, # The URI for an external resource that this CryptoKeyVersion represents.
543 },
544 },
545 &quot;name&quot;: &quot;A String&quot;, # Output only. The resource name for this CryptoKey in the format
546 # `projects/*/locations/*/keyRings/*/cryptoKeys/*`.
547 &quot;versionTemplate&quot;: { # A CryptoKeyVersionTemplate specifies the properties to use when creating # A template describing settings for new CryptoKeyVersion instances.
548 # The properties of new CryptoKeyVersion instances created by either
549 # CreateCryptoKeyVersion or
550 # auto-rotation are controlled by this template.
551 # a new CryptoKeyVersion, either manually with
552 # CreateCryptoKeyVersion or
553 # automatically as a result of auto-rotation.
554 &quot;algorithm&quot;: &quot;A String&quot;, # Required. Algorithm to use
555 # when creating a CryptoKeyVersion based on this template.
556 #
557 # For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both
558 # this field is omitted and CryptoKey.purpose is
559 # ENCRYPT_DECRYPT.
560 &quot;protectionLevel&quot;: &quot;A String&quot;, # ProtectionLevel to use when creating a CryptoKeyVersion based on
561 # this template. Immutable. Defaults to SOFTWARE.
562 },
563 &quot;purpose&quot;: &quot;A String&quot;, # Immutable. The immutable purpose of this CryptoKey.
564 &quot;nextRotationTime&quot;: &quot;A String&quot;, # At next_rotation_time, the Key Management Service will automatically:
565 #
566 # 1. Create a new version of this CryptoKey.
567 # 2. Mark the new version as primary.
568 #
569 # Key rotations performed manually via
570 # CreateCryptoKeyVersion and
571 # UpdateCryptoKeyPrimaryVersion
572 # do not affect next_rotation_time.
573 #
574 # Keys with purpose
575 # ENCRYPT_DECRYPT support
576 # automatic rotation. For other keys, this field must be omitted.
577 &quot;labels&quot;: { # Labels with user-defined metadata. For more information, see
578 # [Labeling Keys](/kms/docs/labeling-keys).
579 &quot;a_key&quot;: &quot;A String&quot;,
580 },
581 &quot;createTime&quot;: &quot;A String&quot;, # Output only. The time at which this CryptoKey was created.
582 }</pre>
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400583</div>
584
585<div class="method">
Dan O'Mearadd494642020-05-01 07:42:23 -0700586 <code class="details" id="getIamPolicy">getIamPolicy(resource, options_requestedPolicyVersion=None, x__xgafv=None)</code>
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400587 <pre>Gets the access control policy for a resource.
588Returns an empty policy if the resource exists and does not have a policy
589set.
590
591Args:
592 resource: string, REQUIRED: The resource for which the policy is being requested.
593See the operation documentation for the appropriate value for this field. (required)
Dan O'Mearadd494642020-05-01 07:42:23 -0700594 options_requestedPolicyVersion: integer, Optional. The policy format version to be returned.
595
596Valid values are 0, 1, and 3. Requests specifying an invalid value will be
597rejected.
598
599Requests for policies with any conditional bindings must specify version 3.
600Policies without any conditional bindings may specify any valid value or
601leave the field unset.
Bu Sun Kim65020912020-05-20 12:08:20 -0700602
603To learn which resources support conditions in their IAM policies, see the
604[IAM
605documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400606 x__xgafv: string, V1 error format.
607 Allowed values
608 1 - v1 error format
609 2 - v2 error format
610
611Returns:
612 An object of the form:
613
Dan O'Mearadd494642020-05-01 07:42:23 -0700614 { # An Identity and Access Management (IAM) policy, which specifies access
615 # controls for Google Cloud resources.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400616 #
617 #
Dan O'Mearadd494642020-05-01 07:42:23 -0700618 # A `Policy` is a collection of `bindings`. A `binding` binds one or more
619 # `members` to a single `role`. Members can be user accounts, service accounts,
620 # Google groups, and domains (such as G Suite). A `role` is a named list of
621 # permissions; each `role` can be an IAM predefined role or a user-created
622 # custom role.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400623 #
Bu Sun Kim65020912020-05-20 12:08:20 -0700624 # For some types of Google Cloud resources, a `binding` can also specify a
625 # `condition`, which is a logical expression that allows access to a resource
626 # only if the expression evaluates to `true`. A condition can add constraints
627 # based on attributes of the request, the resource, or both. To learn which
628 # resources support conditions in their IAM policies, see the
629 # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
Dan O'Mearadd494642020-05-01 07:42:23 -0700630 #
631 # **JSON example:**
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400632 #
633 # {
Bu Sun Kim65020912020-05-20 12:08:20 -0700634 # &quot;bindings&quot;: [
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400635 # {
Bu Sun Kim65020912020-05-20 12:08:20 -0700636 # &quot;role&quot;: &quot;roles/resourcemanager.organizationAdmin&quot;,
637 # &quot;members&quot;: [
638 # &quot;user:mike@example.com&quot;,
639 # &quot;group:admins@example.com&quot;,
640 # &quot;domain:google.com&quot;,
641 # &quot;serviceAccount:my-project-id@appspot.gserviceaccount.com&quot;
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400642 # ]
643 # },
644 # {
Bu Sun Kim65020912020-05-20 12:08:20 -0700645 # &quot;role&quot;: &quot;roles/resourcemanager.organizationViewer&quot;,
646 # &quot;members&quot;: [
647 # &quot;user:eve@example.com&quot;
648 # ],
649 # &quot;condition&quot;: {
650 # &quot;title&quot;: &quot;expirable access&quot;,
651 # &quot;description&quot;: &quot;Does not grant access after Sep 2020&quot;,
652 # &quot;expression&quot;: &quot;request.time &lt; timestamp(&#x27;2020-10-01T00:00:00.000Z&#x27;)&quot;,
Dan O'Mearadd494642020-05-01 07:42:23 -0700653 # }
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400654 # }
Dan O'Mearadd494642020-05-01 07:42:23 -0700655 # ],
Bu Sun Kim65020912020-05-20 12:08:20 -0700656 # &quot;etag&quot;: &quot;BwWWja0YfJA=&quot;,
657 # &quot;version&quot;: 3
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400658 # }
659 #
Dan O'Mearadd494642020-05-01 07:42:23 -0700660 # **YAML example:**
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700661 #
662 # bindings:
663 # - members:
664 # - user:mike@example.com
665 # - group:admins@example.com
666 # - domain:google.com
Dan O'Mearadd494642020-05-01 07:42:23 -0700667 # - serviceAccount:my-project-id@appspot.gserviceaccount.com
668 # role: roles/resourcemanager.organizationAdmin
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700669 # - members:
Dan O'Mearadd494642020-05-01 07:42:23 -0700670 # - user:eve@example.com
671 # role: roles/resourcemanager.organizationViewer
672 # condition:
673 # title: expirable access
674 # description: Does not grant access after Sep 2020
Bu Sun Kim65020912020-05-20 12:08:20 -0700675 # expression: request.time &lt; timestamp(&#x27;2020-10-01T00:00:00.000Z&#x27;)
Dan O'Mearadd494642020-05-01 07:42:23 -0700676 # - etag: BwWWja0YfJA=
677 # - version: 3
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700678 #
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400679 # For a description of IAM and its features, see the
Dan O'Mearadd494642020-05-01 07:42:23 -0700680 # [IAM documentation](https://cloud.google.com/iam/docs/).
Bu Sun Kim65020912020-05-20 12:08:20 -0700681 &quot;version&quot;: 42, # Specifies the format of the policy.
682 #
683 # Valid values are `0`, `1`, and `3`. Requests that specify an invalid value
684 # are rejected.
685 #
686 # Any operation that affects conditional role bindings must specify version
687 # `3`. This requirement applies to the following operations:
688 #
689 # * Getting a policy that includes a conditional role binding
690 # * Adding a conditional role binding to a policy
691 # * Changing a conditional role binding in a policy
692 # * Removing any role binding, with or without a condition, from a policy
693 # that includes conditions
694 #
695 # **Important:** If you use IAM Conditions, you must include the `etag` field
696 # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
697 # you to overwrite a version `3` policy with a version `1` policy, and all of
698 # the conditions in the version `3` policy are lost.
699 #
700 # If a policy does not include any conditions, operations on that policy may
701 # specify any valid version or leave the field unset.
702 #
703 # To learn which resources support conditions in their IAM policies, see the
704 # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
705 &quot;auditConfigs&quot;: [ # Specifies cloud audit logging configuration for this policy.
706 { # Specifies the audit configuration for a service.
707 # The configuration determines which permission types are logged, and what
708 # identities, if any, are exempted from logging.
709 # An AuditConfig must have one or more AuditLogConfigs.
710 #
711 # If there are AuditConfigs for both `allServices` and a specific service,
712 # the union of the two AuditConfigs is used for that service: the log_types
713 # specified in each AuditConfig are enabled, and the exempted_members in each
714 # AuditLogConfig are exempted.
715 #
716 # Example Policy with multiple AuditConfigs:
717 #
718 # {
719 # &quot;audit_configs&quot;: [
720 # {
721 # &quot;service&quot;: &quot;allServices&quot;
722 # &quot;audit_log_configs&quot;: [
723 # {
724 # &quot;log_type&quot;: &quot;DATA_READ&quot;,
725 # &quot;exempted_members&quot;: [
726 # &quot;user:jose@example.com&quot;
727 # ]
728 # },
729 # {
730 # &quot;log_type&quot;: &quot;DATA_WRITE&quot;,
731 # },
732 # {
733 # &quot;log_type&quot;: &quot;ADMIN_READ&quot;,
734 # }
735 # ]
736 # },
737 # {
738 # &quot;service&quot;: &quot;sampleservice.googleapis.com&quot;
739 # &quot;audit_log_configs&quot;: [
740 # {
741 # &quot;log_type&quot;: &quot;DATA_READ&quot;,
742 # },
743 # {
744 # &quot;log_type&quot;: &quot;DATA_WRITE&quot;,
745 # &quot;exempted_members&quot;: [
746 # &quot;user:aliya@example.com&quot;
747 # ]
748 # }
749 # ]
750 # }
751 # ]
752 # }
753 #
754 # For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
755 # logging. It also exempts jose@example.com from DATA_READ logging, and
756 # aliya@example.com from DATA_WRITE logging.
757 &quot;auditLogConfigs&quot;: [ # The configuration for logging of each type of permission.
758 { # Provides the configuration for logging a type of permissions.
