Google Git
Sign in
fuchsia / third_party / dart-pkg / fb97607533faa863249dd84f9171e8dad9b5bd51 / . / googleapis / lib / cloudkms / v1.dart
blob: 20cac0ff524bf9dfd90e37f8ee0a04563f1e7c10 [file] [log] [blame]
// This is a generated file (see the discoveryapis_generator project).
// ignore_for_file: camel_case_types
// ignore_for_file: comment_references
// ignore_for_file: file_names
// ignore_for_file: library_names
// ignore_for_file: lines_longer_than_80_chars
// ignore_for_file: non_constant_identifier_names
// ignore_for_file: prefer_expression_function_bodies
// ignore_for_file: prefer_interpolation_to_compose_strings
// ignore_for_file: unnecessary_brace_in_string_interps
// ignore_for_file: unnecessary_lambdas
// ignore_for_file: unnecessary_string_interpolations
/// Cloud Key Management Service (KMS) API - v1
///
/// Manages keys and performs cryptographic operations in a central cloud
/// service, for direct use by other cloud resources and applications.
///
/// For more information, see <https://cloud.google.com/kms/>
///
/// Create an instance of [CloudKMSApi] to access these resources:
///
/// - [ProjectsResource]
/// - [ProjectsLocationsResource]
/// - [ProjectsLocationsEkmConnectionsResource]
/// - [ProjectsLocationsKeyRingsResource]
/// - [ProjectsLocationsKeyRingsCryptoKeysResource]
/// - [ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsResource]
/// - [ProjectsLocationsKeyRingsImportJobsResource]
library cloudkms.v1;
import 'dart:async' as async;
import 'dart:convert' as convert;
import 'dart:core' as core;
import 'package:_discoveryapis_commons/_discoveryapis_commons.dart' as commons;
import 'package:http/http.dart' as http;
// ignore: deprecated_member_use_from_same_package
import '../shared.dart';
import '../src/user_agent.dart';
export 'package:_discoveryapis_commons/_discoveryapis_commons.dart'
show ApiRequestError, DetailedApiRequestError;
/// Manages keys and performs cryptographic operations in a central cloud
/// service, for direct use by other cloud resources and applications.
class CloudKMSApi {
/// See, edit, configure, and delete your Google Cloud data and see the email
/// address for your Google Account.
static const cloudPlatformScope =
'https://www.googleapis.com/auth/cloud-platform';
/// View and manage your keys and secrets stored in Cloud Key Management
/// Service
static const cloudkmsScope = 'https://www.googleapis.com/auth/cloudkms';
final commons.ApiRequester _requester;
ProjectsResource get projects => ProjectsResource(_requester);
CloudKMSApi(http.Client client,
{core.String rootUrl = 'https://cloudkms.googleapis.com/',
core.String servicePath = ''})
: _requester =
commons.ApiRequester(client, rootUrl, servicePath, requestHeaders);
}
class ProjectsResource {
final commons.ApiRequester _requester;
ProjectsLocationsResource get locations =>
ProjectsLocationsResource(_requester);
ProjectsResource(commons.ApiRequester client) : _requester = client;
}
class ProjectsLocationsResource {
final commons.ApiRequester _requester;
ProjectsLocationsEkmConnectionsResource get ekmConnections =>
ProjectsLocationsEkmConnectionsResource(_requester);
ProjectsLocationsKeyRingsResource get keyRings =>
ProjectsLocationsKeyRingsResource(_requester);
ProjectsLocationsResource(commons.ApiRequester client) : _requester = client;
/// Generate random bytes using the Cloud KMS randomness source in the
/// provided location.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [location] - The project-specific location in which to generate random
/// bytes. For example, "projects/my-project/locations/us-central1".
/// Value must have pattern `^projects/\[^/\]+/locations/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [GenerateRandomBytesResponse].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<GenerateRandomBytesResponse> generateRandomBytes(
GenerateRandomBytesRequest request,
core.String location, {
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
if ($fields != null) 'fields': [$fields],
};
final url_ =
'v1/' + core.Uri.encodeFull('$location') + ':generateRandomBytes';
final response_ = await _requester.request(
url_,
'POST',
body: body_,
queryParams: queryParams_,
);
return GenerateRandomBytesResponse.fromJson(
response_ as core.Map<core.String, core.dynamic>);
}
/// Gets information about a location.
///
/// Request parameters:
///
/// [name] - Resource name for the location.
/// Value must have pattern `^projects/\[^/\]+/locations/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [Location].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<Location> get(
core.String name, {
core.String? $fields,
}) async {
final queryParams_ = <core.String, core.List<core.String>>{
if ($fields != null) 'fields': [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$name');
final response_ = await _requester.request(
url_,
'GET',
queryParams: queryParams_,
);
return Location.fromJson(response_ as core.Map<core.String, core.dynamic>);
}
/// Lists information about the supported locations for this service.
///
/// Request parameters:
///
/// [name] - The resource that owns the locations collection, if applicable.
/// Value must have pattern `^projects/\[^/\]+$`.
///
/// [filter] - A filter to narrow down results to a preferred subset. The
/// filtering language accepts strings like `"displayName=tokyo"`, and is
/// documented in more detail in \[AIP-160\](https://google.aip.dev/160).
///
/// [pageSize] - The maximum number of results to return. If not set, the
/// service selects a default.
///
/// [pageToken] - A page token received from the `next_page_token` field in
/// the response. Send that page token to receive the subsequent page.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [ListLocationsResponse].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<ListLocationsResponse> list(
core.String name, {
core.String? filter,
core.int? pageSize,
core.String? pageToken,
core.String? $fields,
}) async {
final queryParams_ = <core.String, core.List<core.String>>{
if (filter != null) 'filter': [filter],
if (pageSize != null) 'pageSize': ['${pageSize}'],
if (pageToken != null) 'pageToken': [pageToken],
if ($fields != null) 'fields': [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$name') + '/locations';
final response_ = await _requester.request(
url_,
'GET',
queryParams: queryParams_,
);
return ListLocationsResponse.fromJson(
response_ as core.Map<core.String, core.dynamic>);
}
}
class ProjectsLocationsEkmConnectionsResource {
final commons.ApiRequester _requester;
ProjectsLocationsEkmConnectionsResource(commons.ApiRequester client)
: _requester = client;
/// Creates a new EkmConnection in a given Project and Location.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [parent] - Required. The resource name of the location associated with the
/// EkmConnection, in the format `projects / * /locations / * `.
/// Value must have pattern `^projects/\[^/\]+/locations/\[^/\]+$`.
///
/// [ekmConnectionId] - Required. It must be unique within a location and
/// match the regular expression `[a-zA-Z0-9_-]{1,63}`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [EkmConnection].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<EkmConnection> create(
EkmConnection request,
core.String parent, {
core.String? ekmConnectionId,
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
if (ekmConnectionId != null) 'ekmConnectionId': [ekmConnectionId],
if ($fields != null) 'fields': [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$parent') + '/ekmConnections';
final response_ = await _requester.request(
url_,
'POST',
body: body_,
queryParams: queryParams_,
);
return EkmConnection.fromJson(
response_ as core.Map<core.String, core.dynamic>);
}
/// Returns metadata for a given EkmConnection.
///
/// Request parameters:
///
/// [name] - Required. The name of the EkmConnection to get.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/ekmConnections/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [EkmConnection].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<EkmConnection> get(
core.String name, {
core.String? $fields,
}) async {
final queryParams_ = <core.String, core.List<core.String>>{
if ($fields != null) 'fields': [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$name');
final response_ = await _requester.request(
url_,
'GET',
queryParams: queryParams_,
);
return EkmConnection.fromJson(
response_ as core.Map<core.String, core.dynamic>);
}
/// Gets the access control policy for a resource.
///
/// Returns an empty policy if the resource exists and does not have a policy
/// set.
///
/// Request parameters:
///
/// [resource] - REQUIRED: The resource for which the policy is being
/// requested. See
/// [Resource names](https://cloud.google.com/apis/design/resource_names) for
/// the appropriate value for this field.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/ekmConnections/\[^/\]+$`.
///
/// [options_requestedPolicyVersion] - Optional. The maximum policy version
/// that will be used to format the policy. Valid values are 0, 1, and 3.
/// Requests specifying an invalid value will be rejected. Requests for
/// policies with any conditional role bindings must specify version 3.
/// Policies with no conditional role bindings may specify any valid value or
/// leave the field unset. The policy in the response might use the policy
/// version that you specified, or it might use a lower policy version. For
/// example, if you specify version 3, but the policy has no conditional role
/// bindings, the response uses version 1. To learn which resources support
/// conditions in their IAM policies, see the
/// [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [Policy].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<Policy> getIamPolicy(
core.String resource, {
core.int? options_requestedPolicyVersion,
core.String? $fields,
}) async {
final queryParams_ = <core.String, core.List<core.String>>{
if (options_requestedPolicyVersion != null)
'options.requestedPolicyVersion': ['${options_requestedPolicyVersion}'],
if ($fields != null) 'fields': [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$resource') + ':getIamPolicy';
final response_ = await _requester.request(
url_,
'GET',
queryParams: queryParams_,
);
return Policy.fromJson(response_ as core.Map<core.String, core.dynamic>);
}
/// Lists EkmConnections.
///
/// Request parameters:
///
/// [parent] - Required. The resource name of the location associated with the
/// EkmConnections to list, in the format `projects / * /locations / * `.
/// Value must have pattern `^projects/\[^/\]+/locations/\[^/\]+$`.
///
/// [filter] - Optional. Only include resources that match the filter in the
/// response. For more information, see
/// [Sorting and filtering list results](https://cloud.google.com/kms/docs/sorting-and-filtering).
///
/// [orderBy] - Optional. Specify how the results should be sorted. If not
/// specified, the results will be sorted in the default order. For more
/// information, see
/// [Sorting and filtering list results](https://cloud.google.com/kms/docs/sorting-and-filtering).
///
/// [pageSize] - Optional. Optional limit on the number of EkmConnections to
/// include in the response. Further EkmConnections can subsequently be
/// obtained by including the ListEkmConnectionsResponse.next_page_token in a
/// subsequent request. If unspecified, the server will pick an appropriate
/// default.
///
/// [pageToken] - Optional. Optional pagination token, returned earlier via
/// ListEkmConnectionsResponse.next_page_token.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [ListEkmConnectionsResponse].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<ListEkmConnectionsResponse> list(
core.String parent, {
core.String? filter,
core.String? orderBy,
core.int? pageSize,
core.String? pageToken,
core.String? $fields,
}) async {
final queryParams_ = <core.String, core.List<core.String>>{
if (filter != null) 'filter': [filter],
if (orderBy != null) 'orderBy': [orderBy],
if (pageSize != null) 'pageSize': ['${pageSize}'],
if (pageToken != null) 'pageToken': [pageToken],
if ($fields != null) 'fields': [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$parent') + '/ekmConnections';
final response_ = await _requester.request(
url_,
'GET',
queryParams: queryParams_,
);
return ListEkmConnectionsResponse.fromJson(
response_ as core.Map<core.String, core.dynamic>);
}
/// Updates an EkmConnection's metadata.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [name] - Output only. The resource name for the EkmConnection in the
/// format `projects / * /locations / * /ekmConnections / * `.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/ekmConnections/\[^/\]+$`.
///
/// [updateMask] - Required. List of fields to be updated in this request.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [EkmConnection].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<EkmConnection> patch(
EkmConnection request,
core.String name, {
core.String? updateMask,
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
if (updateMask != null) 'updateMask': [updateMask],
if ($fields != null) 'fields': [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$name');
final response_ = await _requester.request(
url_,
'PATCH',
body: body_,
queryParams: queryParams_,
);
return EkmConnection.fromJson(
response_ as core.Map<core.String, core.dynamic>);
}
/// Sets the access control policy on the specified resource.
///
/// Replaces any existing policy. Can return `NOT_FOUND`, `INVALID_ARGUMENT`,
/// and `PERMISSION_DENIED` errors.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [resource] - REQUIRED: The resource for which the policy is being
/// specified. See
/// [Resource names](https://cloud.google.com/apis/design/resource_names) for
/// the appropriate value for this field.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/ekmConnections/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [Policy].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<Policy> setIamPolicy(
SetIamPolicyRequest request,
core.String resource, {
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
if ($fields != null) 'fields': [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$resource') + ':setIamPolicy';
final response_ = await _requester.request(
url_,
'POST',
body: body_,
queryParams: queryParams_,
);
return Policy.fromJson(response_ as core.Map<core.String, core.dynamic>);
}
/// Returns permissions that a caller has on the specified resource.
///
/// If the resource does not exist, this will return an empty set of
/// permissions, not a `NOT_FOUND` error. Note: This operation is designed to
/// be used for building permission-aware UIs and command-line tools, not for
/// authorization checking. This operation may "fail open" without warning.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [resource] - REQUIRED: The resource for which the policy detail is being
/// requested. See
/// [Resource names](https://cloud.google.com/apis/design/resource_names) for
/// the appropriate value for this field.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/ekmConnections/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [TestIamPermissionsResponse].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<TestIamPermissionsResponse> testIamPermissions(
TestIamPermissionsRequest request,
core.String resource, {
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
if ($fields != null) 'fields': [$fields],
};
final url_ =
'v1/' + core.Uri.encodeFull('$resource') + ':testIamPermissions';
final response_ = await _requester.request(
url_,
'POST',
body: body_,
queryParams: queryParams_,
);
return TestIamPermissionsResponse.fromJson(
response_ as core.Map<core.String, core.dynamic>);
}
}
class ProjectsLocationsKeyRingsResource {
final commons.ApiRequester _requester;
ProjectsLocationsKeyRingsCryptoKeysResource get cryptoKeys =>
ProjectsLocationsKeyRingsCryptoKeysResource(_requester);
ProjectsLocationsKeyRingsImportJobsResource get importJobs =>
ProjectsLocationsKeyRingsImportJobsResource(_requester);
ProjectsLocationsKeyRingsResource(commons.ApiRequester client)
: _requester = client;
/// Create a new KeyRing in a given Project and Location.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [parent] - Required. The resource name of the location associated with the
/// KeyRings, in the format `projects / * /locations / * `.
/// Value must have pattern `^projects/\[^/\]+/locations/\[^/\]+$`.
///
/// [keyRingId] - Required. It must be unique within a location and match the
/// regular expression `[a-zA-Z0-9_-]{1,63}`
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [KeyRing].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<KeyRing> create(
KeyRing request,
core.String parent, {
core.String? keyRingId,
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
if (keyRingId != null) 'keyRingId': [keyRingId],
if ($fields != null) 'fields': [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$parent') + '/keyRings';
final response_ = await _requester.request(
url_,
'POST',
body: body_,
queryParams: queryParams_,
);
return KeyRing.fromJson(response_ as core.Map<core.String, core.dynamic>);
}
/// Returns metadata for a given KeyRing.
///
/// Request parameters:
///
/// [name] - Required. The name of the KeyRing to get.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [KeyRing].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<KeyRing> get(
core.String name, {
core.String? $fields,
}) async {
final queryParams_ = <core.String, core.List<core.String>>{
if ($fields != null) 'fields': [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$name');
final response_ = await _requester.request(
url_,
'GET',
queryParams: queryParams_,
);
return KeyRing.fromJson(response_ as core.Map<core.String, core.dynamic>);
}
/// Gets the access control policy for a resource.
///
/// Returns an empty policy if the resource exists and does not have a policy
/// set.
///
/// Request parameters:
///
/// [resource] - REQUIRED: The resource for which the policy is being
/// requested. See
/// [Resource names](https://cloud.google.com/apis/design/resource_names) for
/// the appropriate value for this field.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+$`.
///
/// [options_requestedPolicyVersion] - Optional. The maximum policy version
/// that will be used to format the policy. Valid values are 0, 1, and 3.
/// Requests specifying an invalid value will be rejected. Requests for
/// policies with any conditional role bindings must specify version 3.
/// Policies with no conditional role bindings may specify any valid value or
/// leave the field unset. The policy in the response might use the policy
/// version that you specified, or it might use a lower policy version. For
/// example, if you specify version 3, but the policy has no conditional role
/// bindings, the response uses version 1. To learn which resources support
/// conditions in their IAM policies, see the
/// [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [Policy].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<Policy> getIamPolicy(
core.String resource, {
core.int? options_requestedPolicyVersion,
core.String? $fields,
}) async {
final queryParams_ = <core.String, core.List<core.String>>{
if (options_requestedPolicyVersion != null)
'options.requestedPolicyVersion': ['${options_requestedPolicyVersion}'],
if ($fields != null) 'fields': [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$resource') + ':getIamPolicy';
final response_ = await _requester.request(
url_,
'GET',
queryParams: queryParams_,
);
return Policy.fromJson(response_ as core.Map<core.String, core.dynamic>);
}
/// Lists KeyRings.
///
/// Request parameters:
///
/// [parent] - Required. The resource name of the location associated with the
/// KeyRings, in the format `projects / * /locations / * `.
/// Value must have pattern `^projects/\[^/\]+/locations/\[^/\]+$`.
///
/// [filter] - Optional. Only include resources that match the filter in the
/// response. For more information, see
/// [Sorting and filtering list results](https://cloud.google.com/kms/docs/sorting-and-filtering).
///
/// [orderBy] - Optional. Specify how the results should be sorted. If not
/// specified, the results will be sorted in the default order. For more
/// information, see
/// [Sorting and filtering list results](https://cloud.google.com/kms/docs/sorting-and-filtering).
///
/// [pageSize] - Optional. Optional limit on the number of KeyRings to include
/// in the response. Further KeyRings can subsequently be obtained by
/// including the ListKeyRingsResponse.next_page_token in a subsequent
/// request. If unspecified, the server will pick an appropriate default.
///
/// [pageToken] - Optional. Optional pagination token, returned earlier via
/// ListKeyRingsResponse.next_page_token.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [ListKeyRingsResponse].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<ListKeyRingsResponse> list(
core.String parent, {
core.String? filter,
core.String? orderBy,
core.int? pageSize,
core.String? pageToken,
core.String? $fields,
}) async {
final queryParams_ = <core.String, core.List<core.String>>{
if (filter != null) 'filter': [filter],
if (orderBy != null) 'orderBy': [orderBy],
if (pageSize != null) 'pageSize': ['${pageSize}'],
if (pageToken != null) 'pageToken': [pageToken],
if ($fields != null) 'fields': [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$parent') + '/keyRings';
final response_ = await _requester.request(
url_,
'GET',
queryParams: queryParams_,
);
return ListKeyRingsResponse.fromJson(
response_ as core.Map<core.String, core.dynamic>);
}
/// Sets the access control policy on the specified resource.
///
/// Replaces any existing policy. Can return `NOT_FOUND`, `INVALID_ARGUMENT`,
/// and `PERMISSION_DENIED` errors.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [resource] - REQUIRED: The resource for which the policy is being
/// specified. See
/// [Resource names](https://cloud.google.com/apis/design/resource_names) for
/// the appropriate value for this field.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [Policy].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<Policy> setIamPolicy(
SetIamPolicyRequest request,
core.String resource, {
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
if ($fields != null) 'fields': [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$resource') + ':setIamPolicy';
final response_ = await _requester.request(
url_,
'POST',
body: body_,
queryParams: queryParams_,
);
return Policy.fromJson(response_ as core.Map<core.String, core.dynamic>);
}
/// Returns permissions that a caller has on the specified resource.
///
/// If the resource does not exist, this will return an empty set of
/// permissions, not a `NOT_FOUND` error. Note: This operation is designed to
/// be used for building permission-aware UIs and command-line tools, not for
/// authorization checking. This operation may "fail open" without warning.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [resource] - REQUIRED: The resource for which the policy detail is being
/// requested. See
/// [Resource names](https://cloud.google.com/apis/design/resource_names) for
/// the appropriate value for this field.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [TestIamPermissionsResponse].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<TestIamPermissionsResponse> testIamPermissions(
TestIamPermissionsRequest request,
core.String resource, {
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
if ($fields != null) 'fields': [$fields],
};
final url_ =
'v1/' + core.Uri.encodeFull('$resource') + ':testIamPermissions';
final response_ = await _requester.request(
url_,
'POST',
body: body_,
queryParams: queryParams_,
);
return TestIamPermissionsResponse.fromJson(
response_ as core.Map<core.String, core.dynamic>);
}
}
class ProjectsLocationsKeyRingsCryptoKeysResource {
final commons.ApiRequester _requester;
ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsResource
get cryptoKeyVersions =>
ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsResource(
_requester);
ProjectsLocationsKeyRingsCryptoKeysResource(commons.ApiRequester client)
: _requester = client;
/// Create a new CryptoKey within a KeyRing.
///
/// CryptoKey.purpose and CryptoKey.version_template.algorithm are required.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [parent] - Required. The name of the KeyRing associated with the
/// CryptoKeys.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+$`.
///
/// [cryptoKeyId] - Required. It must be unique within a KeyRing and match the
/// regular expression `[a-zA-Z0-9_-]{1,63}`
///
/// [skipInitialVersionCreation] - If set to true, the request will create a
/// CryptoKey without any CryptoKeyVersions. You must manually call
/// CreateCryptoKeyVersion or ImportCryptoKeyVersion before you can use this
/// CryptoKey.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [CryptoKey].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<CryptoKey> create(
CryptoKey request,
core.String parent, {
core.String? cryptoKeyId,
core.bool? skipInitialVersionCreation,
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
if (cryptoKeyId != null) 'cryptoKeyId': [cryptoKeyId],
if (skipInitialVersionCreation != null)
'skipInitialVersionCreation': ['${skipInitialVersionCreation}'],
if ($fields != null) 'fields': [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$parent') + '/cryptoKeys';
final response_ = await _requester.request(
url_,
'POST',
body: body_,
queryParams: queryParams_,
);
return CryptoKey.fromJson(response_ as core.Map<core.String, core.dynamic>);
}
/// Decrypts data that was protected by Encrypt.
///
/// The CryptoKey.purpose must be ENCRYPT_DECRYPT.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [name] - Required. The resource name of the CryptoKey to use for
/// decryption. The server will choose the appropriate version.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+/cryptoKeys/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [DecryptResponse].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<DecryptResponse> decrypt(
DecryptRequest request,
core.String name, {
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
if ($fields != null) 'fields': [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$name') + ':decrypt';
final response_ = await _requester.request(
url_,
'POST',
body: body_,
queryParams: queryParams_,
);
return DecryptResponse.fromJson(
response_ as core.Map<core.String, core.dynamic>);
}
/// Encrypts data, so that it can only be recovered by a call to Decrypt.
///
/// The CryptoKey.purpose must be ENCRYPT_DECRYPT.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [name] - Required. The resource name of the CryptoKey or CryptoKeyVersion
/// to use for encryption. If a CryptoKey is specified, the server will use
/// its primary version.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+/cryptoKeys/.*$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [EncryptResponse].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<EncryptResponse> encrypt(
EncryptRequest request,
core.String name, {
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
if ($fields != null) 'fields': [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$name') + ':encrypt';
final response_ = await _requester.request(
url_,
'POST',
body: body_,
queryParams: queryParams_,
);
return EncryptResponse.fromJson(
response_ as core.Map<core.String, core.dynamic>);
}
/// Returns metadata for a given CryptoKey, as well as its primary
/// CryptoKeyVersion.
///
/// Request parameters:
///
/// [name] - Required. The name of the CryptoKey to get.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+/cryptoKeys/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [CryptoKey].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<CryptoKey> get(
core.String name, {
core.String? $fields,
}) async {
final queryParams_ = <core.String, core.List<core.String>>{
if ($fields != null) 'fields': [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$name');
final response_ = await _requester.request(
url_,
'GET',
queryParams: queryParams_,
);
return CryptoKey.fromJson(response_ as core.Map<core.String, core.dynamic>);
}
/// Gets the access control policy for a resource.
///
/// Returns an empty policy if the resource exists and does not have a policy
/// set.
///
/// Request parameters:
///
/// [resource] - REQUIRED: The resource for which the policy is being
/// requested. See
/// [Resource names](https://cloud.google.com/apis/design/resource_names) for
/// the appropriate value for this field.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+/cryptoKeys/\[^/\]+$`.
///
/// [options_requestedPolicyVersion] - Optional. The maximum policy version
/// that will be used to format the policy. Valid values are 0, 1, and 3.
/// Requests specifying an invalid value will be rejected. Requests for
/// policies with any conditional role bindings must specify version 3.
/// Policies with no conditional role bindings may specify any valid value or
/// leave the field unset. The policy in the response might use the policy
/// version that you specified, or it might use a lower policy version. For
/// example, if you specify version 3, but the policy has no conditional role
/// bindings, the response uses version 1. To learn which resources support
/// conditions in their IAM policies, see the
/// [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [Policy].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<Policy> getIamPolicy(
core.String resource, {
core.int? options_requestedPolicyVersion,
core.String? $fields,
}) async {
final queryParams_ = <core.String, core.List<core.String>>{
if (options_requestedPolicyVersion != null)
'options.requestedPolicyVersion': ['${options_requestedPolicyVersion}'],
if ($fields != null) 'fields': [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$resource') + ':getIamPolicy';
final response_ = await _requester.request(
url_,
'GET',
queryParams: queryParams_,
);
return Policy.fromJson(response_ as core.Map<core.String, core.dynamic>);
}
/// Lists CryptoKeys.
///
/// Request parameters:
///
/// [parent] - Required. The resource name of the KeyRing to list, in the
/// format `projects / * /locations / * /keyRings / * `.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+$`.
///
/// [filter] - Optional. Only include resources that match the filter in the
/// response. For more information, see
/// [Sorting and filtering list results](https://cloud.google.com/kms/docs/sorting-and-filtering).
///
/// [orderBy] - Optional. Specify how the results should be sorted. If not
/// specified, the results will be sorted in the default order. For more
/// information, see
/// [Sorting and filtering list results](https://cloud.google.com/kms/docs/sorting-and-filtering).
///
/// [pageSize] - Optional. Optional limit on the number of CryptoKeys to
/// include in the response. Further CryptoKeys can subsequently be obtained
/// by including the ListCryptoKeysResponse.next_page_token in a subsequent
/// request. If unspecified, the server will pick an appropriate default.
///
/// [pageToken] - Optional. Optional pagination token, returned earlier via
/// ListCryptoKeysResponse.next_page_token.
///
/// [versionView] - The fields of the primary version to include in the
/// response.
/// Possible string values are:
/// - "CRYPTO_KEY_VERSION_VIEW_UNSPECIFIED" : Default view for each
/// CryptoKeyVersion. Does not include the attestation field.
/// - "FULL" : Provides all fields in each CryptoKeyVersion, including the
/// attestation.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [ListCryptoKeysResponse].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<ListCryptoKeysResponse> list(
core.String parent, {
core.String? filter,
core.String? orderBy,
core.int? pageSize,
core.String? pageToken,
core.String? versionView,
core.String? $fields,
}) async {
final queryParams_ = <core.String, core.List<core.String>>{
if (filter != null) 'filter': [filter],
if (orderBy != null) 'orderBy': [orderBy],
if (pageSize != null) 'pageSize': ['${pageSize}'],
if (pageToken != null) 'pageToken': [pageToken],
if (versionView != null) 'versionView': [versionView],
if ($fields != null) 'fields': [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$parent') + '/cryptoKeys';
final response_ = await _requester.request(
url_,
'GET',
queryParams: queryParams_,
);
return ListCryptoKeysResponse.fromJson(
response_ as core.Map<core.String, core.dynamic>);
}
/// Update a CryptoKey.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [name] - Output only. The resource name for this CryptoKey in the format
/// `projects / * /locations / * /keyRings / * /cryptoKeys / * `.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+/cryptoKeys/\[^/\]+$`.
///
/// [updateMask] - Required. List of fields to be updated in this request.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [CryptoKey].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<CryptoKey> patch(
CryptoKey request,
core.String name, {
core.String? updateMask,
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
if (updateMask != null) 'updateMask': [updateMask],
if ($fields != null) 'fields': [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$name');
final response_ = await _requester.request(
url_,
'PATCH',
body: body_,
queryParams: queryParams_,
);
return CryptoKey.fromJson(response_ as core.Map<core.String, core.dynamic>);
}
/// Sets the access control policy on the specified resource.
///
/// Replaces any existing policy. Can return `NOT_FOUND`, `INVALID_ARGUMENT`,
/// and `PERMISSION_DENIED` errors.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [resource] - REQUIRED: The resource for which the policy is being
/// specified. See
/// [Resource names](https://cloud.google.com/apis/design/resource_names) for
/// the appropriate value for this field.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+/cryptoKeys/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [Policy].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<Policy> setIamPolicy(
SetIamPolicyRequest request,
core.String resource, {
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
if ($fields != null) 'fields': [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$resource') + ':setIamPolicy';
final response_ = await _requester.request(
url_,
'POST',
body: body_,
queryParams: queryParams_,
);
return Policy.fromJson(response_ as core.Map<core.String, core.dynamic>);
}
/// Returns permissions that a caller has on the specified resource.
///
/// If the resource does not exist, this will return an empty set of
/// permissions, not a `NOT_FOUND` error. Note: This operation is designed to
/// be used for building permission-aware UIs and command-line tools, not for
/// authorization checking. This operation may "fail open" without warning.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [resource] - REQUIRED: The resource for which the policy detail is being
/// requested. See
/// [Resource names](https://cloud.google.com/apis/design/resource_names) for
/// the appropriate value for this field.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+/cryptoKeys/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [TestIamPermissionsResponse].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<TestIamPermissionsResponse> testIamPermissions(
TestIamPermissionsRequest request,
core.String resource, {
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
if ($fields != null) 'fields': [$fields],
};
final url_ =
'v1/' + core.Uri.encodeFull('$resource') + ':testIamPermissions';
final response_ = await _requester.request(
url_,
'POST',
body: body_,
queryParams: queryParams_,
);
return TestIamPermissionsResponse.fromJson(
response_ as core.Map<core.String, core.dynamic>);
}
/// Update the version of a CryptoKey that will be used in Encrypt.
///
/// Returns an error if called on a key whose purpose is not ENCRYPT_DECRYPT.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [name] - Required. The resource name of the CryptoKey to update.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+/cryptoKeys/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [CryptoKey].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<CryptoKey> updatePrimaryVersion(
UpdateCryptoKeyPrimaryVersionRequest request,
core.String name, {
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
if ($fields != null) 'fields': [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$name') + ':updatePrimaryVersion';
final response_ = await _requester.request(
url_,
'POST',
body: body_,
queryParams: queryParams_,
);
return CryptoKey.fromJson(response_ as core.Map<core.String, core.dynamic>);
}
}
class ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsResource {
final commons.ApiRequester _requester;
ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsResource(
commons.ApiRequester client)
: _requester = client;
/// Decrypts data that was encrypted with a public key retrieved from
/// GetPublicKey corresponding to a CryptoKeyVersion with CryptoKey.purpose
/// ASYMMETRIC_DECRYPT.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [name] - Required. The resource name of the CryptoKeyVersion to use for
/// decryption.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+/cryptoKeys/\[^/\]+/cryptoKeyVersions/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [AsymmetricDecryptResponse].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<AsymmetricDecryptResponse> asymmetricDecrypt(
AsymmetricDecryptRequest request,
core.String name, {
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
if ($fields != null) 'fields': [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$name') + ':asymmetricDecrypt';
final response_ = await _requester.request(
url_,
'POST',
body: body_,
queryParams: queryParams_,
);
return AsymmetricDecryptResponse.fromJson(
response_ as core.Map<core.String, core.dynamic>);
}
/// Signs data using a CryptoKeyVersion with CryptoKey.purpose
/// ASYMMETRIC_SIGN, producing a signature that can be verified with the
/// public key retrieved from GetPublicKey.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [name] - Required. The resource name of the CryptoKeyVersion to use for
/// signing.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+/cryptoKeys/\[^/\]+/cryptoKeyVersions/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [AsymmetricSignResponse].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<AsymmetricSignResponse> asymmetricSign(
AsymmetricSignRequest request,
core.String name, {
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
if ($fields != null) 'fields': [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$name') + ':asymmetricSign';
final response_ = await _requester.request(
url_,
'POST',
body: body_,
queryParams: queryParams_,
);
return AsymmetricSignResponse.fromJson(
response_ as core.Map<core.String, core.dynamic>);
}
/// Create a new CryptoKeyVersion in a CryptoKey.
///
/// The server will assign the next sequential id. If unset, state will be set
/// to ENABLED.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [parent] - Required. The name of the CryptoKey associated with the
/// CryptoKeyVersions.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+/cryptoKeys/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [CryptoKeyVersion].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<CryptoKeyVersion> create(
CryptoKeyVersion request,
core.String parent, {
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
if ($fields != null) 'fields': [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$parent') + '/cryptoKeyVersions';
final response_ = await _requester.request(
url_,
'POST',
body: body_,
queryParams: queryParams_,
);
return CryptoKeyVersion.fromJson(
response_ as core.Map<core.String, core.dynamic>);
}
/// Schedule a CryptoKeyVersion for destruction.
///
/// Upon calling this method, CryptoKeyVersion.state will be set to
/// DESTROY_SCHEDULED, and destroy_time will be set to the time
/// destroy_scheduled_duration in the future. At that time, the state will
/// automatically change to DESTROYED, and the key material will be
/// irrevocably destroyed. Before the destroy_time is reached,
/// RestoreCryptoKeyVersion may be called to reverse the process.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [name] - Required. The resource name of the CryptoKeyVersion to destroy.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+/cryptoKeys/\[^/\]+/cryptoKeyVersions/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [CryptoKeyVersion].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<CryptoKeyVersion> destroy(
DestroyCryptoKeyVersionRequest request,
core.String name, {
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
if ($fields != null) 'fields': [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$name') + ':destroy';
final response_ = await _requester.request(
url_,
'POST',
body: body_,
queryParams: queryParams_,
);
return CryptoKeyVersion.fromJson(
response_ as core.Map<core.String, core.dynamic>);
}
/// Returns metadata for a given CryptoKeyVersion.
///
/// Request parameters:
///
/// [name] - Required. The name of the CryptoKeyVersion to get.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+/cryptoKeys/\[^/\]+/cryptoKeyVersions/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [CryptoKeyVersion].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<CryptoKeyVersion> get(
core.String name, {
core.String? $fields,
}) async {
final queryParams_ = <core.String, core.List<core.String>>{
if ($fields != null) 'fields': [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$name');
final response_ = await _requester.request(
url_,
'GET',
queryParams: queryParams_,
);
return CryptoKeyVersion.fromJson(
response_ as core.Map<core.String, core.dynamic>);
}
/// Returns the public key for the given CryptoKeyVersion.
///
/// The CryptoKey.purpose must be ASYMMETRIC_SIGN or ASYMMETRIC_DECRYPT.
///
/// Request parameters:
///
/// [name] - Required. The name of the CryptoKeyVersion public key to get.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+/cryptoKeys/\[^/\]+/cryptoKeyVersions/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [PublicKey].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<PublicKey> getPublicKey(
core.String name, {
core.String? $fields,
}) async {
final queryParams_ = <core.String, core.List<core.String>>{
if ($fields != null) 'fields': [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$name') + '/publicKey';
final response_ = await _requester.request(
url_,
'GET',
queryParams: queryParams_,
);
return PublicKey.fromJson(response_ as core.Map<core.String, core.dynamic>);
}
/// Import wrapped key material into a CryptoKeyVersion.
///
/// All requests must specify a CryptoKey. If a CryptoKeyVersion is
/// additionally specified in the request, key material will be reimported
/// into that version. Otherwise, a new version will be created, and will be
/// assigned the next sequential id within the CryptoKey.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [parent] - Required. The name of the CryptoKey to be imported into. The
/// create permission is only required on this key when creating a new
/// CryptoKeyVersion.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+/cryptoKeys/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [CryptoKeyVersion].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<CryptoKeyVersion> import(
ImportCryptoKeyVersionRequest request,
core.String parent, {
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
if ($fields != null) 'fields': [$fields],
};
final url_ =
'v1/' + core.Uri.encodeFull('$parent') + '/cryptoKeyVersions:import';
final response_ = await _requester.request(
url_,
'POST',
body: body_,
queryParams: queryParams_,
);
return CryptoKeyVersion.fromJson(
response_ as core.Map<core.String, core.dynamic>);
}
/// Lists CryptoKeyVersions.
///
/// Request parameters:
///
/// [parent] - Required. The resource name of the CryptoKey to list, in the
/// format `projects / * /locations / * /keyRings / * /cryptoKeys / * `.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+/cryptoKeys/\[^/\]+$`.
///
/// [filter] - Optional. Only include resources that match the filter in the
/// response. For more information, see
/// [Sorting and filtering list results](https://cloud.google.com/kms/docs/sorting-and-filtering).
///
/// [orderBy] - Optional. Specify how the results should be sorted. If not
/// specified, the results will be sorted in the default order. For more
/// information, see
/// [Sorting and filtering list results](https://cloud.google.com/kms/docs/sorting-and-filtering).
///
/// [pageSize] - Optional. Optional limit on the number of CryptoKeyVersions
/// to include in the response. Further CryptoKeyVersions can subsequently be
/// obtained by including the ListCryptoKeyVersionsResponse.next_page_token in
/// a subsequent request. If unspecified, the server will pick an appropriate
/// default.
///
/// [pageToken] - Optional. Optional pagination token, returned earlier via
/// ListCryptoKeyVersionsResponse.next_page_token.
///
/// [view] - The fields to include in the response.
/// Possible string values are:
/// - "CRYPTO_KEY_VERSION_VIEW_UNSPECIFIED" : Default view for each
/// CryptoKeyVersion. Does not include the attestation field.
/// - "FULL" : Provides all fields in each CryptoKeyVersion, including the
/// attestation.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [ListCryptoKeyVersionsResponse].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<ListCryptoKeyVersionsResponse> list(
core.String parent, {
core.String? filter,
core.String? orderBy,
core.int? pageSize,
core.String? pageToken,
core.String? view,
core.String? $fields,
}) async {
final queryParams_ = <core.String, core.List<core.String>>{
if (filter != null) 'filter': [filter],
if (orderBy != null) 'orderBy': [orderBy],
if (pageSize != null) 'pageSize': ['${pageSize}'],
if (pageToken != null) 'pageToken': [pageToken],
if (view != null) 'view': [view],
if ($fields != null) 'fields': [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$parent') + '/cryptoKeyVersions';
final response_ = await _requester.request(
url_,
'GET',
queryParams: queryParams_,
);
return ListCryptoKeyVersionsResponse.fromJson(
response_ as core.Map<core.String, core.dynamic>);
}
/// Signs data using a CryptoKeyVersion with CryptoKey.purpose MAC, producing
/// a tag that can be verified by another source with the same key.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [name] - Required. The resource name of the CryptoKeyVersion to use for
/// signing.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+/cryptoKeys/\[^/\]+/cryptoKeyVersions/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [MacSignResponse].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<MacSignResponse> macSign(
MacSignRequest request,
core.String name, {
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
if ($fields != null) 'fields': [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$name') + ':macSign';
final response_ = await _requester.request(
url_,
'POST',
body: body_,
queryParams: queryParams_,
);
return MacSignResponse.fromJson(
response_ as core.Map<core.String, core.dynamic>);
}
/// Verifies MAC tag using a CryptoKeyVersion with CryptoKey.purpose MAC, and
/// returns a response that indicates whether or not the verification was
/// successful.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [name] - Required. The resource name of the CryptoKeyVersion to use for
/// verification.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+/cryptoKeys/\[^/\]+/cryptoKeyVersions/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [MacVerifyResponse].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<MacVerifyResponse> macVerify(
MacVerifyRequest request,
core.String name, {
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
if ($fields != null) 'fields': [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$name') + ':macVerify';
final response_ = await _requester.request(
url_,
'POST',
body: body_,
queryParams: queryParams_,
);
return MacVerifyResponse.fromJson(
response_ as core.Map<core.String, core.dynamic>);
}
/// Update a CryptoKeyVersion's metadata.
///
/// state may be changed between ENABLED and DISABLED using this method. See
/// DestroyCryptoKeyVersion and RestoreCryptoKeyVersion to move between other
/// states.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [name] - Output only. The resource name for this CryptoKeyVersion in the
/// format `projects / * /locations / * /keyRings / * /cryptoKeys / *
/// /cryptoKeyVersions / * `.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+/cryptoKeys/\[^/\]+/cryptoKeyVersions/\[^/\]+$`.
///
/// [updateMask] - Required. List of fields to be updated in this request.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [CryptoKeyVersion].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<CryptoKeyVersion> patch(
CryptoKeyVersion request,
core.String name, {
core.String? updateMask,
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
if (updateMask != null) 'updateMask': [updateMask],
if ($fields != null) 'fields': [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$name');
final response_ = await _requester.request(
url_,
'PATCH',
body: body_,
queryParams: queryParams_,
);
return CryptoKeyVersion.fromJson(
response_ as core.Map<core.String, core.dynamic>);
}
/// Restore a CryptoKeyVersion in the DESTROY_SCHEDULED state.
///
/// Upon restoration of the CryptoKeyVersion, state will be set to DISABLED,
/// and destroy_time will be cleared.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [name] - Required. The resource name of the CryptoKeyVersion to restore.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+/cryptoKeys/\[^/\]+/cryptoKeyVersions/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [CryptoKeyVersion].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<CryptoKeyVersion> restore(
RestoreCryptoKeyVersionRequest request,
core.String name, {
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
if ($fields != null) 'fields': [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$name') + ':restore';
final response_ = await _requester.request(
url_,
'POST',
body: body_,
queryParams: queryParams_,
);
return CryptoKeyVersion.fromJson(
response_ as core.Map<core.String, core.dynamic>);
}
}
class ProjectsLocationsKeyRingsImportJobsResource {
final commons.ApiRequester _requester;
ProjectsLocationsKeyRingsImportJobsResource(commons.ApiRequester client)
: _requester = client;
/// Create a new ImportJob within a KeyRing.
///
/// ImportJob.import_method is required.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [parent] - Required. The name of the KeyRing associated with the
/// ImportJobs.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+$`.
///
/// [importJobId] - Required. It must be unique within a KeyRing and match the
/// regular expression `[a-zA-Z0-9_-]{1,63}`
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [ImportJob].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<ImportJob> create(
ImportJob request,
core.String parent, {
core.String? importJobId,
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
if (importJobId != null) 'importJobId': [importJobId],
if ($fields != null) 'fields': [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$parent') + '/importJobs';
final response_ = await _requester.request(
url_,
'POST',
body: body_,
queryParams: queryParams_,
);
return ImportJob.fromJson(response_ as core.Map<core.String, core.dynamic>);
}
/// Returns metadata for a given ImportJob.