759 # Example:
760 #
761 # {
762 # &quot;audit_log_configs&quot;: [
763 # {
764 # &quot;log_type&quot;: &quot;DATA_READ&quot;,
765 # &quot;exempted_members&quot;: [
766 # &quot;user:jose@example.com&quot;
767 # ]
768 # },
769 # {
770 # &quot;log_type&quot;: &quot;DATA_WRITE&quot;,
771 # }
772 # ]
773 # }
774 #
775 # This enables &#x27;DATA_READ&#x27; and &#x27;DATA_WRITE&#x27; logging, while exempting
776 # jose@example.com from DATA_READ logging.
777 &quot;exemptedMembers&quot;: [ # Specifies the identities that do not cause logging for this type of
778 # permission.
779 # Follows the same format of Binding.members.
780 &quot;A String&quot;,
781 ],
782 &quot;logType&quot;: &quot;A String&quot;, # The log type that this config enables.
783 },
784 ],
785 &quot;service&quot;: &quot;A String&quot;, # Specifies a service that will be enabled for audit logging.
786 # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.
787 # `allServices` is a special value that covers all services.
788 },
789 ],
790 &quot;bindings&quot;: [ # Associates a list of `members` to a `role`. Optionally, may specify a
Dan O'Mearadd494642020-05-01 07:42:23 -0700791 # `condition` that determines how and when the `bindings` are applied. Each
792 # of the `bindings` must contain at least one member.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700793 { # Associates `members` with a `role`.
Bu Sun Kim65020912020-05-20 12:08:20 -0700794 &quot;members&quot;: [ # Specifies the identities requesting access for a Cloud Platform resource.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700795 # `members` can have the following values:
796 #
797 # * `allUsers`: A special identifier that represents anyone who is
798 # on the internet; with or without a Google account.
799 #
800 # * `allAuthenticatedUsers`: A special identifier that represents anyone
801 # who is authenticated with a Google account or a service account.
802 #
803 # * `user:{emailid}`: An email address that represents a specific Google
Dan O'Mearadd494642020-05-01 07:42:23 -0700804 # account. For example, `alice@example.com` .
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700805 #
806 #
807 # * `serviceAccount:{emailid}`: An email address that represents a service
808 # account. For example, `my-other-app@appspot.gserviceaccount.com`.
809 #
810 # * `group:{emailid}`: An email address that represents a Google group.
811 # For example, `admins@example.com`.
812 #
Dan O'Mearadd494642020-05-01 07:42:23 -0700813 # * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique
814 # identifier) representing a user that has been recently deleted. For
815 # example, `alice@example.com?uid=123456789012345678901`. If the user is
816 # recovered, this value reverts to `user:{emailid}` and the recovered user
817 # retains the role in the binding.
818 #
819 # * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus
820 # unique identifier) representing a service account that has been recently
821 # deleted. For example,
822 # `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.
823 # If the service account is undeleted, this value reverts to
824 # `serviceAccount:{emailid}` and the undeleted service account retains the
825 # role in the binding.
826 #
827 # * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique
828 # identifier) representing a Google group that has been recently
829 # deleted. For example, `admins@example.com?uid=123456789012345678901`. If
830 # the group is recovered, this value reverts to `group:{emailid}` and the
831 # recovered group retains the role in the binding.
832 #
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700833 #
834 # * `domain:{domain}`: The G Suite domain (primary) that represents all the
835 # users of that domain. For example, `google.com` or `example.com`.
836 #
Bu Sun Kim65020912020-05-20 12:08:20 -0700837 &quot;A String&quot;,
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700838 ],
Bu Sun Kim65020912020-05-20 12:08:20 -0700839 &quot;role&quot;: &quot;A String&quot;, # Role that is assigned to `members`.
840 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
841 &quot;condition&quot;: { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.
842 #
843 # If the condition evaluates to `true`, then this binding applies to the
844 # current request.
845 #
846 # If the condition evaluates to `false`, then this binding does not apply to
847 # the current request. However, a different role binding might grant the same
848 # role to one or more of the members in this binding.
849 #
850 # To learn which resources support conditions in their IAM policies, see the
851 # [IAM
852 # documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
853 # syntax. CEL is a C-like expression language. The syntax and semantics of CEL
854 # are documented at https://github.com/google/cel-spec.
855 #
856 # Example (Comparison):
857 #
858 # title: &quot;Summary size limit&quot;
859 # description: &quot;Determines if a summary is less than 100 chars&quot;
860 # expression: &quot;document.summary.size() &lt; 100&quot;
861 #
862 # Example (Equality):
863 #
864 # title: &quot;Requestor is owner&quot;
865 # description: &quot;Determines if requestor is the document owner&quot;
866 # expression: &quot;document.owner == request.auth.claims.email&quot;
867 #
868 # Example (Logic):
869 #
870 # title: &quot;Public documents&quot;
871 # description: &quot;Determine whether the document should be publicly visible&quot;
872 # expression: &quot;document.type != &#x27;private&#x27; &amp;&amp; document.type != &#x27;internal&#x27;&quot;
873 #
874 # Example (Data Manipulation):
875 #
876 # title: &quot;Notification string&quot;
877 # description: &quot;Create a notification string with a timestamp.&quot;
878 # expression: &quot;&#x27;New message received at &#x27; + string(document.create_time)&quot;
879 #
880 # The exact variables and functions that may be referenced within an expression
881 # are determined by the service that evaluates it. See the service
882 # documentation for additional information.
883 &quot;title&quot;: &quot;A String&quot;, # Optional. Title for the expression, i.e. a short string describing
884 # its purpose. This can be used e.g. in UIs which allow to enter the
885 # expression.
886 &quot;location&quot;: &quot;A String&quot;, # Optional. String indicating the location of the expression for error
887 # reporting, e.g. a file name and a position in the file.
888 &quot;description&quot;: &quot;A String&quot;, # Optional. Description of the expression. This is a longer text which
889 # describes the expression, e.g. when hovered over it in a UI.
890 &quot;expression&quot;: &quot;A String&quot;, # Textual representation of an expression in Common Expression Language
891 # syntax.
892 },
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700893 },
894 ],
Bu Sun Kim65020912020-05-20 12:08:20 -0700895 &quot;etag&quot;: &quot;A String&quot;, # `etag` is used for optimistic concurrency control as a way to help
Dan O'Mearadd494642020-05-01 07:42:23 -0700896 # prevent simultaneous updates of a policy from overwriting each other.
897 # It is strongly suggested that systems make use of the `etag` in the
898 # read-modify-write cycle to perform policy updates in order to avoid race
899 # conditions: An `etag` is returned in the response to `getIamPolicy`, and
900 # systems are expected to put that etag in the request to `setIamPolicy` to
901 # ensure that their change will be applied to the same version of the policy.
902 #
903 # **Important:** If you use IAM Conditions, you must include the `etag` field
904 # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
905 # you to overwrite a version `3` policy with a version `1` policy, and all of
906 # the conditions in the version `3` policy are lost.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400907 }</pre>
908</div>
909
910<div class="method">
Bu Sun Kim65020912020-05-20 12:08:20 -0700911 <code class="details" id="list">list(parent, filter=None, pageToken=None, pageSize=None, orderBy=None, versionView=None, x__xgafv=None)</code>
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400912 <pre>Lists CryptoKeys.
913
914Args:
915 parent: string, Required. The resource name of the KeyRing to list, in the format
916`projects/*/locations/*/keyRings/*`. (required)
Dan O'Mearadd494642020-05-01 07:42:23 -0700917 filter: string, Optional. Only include resources that match the filter in the response. For
918more information, see
919[Sorting and filtering list
920results](https://cloud.google.com/kms/docs/sorting-and-filtering).
Bu Sun Kim65020912020-05-20 12:08:20 -0700921 pageToken: string, Optional. Optional pagination token, returned earlier via
922ListCryptoKeysResponse.next_page_token.
923 pageSize: integer, Optional. Optional limit on the number of CryptoKeys to include in the
924response. Further CryptoKeys can subsequently be obtained by
925including the ListCryptoKeysResponse.next_page_token in a subsequent
926request. If unspecified, the server will pick an appropriate default.
927 orderBy: string, Optional. Specify how the results should be sorted. If not specified, the
928results will be sorted in the default order. For more information, see
929[Sorting and filtering list
930results](https://cloud.google.com/kms/docs/sorting-and-filtering).
931 versionView: string, The fields of the primary version to include in the response.
932 x__xgafv: string, V1 error format.
933 Allowed values
934 1 - v1 error format
935 2 - v2 error format
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400936
937Returns:
938 An object of the form:
939
940 { # Response message for KeyManagementService.ListCryptoKeys.
Bu Sun Kim65020912020-05-20 12:08:20 -0700941 &quot;nextPageToken&quot;: &quot;A String&quot;, # A token to retrieve next page of results. Pass this value in
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400942 # ListCryptoKeysRequest.page_token to retrieve the next page of results.
Bu Sun Kim65020912020-05-20 12:08:20 -0700943 &quot;cryptoKeys&quot;: [ # The list of CryptoKeys.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400944 { # A CryptoKey represents a logical key that can be used for cryptographic
Bu Sun Kim65020912020-05-20 12:08:20 -0700945 # operations.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400946 #
Bu Sun Kim65020912020-05-20 12:08:20 -0700947 # A CryptoKey is made up of zero or more versions,
948 # which represent the actual key material used in cryptographic operations.
949 &quot;rotationPeriod&quot;: &quot;A String&quot;, # next_rotation_time will be advanced by this period when the service
950 # automatically rotates a key. Must be at least 24 hours and at most
951 # 876,000 hours.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700952 #
Bu Sun Kim65020912020-05-20 12:08:20 -0700953 # If rotation_period is set, next_rotation_time must also be set.
954 #
955 # Keys with purpose
956 # ENCRYPT_DECRYPT support
957 # automatic rotation. For other keys, this field must be omitted.
958 &quot;primary&quot;: { # A CryptoKeyVersion represents an individual cryptographic key, and the # Output only. A copy of the &quot;primary&quot; CryptoKeyVersion that will be used
959 # by Encrypt when this CryptoKey is given
960 # in EncryptRequest.name.
961 #
962 # The CryptoKey&#x27;s primary version can be updated via
963 # UpdateCryptoKeyPrimaryVersion.
964 #
965 # Keys with purpose
966 # ENCRYPT_DECRYPT may have a
967 # primary. For other keys, this field will be omitted.
968 # associated key material.
969 #
970 # An ENABLED version can be
971 # used for cryptographic operations.