///
/// Request parameters:
///
/// [name] - Required. The name of the ImportJob to get.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+/importJobs/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [ImportJob].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<ImportJob> get(
core.String name, {
core.String? $fields,
}) async {
final queryParams_ = <core.String, core.List<core.String>>{
if ($fields != null) 'fields': [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$name');
final response_ = await _requester.request(
url_,
'GET',
queryParams: queryParams_,
);
return ImportJob.fromJson(response_ as core.Map<core.String, core.dynamic>);
}
/// Gets the access control policy for a resource.
///
/// Returns an empty policy if the resource exists and does not have a policy
/// set.
///
/// Request parameters:
///
/// [resource] - REQUIRED: The resource for which the policy is being
/// requested. See
/// [Resource names](https://cloud.google.com/apis/design/resource_names) for
/// the appropriate value for this field.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+/importJobs/\[^/\]+$`.
///
/// [options_requestedPolicyVersion] - Optional. The maximum policy version
/// that will be used to format the policy. Valid values are 0, 1, and 3.
/// Requests specifying an invalid value will be rejected. Requests for
/// policies with any conditional role bindings must specify version 3.
/// Policies with no conditional role bindings may specify any valid value or
/// leave the field unset. The policy in the response might use the policy
/// version that you specified, or it might use a lower policy version. For
/// example, if you specify version 3, but the policy has no conditional role
/// bindings, the response uses version 1. To learn which resources support
/// conditions in their IAM policies, see the
/// [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [Policy].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<Policy> getIamPolicy(
core.String resource, {
core.int? options_requestedPolicyVersion,
core.String? $fields,
}) async {
final queryParams_ = <core.String, core.List<core.String>>{
if (options_requestedPolicyVersion != null)
'options.requestedPolicyVersion': ['${options_requestedPolicyVersion}'],
if ($fields != null) 'fields': [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$resource') + ':getIamPolicy';
final response_ = await _requester.request(
url_,
'GET',
queryParams: queryParams_,
);
return Policy.fromJson(response_ as core.Map<core.String, core.dynamic>);
}
/// Lists ImportJobs.
///
/// Request parameters:
///
/// [parent] - Required. The resource name of the KeyRing to list, in the
/// format `projects / * /locations / * /keyRings / * `.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+$`.
///
/// [filter] - Optional. Only include resources that match the filter in the
/// response. For more information, see
/// [Sorting and filtering list results](https://cloud.google.com/kms/docs/sorting-and-filtering).
///
/// [orderBy] - Optional. Specify how the results should be sorted. If not
/// specified, the results will be sorted in the default order. For more
/// information, see
/// [Sorting and filtering list results](https://cloud.google.com/kms/docs/sorting-and-filtering).
///
/// [pageSize] - Optional. Optional limit on the number of ImportJobs to
/// include in the response. Further ImportJobs can subsequently be obtained
/// by including the ListImportJobsResponse.next_page_token in a subsequent
/// request. If unspecified, the server will pick an appropriate default.
///
/// [pageToken] - Optional. Optional pagination token, returned earlier via
/// ListImportJobsResponse.next_page_token.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [ListImportJobsResponse].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<ListImportJobsResponse> list(
core.String parent, {
core.String? filter,
core.String? orderBy,
core.int? pageSize,
core.String? pageToken,
core.String? $fields,
}) async {
final queryParams_ = <core.String, core.List<core.String>>{
if (filter != null) 'filter': [filter],
if (orderBy != null) 'orderBy': [orderBy],
if (pageSize != null) 'pageSize': ['${pageSize}'],
if (pageToken != null) 'pageToken': [pageToken],
if ($fields != null) 'fields': [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$parent') + '/importJobs';
final response_ = await _requester.request(
url_,
'GET',
queryParams: queryParams_,
);
return ListImportJobsResponse.fromJson(
response_ as core.Map<core.String, core.dynamic>);
}
/// Sets the access control policy on the specified resource.
///
/// Replaces any existing policy. Can return `NOT_FOUND`, `INVALID_ARGUMENT`,
/// and `PERMISSION_DENIED` errors.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [resource] - REQUIRED: The resource for which the policy is being
/// specified. See
/// [Resource names](https://cloud.google.com/apis/design/resource_names) for
/// the appropriate value for this field.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+/importJobs/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [Policy].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<Policy> setIamPolicy(
SetIamPolicyRequest request,
core.String resource, {
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
if ($fields != null) 'fields': [$fields],
};
final url_ = 'v1/' + core.Uri.encodeFull('$resource') + ':setIamPolicy';
final response_ = await _requester.request(
url_,
'POST',
body: body_,
queryParams: queryParams_,
);
return Policy.fromJson(response_ as core.Map<core.String, core.dynamic>);
}
/// Returns permissions that a caller has on the specified resource.
///
/// If the resource does not exist, this will return an empty set of
/// permissions, not a `NOT_FOUND` error. Note: This operation is designed to
/// be used for building permission-aware UIs and command-line tools, not for
/// authorization checking. This operation may "fail open" without warning.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [resource] - REQUIRED: The resource for which the policy detail is being
/// requested. See
/// [Resource names](https://cloud.google.com/apis/design/resource_names) for
/// the appropriate value for this field.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/keyRings/\[^/\]+/importJobs/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [TestIamPermissionsResponse].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<TestIamPermissionsResponse> testIamPermissions(
TestIamPermissionsRequest request,
core.String resource, {
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
if ($fields != null) 'fields': [$fields],
};
final url_ =
'v1/' + core.Uri.encodeFull('$resource') + ':testIamPermissions';
final response_ = await _requester.request(
url_,
'POST',
body: body_,
queryParams: queryParams_,
);
return TestIamPermissionsResponse.fromJson(
response_ as core.Map<core.String, core.dynamic>);
}
}
/// Request message for KeyManagementService.AsymmetricDecrypt.
class AsymmetricDecryptRequest {
/// The data encrypted with the named CryptoKeyVersion's public key using
/// OAEP.
///
/// Required.
core.String? ciphertext;
core.List<core.int> get ciphertextAsBytes =>
convert.base64.decode(ciphertext!);
set ciphertextAsBytes(core.List<core.int> bytes_) {
ciphertext =
convert.base64.encode(bytes_).replaceAll('/', '_').replaceAll('+', '-');
}
/// An optional CRC32C checksum of the AsymmetricDecryptRequest.ciphertext.
///
/// If specified, KeyManagementService will verify the integrity of the
/// received AsymmetricDecryptRequest.ciphertext using this checksum.
/// KeyManagementService will report an error if the checksum verification
/// fails. If you receive a checksum error, your client should verify that
/// CRC32C(AsymmetricDecryptRequest.ciphertext) is equal to
/// AsymmetricDecryptRequest.ciphertext_crc32c, and if so, perform a limited
/// number of retries. A persistent mismatch may indicate an issue in your
/// computation of the CRC32C checksum. Note: This field is defined as int64
/// for reasons of compatibility across different languages. However, it is a
/// non-negative integer, which will never exceed 2^32-1, and can be safely
/// downconverted to uint32 in languages that support this type.
///
/// Optional.
core.String? ciphertextCrc32c;
AsymmetricDecryptRequest({
this.ciphertext,
this.ciphertextCrc32c,
});
AsymmetricDecryptRequest.fromJson(core.Map json_)
: this(
ciphertext: json_.containsKey('ciphertext')
? json_['ciphertext'] as core.String
: null,
ciphertextCrc32c: json_.containsKey('ciphertextCrc32c')
? json_['ciphertextCrc32c'] as core.String
: null,
);
core.Map<core.String, core.dynamic> toJson() => {
if (ciphertext != null) 'ciphertext': ciphertext!,
if (ciphertextCrc32c != null) 'ciphertextCrc32c': ciphertextCrc32c!,
};
}
/// Response message for KeyManagementService.AsymmetricDecrypt.
class AsymmetricDecryptResponse {
/// The decrypted data originally encrypted with the matching public key.
core.String? plaintext;
core.List<core.int> get plaintextAsBytes => convert.base64.decode(plaintext!);
set plaintextAsBytes(core.List<core.int> bytes_) {
plaintext =
convert.base64.encode(bytes_).replaceAll('/', '_').replaceAll('+', '-');
}
/// Integrity verification field.
///
/// A CRC32C checksum of the returned AsymmetricDecryptResponse.plaintext. An
/// integrity check of AsymmetricDecryptResponse.plaintext can be performed by
/// computing the CRC32C checksum of AsymmetricDecryptResponse.plaintext and
/// comparing your results to this field. Discard the response in case of
/// non-matching checksum values, and perform a limited number of retries. A
/// persistent mismatch may indicate an issue in your computation of the
/// CRC32C checksum. Note: This field is defined as int64 for reasons of
/// compatibility across different languages. However, it is a non-negative
/// integer, which will never exceed 2^32-1, and can be safely downconverted
/// to uint32 in languages that support this type.
core.String? plaintextCrc32c;
/// The ProtectionLevel of the CryptoKeyVersion used in decryption.
/// Possible string values are:
/// - "PROTECTION_LEVEL_UNSPECIFIED" : Not specified.
/// - "SOFTWARE" : Crypto operations are performed in software.
/// - "HSM" : Crypto operations are performed in a Hardware Security Module.
/// - "EXTERNAL" : Crypto operations are performed by an external key manager.
/// - "EXTERNAL_VPC" : Crypto operations are performed in an EKM-over-VPC
/// backend.
core.String? protectionLevel;
/// Integrity verification field.
///
/// A flag indicating whether AsymmetricDecryptRequest.ciphertext_crc32c was
/// received by KeyManagementService and used for the integrity verification
/// of the ciphertext. A false value of this field indicates either that
/// AsymmetricDecryptRequest.ciphertext_crc32c was left unset or that it was
/// not delivered to KeyManagementService. If you've set
/// AsymmetricDecryptRequest.ciphertext_crc32c but this field is still false,
/// discard the response and perform a limited number of retries.
core.bool? verifiedCiphertextCrc32c;
AsymmetricDecryptResponse({
this.plaintext,
this.plaintextCrc32c,
this.protectionLevel,
this.verifiedCiphertextCrc32c,
});
AsymmetricDecryptResponse.fromJson(core.Map json_)
: this(
plaintext: json_.containsKey('plaintext')
? json_['plaintext'] as core.String
: null,
plaintextCrc32c: json_.containsKey('plaintextCrc32c')
? json_['plaintextCrc32c'] as core.String
: null,
protectionLevel: json_.containsKey('protectionLevel')
? json_['protectionLevel'] as core.String
: null,
verifiedCiphertextCrc32c:
json_.containsKey('verifiedCiphertextCrc32c')
? json_['verifiedCiphertextCrc32c'] as core.bool
: null,
);
core.Map<core.String, core.dynamic> toJson() => {
if (plaintext != null) 'plaintext': plaintext!,
if (plaintextCrc32c != null) 'plaintextCrc32c': plaintextCrc32c!,
if (protectionLevel != null) 'protectionLevel': protectionLevel!,
if (verifiedCiphertextCrc32c != null)
'verifiedCiphertextCrc32c': verifiedCiphertextCrc32c!,
};
}
/// Request message for KeyManagementService.AsymmetricSign.
class AsymmetricSignRequest {
/// The data to sign.
///
/// It can't be supplied if AsymmetricSignRequest.digest is supplied.
///
/// Optional.
core.String? data;
core.List<core.int> get dataAsBytes => convert.base64.decode(data!);
set dataAsBytes(core.List<core.int> bytes_) {
data =
convert.base64.encode(bytes_).replaceAll('/', '_').replaceAll('+', '-');
}
/// An optional CRC32C checksum of the AsymmetricSignRequest.data.
///
/// If specified, KeyManagementService will verify the integrity of the
/// received AsymmetricSignRequest.data using this checksum.
/// KeyManagementService will report an error if the checksum verification
/// fails. If you receive a checksum error, your client should verify that
/// CRC32C(AsymmetricSignRequest.data) is equal to
/// AsymmetricSignRequest.data_crc32c, and if so, perform a limited number of
/// retries. A persistent mismatch may indicate an issue in your computation
/// of the CRC32C checksum. Note: This field is defined as int64 for reasons
/// of compatibility across different languages. However, it is a non-negative
/// integer, which will never exceed 2^32-1, and can be safely downconverted
/// to uint32 in languages that support this type.
///
/// Optional.
core.String? dataCrc32c;
/// The digest of the data to sign.
///
/// The digest must be produced with the same digest algorithm as specified by
/// the key version's algorithm. This field may not be supplied if
/// AsymmetricSignRequest.data is supplied.
///
/// Optional.
Digest? digest;
/// An optional CRC32C checksum of the AsymmetricSignRequest.digest.
///
/// If specified, KeyManagementService will verify the integrity of the
/// received AsymmetricSignRequest.digest using this checksum.
/// KeyManagementService will report an error if the checksum verification
/// fails. If you receive a checksum error, your client should verify that
/// CRC32C(AsymmetricSignRequest.digest) is equal to
/// AsymmetricSignRequest.digest_crc32c, and if so, perform a limited number
/// of retries. A persistent mismatch may indicate an issue in your
/// computation of the CRC32C checksum. Note: This field is defined as int64
/// for reasons of compatibility across different languages. However, it is a
/// non-negative integer, which will never exceed 2^32-1, and can be safely
/// downconverted to uint32 in languages that support this type.
///
/// Optional.
core.String? digestCrc32c;
AsymmetricSignRequest({
this.data,
this.dataCrc32c,
this.digest,
this.digestCrc32c,
});
AsymmetricSignRequest.fromJson(core.Map json_)
: this(
data: json_.containsKey('data') ? json_['data'] as core.String : null,
dataCrc32c: json_.containsKey('dataCrc32c')
? json_['dataCrc32c'] as core.String
: null,
digest: json_.containsKey('digest')
? Digest.fromJson(
json_['digest'] as core.Map<core.String, core.dynamic>)
: null,
digestCrc32c: json_.containsKey('digestCrc32c')
? json_['digestCrc32c'] as core.String
: null,
);
core.Map<core.String, core.dynamic> toJson() => {
if (data != null) 'data': data!,
if (dataCrc32c != null) 'dataCrc32c': dataCrc32c!,
if (digest != null) 'digest': digest!,
if (digestCrc32c != null) 'digestCrc32c': digestCrc32c!,
};
}
/// Response message for KeyManagementService.AsymmetricSign.
class AsymmetricSignResponse {
/// The resource name of the CryptoKeyVersion used for signing.
///
/// Check this field to verify that the intended resource was used for
/// signing.
core.String? name;
/// The ProtectionLevel of the CryptoKeyVersion used for signing.
/// Possible string values are:
/// - "PROTECTION_LEVEL_UNSPECIFIED" : Not specified.
/// - "SOFTWARE" : Crypto operations are performed in software.
/// - "HSM" : Crypto operations are performed in a Hardware Security Module.
/// - "EXTERNAL" : Crypto operations are performed by an external key manager.
/// - "EXTERNAL_VPC" : Crypto operations are performed in an EKM-over-VPC
/// backend.
core.String? protectionLevel;
/// The created signature.
core.String? signature;
core.List<core.int> get signatureAsBytes => convert.base64.decode(signature!);
set signatureAsBytes(core.List<core.int> bytes_) {
signature =
convert.base64.encode(bytes_).replaceAll('/', '_').replaceAll('+', '-');
}
/// Integrity verification field.
///
/// A CRC32C checksum of the returned AsymmetricSignResponse.signature. An
/// integrity check of AsymmetricSignResponse.signature can be performed by
/// computing the CRC32C checksum of AsymmetricSignResponse.signature and
/// comparing your results to this field. Discard the response in case of
/// non-matching checksum values, and perform a limited number of retries. A
/// persistent mismatch may indicate an issue in your computation of the
/// CRC32C checksum. Note: This field is defined as int64 for reasons of
/// compatibility across different languages. However, it is a non-negative
/// integer, which will never exceed 2^32-1, and can be safely downconverted
/// to uint32 in languages that support this type.
core.String? signatureCrc32c;
/// Integrity verification field.
///
/// A flag indicating whether AsymmetricSignRequest.data_crc32c was received
/// by KeyManagementService and used for the integrity verification of the
/// data. A false value of this field indicates either that
/// AsymmetricSignRequest.data_crc32c was left unset or that it was not
/// delivered to KeyManagementService. If you've set
/// AsymmetricSignRequest.data_crc32c but this field is still false, discard
/// the response and perform a limited number of retries.
core.bool? verifiedDataCrc32c;
/// Integrity verification field.
///
/// A flag indicating whether AsymmetricSignRequest.digest_crc32c was received
/// by KeyManagementService and used for the integrity verification of the
/// digest. A false value of this field indicates either that
/// AsymmetricSignRequest.digest_crc32c was left unset or that it was not
/// delivered to KeyManagementService. If you've set
/// AsymmetricSignRequest.digest_crc32c but this field is still false, discard
/// the response and perform a limited number of retries.
core.bool? verifiedDigestCrc32c;
AsymmetricSignResponse({
this.name,
this.protectionLevel,
this.signature,
this.signatureCrc32c,
this.verifiedDataCrc32c,
this.verifiedDigestCrc32c,
});
AsymmetricSignResponse.fromJson(core.Map json_)
: this(
name: json_.containsKey('name') ? json_['name'] as core.String : null,
protectionLevel: json_.containsKey('protectionLevel')
? json_['protectionLevel'] as core.String
: null,
signature: json_.containsKey('signature')
? json_['signature'] as core.String
: null,
signatureCrc32c: json_.containsKey('signatureCrc32c')
? json_['signatureCrc32c'] as core.String
: null,
verifiedDataCrc32c: json_.containsKey('verifiedDataCrc32c')
? json_['verifiedDataCrc32c'] as core.bool
: null,
verifiedDigestCrc32c: json_.containsKey('verifiedDigestCrc32c')
? json_['verifiedDigestCrc32c'] as core.bool
: null,
);
core.Map<core.String, core.dynamic> toJson() => {
if (name != null) 'name': name!,
if (protectionLevel != null) 'protectionLevel': protectionLevel!,
if (signature != null) 'signature': signature!,
if (signatureCrc32c != null) 'signatureCrc32c': signatureCrc32c!,
if (verifiedDataCrc32c != null)
'verifiedDataCrc32c': verifiedDataCrc32c!,
if (verifiedDigestCrc32c != null)
'verifiedDigestCrc32c': verifiedDigestCrc32c!,
};
}
/// Specifies the audit configuration for a service.
///
/// The configuration determines which permission types are logged, and what
/// identities, if any, are exempted from logging. An AuditConfig must have one
/// or more AuditLogConfigs. If there are AuditConfigs for both `allServices`
/// and a specific service, the union of the two AuditConfigs is used for that
/// service: the log_types specified in each AuditConfig are enabled, and the
/// exempted_members in each AuditLogConfig are exempted. Example Policy with
/// multiple AuditConfigs: { "audit_configs": \[ { "service": "allServices",
/// "audit_log_configs": \[ { "log_type": "DATA_READ", "exempted_members": \[
/// "user:jose@example.com" \] }, { "log_type": "DATA_WRITE" }, { "log_type":
/// "ADMIN_READ" } \] }, { "service": "sampleservice.googleapis.com",
/// "audit_log_configs": \[ { "log_type": "DATA_READ" }, { "log_type":
/// "DATA_WRITE", "exempted_members": \[ "user:aliya@example.com" \] } \] } \] }
/// For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
/// logging. It also exempts `jose@example.com` from DATA_READ logging, and
/// `aliya@example.com` from DATA_WRITE logging.
class AuditConfig {
/// The configuration for logging of each type of permission.
core.List<AuditLogConfig>? auditLogConfigs;
/// Specifies a service that will be enabled for audit logging.
///
/// For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.
/// `allServices` is a special value that covers all services.
core.String? service;
AuditConfig({
this.auditLogConfigs,
this.service,
});
AuditConfig.fromJson(core.Map json_)
: this(
auditLogConfigs: json_.containsKey('auditLogConfigs')
? (json_['auditLogConfigs'] as core.List)
.map((value) => AuditLogConfig.fromJson(
value as core.Map<core.String, core.dynamic>))
.toList()
: null,
service: json_.containsKey('service')
? json_['service'] as core.String
: null,
);
core.Map<core.String, core.dynamic> toJson() => {
if (auditLogConfigs != null) 'auditLogConfigs': auditLogConfigs!,
if (service != null) 'service': service!,
};
}
/// Provides the configuration for logging a type of permissions.
///
/// Example: { "audit_log_configs": \[ { "log_type": "DATA_READ",
/// "exempted_members": \[ "user:jose@example.com" \] }, { "log_type":
/// "DATA_WRITE" } \] } This enables 'DATA_READ' and 'DATA_WRITE' logging, while
/// exempting jose@example.com from DATA_READ logging.
typedef AuditLogConfig = $AuditLogConfig;
/// Associates `members`, or principals, with a `role`.
class Binding {
/// The condition that is associated with this binding.
///
/// If the condition evaluates to `true`, then this binding applies to the
/// current request. If the condition evaluates to `false`, then this binding
/// does not apply to the current request. However, a different role binding
/// might grant the same role to one or more of the principals in this
/// binding. To learn which resources support conditions in their IAM
/// policies, see the
/// [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
Expr? condition;
/// Specifies the principals requesting access for a Google Cloud resource.