972 #
973 # For security reasons, the raw cryptographic key material represented by a
974 # CryptoKeyVersion can never be viewed or exported. It can only be used to
975 # encrypt, decrypt, or sign data when an authorized user or application invokes
976 # Cloud KMS.
977 &quot;importTime&quot;: &quot;A String&quot;, # Output only. The time at which this CryptoKeyVersion&#x27;s key material
978 # was imported.
979 &quot;destroyEventTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material was
980 # destroyed. Only present if state is
981 # DESTROYED.
982 &quot;destroyTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material is scheduled
983 # for destruction. Only present if state is
984 # DESTROY_SCHEDULED.
985 &quot;importFailureReason&quot;: &quot;A String&quot;, # Output only. The root cause of an import failure. Only present if
986 # state is
987 # IMPORT_FAILED.
988 &quot;state&quot;: &quot;A String&quot;, # The current state of the CryptoKeyVersion.
989 &quot;attestation&quot;: { # Contains an HSM-generated attestation about a key operation. For more # Output only. Statement that was generated and signed by the HSM at key
990 # creation time. Use this statement to verify attributes of the key as stored
991 # on the HSM, independently of Google. Only provided for key versions with
992 # protection_level HSM.
993 # information, see [Verifying attestations]
994 # (https://cloud.google.com/kms/docs/attest-key).
995 &quot;format&quot;: &quot;A String&quot;, # Output only. The format of the attestation data.
996 &quot;content&quot;: &quot;A String&quot;, # Output only. The attestation data provided by the HSM when the key
997 # operation was performed.
998 },
999 &quot;name&quot;: &quot;A String&quot;, # Output only. The resource name for this CryptoKeyVersion in the format
1000 # `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.
1001 &quot;generateTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material was
1002 # generated.
1003 &quot;protectionLevel&quot;: &quot;A String&quot;, # Output only. The ProtectionLevel describing how crypto operations are
1004 # performed with this CryptoKeyVersion.
1005 &quot;createTime&quot;: &quot;A String&quot;, # Output only. The time at which this CryptoKeyVersion was created.
1006 &quot;algorithm&quot;: &quot;A String&quot;, # Output only. The CryptoKeyVersionAlgorithm that this
1007 # CryptoKeyVersion supports.
1008 &quot;importJob&quot;: &quot;A String&quot;, # Output only. The name of the ImportJob used to import this
1009 # CryptoKeyVersion. Only present if the underlying key material was
1010 # imported.
1011 &quot;externalProtectionLevelOptions&quot;: { # ExternalProtectionLevelOptions stores a group of additional fields for # ExternalProtectionLevelOptions stores a group of additional fields for
1012 # configuring a CryptoKeyVersion that are specific to the
1013 # EXTERNAL protection level.
1014 # configuring a CryptoKeyVersion that are specific to the
1015 # EXTERNAL protection level.
1016 &quot;externalKeyUri&quot;: &quot;A String&quot;, # The URI for an external resource that this CryptoKeyVersion represents.
1017 },
1018 },
1019 &quot;name&quot;: &quot;A String&quot;, # Output only. The resource name for this CryptoKey in the format
1020 # `projects/*/locations/*/keyRings/*/cryptoKeys/*`.
1021 &quot;versionTemplate&quot;: { # A CryptoKeyVersionTemplate specifies the properties to use when creating # A template describing settings for new CryptoKeyVersion instances.
1022 # The properties of new CryptoKeyVersion instances created by either
1023 # CreateCryptoKeyVersion or
1024 # auto-rotation are controlled by this template.
1025 # a new CryptoKeyVersion, either manually with
1026 # CreateCryptoKeyVersion or
1027 # automatically as a result of auto-rotation.
1028 &quot;algorithm&quot;: &quot;A String&quot;, # Required. Algorithm to use
1029 # when creating a CryptoKeyVersion based on this template.
1030 #
1031 # For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both
1032 # this field is omitted and CryptoKey.purpose is
1033 # ENCRYPT_DECRYPT.
1034 &quot;protectionLevel&quot;: &quot;A String&quot;, # ProtectionLevel to use when creating a CryptoKeyVersion based on
1035 # this template. Immutable. Defaults to SOFTWARE.
1036 },
1037 &quot;purpose&quot;: &quot;A String&quot;, # Immutable. The immutable purpose of this CryptoKey.
1038 &quot;nextRotationTime&quot;: &quot;A String&quot;, # At next_rotation_time, the Key Management Service will automatically:
1039 #
1040 # 1. Create a new version of this CryptoKey.
1041 # 2. Mark the new version as primary.
1042 #
1043 # Key rotations performed manually via
1044 # CreateCryptoKeyVersion and
1045 # UpdateCryptoKeyPrimaryVersion
1046 # do not affect next_rotation_time.
1047 #
1048 # Keys with purpose
1049 # ENCRYPT_DECRYPT support
1050 # automatic rotation. For other keys, this field must be omitted.
1051 &quot;labels&quot;: { # Labels with user-defined metadata. For more information, see
1052 # [Labeling Keys](/kms/docs/labeling-keys).
1053 &quot;a_key&quot;: &quot;A String&quot;,
1054 },
1055 &quot;createTime&quot;: &quot;A String&quot;, # Output only. The time at which this CryptoKey was created.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001056 },
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -04001057 ],
Bu Sun Kim65020912020-05-20 12:08:20 -07001058 &quot;totalSize&quot;: 42, # The total number of CryptoKeys that matched the query.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -04001059 }</pre>
1060</div>
1061
1062<div class="method">
1063 <code class="details" id="list_next">list_next(previous_request, previous_response)</code>
1064 <pre>Retrieves the next page of results.
1065
1066Args:
1067 previous_request: The request for the previous page. (required)
1068 previous_response: The response from the request for the previous page. (required)
1069
1070Returns:
Bu Sun Kim65020912020-05-20 12:08:20 -07001071 A request object that you can call &#x27;execute()&#x27; on to request the next
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -04001072 page. Returns None if there are no more items in the collection.
1073 </pre>
1074</div>
1075
1076<div class="method">
Dan O'Mearadd494642020-05-01 07:42:23 -07001077 <code class="details" id="patch">patch(name, body=None, updateMask=None, x__xgafv=None)</code>
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -04001078 <pre>Update a CryptoKey.
1079
1080Args:
1081 name: string, Output only. The resource name for this CryptoKey in the format
1082`projects/*/locations/*/keyRings/*/cryptoKeys/*`. (required)
Dan O'Mearadd494642020-05-01 07:42:23 -07001083 body: object, The request body.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -04001084 The object takes the form of:
1085
1086{ # A CryptoKey represents a logical key that can be used for cryptographic
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -04001087 # operations.
Bu Sun Kim65020912020-05-20 12:08:20 -07001088 #
1089 # A CryptoKey is made up of zero or more versions,
1090 # which represent the actual key material used in cryptographic operations.
1091 &quot;rotationPeriod&quot;: &quot;A String&quot;, # next_rotation_time will be advanced by this period when the service
Dan O'Mearadd494642020-05-01 07:42:23 -07001092 # automatically rotates a key. Must be at least 24 hours and at most
1093 # 876,000 hours.
Bu Sun Kim65020912020-05-20 12:08:20 -07001094 #
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -04001095 # If rotation_period is set, next_rotation_time must also be set.
Bu Sun Kim65020912020-05-20 12:08:20 -07001096 #
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001097 # Keys with purpose
1098 # ENCRYPT_DECRYPT support
1099 # automatic rotation. For other keys, this field must be omitted.
Bu Sun Kim65020912020-05-20 12:08:20 -07001100 &quot;primary&quot;: { # A CryptoKeyVersion represents an individual cryptographic key, and the # Output only. A copy of the &quot;primary&quot; CryptoKeyVersion that will be used
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -04001101 # by Encrypt when this CryptoKey is given
1102 # in EncryptRequest.name.
Bu Sun Kim65020912020-05-20 12:08:20 -07001103 #
1104 # The CryptoKey&#x27;s primary version can be updated via
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -04001105 # UpdateCryptoKeyPrimaryVersion.
Bu Sun Kim65020912020-05-20 12:08:20 -07001106 #
Dan O'Mearadd494642020-05-01 07:42:23 -07001107 # Keys with purpose
1108 # ENCRYPT_DECRYPT may have a
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001109 # primary. For other keys, this field will be omitted.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -04001110 # associated key material.
1111 #
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001112 # An ENABLED version can be
1113 # used for cryptographic operations.
1114 #
1115 # For security reasons, the raw cryptographic key material represented by a
1116 # CryptoKeyVersion can never be viewed or exported. It can only be used to
1117 # encrypt, decrypt, or sign data when an authorized user or application invokes
1118 # Cloud KMS.
Bu Sun Kim65020912020-05-20 12:08:20 -07001119 &quot;importTime&quot;: &quot;A String&quot;, # Output only. The time at which this CryptoKeyVersion&#x27;s key material
1120 # was imported.
1121 &quot;destroyEventTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material was
1122 # destroyed. Only present if state is
1123 # DESTROYED.
1124 &quot;destroyTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material is scheduled
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -04001125 # for destruction. Only present if state is
1126 # DESTROY_SCHEDULED.
Bu Sun Kim65020912020-05-20 12:08:20 -07001127 &quot;importFailureReason&quot;: &quot;A String&quot;, # Output only. The root cause of an import failure. Only present if
Dan O'Mearadd494642020-05-01 07:42:23 -07001128 # state is
1129 # IMPORT_FAILED.
Bu Sun Kim65020912020-05-20 12:08:20 -07001130 &quot;state&quot;: &quot;A String&quot;, # The current state of the CryptoKeyVersion.
1131 &quot;attestation&quot;: { # Contains an HSM-generated attestation about a key operation. For more # Output only. Statement that was generated and signed by the HSM at key
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001132 # creation time. Use this statement to verify attributes of the key as stored
1133 # on the HSM, independently of Google. Only provided for key versions with
1134 # protection_level HSM.
1135 # information, see [Verifying attestations]
1136 # (https://cloud.google.com/kms/docs/attest-key).
Bu Sun Kim65020912020-05-20 12:08:20 -07001137 &quot;format&quot;: &quot;A String&quot;, # Output only. The format of the attestation data.
1138 &quot;content&quot;: &quot;A String&quot;, # Output only. The attestation data provided by the HSM when the key
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001139 # operation was performed.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001140 },
Bu Sun Kim65020912020-05-20 12:08:20 -07001141 &quot;name&quot;: &quot;A String&quot;, # Output only. The resource name for this CryptoKeyVersion in the format
1142 # `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.