///
/// `members` can have the following values: * `allUsers`: A special
/// identifier that represents anyone who is on the internet; with or without
/// a Google account. * `allAuthenticatedUsers`: A special identifier that
/// represents anyone who is authenticated with a Google account or a service
/// account. Does not include identities that come from external identity
/// providers (IdPs) through identity federation. * `user:{emailid}`: An email
/// address that represents a specific Google account. For example,
/// `alice@example.com` . * `serviceAccount:{emailid}`: An email address that
/// represents a Google service account. For example,
/// `my-other-app@appspot.gserviceaccount.com`. *
/// `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An
/// identifier for a
/// [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts).
/// For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. *
/// `group:{emailid}`: An email address that represents a Google group. For
/// example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`:
/// An email address (plus unique identifier) representing a user that has
/// been recently deleted. For example,
/// `alice@example.com?uid=123456789012345678901`. If the user is recovered,
/// this value reverts to `user:{emailid}` and the recovered user retains the
/// role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`:
/// An email address (plus unique identifier) representing a service account
/// that has been recently deleted. For example,
/// `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If
/// the service account is undeleted, this value reverts to
/// `serviceAccount:{emailid}` and the undeleted service account retains the
/// role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email
/// address (plus unique identifier) representing a Google group that has been
/// recently deleted. For example,
/// `admins@example.com?uid=123456789012345678901`. If the group is recovered,
/// this value reverts to `group:{emailid}` and the recovered group retains
/// the role in the binding. * `domain:{domain}`: The G Suite domain (primary)
/// that represents all the users of that domain. For example, `google.com` or
/// `example.com`.
core.List<core.String>? members;
/// Role that is assigned to the list of `members`, or principals.
///
/// For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
core.String? role;
Binding({
this.condition,
this.members,
this.role,
});
Binding.fromJson(core.Map json_)
: this(
condition: json_.containsKey('condition')
? Expr.fromJson(
json_['condition'] as core.Map<core.String, core.dynamic>)
: null,
members: json_.containsKey('members')
? (json_['members'] as core.List)
.map((value) => value as core.String)
.toList()
: null,
role: json_.containsKey('role') ? json_['role'] as core.String : null,
);
core.Map<core.String, core.dynamic> toJson() => {
if (condition != null) 'condition': condition!,
if (members != null) 'members': members!,
if (role != null) 'role': role!,
};
}
/// A Certificate represents an X.509 certificate used to authenticate HTTPS
/// connections to EKM replicas.
class Certificate {
/// The issuer distinguished name in RFC 2253 format.
///
/// Only present if parsed is true.
///
/// Output only.
core.String? issuer;
/// The certificate is not valid after this time.
///
/// Only present if parsed is true.
///
/// Output only.
core.String? notAfterTime;
/// The certificate is not valid before this time.
///
/// Only present if parsed is true.
///
/// Output only.
core.String? notBeforeTime;
/// True if the certificate was parsed successfully.
///
/// Output only.
core.bool? parsed;
/// The raw certificate bytes in DER format.
///
/// Required.
core.String? rawDer;
core.List<core.int> get rawDerAsBytes => convert.base64.decode(rawDer!);
set rawDerAsBytes(core.List<core.int> bytes_) {
rawDer =
convert.base64.encode(bytes_).replaceAll('/', '_').replaceAll('+', '-');
}
/// The certificate serial number as a hex string.
///
/// Only present if parsed is true.
///
/// Output only.
core.String? serialNumber;
/// The SHA-256 certificate fingerprint as a hex string.
///
/// Only present if parsed is true.
///
/// Output only.
core.String? sha256Fingerprint;
/// The subject distinguished name in RFC 2253 format.
///
/// Only present if parsed is true.
///
/// Output only.
core.String? subject;
/// The subject Alternative DNS names.
///
/// Only present if parsed is true.
///
/// Output only.
core.List<core.String>? subjectAlternativeDnsNames;
Certificate({
this.issuer,
this.notAfterTime,
this.notBeforeTime,
this.parsed,
this.rawDer,
this.serialNumber,
this.sha256Fingerprint,
this.subject,
this.subjectAlternativeDnsNames,
});
Certificate.fromJson(core.Map json_)
: this(
issuer: json_.containsKey('issuer')
? json_['issuer'] as core.String
: null,
notAfterTime: json_.containsKey('notAfterTime')
? json_['notAfterTime'] as core.String
: null,
notBeforeTime: json_.containsKey('notBeforeTime')
? json_['notBeforeTime'] as core.String
: null,
parsed:
json_.containsKey('parsed') ? json_['parsed'] as core.bool : null,
rawDer: json_.containsKey('rawDer')
? json_['rawDer'] as core.String
: null,
serialNumber: json_.containsKey('serialNumber')
? json_['serialNumber'] as core.String
: null,
sha256Fingerprint: json_.containsKey('sha256Fingerprint')
? json_['sha256Fingerprint'] as core.String
: null,
subject: json_.containsKey('subject')
? json_['subject'] as core.String
: null,
subjectAlternativeDnsNames:
json_.containsKey('subjectAlternativeDnsNames')
? (json_['subjectAlternativeDnsNames'] as core.List)
.map((value) => value as core.String)
.toList()
: null,
);
core.Map<core.String, core.dynamic> toJson() => {
if (issuer != null) 'issuer': issuer!,
if (notAfterTime != null) 'notAfterTime': notAfterTime!,
if (notBeforeTime != null) 'notBeforeTime': notBeforeTime!,
if (parsed != null) 'parsed': parsed!,
if (rawDer != null) 'rawDer': rawDer!,
if (serialNumber != null) 'serialNumber': serialNumber!,
if (sha256Fingerprint != null) 'sha256Fingerprint': sha256Fingerprint!,
if (subject != null) 'subject': subject!,
if (subjectAlternativeDnsNames != null)
'subjectAlternativeDnsNames': subjectAlternativeDnsNames!,
};
}
/// Certificate chains needed to verify the attestation.
///
/// Certificates in chains are PEM-encoded and are ordered based on
/// https://tools.ietf.org/html/rfc5246#section-7.4.2.
class CertificateChains {
/// Cavium certificate chain corresponding to the attestation.
core.List<core.String>? caviumCerts;
/// Google card certificate chain corresponding to the attestation.
core.List<core.String>? googleCardCerts;
/// Google partition certificate chain corresponding to the attestation.
core.List<core.String>? googlePartitionCerts;
CertificateChains({
this.caviumCerts,
this.googleCardCerts,
this.googlePartitionCerts,
});
CertificateChains.fromJson(core.Map json_)
: this(
caviumCerts: json_.containsKey('caviumCerts')
? (json_['caviumCerts'] as core.List)
.map((value) => value as core.String)
.toList()
: null,
googleCardCerts: json_.containsKey('googleCardCerts')
? (json_['googleCardCerts'] as core.List)
.map((value) => value as core.String)
.toList()
: null,
googlePartitionCerts: json_.containsKey('googlePartitionCerts')
? (json_['googlePartitionCerts'] as core.List)
.map((value) => value as core.String)
.toList()
: null,
);
core.Map<core.String, core.dynamic> toJson() => {
if (caviumCerts != null) 'caviumCerts': caviumCerts!,
if (googleCardCerts != null) 'googleCardCerts': googleCardCerts!,
if (googlePartitionCerts != null)
'googlePartitionCerts': googlePartitionCerts!,
};
}
/// A CryptoKey represents a logical key that can be used for cryptographic
/// operations.
///
/// A CryptoKey is made up of zero or more versions, which represent the actual
/// key material used in cryptographic operations.
class CryptoKey {
/// The time at which this CryptoKey was created.
///
/// Output only.
core.String? createTime;
/// The resource name of the backend environment where the key material for
/// all CryptoKeyVersions associated with this CryptoKey reside and where all
/// related cryptographic operations are performed.
///
/// Only applicable if CryptoKeyVersions have a ProtectionLevel of
/// EXTERNAL_VPC, with the resource name in the format `projects / *
/// /locations / * /ekmConnections / * `. Note, this list is non-exhaustive
/// and may apply to additional ProtectionLevels in the future.
///
/// Immutable.
core.String? cryptoKeyBackend;
/// The period of time that versions of this key spend in the
/// DESTROY_SCHEDULED state before transitioning to DESTROYED.
///
/// If not specified at creation time, the default duration is 24 hours.
///
/// Immutable.
core.String? destroyScheduledDuration;
/// Whether this key may contain imported versions only.
///
/// Immutable.
core.bool? importOnly;
/// Labels with user-defined metadata.
///
/// For more information, see
/// [Labeling Keys](https://cloud.google.com/kms/docs/labeling-keys).
core.Map<core.String, core.String>? labels;
/// The resource name for this CryptoKey in the format `projects / *
/// /locations / * /keyRings / * /cryptoKeys / * `.
///
/// Output only.
core.String? name;
/// At next_rotation_time, the Key Management Service will automatically: 1.
///
/// Create a new version of this CryptoKey. 2. Mark the new version as
/// primary. Key rotations performed manually via CreateCryptoKeyVersion and
/// UpdateCryptoKeyPrimaryVersion do not affect next_rotation_time. Keys with
/// purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this
/// field must be omitted.
core.String? nextRotationTime;
/// A copy of the "primary" CryptoKeyVersion that will be used by Encrypt when
/// this CryptoKey is given in EncryptRequest.name.
///
/// The CryptoKey's primary version can be updated via
/// UpdateCryptoKeyPrimaryVersion. Keys with purpose ENCRYPT_DECRYPT may have
/// a primary. For other keys, this field will be omitted.
///
/// Output only.
CryptoKeyVersion? primary;
/// The immutable purpose of this CryptoKey.
///
/// Immutable.
/// Possible string values are:
/// - "CRYPTO_KEY_PURPOSE_UNSPECIFIED" : Not specified.
/// - "ENCRYPT_DECRYPT" : CryptoKeys with this purpose may be used with
/// Encrypt and Decrypt.
/// - "ASYMMETRIC_SIGN" : CryptoKeys with this purpose may be used with
/// AsymmetricSign and GetPublicKey.
/// - "ASYMMETRIC_DECRYPT" : CryptoKeys with this purpose may be used with
/// AsymmetricDecrypt and GetPublicKey.
/// - "MAC" : CryptoKeys with this purpose may be used with MacSign.
core.String? purpose;
/// next_rotation_time will be advanced by this period when the service
/// automatically rotates a key.
///
/// Must be at least 24 hours and at most 876,000 hours. If rotation_period is
/// set, next_rotation_time must also be set. Keys with purpose
/// ENCRYPT_DECRYPT support automatic rotation. For other keys, this field
/// must be omitted.
core.String? rotationPeriod;
/// A template describing settings for new CryptoKeyVersion instances.
///
/// The properties of new CryptoKeyVersion instances created by either
/// CreateCryptoKeyVersion or auto-rotation are controlled by this template.
CryptoKeyVersionTemplate? versionTemplate;
CryptoKey({
this.createTime,
this.cryptoKeyBackend,
this.destroyScheduledDuration,
this.importOnly,
this.labels,
this.name,
this.nextRotationTime,
this.primary,
this.purpose,
this.rotationPeriod,
this.versionTemplate,
});
CryptoKey.fromJson(core.Map json_)
: this(
createTime: json_.containsKey('createTime')
? json_['createTime'] as core.String
: null,
cryptoKeyBackend: json_.containsKey('cryptoKeyBackend')
? json_['cryptoKeyBackend'] as core.String
: null,
destroyScheduledDuration:
json_.containsKey('destroyScheduledDuration')
? json_['destroyScheduledDuration'] as core.String
: null,
importOnly: json_.containsKey('importOnly')
? json_['importOnly'] as core.bool
: null,
labels: json_.containsKey('labels')
? (json_['labels'] as core.Map<core.String, core.dynamic>).map(
(key, item) => core.MapEntry(
key,
item as core.String,
),
)
: null,
name: json_.containsKey('name') ? json_['name'] as core.String : null,
nextRotationTime: json_.containsKey('nextRotationTime')
? json_['nextRotationTime'] as core.String
: null,
primary: json_.containsKey('primary')
? CryptoKeyVersion.fromJson(
json_['primary'] as core.Map<core.String, core.dynamic>)
: null,
purpose: json_.containsKey('purpose')
? json_['purpose'] as core.String
: null,
rotationPeriod: json_.containsKey('rotationPeriod')
? json_['rotationPeriod'] as core.String
: null,
versionTemplate: json_.containsKey('versionTemplate')
? CryptoKeyVersionTemplate.fromJson(json_['versionTemplate']
as core.Map<core.String, core.dynamic>)
: null,
);
core.Map<core.String, core.dynamic> toJson() => {
if (createTime != null) 'createTime': createTime!,
if (cryptoKeyBackend != null) 'cryptoKeyBackend': cryptoKeyBackend!,
if (destroyScheduledDuration != null)
'destroyScheduledDuration': destroyScheduledDuration!,
if (importOnly != null) 'importOnly': importOnly!,
if (labels != null) 'labels': labels!,
if (name != null) 'name': name!,
if (nextRotationTime != null) 'nextRotationTime': nextRotationTime!,
if (primary != null) 'primary': primary!,
if (purpose != null) 'purpose': purpose!,
if (rotationPeriod != null) 'rotationPeriod': rotationPeriod!,
if (versionTemplate != null) 'versionTemplate': versionTemplate!,
};
}
/// A CryptoKeyVersion represents an individual cryptographic key, and the
/// associated key material.
///
/// An ENABLED version can be used for cryptographic operations. For security
/// reasons, the raw cryptographic key material represented by a
/// CryptoKeyVersion can never be viewed or exported. It can only be used to
/// encrypt, decrypt, or sign data when an authorized user or application
/// invokes Cloud KMS.
class CryptoKeyVersion {
/// The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
///
/// Output only.
/// Possible string values are:
/// - "CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED" : Not specified.
/// - "GOOGLE_SYMMETRIC_ENCRYPTION" : Creates symmetric encryption keys.
/// - "RSA_SIGN_PSS_2048_SHA256" : RSASSA-PSS 2048 bit key with a SHA256
/// digest.
/// - "RSA_SIGN_PSS_3072_SHA256" : RSASSA-PSS 3072 bit key with a SHA256
/// digest.
/// - "RSA_SIGN_PSS_4096_SHA256" : RSASSA-PSS 4096 bit key with a SHA256
/// digest.
/// - "RSA_SIGN_PSS_4096_SHA512" : RSASSA-PSS 4096 bit key with a SHA512
/// digest.
/// - "RSA_SIGN_PKCS1_2048_SHA256" : RSASSA-PKCS1-v1_5 with a 2048 bit key and
/// a SHA256 digest.
/// - "RSA_SIGN_PKCS1_3072_SHA256" : RSASSA-PKCS1-v1_5 with a 3072 bit key and
/// a SHA256 digest.
/// - "RSA_SIGN_PKCS1_4096_SHA256" : RSASSA-PKCS1-v1_5 with a 4096 bit key and
/// a SHA256 digest.
/// - "RSA_SIGN_PKCS1_4096_SHA512" : RSASSA-PKCS1-v1_5 with a 4096 bit key and
/// a SHA512 digest.
/// - "RSA_SIGN_RAW_PKCS1_2048" : RSASSA-PKCS1-v1_5 signing without encoding,
/// with a 2048 bit key.
/// - "RSA_SIGN_RAW_PKCS1_3072" : RSASSA-PKCS1-v1_5 signing without encoding,
/// with a 3072 bit key.
/// - "RSA_SIGN_RAW_PKCS1_4096" : RSASSA-PKCS1-v1_5 signing without encoding,
/// with a 4096 bit key.
/// - "RSA_DECRYPT_OAEP_2048_SHA256" : RSAES-OAEP 2048 bit key with a SHA256
/// digest.
/// - "RSA_DECRYPT_OAEP_3072_SHA256" : RSAES-OAEP 3072 bit key with a SHA256
/// digest.
/// - "RSA_DECRYPT_OAEP_4096_SHA256" : RSAES-OAEP 4096 bit key with a SHA256
/// digest.
/// - "RSA_DECRYPT_OAEP_4096_SHA512" : RSAES-OAEP 4096 bit key with a SHA512
/// digest.
/// - "RSA_DECRYPT_OAEP_2048_SHA1" : RSAES-OAEP 2048 bit key with a SHA1
/// digest.
/// - "RSA_DECRYPT_OAEP_3072_SHA1" : RSAES-OAEP 3072 bit key with a SHA1
/// digest.
/// - "RSA_DECRYPT_OAEP_4096_SHA1" : RSAES-OAEP 4096 bit key with a SHA1
/// digest.
/// - "EC_SIGN_P256_SHA256" : ECDSA on the NIST P-256 curve with a SHA256
/// digest.
/// - "EC_SIGN_P384_SHA384" : ECDSA on the NIST P-384 curve with a SHA384
/// digest.
/// - "EC_SIGN_SECP256K1_SHA256" : ECDSA on the non-NIST secp256k1 curve. This
/// curve is only supported for HSM protection level.
/// - "HMAC_SHA256" : HMAC-SHA256 signing with a 256 bit key.
/// - "EXTERNAL_SYMMETRIC_ENCRYPTION" : Algorithm representing symmetric
/// encryption by an external key manager.
core.String? algorithm;
/// Statement that was generated and signed by the HSM at key creation time.
///
/// Use this statement to verify attributes of the key as stored on the HSM,
/// independently of Google. Only provided for key versions with
/// protection_level HSM.
///
/// Output only.
KeyOperationAttestation? attestation;
/// The time at which this CryptoKeyVersion was created.
///
/// Output only.
core.String? createTime;
/// The time this CryptoKeyVersion's key material was destroyed.
///
/// Only present if state is DESTROYED.
///
/// Output only.
core.String? destroyEventTime;
/// The time this CryptoKeyVersion's key material is scheduled for
/// destruction.
///
/// Only present if state is DESTROY_SCHEDULED.
///
/// Output only.
core.String? destroyTime;
/// ExternalProtectionLevelOptions stores a group of additional fields for
/// configuring a CryptoKeyVersion that are specific to the EXTERNAL
/// protection level and EXTERNAL_VPC protection levels.
ExternalProtectionLevelOptions? externalProtectionLevelOptions;
/// The time this CryptoKeyVersion's key material was generated.
///
/// Output only.
core.String? generateTime;
/// The root cause of the most recent import failure.
///
/// Only present if state is IMPORT_FAILED.
///
/// Output only.
core.String? importFailureReason;
/// The name of the ImportJob used in the most recent import of this
/// CryptoKeyVersion.
///
/// Only present if the underlying key material was imported.
///
/// Output only.
core.String? importJob;
/// The time at which this CryptoKeyVersion's key material was most recently
/// imported.
///
/// Output only.
core.String? importTime;
/// The resource name for this CryptoKeyVersion in the format `projects / *
/// /locations / * /keyRings / * /cryptoKeys / * /cryptoKeyVersions / * `.
///
/// Output only.
core.String? name;
/// The ProtectionLevel describing how crypto operations are performed with
/// this CryptoKeyVersion.
///
/// Output only.
/// Possible string values are:
/// - "PROTECTION_LEVEL_UNSPECIFIED" : Not specified.
/// - "SOFTWARE" : Crypto operations are performed in software.
/// - "HSM" : Crypto operations are performed in a Hardware Security Module.
/// - "EXTERNAL" : Crypto operations are performed by an external key manager.
/// - "EXTERNAL_VPC" : Crypto operations are performed in an EKM-over-VPC
/// backend.
core.String? protectionLevel;
/// Whether or not this key version is eligible for reimport, by being
/// specified as a target in ImportCryptoKeyVersionRequest.crypto_key_version.
///
/// Output only.
core.bool? reimportEligible;
/// The current state of the CryptoKeyVersion.
/// Possible string values are:
/// - "CRYPTO_KEY_VERSION_STATE_UNSPECIFIED" : Not specified.
/// - "PENDING_GENERATION" : This version is still being generated. It may not
/// be used, enabled, disabled, or destroyed yet. Cloud KMS will automatically
/// mark this version ENABLED as soon as the version is ready.
/// - "ENABLED" : This version may be used for cryptographic operations.
/// - "DISABLED" : This version may not be used, but the key material is still
/// available, and the version can be placed back into the ENABLED state.
/// - "DESTROYED" : This version is destroyed, and the key material is no
/// longer stored. This version may only become ENABLED again if this version
/// is reimport_eligible and the original key material is reimported with a
/// call to KeyManagementService.ImportCryptoKeyVersion.
/// - "DESTROY_SCHEDULED" : This version is scheduled for destruction, and
/// will be destroyed soon. Call RestoreCryptoKeyVersion to put it back into
/// the DISABLED state.
/// - "PENDING_IMPORT" : This version is still being imported. It may not be
/// used, enabled, disabled, or destroyed yet. Cloud KMS will automatically
/// mark this version ENABLED as soon as the version is ready.
/// - "IMPORT_FAILED" : This version was not imported successfully. It may not
/// be used, enabled, disabled, or destroyed. The submitted key material has
/// been discarded. Additional details can be found in
/// CryptoKeyVersion.import_failure_reason.
core.String? state;
CryptoKeyVersion({
this.algorithm,
this.attestation,
this.createTime,
this.destroyEventTime,
this.destroyTime,
this.externalProtectionLevelOptions,
this.generateTime,
this.importFailureReason,
this.importJob,
this.importTime,
this.name,
this.protectionLevel,
this.reimportEligible,
this.state,
});
CryptoKeyVersion.fromJson(core.Map json_)
: this(
algorithm: json_.containsKey('algorithm')
? json_['algorithm'] as core.String
: null,
attestation: json_.containsKey('attestation')
? KeyOperationAttestation.fromJson(
json_['attestation'] as core.Map<core.String, core.dynamic>)
: null,
createTime: json_.containsKey('createTime')
? json_['createTime'] as core.String
: null,
destroyEventTime: json_.containsKey('destroyEventTime')
? json_['destroyEventTime'] as core.String
: null,
destroyTime: json_.containsKey('destroyTime')
? json_['destroyTime'] as core.String
: null,
externalProtectionLevelOptions:
json_.containsKey('externalProtectionLevelOptions')
? ExternalProtectionLevelOptions.fromJson(
json_['externalProtectionLevelOptions']
as core.Map<core.String, core.dynamic>)
: null,
generateTime: json_.containsKey('generateTime')
? json_['generateTime'] as core.String
: null,
importFailureReason: json_.containsKey('importFailureReason')
? json_['importFailureReason'] as core.String
: null,
importJob: json_.containsKey('importJob')
? json_['importJob'] as core.String
: null,
importTime: json_.containsKey('importTime')
? json_['importTime'] as core.String
: null,
name: json_.containsKey('name') ? json_['name'] as core.String : null,
protectionLevel: json_.containsKey('protectionLevel')
? json_['protectionLevel'] as core.String
: null,
reimportEligible: json_.containsKey('reimportEligible')
? json_['reimportEligible'] as core.bool
: null,
state:
json_.containsKey('state') ? json_['state'] as core.String : null,
);
core.Map<core.String, core.dynamic> toJson() => {
if (algorithm != null) 'algorithm': algorithm!,
if (attestation != null) 'attestation': attestation!,
if (createTime != null) 'createTime': createTime!,
if (destroyEventTime != null) 'destroyEventTime': destroyEventTime!,
if (destroyTime != null) 'destroyTime': destroyTime!,
if (externalProtectionLevelOptions != null)
'externalProtectionLevelOptions': externalProtectionLevelOptions!,
if (generateTime != null) 'generateTime': generateTime!,
if (importFailureReason != null)
'importFailureReason': importFailureReason!,
if (importJob != null) 'importJob': importJob!,
if (importTime != null) 'importTime': importTime!,
if (name != null) 'name': name!,
if (protectionLevel != null) 'protectionLevel': protectionLevel!,
if (reimportEligible != null) 'reimportEligible': reimportEligible!,
if (state != null) 'state': state!,
};
}
/// A CryptoKeyVersionTemplate specifies the properties to use when creating a
/// new CryptoKeyVersion, either manually with CreateCryptoKeyVersion or
/// automatically as a result of auto-rotation.
class CryptoKeyVersionTemplate {
/// Algorithm to use when creating a CryptoKeyVersion based on this template.
///
/// For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if
/// both this field is omitted and CryptoKey.purpose is ENCRYPT_DECRYPT.
///
/// Required.
/// Possible string values are:
/// - "CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED" : Not specified.
/// - "GOOGLE_SYMMETRIC_ENCRYPTION" : Creates symmetric encryption keys.
/// - "RSA_SIGN_PSS_2048_SHA256" : RSASSA-PSS 2048 bit key with a SHA256
/// digest.
/// - "RSA_SIGN_PSS_3072_SHA256" : RSASSA-PSS 3072 bit key with a SHA256
/// digest.
/// - "RSA_SIGN_PSS_4096_SHA256" : RSASSA-PSS 4096 bit key with a SHA256
/// digest.
/// - "RSA_SIGN_PSS_4096_SHA512" : RSASSA-PSS 4096 bit key with a SHA512
/// digest.
/// - "RSA_SIGN_PKCS1_2048_SHA256" : RSASSA-PKCS1-v1_5 with a 2048 bit key and
/// a SHA256 digest.
/// - "RSA_SIGN_PKCS1_3072_SHA256" : RSASSA-PKCS1-v1_5 with a 3072 bit key and
/// a SHA256 digest.
/// - "RSA_SIGN_PKCS1_4096_SHA256" : RSASSA-PKCS1-v1_5 with a 4096 bit key and
/// a SHA256 digest.
/// - "RSA_SIGN_PKCS1_4096_SHA512" : RSASSA-PKCS1-v1_5 with a 4096 bit key and
/// a SHA512 digest.
/// - "RSA_SIGN_RAW_PKCS1_2048" : RSASSA-PKCS1-v1_5 signing without encoding,
/// with a 2048 bit key.
/// - "RSA_SIGN_RAW_PKCS1_3072" : RSASSA-PKCS1-v1_5 signing without encoding,
/// with a 3072 bit key.
/// - "RSA_SIGN_RAW_PKCS1_4096" : RSASSA-PKCS1-v1_5 signing without encoding,
/// with a 4096 bit key.
/// - "RSA_DECRYPT_OAEP_2048_SHA256" : RSAES-OAEP 2048 bit key with a SHA256
/// digest.
/// - "RSA_DECRYPT_OAEP_3072_SHA256" : RSAES-OAEP 3072 bit key with a SHA256
/// digest.
/// - "RSA_DECRYPT_OAEP_4096_SHA256" : RSAES-OAEP 4096 bit key with a SHA256
/// digest.
/// - "RSA_DECRYPT_OAEP_4096_SHA512" : RSAES-OAEP 4096 bit key with a SHA512
/// digest.
/// - "RSA_DECRYPT_OAEP_2048_SHA1" : RSAES-OAEP 2048 bit key with a SHA1
/// digest.
/// - "RSA_DECRYPT_OAEP_3072_SHA1" : RSAES-OAEP 3072 bit key with a SHA1
/// digest.
/// - "RSA_DECRYPT_OAEP_4096_SHA1" : RSAES-OAEP 4096 bit key with a SHA1
/// digest.
/// - "EC_SIGN_P256_SHA256" : ECDSA on the NIST P-256 curve with a SHA256
/// digest.
/// - "EC_SIGN_P384_SHA384" : ECDSA on the NIST P-384 curve with a SHA384
/// digest.
/// - "EC_SIGN_SECP256K1_SHA256" : ECDSA on the non-NIST secp256k1 curve. This
/// curve is only supported for HSM protection level.
/// - "HMAC_SHA256" : HMAC-SHA256 signing with a 256 bit key.
/// - "EXTERNAL_SYMMETRIC_ENCRYPTION" : Algorithm representing symmetric
/// encryption by an external key manager.
core.String? algorithm;
/// ProtectionLevel to use when creating a CryptoKeyVersion based on this
/// template.
///
/// Immutable. Defaults to SOFTWARE.
/// Possible string values are:
/// - "PROTECTION_LEVEL_UNSPECIFIED" : Not specified.
/// - "SOFTWARE" : Crypto operations are performed in software.
/// - "HSM" : Crypto operations are performed in a Hardware Security Module.
/// - "EXTERNAL" : Crypto operations are performed by an external key manager.
/// - "EXTERNAL_VPC" : Crypto operations are performed in an EKM-over-VPC
/// backend.
core.String? protectionLevel;
CryptoKeyVersionTemplate({
this.algorithm,
this.protectionLevel,
});
CryptoKeyVersionTemplate.fromJson(core.Map json_)
: this(
algorithm: json_.containsKey('algorithm')
? json_['algorithm'] as core.String
: null,
protectionLevel: json_.containsKey('protectionLevel')
? json_['protectionLevel'] as core.String
: null,
);
core.Map<core.String, core.dynamic> toJson() => {
if (algorithm != null) 'algorithm': algorithm!,
if (protectionLevel != null) 'protectionLevel': protectionLevel!,
};
}
/// Request message for KeyManagementService.Decrypt.
class DecryptRequest {
/// Optional data that must match the data originally supplied in
/// EncryptRequest.additional_authenticated_data.
///
/// Optional.
core.String? additionalAuthenticatedData;
core.List<core.int> get additionalAuthenticatedDataAsBytes =>
convert.base64.decode(additionalAuthenticatedData!);
set additionalAuthenticatedDataAsBytes(core.List<core.int> bytes_) {
additionalAuthenticatedData =
convert.base64.encode(bytes_).replaceAll('/', '_').replaceAll('+', '-');
}
/// An optional CRC32C checksum of the
/// DecryptRequest.additional_authenticated_data.
///
/// If specified, KeyManagementService will verify the integrity of the
/// received DecryptRequest.additional_authenticated_data using this checksum.
/// KeyManagementService will report an error if the checksum verification
/// fails. If you receive a checksum error, your client should verify that
/// CRC32C(DecryptRequest.additional_authenticated_data) is equal to
/// DecryptRequest.additional_authenticated_data_crc32c, and if so, perform a
/// limited number of retries. A persistent mismatch may indicate an issue in
/// your computation of the CRC32C checksum. Note: This field is defined as
/// int64 for reasons of compatibility across different languages. However, it
/// is a non-negative integer, which will never exceed 2^32-1, and can be
/// safely downconverted to uint32 in languages that support this type.
///
/// Optional.
core.String? additionalAuthenticatedDataCrc32c;
/// The encrypted data originally returned in EncryptResponse.ciphertext.
///
/// Required.
core.String? ciphertext;
core.List<core.int> get ciphertextAsBytes =>
convert.base64.decode(ciphertext!);
set ciphertextAsBytes(core.List<core.int> bytes_) {
ciphertext =
convert.base64.encode(bytes_).replaceAll('/', '_').replaceAll('+', '-');
}
/// An optional CRC32C checksum of the DecryptRequest.ciphertext.
///
/// If specified, KeyManagementService will verify the integrity of the
/// received DecryptRequest.ciphertext using this checksum.
/// KeyManagementService will report an error if the checksum verification
/// fails. If you receive a checksum error, your client should verify that
/// CRC32C(DecryptRequest.ciphertext) is equal to
/// DecryptRequest.ciphertext_crc32c, and if so, perform a limited number of
/// retries. A persistent mismatch may indicate an issue in your computation
/// of the CRC32C checksum. Note: This field is defined as int64 for reasons
/// of compatibility across different languages. However, it is a non-negative
/// integer, which will never exceed 2^32-1, and can be safely downconverted
/// to uint32 in languages that support this type.
///
/// Optional.
core.String? ciphertextCrc32c;
DecryptRequest({
this.additionalAuthenticatedData,
this.additionalAuthenticatedDataCrc32c,
this.ciphertext,
this.ciphertextCrc32c,
});
DecryptRequest.fromJson(core.Map json_)
: this(
additionalAuthenticatedData:
json_.containsKey('additionalAuthenticatedData')
? json_['additionalAuthenticatedData'] as core.String
: null,
additionalAuthenticatedDataCrc32c:
json_.containsKey('additionalAuthenticatedDataCrc32c')
? json_['additionalAuthenticatedDataCrc32c'] as core.String
: null,
ciphertext: json_.containsKey('ciphertext')
? json_['ciphertext'] as core.String
: null,
ciphertextCrc32c: json_.containsKey('ciphertextCrc32c')
? json_['ciphertextCrc32c'] as core.String
: null,
);
core.Map<core.String, core.dynamic> toJson() => {
if (additionalAuthenticatedData != null)
'additionalAuthenticatedData': additionalAuthenticatedData!,
if (additionalAuthenticatedDataCrc32c != null)
'additionalAuthenticatedDataCrc32c':
additionalAuthenticatedDataCrc32c!,
if (ciphertext != null) 'ciphertext': ciphertext!,
if (ciphertextCrc32c != null) 'ciphertextCrc32c': ciphertextCrc32c!,
};
}
/// Response message for KeyManagementService.Decrypt.
class DecryptResponse {
/// The decrypted data originally supplied in EncryptRequest.plaintext.
core.String? plaintext;
core.List<core.int> get plaintextAsBytes => convert.base64.decode(plaintext!);
set plaintextAsBytes(core.List<core.int> bytes_) {
plaintext =
convert.base64.encode(bytes_).replaceAll('/', '_').replaceAll('+', '-');
}
/// Integrity verification field.
///
/// A CRC32C checksum of the returned DecryptResponse.plaintext. An integrity
/// check of DecryptResponse.plaintext can be performed by computing the
/// CRC32C checksum of DecryptResponse.plaintext and comparing your results to
/// this field. Discard the response in case of non-matching checksum values,
/// and perform a limited number of retries. A persistent mismatch may
/// indicate an issue in your computation of the CRC32C checksum. Note:
/// receiving this response message indicates that KeyManagementService is
/// able to successfully decrypt the ciphertext. Note: This field is defined
/// as int64 for reasons of compatibility across different languages. However,
/// it is a non-negative integer, which will never exceed 2^32-1, and can be
/// safely downconverted to uint32 in languages that support this type.
core.String? plaintextCrc32c;
/// The ProtectionLevel of the CryptoKeyVersion used in decryption.
/// Possible string values are:
/// - "PROTECTION_LEVEL_UNSPECIFIED" : Not specified.
/// - "SOFTWARE" : Crypto operations are performed in software.
/// - "HSM" : Crypto operations are performed in a Hardware Security Module.
/// - "EXTERNAL" : Crypto operations are performed by an external key manager.
/// - "EXTERNAL_VPC" : Crypto operations are performed in an EKM-over-VPC
/// backend.
core.String? protectionLevel;
/// Whether the Decryption was performed using the primary key version.
core.bool? usedPrimary;
DecryptResponse({
this.plaintext,
this.plaintextCrc32c,
this.protectionLevel,
this.usedPrimary,
});
DecryptResponse.fromJson(core.Map json_)
: this(
plaintext: json_.containsKey('plaintext')
? json_['plaintext'] as core.String
: null,
plaintextCrc32c: json_.containsKey('plaintextCrc32c')
? json_['plaintextCrc32c'] as core.String
: null,
protectionLevel: json_.containsKey('protectionLevel')
? json_['protectionLevel'] as core.String
: null,
usedPrimary: json_.containsKey('usedPrimary')
? json_['usedPrimary'] as core.bool
: null,
);
core.Map<core.String, core.dynamic> toJson() => {
if (plaintext != null) 'plaintext': plaintext!,
if (plaintextCrc32c != null) 'plaintextCrc32c': plaintextCrc32c!,
if (protectionLevel != null) 'protectionLevel': protectionLevel!,
if (usedPrimary != null) 'usedPrimary': usedPrimary!,
};
}
/// Request message for KeyManagementService.DestroyCryptoKeyVersion.
typedef DestroyCryptoKeyVersionRequest = $Empty;
/// A Digest holds a cryptographic message digest.
class Digest {
/// A message digest produced with the SHA-256 algorithm.
core.String? sha256;
core.List<core.int> get sha256AsBytes => convert.base64.decode(sha256!);
set sha256AsBytes(core.List<core.int> bytes_) {
sha256 =
convert.base64.encode(bytes_).replaceAll('/', '_').replaceAll('+', '-');
}
/// A message digest produced with the SHA-384 algorithm.
core.String? sha384;
core.List<core.int> get sha384AsBytes => convert.base64.decode(sha384!);
set sha384AsBytes(core.List<core.int> bytes_) {
sha384 =
convert.base64.encode(bytes_).replaceAll('/', '_').replaceAll('+', '-');
}
/// A message digest produced with the SHA-512 algorithm.
core.String? sha512;
core.List<core.int> get sha512AsBytes => convert.base64.decode(sha512!);
set sha512AsBytes(core.List<core.int> bytes_) {
sha512 =
convert.base64.encode(bytes_).replaceAll('/', '_').replaceAll('+', '-');
}
Digest({
this.sha256,
this.sha384,
this.sha512,
});
Digest.fromJson(core.Map json_)
: this(
sha256: json_.containsKey('sha256')
? json_['sha256'] as core.String
: null,
sha384: json_.containsKey('sha384')
? json_['sha384'] as core.String
: null,
sha512: json_.containsKey('sha512')
? json_['sha512'] as core.String
: null,
);
core.Map<core.String, core.dynamic> toJson() => {
if (sha256 != null) 'sha256': sha256!,
if (sha384 != null) 'sha384': sha384!,
if (sha512 != null) 'sha512': sha512!,
};
}
/// An EkmConnection represents an individual EKM connection.
///
/// It can be used for creating CryptoKeys and CryptoKeyVersions with a
/// ProtectionLevel of EXTERNAL_VPC, as well as performing cryptographic
/// operations using keys created within the EkmConnection.
class EkmConnection {
/// The time at which the EkmConnection was created.
///
/// Output only.
core.String? createTime;
/// This checksum is computed by the server based on the value of other
/// fields, and may be sent on update requests to ensure the client has an
/// up-to-date value before proceeding.
///
/// Optional.
core.String? etag;
/// The resource name for the EkmConnection in the format `projects / *
/// /locations / * /ekmConnections / * `.
///
/// Output only.
core.String? name;
/// A list of ServiceResolvers where the EKM can be reached.
///
/// There should be one ServiceResolver per EKM replica. Currently, only a
/// single ServiceResolver is supported.
core.List<ServiceResolver>? serviceResolvers;
EkmConnection({
this.createTime,
this.etag,
this.name,
this.serviceResolvers,
});
EkmConnection.fromJson(core.Map json_)
: this(
createTime: json_.containsKey('createTime')
? json_['createTime'] as core.String
: null,
etag: json_.containsKey('etag') ? json_['etag'] as core.String : null,
name: json_.containsKey('name') ? json_['name'] as core.String : null,
serviceResolvers: json_.containsKey('serviceResolvers')
? (json_['serviceResolvers'] as core.List)
.map((value) => ServiceResolver.fromJson(
value as core.Map<core.String, core.dynamic>))
.toList()
: null,
);
core.Map<core.String, core.dynamic> toJson() => {
if (createTime != null) 'createTime': createTime!,
if (etag != null) 'etag': etag!,
if (name != null) 'name': name!,
if (serviceResolvers != null) 'serviceResolvers': serviceResolvers!,
};
}
/// Request message for KeyManagementService.Encrypt.
class EncryptRequest {
/// Optional data that, if specified, must also be provided during decryption
/// through DecryptRequest.additional_authenticated_data.
///
/// The maximum size depends on the key version's protection_level. For
/// SOFTWARE, EXTERNAL, and EXTERNAL_VPC keys the AAD must be no larger than
/// 64KiB. For HSM keys, the combined length of the plaintext and
/// additional_authenticated_data fields must be no larger than 8KiB.
///
/// Optional.
core.String? additionalAuthenticatedData;
core.List<core.int> get additionalAuthenticatedDataAsBytes =>
convert.base64.decode(additionalAuthenticatedData!);
set additionalAuthenticatedDataAsBytes(core.List<core.int> bytes_) {
additionalAuthenticatedData =
convert.base64.encode(bytes_).replaceAll('/', '_').replaceAll('+', '-');
}
/// An optional CRC32C checksum of the
/// EncryptRequest.additional_authenticated_data.
///
/// If specified, KeyManagementService will verify the integrity of the
/// received EncryptRequest.additional_authenticated_data using this checksum.
/// KeyManagementService will report an error if the checksum verification
/// fails. If you receive a checksum error, your client should verify that
/// CRC32C(EncryptRequest.additional_authenticated_data) is equal to
/// EncryptRequest.additional_authenticated_data_crc32c, and if so, perform a
/// limited number of retries. A persistent mismatch may indicate an issue in
/// your computation of the CRC32C checksum. Note: This field is defined as
/// int64 for reasons of compatibility across different languages. However, it
/// is a non-negative integer, which will never exceed 2^32-1, and can be
/// safely downconverted to uint32 in languages that support this type.
///
/// Optional.
core.String? additionalAuthenticatedDataCrc32c;
/// The data to encrypt.
///
/// Must be no larger than 64KiB. The maximum size depends on the key
/// version's protection_level. For SOFTWARE, EXTERNAL, and EXTERNAL_VPC keys,
/// the plaintext must be no larger than 64KiB. For HSM keys, the combined
/// length of the plaintext and additional_authenticated_data fields must be
/// no larger than 8KiB.
///
/// Required.
core.String? plaintext;
core.List<core.int> get plaintextAsBytes => convert.base64.decode(plaintext!);
set plaintextAsBytes(core.List<core.int> bytes_) {
plaintext =
convert.base64.encode(bytes_).replaceAll('/', '_').replaceAll('+', '-');
}
/// An optional CRC32C checksum of the EncryptRequest.plaintext.
///
/// If specified, KeyManagementService will verify the integrity of the
/// received EncryptRequest.plaintext using this checksum.
/// KeyManagementService will report an error if the checksum verification
/// fails. If you receive a checksum error, your client should verify that
/// CRC32C(EncryptRequest.plaintext) is equal to
/// EncryptRequest.plaintext_crc32c, and if so, perform a limited number of
/// retries. A persistent mismatch may indicate an issue in your computation
/// of the CRC32C checksum. Note: This field is defined as int64 for reasons
/// of compatibility across different languages. However, it is a non-negative
/// integer, which will never exceed 2^32-1, and can be safely downconverted
/// to uint32 in languages that support this type.