1143 &quot;generateTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material was
1144 # generated.
1145 &quot;protectionLevel&quot;: &quot;A String&quot;, # Output only. The ProtectionLevel describing how crypto operations are
1146 # performed with this CryptoKeyVersion.
1147 &quot;createTime&quot;: &quot;A String&quot;, # Output only. The time at which this CryptoKeyVersion was created.
1148 &quot;algorithm&quot;: &quot;A String&quot;, # Output only. The CryptoKeyVersionAlgorithm that this
1149 # CryptoKeyVersion supports.
1150 &quot;importJob&quot;: &quot;A String&quot;, # Output only. The name of the ImportJob used to import this
Dan O'Mearadd494642020-05-01 07:42:23 -07001151 # CryptoKeyVersion. Only present if the underlying key material was
1152 # imported.
Bu Sun Kim65020912020-05-20 12:08:20 -07001153 &quot;externalProtectionLevelOptions&quot;: { # ExternalProtectionLevelOptions stores a group of additional fields for # ExternalProtectionLevelOptions stores a group of additional fields for
Dan O'Mearadd494642020-05-01 07:42:23 -07001154 # configuring a CryptoKeyVersion that are specific to the
1155 # EXTERNAL protection level.
1156 # configuring a CryptoKeyVersion that are specific to the
1157 # EXTERNAL protection level.
Bu Sun Kim65020912020-05-20 12:08:20 -07001158 &quot;externalKeyUri&quot;: &quot;A String&quot;, # The URI for an external resource that this CryptoKeyVersion represents.
Dan O'Mearadd494642020-05-01 07:42:23 -07001159 },
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -04001160 },
Bu Sun Kim65020912020-05-20 12:08:20 -07001161 &quot;name&quot;: &quot;A String&quot;, # Output only. The resource name for this CryptoKey in the format
1162 # `projects/*/locations/*/keyRings/*/cryptoKeys/*`.
1163 &quot;versionTemplate&quot;: { # A CryptoKeyVersionTemplate specifies the properties to use when creating # A template describing settings for new CryptoKeyVersion instances.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001164 # The properties of new CryptoKeyVersion instances created by either
1165 # CreateCryptoKeyVersion or
1166 # auto-rotation are controlled by this template.
1167 # a new CryptoKeyVersion, either manually with
1168 # CreateCryptoKeyVersion or
1169 # automatically as a result of auto-rotation.
Bu Sun Kim65020912020-05-20 12:08:20 -07001170 &quot;algorithm&quot;: &quot;A String&quot;, # Required. Algorithm to use
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001171 # when creating a CryptoKeyVersion based on this template.
1172 #
1173 # For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both
1174 # this field is omitted and CryptoKey.purpose is
1175 # ENCRYPT_DECRYPT.
Bu Sun Kim65020912020-05-20 12:08:20 -07001176 &quot;protectionLevel&quot;: &quot;A String&quot;, # ProtectionLevel to use when creating a CryptoKeyVersion based on
1177 # this template. Immutable. Defaults to SOFTWARE.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001178 },
Bu Sun Kim65020912020-05-20 12:08:20 -07001179 &quot;purpose&quot;: &quot;A String&quot;, # Immutable. The immutable purpose of this CryptoKey.
1180 &quot;nextRotationTime&quot;: &quot;A String&quot;, # At next_rotation_time, the Key Management Service will automatically:
1181 #
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -04001182 # 1. Create a new version of this CryptoKey.
1183 # 2. Mark the new version as primary.
Bu Sun Kim65020912020-05-20 12:08:20 -07001184 #
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -04001185 # Key rotations performed manually via
1186 # CreateCryptoKeyVersion and
1187 # UpdateCryptoKeyPrimaryVersion
1188 # do not affect next_rotation_time.
Bu Sun Kim65020912020-05-20 12:08:20 -07001189 #
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001190 # Keys with purpose
1191 # ENCRYPT_DECRYPT support
1192 # automatic rotation. For other keys, this field must be omitted.
Bu Sun Kim65020912020-05-20 12:08:20 -07001193 &quot;labels&quot;: { # Labels with user-defined metadata. For more information, see
1194 # [Labeling Keys](/kms/docs/labeling-keys).
1195 &quot;a_key&quot;: &quot;A String&quot;,
1196 },
1197 &quot;createTime&quot;: &quot;A String&quot;, # Output only. The time at which this CryptoKey was created.
1198 }
1199
1200 updateMask: string, Required. List of fields to be updated in this request.
1201 x__xgafv: string, V1 error format.
1202 Allowed values
1203 1 - v1 error format
1204 2 - v2 error format
1205
1206Returns:
1207 An object of the form:
1208
1209 { # A CryptoKey represents a logical key that can be used for cryptographic
1210 # operations.
1211 #
1212 # A CryptoKey is made up of zero or more versions,
1213 # which represent the actual key material used in cryptographic operations.
1214 &quot;rotationPeriod&quot;: &quot;A String&quot;, # next_rotation_time will be advanced by this period when the service
1215 # automatically rotates a key. Must be at least 24 hours and at most
1216 # 876,000 hours.
1217 #
1218 # If rotation_period is set, next_rotation_time must also be set.
1219 #
1220 # Keys with purpose
1221 # ENCRYPT_DECRYPT support
1222 # automatic rotation. For other keys, this field must be omitted.
1223 &quot;primary&quot;: { # A CryptoKeyVersion represents an individual cryptographic key, and the # Output only. A copy of the &quot;primary&quot; CryptoKeyVersion that will be used
1224 # by Encrypt when this CryptoKey is given
1225 # in EncryptRequest.name.
1226 #
1227 # The CryptoKey&#x27;s primary version can be updated via
1228 # UpdateCryptoKeyPrimaryVersion.
1229 #
1230 # Keys with purpose
1231 # ENCRYPT_DECRYPT may have a
1232 # primary. For other keys, this field will be omitted.
1233 # associated key material.
1234 #
1235 # An ENABLED version can be
1236 # used for cryptographic operations.
1237 #
1238 # For security reasons, the raw cryptographic key material represented by a
1239 # CryptoKeyVersion can never be viewed or exported. It can only be used to
1240 # encrypt, decrypt, or sign data when an authorized user or application invokes
1241 # Cloud KMS.
1242 &quot;importTime&quot;: &quot;A String&quot;, # Output only. The time at which this CryptoKeyVersion&#x27;s key material
1243 # was imported.
1244 &quot;destroyEventTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material was
1245 # destroyed. Only present if state is
1246 # DESTROYED.
1247 &quot;destroyTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material is scheduled
1248 # for destruction. Only present if state is
1249 # DESTROY_SCHEDULED.
1250 &quot;importFailureReason&quot;: &quot;A String&quot;, # Output only. The root cause of an import failure. Only present if
1251 # state is
1252 # IMPORT_FAILED.
1253 &quot;state&quot;: &quot;A String&quot;, # The current state of the CryptoKeyVersion.
1254 &quot;attestation&quot;: { # Contains an HSM-generated attestation about a key operation. For more # Output only. Statement that was generated and signed by the HSM at key
1255 # creation time. Use this statement to verify attributes of the key as stored
1256 # on the HSM, independently of Google. Only provided for key versions with
1257 # protection_level HSM.
1258 # information, see [Verifying attestations]
1259 # (https://cloud.google.com/kms/docs/attest-key).
1260 &quot;format&quot;: &quot;A String&quot;, # Output only. The format of the attestation data.
1261 &quot;content&quot;: &quot;A String&quot;, # Output only. The attestation data provided by the HSM when the key
1262 # operation was performed.
1263 },
1264 &quot;name&quot;: &quot;A String&quot;, # Output only. The resource name for this CryptoKeyVersion in the format
1265 # `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.
1266 &quot;generateTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material was
1267 # generated.
1268 &quot;protectionLevel&quot;: &quot;A String&quot;, # Output only. The ProtectionLevel describing how crypto operations are
1269 # performed with this CryptoKeyVersion.
1270 &quot;createTime&quot;: &quot;A String&quot;, # Output only. The time at which this CryptoKeyVersion was created.
1271 &quot;algorithm&quot;: &quot;A String&quot;, # Output only. The CryptoKeyVersionAlgorithm that this
1272 # CryptoKeyVersion supports.
1273 &quot;importJob&quot;: &quot;A String&quot;, # Output only. The name of the ImportJob used to import this
1274 # CryptoKeyVersion. Only present if the underlying key material was
1275 # imported.
1276 &quot;externalProtectionLevelOptions&quot;: { # ExternalProtectionLevelOptions stores a group of additional fields for # ExternalProtectionLevelOptions stores a group of additional fields for
1277 # configuring a CryptoKeyVersion that are specific to the
1278 # EXTERNAL protection level.
1279 # configuring a CryptoKeyVersion that are specific to the
1280 # EXTERNAL protection level.
1281 &quot;externalKeyUri&quot;: &quot;A String&quot;, # The URI for an external resource that this CryptoKeyVersion represents.
1282 },
1283 },
1284 &quot;name&quot;: &quot;A String&quot;, # Output only. The resource name for this CryptoKey in the format
1285 # `projects/*/locations/*/keyRings/*/cryptoKeys/*`.
1286 &quot;versionTemplate&quot;: { # A CryptoKeyVersionTemplate specifies the properties to use when creating # A template describing settings for new CryptoKeyVersion instances.
1287 # The properties of new CryptoKeyVersion instances created by either
1288 # CreateCryptoKeyVersion or
1289 # auto-rotation are controlled by this template.
1290 # a new CryptoKeyVersion, either manually with
1291 # CreateCryptoKeyVersion or
1292 # automatically as a result of auto-rotation.
1293 &quot;algorithm&quot;: &quot;A String&quot;, # Required. Algorithm to use
1294 # when creating a CryptoKeyVersion based on this template.
1295 #
1296 # For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both
1297 # this field is omitted and CryptoKey.purpose is
1298 # ENCRYPT_DECRYPT.
1299 &quot;protectionLevel&quot;: &quot;A String&quot;, # ProtectionLevel to use when creating a CryptoKeyVersion based on
1300 # this template. Immutable. Defaults to SOFTWARE.
1301 },
1302 &quot;purpose&quot;: &quot;A String&quot;, # Immutable. The immutable purpose of this CryptoKey.
1303 &quot;nextRotationTime&quot;: &quot;A String&quot;, # At next_rotation_time, the Key Management Service will automatically:
1304 #
1305 # 1. Create a new version of this CryptoKey.
1306 # 2. Mark the new version as primary.
1307 #
1308 # Key rotations performed manually via
1309 # CreateCryptoKeyVersion and
1310 # UpdateCryptoKeyPrimaryVersion
1311 # do not affect next_rotation_time.
1312 #
1313 # Keys with purpose
1314 # ENCRYPT_DECRYPT support
1315 # automatic rotation. For other keys, this field must be omitted.
1316 &quot;labels&quot;: { # Labels with user-defined metadata. For more information, see
1317 # [Labeling Keys](/kms/docs/labeling-keys).
1318 &quot;a_key&quot;: &quot;A String&quot;,
1319 },
1320 &quot;createTime&quot;: &quot;A String&quot;, # Output only. The time at which this CryptoKey was created.
1321 }</pre>
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -04001322</div>
1323
1324<div class="method">
Dan O'Mearadd494642020-05-01 07:42:23 -07001325 <code class="details" id="setIamPolicy">setIamPolicy(resource, body=None, x__xgafv=None)</code>
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -04001326 <pre>Sets the access control policy on the specified resource. Replaces any
1327existing policy.
1328
Bu Sun Kim65020912020-05-20 12:08:20 -07001329Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED` errors.
Dan O'Mearadd494642020-05-01 07:42:23 -07001330
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -04001331Args:
1332 resource: string, REQUIRED: The resource for which the policy is being specified.
1333See the operation documentation for the appropriate value for this field. (required)
Dan O'Mearadd494642020-05-01 07:42:23 -07001334 body: object, The request body.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -04001335 The object takes the form of:
1336
1337{ # Request message for `SetIamPolicy` method.
Bu Sun Kim65020912020-05-20 12:08:20 -07001338 &quot;policy&quot;: { # An Identity and Access Management (IAM) policy, which specifies access # REQUIRED: The complete policy to be applied to the `resource`. The size of
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -04001339 # the policy is limited to a few 10s of KB. An empty policy is a
1340 # valid policy but certain Cloud Platform services (such as Projects)
1341 # might reject them.
Dan O'Mearadd494642020-05-01 07:42:23 -07001342 # controls for Google Cloud resources.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -04001343 #
1344 #
Dan O'Mearadd494642020-05-01 07:42:23 -07001345 # A `Policy` is a collection of `bindings`. A `binding` binds one or more
1346 # `members` to a single `role`. Members can be user accounts, service accounts,
1347 # Google groups, and domains (such as G Suite). A `role` is a named list of
1348 # permissions; each `role` can be an IAM predefined role or a user-created
1349 # custom role.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -04001350 #
Bu Sun Kim65020912020-05-20 12:08:20 -07001351 # For some types of Google Cloud resources, a `binding` can also specify a
1352 # `condition`, which is a logical expression that allows access to a resource
1353 # only if the expression evaluates to `true`. A condition can add constraints
1354 # based on attributes of the request, the resource, or both. To learn which
1355 # resources support conditions in their IAM policies, see the
1356 # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
Dan O'Mearadd494642020-05-01 07:42:23 -07001357 #
1358 # **JSON example:**
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -04001359 #
1360 # {
Bu Sun Kim65020912020-05-20 12:08:20 -07001361 # &quot;bindings&quot;: [
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -04001362 # {
Bu Sun Kim65020912020-05-20 12:08:20 -07001363 # &quot;role&quot;: &quot;roles/resourcemanager.organizationAdmin&quot;,
1364 # &quot;members&quot;: [
1365 # &quot;user:mike@example.com&quot;,
1366 # &quot;group:admins@example.com&quot;,
1367 # &quot;domain:google.com&quot;,
1368 # &quot;serviceAccount:my-project-id@appspot.gserviceaccount.com&quot;
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -04001369 # ]
1370 # },
1371 # {
Bu Sun Kim65020912020-05-20 12:08:20 -07001372 # &quot;role&quot;: &quot;roles/resourcemanager.organizationViewer&quot;,
1373 # &quot;members&quot;: [
1374 # &quot;user:eve@example.com&quot;
1375 # ],
1376 # &quot;condition&quot;: {
1377 # &quot;title&quot;: &quot;expirable access&quot;,
1378 # &quot;description&quot;: &quot;Does not grant access after Sep 2020&quot;,
1379 # &quot;expression&quot;: &quot;request.time &lt; timestamp(&#x27;2020-10-01T00:00:00.000Z&#x27;)&quot;,
Dan O'Mearadd494642020-05-01 07:42:23 -07001380 # }
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -04001381 # }
Dan O'Mearadd494642020-05-01 07:42:23 -07001382 # ],
Bu Sun Kim65020912020-05-20 12:08:20 -07001383 # &quot;etag&quot;: &quot;BwWWja0YfJA=&quot;,
1384 # &quot;version&quot;: 3
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -04001385 # }
1386 #
Dan O'Mearadd494642020-05-01 07:42:23 -07001387 # **YAML example:**
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001388 #
1389 # bindings:
1390 # - members:
1391 # - user:mike@example.com
1392 # - group:admins@example.com
1393 # - domain:google.com
Dan O'Mearadd494642020-05-01 07:42:23 -07001394 # - serviceAccount:my-project-id@appspot.gserviceaccount.com
1395 # role: roles/resourcemanager.organizationAdmin
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001396 # - members:
Dan O'Mearadd494642020-05-01 07:42:23 -07001397 # - user:eve@example.com
1398 # role: roles/resourcemanager.organizationViewer
1399 # condition:
1400 # title: expirable access
1401 # description: Does not grant access after Sep 2020
Bu Sun Kim65020912020-05-20 12:08:20 -07001402 # expression: request.time &lt; timestamp(&#x27;2020-10-01T00:00:00.000Z&#x27;)
Dan O'Mearadd494642020-05-01 07:42:23 -07001403 # - etag: BwWWja0YfJA=
1404 # - version: 3
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001405 #
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -04001406 # For a description of IAM and its features, see the
Dan O'Mearadd494642020-05-01 07:42:23 -07001407 # [IAM documentation](https://cloud.google.com/iam/docs/).
Bu Sun Kim65020912020-05-20 12:08:20 -07001408 &quot;version&quot;: 42, # Specifies the format of the policy.
1409 #
1410 # Valid values are `0`, `1`, and `3`. Requests that specify an invalid value
1411 # are rejected.
1412 #
1413 # Any operation that affects conditional role bindings must specify version
1414 # `3`. This requirement applies to the following operations:
1415 #
1416 # * Getting a policy that includes a conditional role binding
1417 # * Adding a conditional role binding to a policy
1418 # * Changing a conditional role binding in a policy
1419 # * Removing any role binding, with or without a condition, from a policy
1420 # that includes conditions
1421 #
1422 # **Important:** If you use IAM Conditions, you must include the `etag` field
1423 # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
1424 # you to overwrite a version `3` policy with a version `1` policy, and all of
1425 # the conditions in the version `3` policy are lost.
1426 #
1427 # If a policy does not include any conditions, operations on that policy may
1428 # specify any valid version or leave the field unset.
1429 #
1430 # To learn which resources support conditions in their IAM policies, see the
1431 # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
1432 &quot;auditConfigs&quot;: [ # Specifies cloud audit logging configuration for this policy.
1433 { # Specifies the audit configuration for a service.
1434 # The configuration determines which permission types are logged, and what
1435 # identities, if any, are exempted from logging.
1436 # An AuditConfig must have one or more AuditLogConfigs.
1437 #
1438 # If there are AuditConfigs for both `allServices` and a specific service,
1439 # the union of the two AuditConfigs is used for that service: the log_types
1440 # specified in each AuditConfig are enabled, and the exempted_members in each
1441 # AuditLogConfig are exempted.
1442 #
1443 # Example Policy with multiple AuditConfigs:
1444 #
1445 # {
1446 # &quot;audit_configs&quot;: [
1447 # {
1448 # &quot;service&quot;: &quot;allServices&quot;
1449 # &quot;audit_log_configs&quot;: [
1450 # {
1451 # &quot;log_type&quot;: &quot;DATA_READ&quot;,
1452 # &quot;exempted_members&quot;: [
1453 # &quot;user:jose@example.com&quot;
1454 # ]
1455 # },
1456 # {
1457 # &quot;log_type&quot;: &quot;DATA_WRITE&quot;,
1458 # },
1459 # {
1460 # &quot;log_type&quot;: &quot;ADMIN_READ&quot;,
1461 # }
1462 # ]
1463 # },
1464 # {
1465 # &quot;service&quot;: &quot;sampleservice.googleapis.com&quot;
1466 # &quot;audit_log_configs&quot;: [
1467 # {
1468 # &quot;log_type&quot;: &quot;DATA_READ&quot;,
1469 # },
1470 # {
1471 # &quot;log_type&quot;: &quot;DATA_WRITE&quot;,
1472 # &quot;exempted_members&quot;: [
1473 # &quot;user:aliya@example.com&quot;
1474 # ]
1475 # }
1476 # ]
1477 # }
1478 # ]
1479 # }
1480 #
1481 # For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
1482 # logging. It also exempts jose@example.com from DATA_READ logging, and
1483 # aliya@example.com from DATA_WRITE logging.
1484 &quot;auditLogConfigs&quot;: [ # The configuration for logging of each type of permission.
1485 { # Provides the configuration for logging a type of permissions.
1486 # Example:
1487 #
1488 # {
1489 # &quot;audit_log_configs&quot;: [
1490 # {
1491 # &quot;log_type&quot;: &quot;DATA_READ&quot;,
1492 # &quot;exempted_members&quot;: [
1493 # &quot;user:jose@example.com&quot;
1494 # ]
1495 # },
1496 # {
1497 # &quot;log_type&quot;: &quot;DATA_WRITE&quot;,
1498 # }
1499 # ]
1500 # }
1501 #
1502 # This enables &#x27;DATA_READ&#x27; and &#x27;DATA_WRITE&#x27; logging, while exempting
1503 # jose@example.com from DATA_READ logging.
1504 &quot;exemptedMembers&quot;: [ # Specifies the identities that do not cause logging for this type of
1505 # permission.
1506 # Follows the same format of Binding.members.
1507 &quot;A String&quot;,
1508 ],
1509 &quot;logType&quot;: &quot;A String&quot;, # The log type that this config enables.
1510 },
1511 ],
1512 &quot;service&quot;: &quot;A String&quot;, # Specifies a service that will be enabled for audit logging.
1513 # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.
1514 # `allServices` is a special value that covers all services.