///
/// Optional.
core.String? plaintextCrc32c;
EncryptRequest({
this.additionalAuthenticatedData,
this.additionalAuthenticatedDataCrc32c,
this.plaintext,
this.plaintextCrc32c,
});
EncryptRequest.fromJson(core.Map json_)
: this(
additionalAuthenticatedData:
json_.containsKey('additionalAuthenticatedData')
? json_['additionalAuthenticatedData'] as core.String
: null,
additionalAuthenticatedDataCrc32c:
json_.containsKey('additionalAuthenticatedDataCrc32c')
? json_['additionalAuthenticatedDataCrc32c'] as core.String
: null,
plaintext: json_.containsKey('plaintext')
? json_['plaintext'] as core.String
: null,
plaintextCrc32c: json_.containsKey('plaintextCrc32c')
? json_['plaintextCrc32c'] as core.String
: null,
);
core.Map<core.String, core.dynamic> toJson() => {
if (additionalAuthenticatedData != null)
'additionalAuthenticatedData': additionalAuthenticatedData!,
if (additionalAuthenticatedDataCrc32c != null)
'additionalAuthenticatedDataCrc32c':
additionalAuthenticatedDataCrc32c!,
if (plaintext != null) 'plaintext': plaintext!,
if (plaintextCrc32c != null) 'plaintextCrc32c': plaintextCrc32c!,
};
}
/// Response message for KeyManagementService.Encrypt.
class EncryptResponse {
/// The encrypted data.
core.String? ciphertext;
core.List<core.int> get ciphertextAsBytes =>
convert.base64.decode(ciphertext!);
set ciphertextAsBytes(core.List<core.int> bytes_) {
ciphertext =
convert.base64.encode(bytes_).replaceAll('/', '_').replaceAll('+', '-');
}
/// Integrity verification field.
///
/// A CRC32C checksum of the returned EncryptResponse.ciphertext. An integrity
/// check of EncryptResponse.ciphertext can be performed by computing the
/// CRC32C checksum of EncryptResponse.ciphertext and comparing your results
/// to this field. Discard the response in case of non-matching checksum
/// values, and perform a limited number of retries. A persistent mismatch may
/// indicate an issue in your computation of the CRC32C checksum. Note: This
/// field is defined as int64 for reasons of compatibility across different
/// languages. However, it is a non-negative integer, which will never exceed
/// 2^32-1, and can be safely downconverted to uint32 in languages that
/// support this type.
core.String? ciphertextCrc32c;
/// The resource name of the CryptoKeyVersion used in encryption.
///
/// Check this field to verify that the intended resource was used for
/// encryption.
core.String? name;
/// The ProtectionLevel of the CryptoKeyVersion used in encryption.
/// Possible string values are:
/// - "PROTECTION_LEVEL_UNSPECIFIED" : Not specified.
/// - "SOFTWARE" : Crypto operations are performed in software.
/// - "HSM" : Crypto operations are performed in a Hardware Security Module.
/// - "EXTERNAL" : Crypto operations are performed by an external key manager.
/// - "EXTERNAL_VPC" : Crypto operations are performed in an EKM-over-VPC
/// backend.
core.String? protectionLevel;
/// Integrity verification field.
///
/// A flag indicating whether
/// EncryptRequest.additional_authenticated_data_crc32c was received by
/// KeyManagementService and used for the integrity verification of the AAD. A
/// false value of this field indicates either that
/// EncryptRequest.additional_authenticated_data_crc32c was left unset or that
/// it was not delivered to KeyManagementService. If you've set
/// EncryptRequest.additional_authenticated_data_crc32c but this field is
/// still false, discard the response and perform a limited number of retries.
core.bool? verifiedAdditionalAuthenticatedDataCrc32c;
/// Integrity verification field.
///
/// A flag indicating whether EncryptRequest.plaintext_crc32c was received by
/// KeyManagementService and used for the integrity verification of the
/// plaintext. A false value of this field indicates either that
/// EncryptRequest.plaintext_crc32c was left unset or that it was not
/// delivered to KeyManagementService. If you've set
/// EncryptRequest.plaintext_crc32c but this field is still false, discard the
/// response and perform a limited number of retries.
core.bool? verifiedPlaintextCrc32c;
EncryptResponse({
this.ciphertext,
this.ciphertextCrc32c,
this.name,
this.protectionLevel,
this.verifiedAdditionalAuthenticatedDataCrc32c,
this.verifiedPlaintextCrc32c,
});
EncryptResponse.fromJson(core.Map json_)
: this(
ciphertext: json_.containsKey('ciphertext')
? json_['ciphertext'] as core.String
: null,
ciphertextCrc32c: json_.containsKey('ciphertextCrc32c')
? json_['ciphertextCrc32c'] as core.String
: null,
name: json_.containsKey('name') ? json_['name'] as core.String : null,
protectionLevel: json_.containsKey('protectionLevel')
? json_['protectionLevel'] as core.String
: null,
verifiedAdditionalAuthenticatedDataCrc32c: json_
.containsKey('verifiedAdditionalAuthenticatedDataCrc32c')
? json_['verifiedAdditionalAuthenticatedDataCrc32c'] as core.bool
: null,
verifiedPlaintextCrc32c: json_.containsKey('verifiedPlaintextCrc32c')
? json_['verifiedPlaintextCrc32c'] as core.bool
: null,
);
core.Map<core.String, core.dynamic> toJson() => {
if (ciphertext != null) 'ciphertext': ciphertext!,
if (ciphertextCrc32c != null) 'ciphertextCrc32c': ciphertextCrc32c!,
if (name != null) 'name': name!,
if (protectionLevel != null) 'protectionLevel': protectionLevel!,
if (verifiedAdditionalAuthenticatedDataCrc32c != null)
'verifiedAdditionalAuthenticatedDataCrc32c':
verifiedAdditionalAuthenticatedDataCrc32c!,
if (verifiedPlaintextCrc32c != null)
'verifiedPlaintextCrc32c': verifiedPlaintextCrc32c!,
};
}
/// Represents a textual expression in the Common Expression Language (CEL)
/// syntax.
///
/// CEL is a C-like expression language. The syntax and semantics of CEL are
/// documented at https://github.com/google/cel-spec. Example (Comparison):
/// title: "Summary size limit" description: "Determines if a summary is less
/// than 100 chars" expression: "document.summary.size() \< 100" Example
/// (Equality): title: "Requestor is owner" description: "Determines if
/// requestor is the document owner" expression: "document.owner ==
/// request.auth.claims.email" Example (Logic): title: "Public documents"
/// description: "Determine whether the document should be publicly visible"
/// expression: "document.type != 'private' && document.type != 'internal'"
/// Example (Data Manipulation): title: "Notification string" description:
/// "Create a notification string with a timestamp." expression: "'New message
/// received at ' + string(document.create_time)" The exact variables and
/// functions that may be referenced within an expression are determined by the
/// service that evaluates it. See the service documentation for additional
/// information.
typedef Expr = $Expr;
/// ExternalProtectionLevelOptions stores a group of additional fields for
/// configuring a CryptoKeyVersion that are specific to the EXTERNAL protection
/// level and EXTERNAL_VPC protection levels.
class ExternalProtectionLevelOptions {
/// The path to the external key material on the EKM when using EkmConnection
/// e.g., "v0/my/key".
///
/// Set this field instead of external_key_uri when using an EkmConnection.
core.String? ekmConnectionKeyPath;
/// The URI for an external resource that this CryptoKeyVersion represents.
core.String? externalKeyUri;
ExternalProtectionLevelOptions({
this.ekmConnectionKeyPath,
this.externalKeyUri,
});
ExternalProtectionLevelOptions.fromJson(core.Map json_)
: this(
ekmConnectionKeyPath: json_.containsKey('ekmConnectionKeyPath')
? json_['ekmConnectionKeyPath'] as core.String
: null,
externalKeyUri: json_.containsKey('externalKeyUri')
? json_['externalKeyUri'] as core.String
: null,
);
core.Map<core.String, core.dynamic> toJson() => {
if (ekmConnectionKeyPath != null)
'ekmConnectionKeyPath': ekmConnectionKeyPath!,
if (externalKeyUri != null) 'externalKeyUri': externalKeyUri!,
};
}
/// Request message for KeyManagementService.GenerateRandomBytes.
class GenerateRandomBytesRequest {
/// The length in bytes of the amount of randomness to retrieve.
///
/// Minimum 8 bytes, maximum 1024 bytes.
core.int? lengthBytes;
/// The ProtectionLevel to use when generating the random data.
///
/// Currently, only HSM protection level is supported.
/// Possible string values are:
/// - "PROTECTION_LEVEL_UNSPECIFIED" : Not specified.
/// - "SOFTWARE" : Crypto operations are performed in software.
/// - "HSM" : Crypto operations are performed in a Hardware Security Module.
/// - "EXTERNAL" : Crypto operations are performed by an external key manager.
/// - "EXTERNAL_VPC" : Crypto operations are performed in an EKM-over-VPC
/// backend.
core.String? protectionLevel;
GenerateRandomBytesRequest({
this.lengthBytes,
this.protectionLevel,
});
GenerateRandomBytesRequest.fromJson(core.Map json_)
: this(
lengthBytes: json_.containsKey('lengthBytes')
? json_['lengthBytes'] as core.int
: null,
protectionLevel: json_.containsKey('protectionLevel')
? json_['protectionLevel'] as core.String
: null,
);
core.Map<core.String, core.dynamic> toJson() => {
if (lengthBytes != null) 'lengthBytes': lengthBytes!,
if (protectionLevel != null) 'protectionLevel': protectionLevel!,
};
}
/// Response message for KeyManagementService.GenerateRandomBytes.
class GenerateRandomBytesResponse {
/// The generated data.
core.String? data;
core.List<core.int> get dataAsBytes => convert.base64.decode(data!);
set dataAsBytes(core.List<core.int> bytes_) {
data =
convert.base64.encode(bytes_).replaceAll('/', '_').replaceAll('+', '-');
}
/// Integrity verification field.
///
/// A CRC32C checksum of the returned GenerateRandomBytesResponse.data. An
/// integrity check of GenerateRandomBytesResponse.data can be performed by
/// computing the CRC32C checksum of GenerateRandomBytesResponse.data and
/// comparing your results to this field. Discard the response in case of
/// non-matching checksum values, and perform a limited number of retries. A
/// persistent mismatch may indicate an issue in your computation of the
/// CRC32C checksum. Note: This field is defined as int64 for reasons of
/// compatibility across different languages. However, it is a non-negative
/// integer, which will never exceed 2^32-1, and can be safely downconverted
/// to uint32 in languages that support this type.
core.String? dataCrc32c;
GenerateRandomBytesResponse({
this.data,
this.dataCrc32c,
});
GenerateRandomBytesResponse.fromJson(core.Map json_)
: this(
data: json_.containsKey('data') ? json_['data'] as core.String : null,
dataCrc32c: json_.containsKey('dataCrc32c')
? json_['dataCrc32c'] as core.String
: null,
);
core.Map<core.String, core.dynamic> toJson() => {
if (data != null) 'data': data!,
if (dataCrc32c != null) 'dataCrc32c': dataCrc32c!,
};
}
/// Request message for KeyManagementService.ImportCryptoKeyVersion.
class ImportCryptoKeyVersionRequest {
/// The algorithm of the key being imported.
///
/// This does not need to match the version_template of the CryptoKey this
/// version imports into.
///
/// Required.
/// Possible string values are:
/// - "CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED" : Not specified.
/// - "GOOGLE_SYMMETRIC_ENCRYPTION" : Creates symmetric encryption keys.
/// - "RSA_SIGN_PSS_2048_SHA256" : RSASSA-PSS 2048 bit key with a SHA256
/// digest.
/// - "RSA_SIGN_PSS_3072_SHA256" : RSASSA-PSS 3072 bit key with a SHA256
/// digest.
/// - "RSA_SIGN_PSS_4096_SHA256" : RSASSA-PSS 4096 bit key with a SHA256
/// digest.
/// - "RSA_SIGN_PSS_4096_SHA512" : RSASSA-PSS 4096 bit key with a SHA512
/// digest.
/// - "RSA_SIGN_PKCS1_2048_SHA256" : RSASSA-PKCS1-v1_5 with a 2048 bit key and
/// a SHA256 digest.
/// - "RSA_SIGN_PKCS1_3072_SHA256" : RSASSA-PKCS1-v1_5 with a 3072 bit key and
/// a SHA256 digest.
/// - "RSA_SIGN_PKCS1_4096_SHA256" : RSASSA-PKCS1-v1_5 with a 4096 bit key and
/// a SHA256 digest.
/// - "RSA_SIGN_PKCS1_4096_SHA512" : RSASSA-PKCS1-v1_5 with a 4096 bit key and
/// a SHA512 digest.
/// - "RSA_SIGN_RAW_PKCS1_2048" : RSASSA-PKCS1-v1_5 signing without encoding,
/// with a 2048 bit key.
/// - "RSA_SIGN_RAW_PKCS1_3072" : RSASSA-PKCS1-v1_5 signing without encoding,
/// with a 3072 bit key.
/// - "RSA_SIGN_RAW_PKCS1_4096" : RSASSA-PKCS1-v1_5 signing without encoding,
/// with a 4096 bit key.
/// - "RSA_DECRYPT_OAEP_2048_SHA256" : RSAES-OAEP 2048 bit key with a SHA256
/// digest.
/// - "RSA_DECRYPT_OAEP_3072_SHA256" : RSAES-OAEP 3072 bit key with a SHA256
/// digest.
/// - "RSA_DECRYPT_OAEP_4096_SHA256" : RSAES-OAEP 4096 bit key with a SHA256
/// digest.
/// - "RSA_DECRYPT_OAEP_4096_SHA512" : RSAES-OAEP 4096 bit key with a SHA512
/// digest.
/// - "RSA_DECRYPT_OAEP_2048_SHA1" : RSAES-OAEP 2048 bit key with a SHA1
/// digest.
/// - "RSA_DECRYPT_OAEP_3072_SHA1" : RSAES-OAEP 3072 bit key with a SHA1
/// digest.
/// - "RSA_DECRYPT_OAEP_4096_SHA1" : RSAES-OAEP 4096 bit key with a SHA1
/// digest.
/// - "EC_SIGN_P256_SHA256" : ECDSA on the NIST P-256 curve with a SHA256
/// digest.
/// - "EC_SIGN_P384_SHA384" : ECDSA on the NIST P-384 curve with a SHA384
/// digest.
/// - "EC_SIGN_SECP256K1_SHA256" : ECDSA on the non-NIST secp256k1 curve. This
/// curve is only supported for HSM protection level.
/// - "HMAC_SHA256" : HMAC-SHA256 signing with a 256 bit key.
/// - "EXTERNAL_SYMMETRIC_ENCRYPTION" : Algorithm representing symmetric
/// encryption by an external key manager.
core.String? algorithm;
/// The optional name of an existing CryptoKeyVersion to target for an import
/// operation.
///
/// If this field is not present, a new CryptoKeyVersion containing the
/// supplied key material is created. If this field is present, the supplied
/// key material is imported into the existing CryptoKeyVersion. To import
/// into an existing CryptoKeyVersion, the CryptoKeyVersion must be a child of
/// ImportCryptoKeyVersionRequest.parent, have been previously created via
/// ImportCryptoKeyVersion, and be in DESTROYED or IMPORT_FAILED state. The
/// key material and algorithm must match the previous CryptoKeyVersion
/// exactly if the CryptoKeyVersion has ever contained key material.
///
/// Optional.
core.String? cryptoKeyVersion;
/// The name of the ImportJob that was used to wrap this key material.
///
/// Required.
core.String? importJob;
/// This field has the same meaning as wrapped_key.
///
/// Prefer to use that field in new work. Either that field or this field (but
/// not both) must be specified.
///
/// Optional.
core.String? rsaAesWrappedKey;
core.List<core.int> get rsaAesWrappedKeyAsBytes =>
convert.base64.decode(rsaAesWrappedKey!);
set rsaAesWrappedKeyAsBytes(core.List<core.int> bytes_) {
rsaAesWrappedKey =
convert.base64.encode(bytes_).replaceAll('/', '_').replaceAll('+', '-');
}
/// The wrapped key material to import.
///
/// Before wrapping, key material must be formatted. If importing symmetric
/// key material, the expected key material format is plain bytes. If
/// importing asymmetric key material, the expected key material format is
/// PKCS#8-encoded DER (the PrivateKeyInfo structure from RFC 5208). When
/// wrapping with import methods (RSA_OAEP_3072_SHA1_AES_256 or
/// RSA_OAEP_4096_SHA1_AES_256 or RSA_OAEP_3072_SHA256_AES_256 or
/// RSA_OAEP_4096_SHA256_AES_256), this field must contain the concatenation
/// of: 1. An ephemeral AES-256 wrapping key wrapped with the public_key using
/// RSAES-OAEP with SHA-1/SHA-256, MGF1 with SHA-1/SHA-256, and an empty
/// label. 2. The formatted key to be imported, wrapped with the ephemeral
/// AES-256 key using AES-KWP (RFC 5649). This format is the same as the
/// format produced by PKCS#11 mechanism CKM_RSA_AES_KEY_WRAP. When wrapping
/// with import methods (RSA_OAEP_3072_SHA256 or RSA_OAEP_4096_SHA256), this
/// field must contain the formatted key to be imported, wrapped with the
/// public_key using RSAES-OAEP with SHA-256, MGF1 with SHA-256, and an empty
/// label.
///
/// Optional.
core.String? wrappedKey;
core.List<core.int> get wrappedKeyAsBytes =>
convert.base64.decode(wrappedKey!);
set wrappedKeyAsBytes(core.List<core.int> bytes_) {
wrappedKey =
convert.base64.encode(bytes_).replaceAll('/', '_').replaceAll('+', '-');
}
ImportCryptoKeyVersionRequest({
this.algorithm,
this.cryptoKeyVersion,
this.importJob,
this.rsaAesWrappedKey,
this.wrappedKey,
});
ImportCryptoKeyVersionRequest.fromJson(core.Map json_)
: this(
algorithm: json_.containsKey('algorithm')
? json_['algorithm'] as core.String
: null,
cryptoKeyVersion: json_.containsKey('cryptoKeyVersion')
? json_['cryptoKeyVersion'] as core.String
: null,
importJob: json_.containsKey('importJob')
? json_['importJob'] as core.String
: null,
rsaAesWrappedKey: json_.containsKey('rsaAesWrappedKey')
? json_['rsaAesWrappedKey'] as core.String
: null,
wrappedKey: json_.containsKey('wrappedKey')
? json_['wrappedKey'] as core.String
: null,
);
core.Map<core.String, core.dynamic> toJson() => {
if (algorithm != null) 'algorithm': algorithm!,
if (cryptoKeyVersion != null) 'cryptoKeyVersion': cryptoKeyVersion!,
if (importJob != null) 'importJob': importJob!,
if (rsaAesWrappedKey != null) 'rsaAesWrappedKey': rsaAesWrappedKey!,
if (wrappedKey != null) 'wrappedKey': wrappedKey!,
};
}
/// An ImportJob can be used to create CryptoKeys and CryptoKeyVersions using
/// pre-existing key material, generated outside of Cloud KMS.
///
/// When an ImportJob is created, Cloud KMS will generate a "wrapping key",
/// which is a public/private key pair. You use the wrapping key to encrypt
/// (also known as wrap) the pre-existing key material to protect it during the
/// import process. The nature of the wrapping key depends on the choice of
/// import_method. When the wrapping key generation is complete, the state will
/// be set to ACTIVE and the public_key can be fetched. The fetched public key
/// can then be used to wrap your pre-existing key material. Once the key
/// material is wrapped, it can be imported into a new CryptoKeyVersion in an
/// existing CryptoKey by calling ImportCryptoKeyVersion. Multiple
/// CryptoKeyVersions can be imported with a single ImportJob. Cloud KMS uses
/// the private key portion of the wrapping key to unwrap the key material. Only
/// Cloud KMS has access to the private key. An ImportJob expires 3 days after
/// it is created. Once expired, Cloud KMS will no longer be able to import or
/// unwrap any key material that was wrapped with the ImportJob's public key.
/// For more information, see
/// [Importing a key](https://cloud.google.com/kms/docs/importing-a-key).
class ImportJob {
/// Statement that was generated and signed by the key creator (for example,
/// an HSM) at key creation time.
///
/// Use this statement to verify attributes of the key as stored on the HSM,
/// independently of Google. Only present if the chosen ImportMethod is one
/// with a protection level of HSM.
///
/// Output only.
KeyOperationAttestation? attestation;
/// The time at which this ImportJob was created.
///
/// Output only.
core.String? createTime;
/// The time this ImportJob expired.
///
/// Only present if state is EXPIRED.
///
/// Output only.
core.String? expireEventTime;
/// The time at which this ImportJob is scheduled for expiration and can no
/// longer be used to import key material.
///
/// Output only.
core.String? expireTime;
/// The time this ImportJob's key material was generated.
///
/// Output only.
core.String? generateTime;
/// The wrapping method to be used for incoming key material.
///
/// Required. Immutable.
/// Possible string values are:
/// - "IMPORT_METHOD_UNSPECIFIED" : Not specified.
/// - "RSA_OAEP_3072_SHA1_AES_256" : This ImportMethod represents the
/// CKM_RSA_AES_KEY_WRAP key wrapping scheme defined in the PKCS #11 standard.
/// In summary, this involves wrapping the raw key with an ephemeral AES key,
/// and wrapping the ephemeral AES key with a 3072 bit RSA key. For more
/// details, see
/// [RSA AES key wrap mechanism](http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/cos01/pkcs11-curr-v2.40-cos01.html#_Toc408226908).
/// - "RSA_OAEP_4096_SHA1_AES_256" : This ImportMethod represents the
/// CKM_RSA_AES_KEY_WRAP key wrapping scheme defined in the PKCS #11 standard.