1515 },
1516 ],
1517 &quot;bindings&quot;: [ # Associates a list of `members` to a `role`. Optionally, may specify a
Dan O'Mearadd494642020-05-01 07:42:23 -07001518 # `condition` that determines how and when the `bindings` are applied. Each
1519 # of the `bindings` must contain at least one member.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001520 { # Associates `members` with a `role`.
Bu Sun Kim65020912020-05-20 12:08:20 -07001521 &quot;members&quot;: [ # Specifies the identities requesting access for a Cloud Platform resource.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001522 # `members` can have the following values:
1523 #
1524 # * `allUsers`: A special identifier that represents anyone who is
1525 # on the internet; with or without a Google account.
1526 #
1527 # * `allAuthenticatedUsers`: A special identifier that represents anyone
1528 # who is authenticated with a Google account or a service account.
1529 #
1530 # * `user:{emailid}`: An email address that represents a specific Google
Dan O'Mearadd494642020-05-01 07:42:23 -07001531 # account. For example, `alice@example.com` .
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001532 #
1533 #
1534 # * `serviceAccount:{emailid}`: An email address that represents a service
1535 # account. For example, `my-other-app@appspot.gserviceaccount.com`.
1536 #
1537 # * `group:{emailid}`: An email address that represents a Google group.
1538 # For example, `admins@example.com`.
1539 #
Dan O'Mearadd494642020-05-01 07:42:23 -07001540 # * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique
1541 # identifier) representing a user that has been recently deleted. For
1542 # example, `alice@example.com?uid=123456789012345678901`. If the user is
1543 # recovered, this value reverts to `user:{emailid}` and the recovered user
1544 # retains the role in the binding.
1545 #
1546 # * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus
1547 # unique identifier) representing a service account that has been recently
1548 # deleted. For example,
1549 # `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.
1550 # If the service account is undeleted, this value reverts to
1551 # `serviceAccount:{emailid}` and the undeleted service account retains the
1552 # role in the binding.
1553 #
1554 # * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique
1555 # identifier) representing a Google group that has been recently
1556 # deleted. For example, `admins@example.com?uid=123456789012345678901`. If
1557 # the group is recovered, this value reverts to `group:{emailid}` and the
1558 # recovered group retains the role in the binding.
1559 #
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001560 #
1561 # * `domain:{domain}`: The G Suite domain (primary) that represents all the
1562 # users of that domain. For example, `google.com` or `example.com`.
1563 #
Bu Sun Kim65020912020-05-20 12:08:20 -07001564 &quot;A String&quot;,
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001565 ],
Bu Sun Kim65020912020-05-20 12:08:20 -07001566 &quot;role&quot;: &quot;A String&quot;, # Role that is assigned to `members`.
1567 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
1568 &quot;condition&quot;: { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.
1569 #
1570 # If the condition evaluates to `true`, then this binding applies to the
1571 # current request.
1572 #
1573 # If the condition evaluates to `false`, then this binding does not apply to
1574 # the current request. However, a different role binding might grant the same
1575 # role to one or more of the members in this binding.
1576 #
1577 # To learn which resources support conditions in their IAM policies, see the
1578 # [IAM
1579 # documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
1580 # syntax. CEL is a C-like expression language. The syntax and semantics of CEL
1581 # are documented at https://github.com/google/cel-spec.
1582 #
1583 # Example (Comparison):
1584 #
1585 # title: &quot;Summary size limit&quot;
1586 # description: &quot;Determines if a summary is less than 100 chars&quot;
1587 # expression: &quot;document.summary.size() &lt; 100&quot;
1588 #
1589 # Example (Equality):
1590 #
1591 # title: &quot;Requestor is owner&quot;
1592 # description: &quot;Determines if requestor is the document owner&quot;
1593 # expression: &quot;document.owner == request.auth.claims.email&quot;
1594 #
1595 # Example (Logic):
1596 #
1597 # title: &quot;Public documents&quot;
1598 # description: &quot;Determine whether the document should be publicly visible&quot;
1599 # expression: &quot;document.type != &#x27;private&#x27; &amp;&amp; document.type != &#x27;internal&#x27;&quot;
1600 #
1601 # Example (Data Manipulation):
1602 #
1603 # title: &quot;Notification string&quot;
1604 # description: &quot;Create a notification string with a timestamp.&quot;
1605 # expression: &quot;&#x27;New message received at &#x27; + string(document.create_time)&quot;
1606 #
1607 # The exact variables and functions that may be referenced within an expression
1608 # are determined by the service that evaluates it. See the service
1609 # documentation for additional information.
1610 &quot;title&quot;: &quot;A String&quot;, # Optional. Title for the expression, i.e. a short string describing
1611 # its purpose. This can be used e.g. in UIs which allow to enter the
1612 # expression.
1613 &quot;location&quot;: &quot;A String&quot;, # Optional. String indicating the location of the expression for error
1614 # reporting, e.g. a file name and a position in the file.
1615 &quot;description&quot;: &quot;A String&quot;, # Optional. Description of the expression. This is a longer text which
1616 # describes the expression, e.g. when hovered over it in a UI.
1617 &quot;expression&quot;: &quot;A String&quot;, # Textual representation of an expression in Common Expression Language
1618 # syntax.
1619 },
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001620 },
1621 ],
Bu Sun Kim65020912020-05-20 12:08:20 -07001622 &quot;etag&quot;: &quot;A String&quot;, # `etag` is used for optimistic concurrency control as a way to help
Dan O'Mearadd494642020-05-01 07:42:23 -07001623 # prevent simultaneous updates of a policy from overwriting each other.
1624 # It is strongly suggested that systems make use of the `etag` in the
1625 # read-modify-write cycle to perform policy updates in order to avoid race
1626 # conditions: An `etag` is returned in the response to `getIamPolicy`, and
1627 # systems are expected to put that etag in the request to `setIamPolicy` to
1628 # ensure that their change will be applied to the same version of the policy.
1629 #
1630 # **Important:** If you use IAM Conditions, you must include the `etag` field
1631 # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
1632 # you to overwrite a version `3` policy with a version `1` policy, and all of
1633 # the conditions in the version `3` policy are lost.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -04001634 },
Bu Sun Kim65020912020-05-20 12:08:20 -07001635 &quot;updateMask&quot;: &quot;A String&quot;, # OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only
Sai Cheemalapatie833b792017-03-24 15:06:46 -07001636 # the fields in the mask will be modified. If no mask is provided, the
1637 # following default mask is used:
Bu Sun Kim65020912020-05-20 12:08:20 -07001638 #
1639 # `paths: &quot;bindings, etag&quot;`
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -04001640 }
1641
1642 x__xgafv: string, V1 error format.
1643 Allowed values
1644 1 - v1 error format
1645 2 - v2 error format
1646
1647Returns:
1648 An object of the form:
1649
Dan O'Mearadd494642020-05-01 07:42:23 -07001650 { # An Identity and Access Management (IAM) policy, which specifies access
1651 # controls for Google Cloud resources.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -04001652 #
1653 #
Dan O'Mearadd494642020-05-01 07:42:23 -07001654 # A `Policy` is a collection of `bindings`. A `binding` binds one or more
1655 # `members` to a single `role`. Members can be user accounts, service accounts,
1656 # Google groups, and domains (such as G Suite). A `role` is a named list of
1657 # permissions; each `role` can be an IAM predefined role or a user-created
1658 # custom role.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -04001659 #
Bu Sun Kim65020912020-05-20 12:08:20 -07001660 # For some types of Google Cloud resources, a `binding` can also specify a
1661 # `condition`, which is a logical expression that allows access to a resource
1662 # only if the expression evaluates to `true`. A condition can add constraints
1663 # based on attributes of the request, the resource, or both. To learn which
1664 # resources support conditions in their IAM policies, see the
1665 # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
Dan O'Mearadd494642020-05-01 07:42:23 -07001666 #
1667 # **JSON example:**
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -04001668 #
1669 # {
Bu Sun Kim65020912020-05-20 12:08:20 -07001670 # &quot;bindings&quot;: [
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -04001671 # {
Bu Sun Kim65020912020-05-20 12:08:20 -07001672 # &quot;role&quot;: &quot;roles/resourcemanager.organizationAdmin&quot;,
1673 # &quot;members&quot;: [
1674 # &quot;user:mike@example.com&quot;,
1675 # &quot;group:admins@example.com&quot;,
1676 # &quot;domain:google.com&quot;,
1677 # &quot;serviceAccount:my-project-id@appspot.gserviceaccount.com&quot;
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -04001678 # ]
1679 # },
1680 # {
Bu Sun Kim65020912020-05-20 12:08:20 -07001681 # &quot;role&quot;: &quot;roles/resourcemanager.organizationViewer&quot;,
1682 # &quot;members&quot;: [
1683 # &quot;user:eve@example.com&quot;
1684 # ],
1685 # &quot;condition&quot;: {
1686 # &quot;title&quot;: &quot;expirable access&quot;,
1687 # &quot;description&quot;: &quot;Does not grant access after Sep 2020&quot;,
1688 # &quot;expression&quot;: &quot;request.time &lt; timestamp(&#x27;2020-10-01T00:00:00.000Z&#x27;)&quot;,
Dan O'Mearadd494642020-05-01 07:42:23 -07001689 # }
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -04001690 # }
Dan O'Mearadd494642020-05-01 07:42:23 -07001691 # ],
Bu Sun Kim65020912020-05-20 12:08:20 -07001692 # &quot;etag&quot;: &quot;BwWWja0YfJA=&quot;,
1693 # &quot;version&quot;: 3
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -04001694 # }
1695 #
Dan O'Mearadd494642020-05-01 07:42:23 -07001696 # **YAML example:**
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001697 #
1698 # bindings:
1699 # - members:
1700 # - user:mike@example.com
1701 # - group:admins@example.com
1702 # - domain:google.com
Dan O'Mearadd494642020-05-01 07:42:23 -07001703 # - serviceAccount:my-project-id@appspot.gserviceaccount.com
1704 # role: roles/resourcemanager.organizationAdmin
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001705 # - members:
Dan O'Mearadd494642020-05-01 07:42:23 -07001706 # - user:eve@example.com
1707 # role: roles/resourcemanager.organizationViewer
1708 # condition:
1709 # title: expirable access
1710 # description: Does not grant access after Sep 2020
Bu Sun Kim65020912020-05-20 12:08:20 -07001711 # expression: request.time &lt; timestamp(&#x27;2020-10-01T00:00:00.000Z&#x27;)
Dan O'Mearadd494642020-05-01 07:42:23 -07001712 # - etag: BwWWja0YfJA=
1713 # - version: 3
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001714 #
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -04001715 # For a description of IAM and its features, see the
Dan O'Mearadd494642020-05-01 07:42:23 -07001716 # [IAM documentation](https://cloud.google.com/iam/docs/).
Bu Sun Kim65020912020-05-20 12:08:20 -07001717 &quot;version&quot;: 42, # Specifies the format of the policy.
1718 #
1719 # Valid values are `0`, `1`, and `3`. Requests that specify an invalid value
1720 # are rejected.
1721 #
1722 # Any operation that affects conditional role bindings must specify version
1723 # `3`. This requirement applies to the following operations:
1724 #
1725 # * Getting a policy that includes a conditional role binding
1726 # * Adding a conditional role binding to a policy
1727 # * Changing a conditional role binding in a policy
1728 # * Removing any role binding, with or without a condition, from a policy
1729 # that includes conditions
1730 #
1731 # **Important:** If you use IAM Conditions, you must include the `etag` field
1732 # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
1733 # you to overwrite a version `3` policy with a version `1` policy, and all of
1734 # the conditions in the version `3` policy are lost.
1735 #
1736 # If a policy does not include any conditions, operations on that policy may
1737 # specify any valid version or leave the field unset.
1738 #
1739 # To learn which resources support conditions in their IAM policies, see the
1740 # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
1741 &quot;auditConfigs&quot;: [ # Specifies cloud audit logging configuration for this policy.
1742 { # Specifies the audit configuration for a service.
1743 # The configuration determines which permission types are logged, and what
1744 # identities, if any, are exempted from logging.
1745 # An AuditConfig must have one or more AuditLogConfigs.
1746 #
1747 # If there are AuditConfigs for both `allServices` and a specific service,
1748 # the union of the two AuditConfigs is used for that service: the log_types
1749 # specified in each AuditConfig are enabled, and the exempted_members in each
1750 # AuditLogConfig are exempted.
1751 #
1752 # Example Policy with multiple AuditConfigs:
1753 #
1754 # {
1755 # &quot;audit_configs&quot;: [
1756 # {
1757 # &quot;service&quot;: &quot;allServices&quot;
1758 # &quot;audit_log_configs&quot;: [
1759 # {
1760 # &quot;log_type&quot;: &quot;DATA_READ&quot;,
1761 # &quot;exempted_members&quot;: [
1762 # &quot;user:jose@example.com&quot;
1763 # ]
1764 # },
1765 # {
1766 # &quot;log_type&quot;: &quot;DATA_WRITE&quot;,
1767 # },
1768 # {
1769 # &quot;log_type&quot;: &quot;ADMIN_READ&quot;,
1770 # }
1771 # ]
1772 # },
1773 # {
1774 # &quot;service&quot;: &quot;sampleservice.googleapis.com&quot;
1775 # &quot;audit_log_configs&quot;: [
1776 # {
1777 # &quot;log_type&quot;: &quot;DATA_READ&quot;,
1778 # },
1779 # {
1780 # &quot;log_type&quot;: &quot;DATA_WRITE&quot;,
1781 # &quot;exempted_members&quot;: [
1782 # &quot;user:aliya@example.com&quot;
1783 # ]
1784 # }
1785 # ]
1786 # }
1787 # ]
1788 # }
1789 #
1790 # For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
1791 # logging. It also exempts jose@example.com from DATA_READ logging, and
1792 # aliya@example.com from DATA_WRITE logging.
1793 &quot;auditLogConfigs&quot;: [ # The configuration for logging of each type of permission.
1794 { # Provides the configuration for logging a type of permissions.
1795 # Example:
1796 #
1797 # {
1798 # &quot;audit_log_configs&quot;: [
1799 # {
1800 # &quot;log_type&quot;: &quot;DATA_READ&quot;,
1801 # &quot;exempted_members&quot;: [
1802 # &quot;user:jose@example.com&quot;
1803 # ]
1804 # },
1805 # {
1806 # &quot;log_type&quot;: &quot;DATA_WRITE&quot;,
1807 # }
1808 # ]
1809 # }
1810 #
1811 # This enables &#x27;DATA_READ&#x27; and &#x27;DATA_WRITE&#x27; logging, while exempting
1812 # jose@example.com from DATA_READ logging.
1813 &quot;exemptedMembers&quot;: [ # Specifies the identities that do not cause logging for this type of
1814 # permission.
1815 # Follows the same format of Binding.members.
1816 &quot;A String&quot;,
1817 ],
1818 &quot;logType&quot;: &quot;A String&quot;, # The log type that this config enables.
1819 },
1820 ],
1821 &quot;service&quot;: &quot;A String&quot;, # Specifies a service that will be enabled for audit logging.
1822 # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.
1823 # `allServices` is a special value that covers all services.
1824 },
1825 ],
1826 &quot;bindings&quot;: [ # Associates a list of `members` to a `role`. Optionally, may specify a
Dan O'Mearadd494642020-05-01 07:42:23 -07001827 # `condition` that determines how and when the `bindings` are applied. Each
1828 # of the `bindings` must contain at least one member.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001829 { # Associates `members` with a `role`.
Bu Sun Kim65020912020-05-20 12:08:20 -07001830 &quot;members&quot;: [ # Specifies the identities requesting access for a Cloud Platform resource.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001831 # `members` can have the following values:
1832 #
1833 # * `allUsers`: A special identifier that represents anyone who is
1834 # on the internet; with or without a Google account.
1835 #
1836 # * `allAuthenticatedUsers`: A special identifier that represents anyone
1837 # who is authenticated with a Google account or a service account.
1838 #
1839 # * `user:{emailid}`: An email address that represents a specific Google
Dan O'Mearadd494642020-05-01 07:42:23 -07001840 # account. For example, `alice@example.com` .
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001841 #
1842 #
1843 # * `serviceAccount:{emailid}`: An email address that represents a service
1844 # account. For example, `my-other-app@appspot.gserviceaccount.com`.
1845 #
1846 # * `group:{emailid}`: An email address that represents a Google group.
1847 # For example, `admins@example.com`.
1848 #
Dan O'Mearadd494642020-05-01 07:42:23 -07001849 # * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique
1850 # identifier) representing a user that has been recently deleted. For
1851 # example, `alice@example.com?uid=123456789012345678901`. If the user is
1852 # recovered, this value reverts to `user:{emailid}` and the recovered user
1853 # retains the role in the binding.
1854 #
1855 # * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus
1856 # unique identifier) representing a service account that has been recently
1857 # deleted. For example,
1858 # `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.
1859 # If the service account is undeleted, this value reverts to
1860 # `serviceAccount:{emailid}` and the undeleted service account retains the
1861 # role in the binding.
1862 #
1863 # * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique
1864 # identifier) representing a Google group that has been recently
1865 # deleted. For example, `admins@example.com?uid=123456789012345678901`. If
1866 # the group is recovered, this value reverts to `group:{emailid}` and the
1867 # recovered group retains the role in the binding.
1868 #
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001869 #
1870 # * `domain:{domain}`: The G Suite domain (primary) that represents all the
1871 # users of that domain. For example, `google.com` or `example.com`.
1872 #
Bu Sun Kim65020912020-05-20 12:08:20 -07001873 &quot;A String&quot;,
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001874 ],
Bu Sun Kim65020912020-05-20 12:08:20 -07001875 &quot;role&quot;: &quot;A String&quot;, # Role that is assigned to `members`.
1876 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
1877 &quot;condition&quot;: { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.
1878 #
1879 # If the condition evaluates to `true`, then this binding applies to the
1880 # current request.
1881 #
1882 # If the condition evaluates to `false`, then this binding does not apply to
1883 # the current request. However, a different role binding might grant the same
1884 # role to one or more of the members in this binding.
1885 #
1886 # To learn which resources support conditions in their IAM policies, see the
1887 # [IAM
1888 # documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
1889 # syntax. CEL is a C-like expression language. The syntax and semantics of CEL
1890 # are documented at https://github.com/google/cel-spec.
1891 #
1892 # Example (Comparison):
1893 #
1894 # title: &quot;Summary size limit&quot;
1895 # description: &quot;Determines if a summary is less than 100 chars&quot;
1896 # expression: &quot;document.summary.size() &lt; 100&quot;
1897 #
1898 # Example (Equality):
1899 #
1900 # title: &quot;Requestor is owner&quot;
1901 # description: &quot;Determines if requestor is the document owner&quot;
1902 # expression: &quot;document.owner == request.auth.claims.email&quot;
1903 #
1904 # Example (Logic):
1905 #
1906 # title: &quot;Public documents&quot;
1907 # description: &quot;Determine whether the document should be publicly visible&quot;
1908 # expression: &quot;document.type != &#x27;private&#x27; &amp;&amp; document.type != &#x27;internal&#x27;&quot;
1909 #
1910 # Example (Data Manipulation):
1911 #
1912 # title: &quot;Notification string&quot;
1913 # description: &quot;Create a notification string with a timestamp.&quot;
1914 # expression: &quot;&#x27;New message received at &#x27; + string(document.create_time)&quot;
1915 #
1916 # The exact variables and functions that may be referenced within an expression
1917 # are determined by the service that evaluates it. See the service
1918 # documentation for additional information.
1919 &quot;title&quot;: &quot;A String&quot;, # Optional. Title for the expression, i.e. a short string describing
1920 # its purpose. This can be used e.g. in UIs which allow to enter the
1921 # expression.
1922 &quot;location&quot;: &quot;A String&quot;, # Optional. String indicating the location of the expression for error
1923 # reporting, e.g. a file name and a position in the file.
1924 &quot;description&quot;: &quot;A String&quot;, # Optional. Description of the expression. This is a longer text which
1925 # describes the expression, e.g. when hovered over it in a UI.
1926 &quot;expression&quot;: &quot;A String&quot;, # Textual representation of an expression in Common Expression Language
1927 # syntax.
1928 },
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001929 },
1930 ],
Bu Sun Kim65020912020-05-20 12:08:20 -07001931 &quot;etag&quot;: &quot;A String&quot;, # `etag` is used for optimistic concurrency control as a way to help
Dan O'Mearadd494642020-05-01 07:42:23 -07001932 # prevent simultaneous updates of a policy from overwriting each other.
1933 # It is strongly suggested that systems make use of the `etag` in the
1934 # read-modify-write cycle to perform policy updates in order to avoid race
1935 # conditions: An `etag` is returned in the response to `getIamPolicy`, and
1936 # systems are expected to put that etag in the request to `setIamPolicy` to
1937 # ensure that their change will be applied to the same version of the policy.