/// In summary, this involves wrapping the raw key with an ephemeral AES key,
/// and wrapping the ephemeral AES key with a 4096 bit RSA key. For more
/// details, see
/// [RSA AES key wrap mechanism](http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/cos01/pkcs11-curr-v2.40-cos01.html#_Toc408226908).
/// - "RSA_OAEP_3072_SHA256_AES_256" : This ImportMethod represents the
/// CKM_RSA_AES_KEY_WRAP key wrapping scheme defined in the PKCS #11 standard.
/// In summary, this involves wrapping the raw key with an ephemeral AES key,
/// and wrapping the ephemeral AES key with a 3072 bit RSA key. For more
/// details, see
/// [RSA AES key wrap mechanism](http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/cos01/pkcs11-curr-v2.40-cos01.html#_Toc408226908).
/// - "RSA_OAEP_4096_SHA256_AES_256" : This ImportMethod represents the
/// CKM_RSA_AES_KEY_WRAP key wrapping scheme defined in the PKCS #11 standard.
/// In summary, this involves wrapping the raw key with an ephemeral AES key,
/// and wrapping the ephemeral AES key with a 4096 bit RSA key. For more
/// details, see
/// [RSA AES key wrap mechanism](http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/cos01/pkcs11-curr-v2.40-cos01.html#_Toc408226908).
/// - "RSA_OAEP_3072_SHA256" : This ImportMethod represents RSAES-OAEP with a
/// 3072 bit RSA key. The key material to be imported is wrapped directly with
/// the RSA key. Due to technical limitations of RSA wrapping, this method
/// cannot be used to wrap RSA keys for import.
/// - "RSA_OAEP_4096_SHA256" : This ImportMethod represents RSAES-OAEP with a
/// 4096 bit RSA key. The key material to be imported is wrapped directly with
/// the RSA key. Due to technical limitations of RSA wrapping, this method
/// cannot be used to wrap RSA keys for import.
core.String? importMethod;
/// The resource name for this ImportJob in the format `projects / *
/// /locations / * /keyRings / * /importJobs / * `.
///
/// Output only.
core.String? name;
/// The protection level of the ImportJob.
///
/// This must match the protection_level of the version_template on the
/// CryptoKey you attempt to import into.
///
/// Required. Immutable.
/// Possible string values are:
/// - "PROTECTION_LEVEL_UNSPECIFIED" : Not specified.
/// - "SOFTWARE" : Crypto operations are performed in software.
/// - "HSM" : Crypto operations are performed in a Hardware Security Module.
/// - "EXTERNAL" : Crypto operations are performed by an external key manager.
/// - "EXTERNAL_VPC" : Crypto operations are performed in an EKM-over-VPC
/// backend.
core.String? protectionLevel;
/// The public key with which to wrap key material prior to import.
///
/// Only returned if state is ACTIVE.
///
/// Output only.
WrappingPublicKey? publicKey;
/// The current state of the ImportJob, indicating if it can be used.
///
/// Output only.
/// Possible string values are:
/// - "IMPORT_JOB_STATE_UNSPECIFIED" : Not specified.
/// - "PENDING_GENERATION" : The wrapping key for this job is still being
/// generated. It may not be used. Cloud KMS will automatically mark this job
/// as ACTIVE as soon as the wrapping key is generated.
/// - "ACTIVE" : This job may be used in CreateCryptoKey and
/// CreateCryptoKeyVersion requests.
/// - "EXPIRED" : This job can no longer be used and may not leave this state
/// once entered.
core.String? state;
ImportJob({
this.attestation,
this.createTime,
this.expireEventTime,
this.expireTime,
this.generateTime,
this.importMethod,
this.name,
this.protectionLevel,
this.publicKey,
this.state,
});
ImportJob.fromJson(core.Map json_)
: this(
attestation: json_.containsKey('attestation')
? KeyOperationAttestation.fromJson(
json_['attestation'] as core.Map<core.String, core.dynamic>)
: null,
createTime: json_.containsKey('createTime')
? json_['createTime'] as core.String
: null,
expireEventTime: json_.containsKey('expireEventTime')
? json_['expireEventTime'] as core.String
: null,
expireTime: json_.containsKey('expireTime')
? json_['expireTime'] as core.String
: null,
generateTime: json_.containsKey('generateTime')
? json_['generateTime'] as core.String
: null,
importMethod: json_.containsKey('importMethod')
? json_['importMethod'] as core.String
: null,
name: json_.containsKey('name') ? json_['name'] as core.String : null,
protectionLevel: json_.containsKey('protectionLevel')
? json_['protectionLevel'] as core.String
: null,
publicKey: json_.containsKey('publicKey')
? WrappingPublicKey.fromJson(
json_['publicKey'] as core.Map<core.String, core.dynamic>)
: null,
state:
json_.containsKey('state') ? json_['state'] as core.String : null,
);
core.Map<core.String, core.dynamic> toJson() => {
if (attestation != null) 'attestation': attestation!,
if (createTime != null) 'createTime': createTime!,
if (expireEventTime != null) 'expireEventTime': expireEventTime!,
if (expireTime != null) 'expireTime': expireTime!,
if (generateTime != null) 'generateTime': generateTime!,
if (importMethod != null) 'importMethod': importMethod!,
if (name != null) 'name': name!,
if (protectionLevel != null) 'protectionLevel': protectionLevel!,
if (publicKey != null) 'publicKey': publicKey!,
if (state != null) 'state': state!,
};
}
/// Contains an HSM-generated attestation about a key operation.
///
/// For more information, see
/// [Verifying attestations](https://cloud.google.com/kms/docs/attest-key).
class KeyOperationAttestation {
/// The certificate chains needed to validate the attestation
///
/// Output only.
CertificateChains? certChains;
/// The attestation data provided by the HSM when the key operation was
/// performed.
///
/// Output only.
core.String? content;
core.List<core.int> get contentAsBytes => convert.base64.decode(content!);
set contentAsBytes(core.List<core.int> bytes_) {
content =
convert.base64.encode(bytes_).replaceAll('/', '_').replaceAll('+', '-');
}
/// The format of the attestation data.
///
/// Output only.
/// Possible string values are:
/// - "ATTESTATION_FORMAT_UNSPECIFIED" : Not specified.
/// - "CAVIUM_V1_COMPRESSED" : Cavium HSM attestation compressed with gzip.
/// Note that this format is defined by Cavium and subject to change at any
/// time. See
/// https://www.marvell.com/products/security-solutions/nitrox-hs-adapters/software-key-attestation.html.
/// - "CAVIUM_V2_COMPRESSED" : Cavium HSM attestation V2 compressed with gzip.
/// This is a new format introduced in Cavium's version 3.2-08.
core.String? format;
KeyOperationAttestation({
this.certChains,
this.content,
this.format,
});
KeyOperationAttestation.fromJson(core.Map json_)
: this(
certChains: json_.containsKey('certChains')
? CertificateChains.fromJson(
json_['certChains'] as core.Map<core.String, core.dynamic>)
: null,
content: json_.containsKey('content')
? json_['content'] as core.String
: null,
format: json_.containsKey('format')
? json_['format'] as core.String
: null,
);
core.Map<core.String, core.dynamic> toJson() => {
if (certChains != null) 'certChains': certChains!,
if (content != null) 'content': content!,
if (format != null) 'format': format!,
};
}
/// A KeyRing is a toplevel logical grouping of CryptoKeys.
class KeyRing {
/// The time at which this KeyRing was created.
///
/// Output only.
core.String? createTime;
/// The resource name for the KeyRing in the format `projects / * /locations /
/// * /keyRings / * `.
///
/// Output only.
core.String? name;
KeyRing({
this.createTime,
this.name,
});
KeyRing.fromJson(core.Map json_)
: this(
createTime: json_.containsKey('createTime')
? json_['createTime'] as core.String
: null,
name: json_.containsKey('name') ? json_['name'] as core.String : null,
);
core.Map<core.String, core.dynamic> toJson() => {
if (createTime != null) 'createTime': createTime!,
if (name != null) 'name': name!,
};
}
/// Response message for KeyManagementService.ListCryptoKeyVersions.
class ListCryptoKeyVersionsResponse {
/// The list of CryptoKeyVersions.
core.List<CryptoKeyVersion>? cryptoKeyVersions;
/// A token to retrieve next page of results.
///
/// Pass this value in ListCryptoKeyVersionsRequest.page_token to retrieve the
/// next page of results.
core.String? nextPageToken;
/// The total number of CryptoKeyVersions that matched the query.
core.int? totalSize;
ListCryptoKeyVersionsResponse({
this.cryptoKeyVersions,
this.nextPageToken,
this.totalSize,
});
ListCryptoKeyVersionsResponse.fromJson(core.Map json_)
: this(
cryptoKeyVersions: json_.containsKey('cryptoKeyVersions')
? (json_['cryptoKeyVersions'] as core.List)
.map((value) => CryptoKeyVersion.fromJson(
value as core.Map<core.String, core.dynamic>))
.toList()
: null,
nextPageToken: json_.containsKey('nextPageToken')
? json_['nextPageToken'] as core.String
: null,
totalSize: json_.containsKey('totalSize')
? json_['totalSize'] as core.int
: null,
);
core.Map<core.String, core.dynamic> toJson() => {
if (cryptoKeyVersions != null) 'cryptoKeyVersions': cryptoKeyVersions!,
if (nextPageToken != null) 'nextPageToken': nextPageToken!,
if (totalSize != null) 'totalSize': totalSize!,
};
}
/// Response message for KeyManagementService.ListCryptoKeys.
class ListCryptoKeysResponse {
/// The list of CryptoKeys.
core.List<CryptoKey>? cryptoKeys;
/// A token to retrieve next page of results.
///
/// Pass this value in ListCryptoKeysRequest.page_token to retrieve the next
/// page of results.
core.String? nextPageToken;
/// The total number of CryptoKeys that matched the query.
core.int? totalSize;
ListCryptoKeysResponse({
this.cryptoKeys,
this.nextPageToken,
this.totalSize,
});
ListCryptoKeysResponse.fromJson(core.Map json_)
: this(
cryptoKeys: json_.containsKey('cryptoKeys')
? (json_['cryptoKeys'] as core.List)
.map((value) => CryptoKey.fromJson(
value as core.Map<core.String, core.dynamic>))
.toList()
: null,
nextPageToken: json_.containsKey('nextPageToken')
? json_['nextPageToken'] as core.String
: null,
totalSize: json_.containsKey('totalSize')
? json_['totalSize'] as core.int
: null,
);
core.Map<core.String, core.dynamic> toJson() => {
if (cryptoKeys != null) 'cryptoKeys': cryptoKeys!,
if (nextPageToken != null) 'nextPageToken': nextPageToken!,
if (totalSize != null) 'totalSize': totalSize!,
};
}
/// Response message for EkmService.ListEkmConnections.
class ListEkmConnectionsResponse {
/// The list of EkmConnections.
core.List<EkmConnection>? ekmConnections;
/// A token to retrieve next page of results.
///
/// Pass this value in ListEkmConnectionsRequest.page_token to retrieve the
/// next page of results.
core.String? nextPageToken;
/// The total number of EkmConnections that matched the query.
core.int? totalSize;
ListEkmConnectionsResponse({
this.ekmConnections,
this.nextPageToken,
this.totalSize,
});
ListEkmConnectionsResponse.fromJson(core.Map json_)
: this(
ekmConnections: json_.containsKey('ekmConnections')
? (json_['ekmConnections'] as core.List)
.map((value) => EkmConnection.fromJson(
value as core.Map<core.String, core.dynamic>))
.toList()
: null,
nextPageToken: json_.containsKey('nextPageToken')
? json_['nextPageToken'] as core.String
: null,
totalSize: json_.containsKey('totalSize')
? json_['totalSize'] as core.int
: null,
);
core.Map<core.String, core.dynamic> toJson() => {
if (ekmConnections != null) 'ekmConnections': ekmConnections!,
if (nextPageToken != null) 'nextPageToken': nextPageToken!,
if (totalSize != null) 'totalSize': totalSize!,
};
}
/// Response message for KeyManagementService.ListImportJobs.
class ListImportJobsResponse {
/// The list of ImportJobs.
core.List<ImportJob>? importJobs;
/// A token to retrieve next page of results.
///
/// Pass this value in ListImportJobsRequest.page_token to retrieve the next
/// page of results.
core.String? nextPageToken;
/// The total number of ImportJobs that matched the query.
core.int? totalSize;
ListImportJobsResponse({
this.importJobs,
this.nextPageToken,
this.totalSize,
});
ListImportJobsResponse.fromJson(core.Map json_)
: this(
importJobs: json_.containsKey('importJobs')
? (json_['importJobs'] as core.List)
.map((value) => ImportJob.fromJson(
value as core.Map<core.String, core.dynamic>))
.toList()
: null,
nextPageToken: json_.containsKey('nextPageToken')
? json_['nextPageToken'] as core.String
: null,
totalSize: json_.containsKey('totalSize')
? json_['totalSize'] as core.int
: null,
);
core.Map<core.String, core.dynamic> toJson() => {
if (importJobs != null) 'importJobs': importJobs!,
if (nextPageToken != null) 'nextPageToken': nextPageToken!,
if (totalSize != null) 'totalSize': totalSize!,
};
}
/// Response message for KeyManagementService.ListKeyRings.
class ListKeyRingsResponse {
/// The list of KeyRings.
core.List<KeyRing>? keyRings;
/// A token to retrieve next page of results.
///
/// Pass this value in ListKeyRingsRequest.page_token to retrieve the next
/// page of results.
core.String? nextPageToken;
/// The total number of KeyRings that matched the query.
core.int? totalSize;
ListKeyRingsResponse({
this.keyRings,
this.nextPageToken,
this.totalSize,
});
ListKeyRingsResponse.fromJson(core.Map json_)
: this(
keyRings: json_.containsKey('keyRings')
? (json_['keyRings'] as core.List)
.map((value) => KeyRing.fromJson(
value as core.Map<core.String, core.dynamic>))
.toList()
: null,
nextPageToken: json_.containsKey('nextPageToken')
? json_['nextPageToken'] as core.String
: null,
totalSize: json_.containsKey('totalSize')
? json_['totalSize'] as core.int
: null,
);
core.Map<core.String, core.dynamic> toJson() => {
if (keyRings != null) 'keyRings': keyRings!,
if (nextPageToken != null) 'nextPageToken': nextPageToken!,
if (totalSize != null) 'totalSize': totalSize!,
};
}
/// The response message for Locations.ListLocations.
class ListLocationsResponse {
/// A list of locations that matches the specified filter in the request.
core.List<Location>? locations;
/// The standard List next-page token.
core.String? nextPageToken;
ListLocationsResponse({
this.locations,
this.nextPageToken,
});
ListLocationsResponse.fromJson(core.Map json_)
: this(
locations: json_.containsKey('locations')
? (json_['locations'] as core.List)
.map((value) => Location.fromJson(
value as core.Map<core.String, core.dynamic>))
.toList()
: null,
nextPageToken: json_.containsKey('nextPageToken')
? json_['nextPageToken'] as core.String
: null,
);
core.Map<core.String, core.dynamic> toJson() => {
if (locations != null) 'locations': locations!,
if (nextPageToken != null) 'nextPageToken': nextPageToken!,
};
}
/// A resource that represents Google Cloud Platform location.
typedef Location = $Location00;
/// Request message for KeyManagementService.MacSign.
class MacSignRequest {
/// The data to sign.
///
/// The MAC tag is computed over this data field based on the specific
/// algorithm.
///
/// Required.
core.String? data;
core.List<core.int> get dataAsBytes => convert.base64.decode(data!);
set dataAsBytes(core.List<core.int> bytes_) {
data =
convert.base64.encode(bytes_).replaceAll('/', '_').replaceAll('+', '-');
}
/// An optional CRC32C checksum of the MacSignRequest.data.
///
/// If specified, KeyManagementService will verify the integrity of the
/// received MacSignRequest.data using this checksum. KeyManagementService
/// will report an error if the checksum verification fails. If you receive a
/// checksum error, your client should verify that CRC32C(MacSignRequest.data)
/// is equal to MacSignRequest.data_crc32c, and if so, perform a limited
/// number of retries. A persistent mismatch may indicate an issue in your
/// computation of the CRC32C checksum. Note: This field is defined as int64
/// for reasons of compatibility across different languages. However, it is a
/// non-negative integer, which will never exceed 2^32-1, and can be safely
/// downconverted to uint32 in languages that support this type.
///
/// Optional.
core.String? dataCrc32c;
MacSignRequest({
this.data,
this.dataCrc32c,
});
MacSignRequest.fromJson(core.Map json_)
: this(
data: json_.containsKey('data') ? json_['data'] as core.String : null,
dataCrc32c: json_.containsKey('dataCrc32c')
? json_['dataCrc32c'] as core.String
: null,
);
core.Map<core.String, core.dynamic> toJson() => {
if (data != null) 'data': data!,
if (dataCrc32c != null) 'dataCrc32c': dataCrc32c!,
};
}
/// Response message for KeyManagementService.MacSign.
class MacSignResponse {
/// The created signature.
core.String? mac;
core.List<core.int> get macAsBytes => convert.base64.decode(mac!);
set macAsBytes(core.List<core.int> bytes_) {
mac =
convert.base64.encode(bytes_).replaceAll('/', '_').replaceAll('+', '-');
}
/// Integrity verification field.
///
/// A CRC32C checksum of the returned MacSignResponse.mac. An integrity check
/// of MacSignResponse.mac can be performed by computing the CRC32C checksum
/// of MacSignResponse.mac and comparing your results to this field. Discard
/// the response in case of non-matching checksum values, and perform a
/// limited number of retries. A persistent mismatch may indicate an issue in
/// your computation of the CRC32C checksum. Note: This field is defined as
/// int64 for reasons of compatibility across different languages. However, it
/// is a non-negative integer, which will never exceed 2^32-1, and can be
/// safely downconverted to uint32 in languages that support this type.
core.String? macCrc32c;
/// The resource name of the CryptoKeyVersion used for signing.
///
/// Check this field to verify that the intended resource was used for
/// signing.
core.String? name;
/// The ProtectionLevel of the CryptoKeyVersion used for signing.
/// Possible string values are:
/// - "PROTECTION_LEVEL_UNSPECIFIED" : Not specified.
/// - "SOFTWARE" : Crypto operations are performed in software.
/// - "HSM" : Crypto operations are performed in a Hardware Security Module.
/// - "EXTERNAL" : Crypto operations are performed by an external key manager.
/// - "EXTERNAL_VPC" : Crypto operations are performed in an EKM-over-VPC
/// backend.
core.String? protectionLevel;
/// Integrity verification field.
///
/// A flag indicating whether MacSignRequest.data_crc32c was received by
/// KeyManagementService and used for the integrity verification of the data.
/// A false value of this field indicates either that
/// MacSignRequest.data_crc32c was left unset or that it was not delivered to
/// KeyManagementService. If you've set MacSignRequest.data_crc32c but this
/// field is still false, discard the response and perform a limited number of
/// retries.
core.bool? verifiedDataCrc32c;
MacSignResponse({
this.mac,
this.macCrc32c,
this.name,
this.protectionLevel,
this.verifiedDataCrc32c,
});
MacSignResponse.fromJson(core.Map json_)
: this(
mac: json_.containsKey('mac') ? json_['mac'] as core.String : null,
macCrc32c: json_.containsKey('macCrc32c')
? json_['macCrc32c'] as core.String
: null,
name: json_.containsKey('name') ? json_['name'] as core.String : null,
protectionLevel: json_.containsKey('protectionLevel')
? json_['protectionLevel'] as core.String
: null,
verifiedDataCrc32c: json_.containsKey('verifiedDataCrc32c')
? json_['verifiedDataCrc32c'] as core.bool
: null,
);
core.Map<core.String, core.dynamic> toJson() => {
if (mac != null) 'mac': mac!,
if (macCrc32c != null) 'macCrc32c': macCrc32c!,
if (name != null) 'name': name!,
if (protectionLevel != null) 'protectionLevel': protectionLevel!,
if (verifiedDataCrc32c != null)
'verifiedDataCrc32c': verifiedDataCrc32c!,
};
}
/// Request message for KeyManagementService.MacVerify.
class MacVerifyRequest {
/// The data used previously as a MacSignRequest.data to generate the MAC tag.
///
/// Required.
core.String? data;
core.List<core.int> get dataAsBytes => convert.base64.decode(data!);
set dataAsBytes(core.List<core.int> bytes_) {
data =
convert.base64.encode(bytes_).replaceAll('/', '_').replaceAll('+', '-');
}
/// An optional CRC32C checksum of the MacVerifyRequest.data.
///
/// If specified, KeyManagementService will verify the integrity of the
/// received MacVerifyRequest.data using this checksum. KeyManagementService
/// will report an error if the checksum verification fails. If you receive a
/// checksum error, your client should verify that
/// CRC32C(MacVerifyRequest.data) is equal to MacVerifyRequest.data_crc32c,
/// and if so, perform a limited number of retries. A persistent mismatch may
/// indicate an issue in your computation of the CRC32C checksum. Note: This
/// field is defined as int64 for reasons of compatibility across different
/// languages. However, it is a non-negative integer, which will never exceed
/// 2^32-1, and can be safely downconverted to uint32 in languages that
/// support this type.
///
/// Optional.
core.String? dataCrc32c;
/// The signature to verify.
///
/// Required.
core.String? mac;
core.List<core.int> get macAsBytes => convert.base64.decode(mac!);
set macAsBytes(core.List<core.int> bytes_) {
mac =
convert.base64.encode(bytes_).replaceAll('/', '_').replaceAll('+', '-');
}
/// An optional CRC32C checksum of the MacVerifyRequest.mac.