1938 #
1939 # **Important:** If you use IAM Conditions, you must include the `etag` field
1940 # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
1941 # you to overwrite a version `3` policy with a version `1` policy, and all of
1942 # the conditions in the version `3` policy are lost.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -04001943 }</pre>
1944</div>
1945
1946<div class="method">
Dan O'Mearadd494642020-05-01 07:42:23 -07001947 <code class="details" id="testIamPermissions">testIamPermissions(resource, body=None, x__xgafv=None)</code>
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -04001948 <pre>Returns permissions that a caller has on the specified resource.
1949If the resource does not exist, this will return an empty set of
Bu Sun Kim65020912020-05-20 12:08:20 -07001950permissions, not a `NOT_FOUND` error.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -04001951
1952Note: This operation is designed to be used for building permission-aware
1953UIs and command-line tools, not for authorization checking. This operation
Bu Sun Kim65020912020-05-20 12:08:20 -07001954may &quot;fail open&quot; without warning.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -04001955
1956Args:
1957 resource: string, REQUIRED: The resource for which the policy detail is being requested.
1958See the operation documentation for the appropriate value for this field. (required)
Dan O'Mearadd494642020-05-01 07:42:23 -07001959 body: object, The request body.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -04001960 The object takes the form of:
1961
1962{ # Request message for `TestIamPermissions` method.
Bu Sun Kim65020912020-05-20 12:08:20 -07001963 &quot;permissions&quot;: [ # The set of permissions to check for the `resource`. Permissions with
1964 # wildcards (such as &#x27;*&#x27; or &#x27;storage.*&#x27;) are not allowed. For more
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -04001965 # information see
1966 # [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions).
Bu Sun Kim65020912020-05-20 12:08:20 -07001967 &quot;A String&quot;,
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -04001968 ],
1969 }
1970
1971 x__xgafv: string, V1 error format.
1972 Allowed values
1973 1 - v1 error format
1974 2 - v2 error format
1975
1976Returns:
1977 An object of the form:
1978
1979 { # Response message for `TestIamPermissions` method.
Bu Sun Kim65020912020-05-20 12:08:20 -07001980 &quot;permissions&quot;: [ # A subset of `TestPermissionsRequest.permissions` that the caller is
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -04001981 # allowed.
Bu Sun Kim65020912020-05-20 12:08:20 -07001982 &quot;A String&quot;,
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -04001983 ],
1984 }</pre>
1985</div>
1986
1987<div class="method">
Dan O'Mearadd494642020-05-01 07:42:23 -07001988 <code class="details" id="updatePrimaryVersion">updatePrimaryVersion(name, body=None, x__xgafv=None)</code>
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001989 <pre>Update the version of a CryptoKey that will be used in Encrypt.
1990
1991Returns an error if called on an asymmetric key.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -04001992
1993Args:
Dan O'Mearadd494642020-05-01 07:42:23 -07001994 name: string, Required. The resource name of the CryptoKey to update. (required)
1995 body: object, The request body.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -04001996 The object takes the form of:
1997
1998{ # Request message for KeyManagementService.UpdateCryptoKeyPrimaryVersion.
Bu Sun Kim65020912020-05-20 12:08:20 -07001999 &quot;cryptoKeyVersionId&quot;: &quot;A String&quot;, # Required. The id of the child CryptoKeyVersion to use as primary.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -04002000 }
2001
2002 x__xgafv: string, V1 error format.
2003 Allowed values
2004 1 - v1 error format
2005 2 - v2 error format
2006
2007Returns:
2008 An object of the form:
2009
2010 { # A CryptoKey represents a logical key that can be used for cryptographic
Bu Sun Kim65020912020-05-20 12:08:20 -07002011 # operations.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -04002012 #
Bu Sun Kim65020912020-05-20 12:08:20 -07002013 # A CryptoKey is made up of zero or more versions,
2014 # which represent the actual key material used in cryptographic operations.
2015 &quot;rotationPeriod&quot;: &quot;A String&quot;, # next_rotation_time will be advanced by this period when the service
2016 # automatically rotates a key. Must be at least 24 hours and at most
2017 # 876,000 hours.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07002018 #
Bu Sun Kim65020912020-05-20 12:08:20 -07002019 # If rotation_period is set, next_rotation_time must also be set.
2020 #
2021 # Keys with purpose
2022 # ENCRYPT_DECRYPT support
2023 # automatic rotation. For other keys, this field must be omitted.
2024 &quot;primary&quot;: { # A CryptoKeyVersion represents an individual cryptographic key, and the # Output only. A copy of the &quot;primary&quot; CryptoKeyVersion that will be used
2025 # by Encrypt when this CryptoKey is given
2026 # in EncryptRequest.name.
2027 #
2028 # The CryptoKey&#x27;s primary version can be updated via
2029 # UpdateCryptoKeyPrimaryVersion.
2030 #
2031 # Keys with purpose
2032 # ENCRYPT_DECRYPT may have a
2033 # primary. For other keys, this field will be omitted.
2034 # associated key material.
2035 #
2036 # An ENABLED version can be
2037 # used for cryptographic operations.
2038 #
2039 # For security reasons, the raw cryptographic key material represented by a
2040 # CryptoKeyVersion can never be viewed or exported. It can only be used to
2041 # encrypt, decrypt, or sign data when an authorized user or application invokes
2042 # Cloud KMS.
2043 &quot;importTime&quot;: &quot;A String&quot;, # Output only. The time at which this CryptoKeyVersion&#x27;s key material
2044 # was imported.
2045 &quot;destroyEventTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material was
2046 # destroyed. Only present if state is
2047 # DESTROYED.
2048 &quot;destroyTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material is scheduled
2049 # for destruction. Only present if state is
2050 # DESTROY_SCHEDULED.
2051 &quot;importFailureReason&quot;: &quot;A String&quot;, # Output only. The root cause of an import failure. Only present if
2052 # state is
2053 # IMPORT_FAILED.
2054 &quot;state&quot;: &quot;A String&quot;, # The current state of the CryptoKeyVersion.
2055 &quot;attestation&quot;: { # Contains an HSM-generated attestation about a key operation. For more # Output only. Statement that was generated and signed by the HSM at key
2056 # creation time. Use this statement to verify attributes of the key as stored
2057 # on the HSM, independently of Google. Only provided for key versions with
2058 # protection_level HSM.
2059 # information, see [Verifying attestations]
2060 # (https://cloud.google.com/kms/docs/attest-key).
2061 &quot;format&quot;: &quot;A String&quot;, # Output only. The format of the attestation data.
2062 &quot;content&quot;: &quot;A String&quot;, # Output only. The attestation data provided by the HSM when the key
2063 # operation was performed.
2064 },
2065 &quot;name&quot;: &quot;A String&quot;, # Output only. The resource name for this CryptoKeyVersion in the format
2066 # `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.
2067 &quot;generateTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material was
2068 # generated.
2069 &quot;protectionLevel&quot;: &quot;A String&quot;, # Output only. The ProtectionLevel describing how crypto operations are
2070 # performed with this CryptoKeyVersion.
2071 &quot;createTime&quot;: &quot;A String&quot;, # Output only. The time at which this CryptoKeyVersion was created.
2072 &quot;algorithm&quot;: &quot;A String&quot;, # Output only. The CryptoKeyVersionAlgorithm that this
2073 # CryptoKeyVersion supports.
2074 &quot;importJob&quot;: &quot;A String&quot;, # Output only. The name of the ImportJob used to import this
2075 # CryptoKeyVersion. Only present if the underlying key material was
2076 # imported.
2077 &quot;externalProtectionLevelOptions&quot;: { # ExternalProtectionLevelOptions stores a group of additional fields for # ExternalProtectionLevelOptions stores a group of additional fields for
2078 # configuring a CryptoKeyVersion that are specific to the
2079 # EXTERNAL protection level.
2080 # configuring a CryptoKeyVersion that are specific to the
2081 # EXTERNAL protection level.
2082 &quot;externalKeyUri&quot;: &quot;A String&quot;, # The URI for an external resource that this CryptoKeyVersion represents.
2083 },
2084 },
2085 &quot;name&quot;: &quot;A String&quot;, # Output only. The resource name for this CryptoKey in the format
2086 # `projects/*/locations/*/keyRings/*/cryptoKeys/*`.
2087 &quot;versionTemplate&quot;: { # A CryptoKeyVersionTemplate specifies the properties to use when creating # A template describing settings for new CryptoKeyVersion instances.
2088 # The properties of new CryptoKeyVersion instances created by either
2089 # CreateCryptoKeyVersion or
2090 # auto-rotation are controlled by this template.
2091 # a new CryptoKeyVersion, either manually with
2092 # CreateCryptoKeyVersion or
2093 # automatically as a result of auto-rotation.
2094 &quot;algorithm&quot;: &quot;A String&quot;, # Required. Algorithm to use
2095 # when creating a CryptoKeyVersion based on this template.
2096 #
2097 # For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both
2098 # this field is omitted and CryptoKey.purpose is
2099 # ENCRYPT_DECRYPT.
2100 &quot;protectionLevel&quot;: &quot;A String&quot;, # ProtectionLevel to use when creating a CryptoKeyVersion based on
2101 # this template. Immutable. Defaults to SOFTWARE.
2102 },
2103 &quot;purpose&quot;: &quot;A String&quot;, # Immutable. The immutable purpose of this CryptoKey.
2104 &quot;nextRotationTime&quot;: &quot;A String&quot;, # At next_rotation_time, the Key Management Service will automatically:
2105 #
2106 # 1. Create a new version of this CryptoKey.
2107 # 2. Mark the new version as primary.
2108 #
2109 # Key rotations performed manually via
2110 # CreateCryptoKeyVersion and
2111 # UpdateCryptoKeyPrimaryVersion
2112 # do not affect next_rotation_time.
2113 #
2114 # Keys with purpose
2115 # ENCRYPT_DECRYPT support
2116 # automatic rotation. For other keys, this field must be omitted.
2117 &quot;labels&quot;: { # Labels with user-defined metadata. For more information, see
2118 # [Labeling Keys](/kms/docs/labeling-keys).
2119 &quot;a_key&quot;: &quot;A String&quot;,
2120 },
2121 &quot;createTime&quot;: &quot;A String&quot;, # Output only. The time at which this CryptoKey was created.
2122 }</pre>
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -04002123</div>
2124
2125</body></html>