///
/// If specified, KeyManagementService will verify the integrity of the
/// received MacVerifyRequest.mac using this checksum. KeyManagementService
/// will report an error if the checksum verification fails. If you receive a
/// checksum error, your client should verify that
/// CRC32C(MacVerifyRequest.tag) is equal to MacVerifyRequest.mac_crc32c, and
/// if so, perform a limited number of retries. A persistent mismatch may
/// indicate an issue in your computation of the CRC32C checksum. Note: This
/// field is defined as int64 for reasons of compatibility across different
/// languages. However, it is a non-negative integer, which will never exceed
/// 2^32-1, and can be safely downconverted to uint32 in languages that
/// support this type.
///
/// Optional.
core.String? macCrc32c;
MacVerifyRequest({
this.data,
this.dataCrc32c,
this.mac,
this.macCrc32c,
});
MacVerifyRequest.fromJson(core.Map json_)
: this(
data: json_.containsKey('data') ? json_['data'] as core.String : null,
dataCrc32c: json_.containsKey('dataCrc32c')
? json_['dataCrc32c'] as core.String
: null,
mac: json_.containsKey('mac') ? json_['mac'] as core.String : null,
macCrc32c: json_.containsKey('macCrc32c')
? json_['macCrc32c'] as core.String
: null,
);
core.Map<core.String, core.dynamic> toJson() => {
if (data != null) 'data': data!,
if (dataCrc32c != null) 'dataCrc32c': dataCrc32c!,
if (mac != null) 'mac': mac!,
if (macCrc32c != null) 'macCrc32c': macCrc32c!,
};
}
/// Response message for KeyManagementService.MacVerify.
class MacVerifyResponse {
/// The resource name of the CryptoKeyVersion used for verification.
///
/// Check this field to verify that the intended resource was used for
/// verification.
core.String? name;
/// The ProtectionLevel of the CryptoKeyVersion used for verification.
/// Possible string values are:
/// - "PROTECTION_LEVEL_UNSPECIFIED" : Not specified.
/// - "SOFTWARE" : Crypto operations are performed in software.
/// - "HSM" : Crypto operations are performed in a Hardware Security Module.
/// - "EXTERNAL" : Crypto operations are performed by an external key manager.
/// - "EXTERNAL_VPC" : Crypto operations are performed in an EKM-over-VPC
/// backend.
core.String? protectionLevel;
/// This field indicates whether or not the verification operation for
/// MacVerifyRequest.mac over MacVerifyRequest.data was successful.
core.bool? success;
/// Integrity verification field.
///
/// A flag indicating whether MacVerifyRequest.data_crc32c was received by
/// KeyManagementService and used for the integrity verification of the data.
/// A false value of this field indicates either that
/// MacVerifyRequest.data_crc32c was left unset or that it was not delivered
/// to KeyManagementService. If you've set MacVerifyRequest.data_crc32c but
/// this field is still false, discard the response and perform a limited
/// number of retries.
core.bool? verifiedDataCrc32c;
/// Integrity verification field.
///
/// A flag indicating whether MacVerifyRequest.mac_crc32c was received by
/// KeyManagementService and used for the integrity verification of the data.
/// A false value of this field indicates either that
/// MacVerifyRequest.mac_crc32c was left unset or that it was not delivered to
/// KeyManagementService. If you've set MacVerifyRequest.mac_crc32c but this
/// field is still false, discard the response and perform a limited number of
/// retries.
core.bool? verifiedMacCrc32c;
/// Integrity verification field.
///
/// This value is used for the integrity verification of
/// \[MacVerifyResponse.success\]. If the value of this field contradicts the
/// value of \[MacVerifyResponse.success\], discard the response and perform a
/// limited number of retries.
core.bool? verifiedSuccessIntegrity;
MacVerifyResponse({
this.name,
this.protectionLevel,
this.success,
this.verifiedDataCrc32c,
this.verifiedMacCrc32c,
this.verifiedSuccessIntegrity,
});
MacVerifyResponse.fromJson(core.Map json_)
: this(
name: json_.containsKey('name') ? json_['name'] as core.String : null,
protectionLevel: json_.containsKey('protectionLevel')
? json_['protectionLevel'] as core.String
: null,
success: json_.containsKey('success')
? json_['success'] as core.bool
: null,
verifiedDataCrc32c: json_.containsKey('verifiedDataCrc32c')
? json_['verifiedDataCrc32c'] as core.bool
: null,
verifiedMacCrc32c: json_.containsKey('verifiedMacCrc32c')
? json_['verifiedMacCrc32c'] as core.bool
: null,
verifiedSuccessIntegrity:
json_.containsKey('verifiedSuccessIntegrity')
? json_['verifiedSuccessIntegrity'] as core.bool
: null,
);
core.Map<core.String, core.dynamic> toJson() => {
if (name != null) 'name': name!,
if (protectionLevel != null) 'protectionLevel': protectionLevel!,
if (success != null) 'success': success!,
if (verifiedDataCrc32c != null)
'verifiedDataCrc32c': verifiedDataCrc32c!,
if (verifiedMacCrc32c != null) 'verifiedMacCrc32c': verifiedMacCrc32c!,
if (verifiedSuccessIntegrity != null)
'verifiedSuccessIntegrity': verifiedSuccessIntegrity!,
};
}
/// An Identity and Access Management (IAM) policy, which specifies access
/// controls for Google Cloud resources.
///
/// A `Policy` is a collection of `bindings`. A `binding` binds one or more
/// `members`, or principals, to a single `role`. Principals can be user
/// accounts, service accounts, Google groups, and domains (such as G Suite). A
/// `role` is a named list of permissions; each `role` can be an IAM predefined
/// role or a user-created custom role. For some types of Google Cloud
/// resources, a `binding` can also specify a `condition`, which is a logical
/// expression that allows access to a resource only if the expression evaluates
/// to `true`. A condition can add constraints based on attributes of the
/// request, the resource, or both. To learn which resources support conditions
/// in their IAM policies, see the
/// [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
/// **JSON example:** { "bindings": \[ { "role":
/// "roles/resourcemanager.organizationAdmin", "members": \[
/// "user:mike@example.com", "group:admins@example.com", "domain:google.com",
/// "serviceAccount:my-project-id@appspot.gserviceaccount.com" \] }, { "role":
/// "roles/resourcemanager.organizationViewer", "members": \[
/// "user:eve@example.com" \], "condition": { "title": "expirable access",
/// "description": "Does not grant access after Sep 2020", "expression":
/// "request.time \< timestamp('2020-10-01T00:00:00.000Z')", } } \], "etag":
/// "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: -
/// user:mike@example.com - group:admins@example.com - domain:google.com -
/// serviceAccount:my-project-id@appspot.gserviceaccount.com role:
/// roles/resourcemanager.organizationAdmin - members: - user:eve@example.com
/// role: roles/resourcemanager.organizationViewer condition: title: expirable
/// access description: Does not grant access after Sep 2020 expression:
/// request.time \< timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA=
/// version: 3 For a description of IAM and its features, see the
/// [IAM documentation](https://cloud.google.com/iam/docs/).
class Policy {
/// Specifies cloud audit logging configuration for this policy.
core.List<AuditConfig>? auditConfigs;
/// Associates a list of `members`, or principals, with a `role`.
///
/// Optionally, may specify a `condition` that determines how and when the
/// `bindings` are applied. Each of the `bindings` must contain at least one
/// principal. The `bindings` in a `Policy` can refer to up to 1,500
/// principals; up to 250 of these principals can be Google groups. Each
/// occurrence of a principal counts towards these limits. For example, if the
/// `bindings` grant 50 different roles to `user:alice@example.com`, and not
/// to any other principal, then you can add another 1,450 principals to the
/// `bindings` in the `Policy`.
core.List<Binding>? bindings;
/// `etag` is used for optimistic concurrency control as a way to help prevent
/// simultaneous updates of a policy from overwriting each other.
///
/// It is strongly suggested that systems make use of the `etag` in the
/// read-modify-write cycle to perform policy updates in order to avoid race
/// conditions: An `etag` is returned in the response to `getIamPolicy`, and
/// systems are expected to put that etag in the request to `setIamPolicy` to
/// ensure that their change will be applied to the same version of the
/// policy. **Important:** If you use IAM Conditions, you must include the
/// `etag` field whenever you call `setIamPolicy`. If you omit this field,
/// then IAM allows you to overwrite a version `3` policy with a version `1`
/// policy, and all of the conditions in the version `3` policy are lost.
core.String? etag;
core.List<core.int> get etagAsBytes => convert.base64.decode(etag!);
set etagAsBytes(core.List<core.int> bytes_) {
etag =
convert.base64.encode(bytes_).replaceAll('/', '_').replaceAll('+', '-');
}
/// Specifies the format of the policy.
///
/// Valid values are `0`, `1`, and `3`. Requests that specify an invalid value
/// are rejected. Any operation that affects conditional role bindings must
/// specify version `3`. This requirement applies to the following operations:
/// * Getting a policy that includes a conditional role binding * Adding a
/// conditional role binding to a policy * Changing a conditional role binding
/// in a policy * Removing any role binding, with or without a condition, from
/// a policy that includes conditions **Important:** If you use IAM
/// Conditions, you must include the `etag` field whenever you call
/// `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a
/// version `3` policy with a version `1` policy, and all of the conditions in
/// the version `3` policy are lost. If a policy does not include any
/// conditions, operations on that policy may specify any valid version or
/// leave the field unset. To learn which resources support conditions in
/// their IAM policies, see the
/// [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
core.int? version;
Policy({
this.auditConfigs,
this.bindings,
this.etag,
this.version,
});
Policy.fromJson(core.Map json_)
: this(
auditConfigs: json_.containsKey('auditConfigs')
? (json_['auditConfigs'] as core.List)
.map((value) => AuditConfig.fromJson(
value as core.Map<core.String, core.dynamic>))
.toList()
: null,
bindings: json_.containsKey('bindings')
? (json_['bindings'] as core.List)
.map((value) => Binding.fromJson(
value as core.Map<core.String, core.dynamic>))
.toList()
: null,
etag: json_.containsKey('etag') ? json_['etag'] as core.String : null,
version: json_.containsKey('version')
? json_['version'] as core.int
: null,
);
core.Map<core.String, core.dynamic> toJson() => {
if (auditConfigs != null) 'auditConfigs': auditConfigs!,
if (bindings != null) 'bindings': bindings!,
if (etag != null) 'etag': etag!,
if (version != null) 'version': version!,
};
}
/// The public key for a given CryptoKeyVersion.
///
/// Obtained via GetPublicKey.
class PublicKey {
/// The Algorithm associated with this key.
/// Possible string values are:
/// - "CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED" : Not specified.
/// - "GOOGLE_SYMMETRIC_ENCRYPTION" : Creates symmetric encryption keys.
/// - "RSA_SIGN_PSS_2048_SHA256" : RSASSA-PSS 2048 bit key with a SHA256
/// digest.
/// - "RSA_SIGN_PSS_3072_SHA256" : RSASSA-PSS 3072 bit key with a SHA256
/// digest.
/// - "RSA_SIGN_PSS_4096_SHA256" : RSASSA-PSS 4096 bit key with a SHA256
/// digest.
/// - "RSA_SIGN_PSS_4096_SHA512" : RSASSA-PSS 4096 bit key with a SHA512
/// digest.
/// - "RSA_SIGN_PKCS1_2048_SHA256" : RSASSA-PKCS1-v1_5 with a 2048 bit key and
/// a SHA256 digest.
/// - "RSA_SIGN_PKCS1_3072_SHA256" : RSASSA-PKCS1-v1_5 with a 3072 bit key and
/// a SHA256 digest.
/// - "RSA_SIGN_PKCS1_4096_SHA256" : RSASSA-PKCS1-v1_5 with a 4096 bit key and
/// a SHA256 digest.
/// - "RSA_SIGN_PKCS1_4096_SHA512" : RSASSA-PKCS1-v1_5 with a 4096 bit key and
/// a SHA512 digest.
/// - "RSA_SIGN_RAW_PKCS1_2048" : RSASSA-PKCS1-v1_5 signing without encoding,
/// with a 2048 bit key.
/// - "RSA_SIGN_RAW_PKCS1_3072" : RSASSA-PKCS1-v1_5 signing without encoding,
/// with a 3072 bit key.
/// - "RSA_SIGN_RAW_PKCS1_4096" : RSASSA-PKCS1-v1_5 signing without encoding,
/// with a 4096 bit key.
/// - "RSA_DECRYPT_OAEP_2048_SHA256" : RSAES-OAEP 2048 bit key with a SHA256
/// digest.
/// - "RSA_DECRYPT_OAEP_3072_SHA256" : RSAES-OAEP 3072 bit key with a SHA256
/// digest.
/// - "RSA_DECRYPT_OAEP_4096_SHA256" : RSAES-OAEP 4096 bit key with a SHA256
/// digest.
/// - "RSA_DECRYPT_OAEP_4096_SHA512" : RSAES-OAEP 4096 bit key with a SHA512
/// digest.
/// - "RSA_DECRYPT_OAEP_2048_SHA1" : RSAES-OAEP 2048 bit key with a SHA1
/// digest.
/// - "RSA_DECRYPT_OAEP_3072_SHA1" : RSAES-OAEP 3072 bit key with a SHA1
/// digest.
/// - "RSA_DECRYPT_OAEP_4096_SHA1" : RSAES-OAEP 4096 bit key with a SHA1
/// digest.
/// - "EC_SIGN_P256_SHA256" : ECDSA on the NIST P-256 curve with a SHA256
/// digest.
/// - "EC_SIGN_P384_SHA384" : ECDSA on the NIST P-384 curve with a SHA384
/// digest.
/// - "EC_SIGN_SECP256K1_SHA256" : ECDSA on the non-NIST secp256k1 curve. This
/// curve is only supported for HSM protection level.
/// - "HMAC_SHA256" : HMAC-SHA256 signing with a 256 bit key.
/// - "EXTERNAL_SYMMETRIC_ENCRYPTION" : Algorithm representing symmetric
/// encryption by an external key manager.
core.String? algorithm;
/// The name of the CryptoKeyVersion public key.
///
/// Provided here for verification. NOTE: This field is in Beta.
core.String? name;
/// The public key, encoded in PEM format.
///
/// For more information, see the
/// [RFC 7468](https://tools.ietf.org/html/rfc7468) sections for
/// [General Considerations](https://tools.ietf.org/html/rfc7468#section-2)
/// and
/// [Textual Encoding of Subject Public Key Info](https://tools.ietf.org/html/rfc7468#section-13).
core.String? pem;
/// Integrity verification field.
///
/// A CRC32C checksum of the returned PublicKey.pem. An integrity check of
/// PublicKey.pem can be performed by computing the CRC32C checksum of
/// PublicKey.pem and comparing your results to this field. Discard the
/// response in case of non-matching checksum values, and perform a limited
/// number of retries. A persistent mismatch may indicate an issue in your
/// computation of the CRC32C checksum. Note: This field is defined as int64
/// for reasons of compatibility across different languages. However, it is a
/// non-negative integer, which will never exceed 2^32-1, and can be safely
/// downconverted to uint32 in languages that support this type. NOTE: This
/// field is in Beta.
core.String? pemCrc32c;
/// The ProtectionLevel of the CryptoKeyVersion public key.
/// Possible string values are:
/// - "PROTECTION_LEVEL_UNSPECIFIED" : Not specified.
/// - "SOFTWARE" : Crypto operations are performed in software.
/// - "HSM" : Crypto operations are performed in a Hardware Security Module.
/// - "EXTERNAL" : Crypto operations are performed by an external key manager.
/// - "EXTERNAL_VPC" : Crypto operations are performed in an EKM-over-VPC
/// backend.
core.String? protectionLevel;
PublicKey({
this.algorithm,
this.name,
this.pem,
this.pemCrc32c,
this.protectionLevel,
});
PublicKey.fromJson(core.Map json_)
: this(
algorithm: json_.containsKey('algorithm')
? json_['algorithm'] as core.String
: null,
name: json_.containsKey('name') ? json_['name'] as core.String : null,
pem: json_.containsKey('pem') ? json_['pem'] as core.String : null,
pemCrc32c: json_.containsKey('pemCrc32c')
? json_['pemCrc32c'] as core.String
: null,
protectionLevel: json_.containsKey('protectionLevel')
? json_['protectionLevel'] as core.String
: null,
);
core.Map<core.String, core.dynamic> toJson() => {
if (algorithm != null) 'algorithm': algorithm!,
if (name != null) 'name': name!,
if (pem != null) 'pem': pem!,
if (pemCrc32c != null) 'pemCrc32c': pemCrc32c!,
if (protectionLevel != null) 'protectionLevel': protectionLevel!,
};
}
/// Request message for KeyManagementService.RestoreCryptoKeyVersion.
typedef RestoreCryptoKeyVersionRequest = $Empty;
/// A ServiceResolver represents an EKM replica that can be reached within an
/// EkmConnection.
class ServiceResolver {
/// The filter applied to the endpoints of the resolved service.
///
/// If no filter is specified, all endpoints will be considered. An endpoint
/// will be chosen arbitrarily from the filtered list for each request. For
/// endpoint filter syntax and examples, see
/// https://cloud.google.com/service-directory/docs/reference/rpc/google.cloud.servicedirectory.v1#resolveservicerequest.
///
/// Optional.
core.String? endpointFilter;
/// The hostname of the EKM replica used at TLS and HTTP layers.
///
/// Required.
core.String? hostname;
/// A list of leaf server certificates used to authenticate HTTPS connections
/// to the EKM replica.
///
/// Currently, a maximum of 10 Certificate is supported.
///
/// Required.
core.List<Certificate>? serverCertificates;
/// The resource name of the Service Directory service pointing to an EKM
/// replica, in the format `projects / * /locations / * /namespaces / *
/// /services / * `.
///
/// Required.
core.String? serviceDirectoryService;
ServiceResolver({
this.endpointFilter,
this.hostname,
this.serverCertificates,
this.serviceDirectoryService,
});
ServiceResolver.fromJson(core.Map json_)
: this(
endpointFilter: json_.containsKey('endpointFilter')
? json_['endpointFilter'] as core.String
: null,
hostname: json_.containsKey('hostname')
? json_['hostname'] as core.String
: null,
serverCertificates: json_.containsKey('serverCertificates')
? (json_['serverCertificates'] as core.List)
.map((value) => Certificate.fromJson(
value as core.Map<core.String, core.dynamic>))
.toList()
: null,
serviceDirectoryService: json_.containsKey('serviceDirectoryService')
? json_['serviceDirectoryService'] as core.String
: null,
);
core.Map<core.String, core.dynamic> toJson() => {
if (endpointFilter != null) 'endpointFilter': endpointFilter!,
if (hostname != null) 'hostname': hostname!,
if (serverCertificates != null)
'serverCertificates': serverCertificates!,
if (serviceDirectoryService != null)
'serviceDirectoryService': serviceDirectoryService!,
};
}
/// Request message for `SetIamPolicy` method.
class SetIamPolicyRequest {
/// REQUIRED: The complete policy to be applied to the `resource`.
///
/// The size of the policy is limited to a few 10s of KB. An empty policy is a
/// valid policy but certain Google Cloud services (such as Projects) might
/// reject them.
Policy? policy;
/// OPTIONAL: A FieldMask specifying which fields of the policy to modify.
///
/// Only the fields in the mask will be modified. If no mask is provided, the
/// following default mask is used: `paths: "bindings, etag"`
core.String? updateMask;
SetIamPolicyRequest({
this.policy,
this.updateMask,
});
SetIamPolicyRequest.fromJson(core.Map json_)
: this(
policy: json_.containsKey('policy')
? Policy.fromJson(
json_['policy'] as core.Map<core.String, core.dynamic>)
: null,
updateMask: json_.containsKey('updateMask')
? json_['updateMask'] as core.String
: null,
);
core.Map<core.String, core.dynamic> toJson() => {
if (policy != null) 'policy': policy!,
if (updateMask != null) 'updateMask': updateMask!,
};
}
/// Request message for `TestIamPermissions` method.
typedef TestIamPermissionsRequest = $TestIamPermissionsRequest00;
/// Response message for `TestIamPermissions` method.
typedef TestIamPermissionsResponse = $PermissionsResponse;
/// Request message for KeyManagementService.UpdateCryptoKeyPrimaryVersion.
class UpdateCryptoKeyPrimaryVersionRequest {
/// The id of the child CryptoKeyVersion to use as primary.
///
/// Required.
core.String? cryptoKeyVersionId;
UpdateCryptoKeyPrimaryVersionRequest({
this.cryptoKeyVersionId,
});
UpdateCryptoKeyPrimaryVersionRequest.fromJson(core.Map json_)
: this(
cryptoKeyVersionId: json_.containsKey('cryptoKeyVersionId')
? json_['cryptoKeyVersionId'] as core.String
: null,
);
core.Map<core.String, core.dynamic> toJson() => {
if (cryptoKeyVersionId != null)
'cryptoKeyVersionId': cryptoKeyVersionId!,
};
}
/// The public key component of the wrapping key.
///
/// For details of the type of key this public key corresponds to, see the
/// ImportMethod.
class WrappingPublicKey {
/// The public key, encoded in PEM format.
///
/// For more information, see the
/// [RFC 7468](https://tools.ietf.org/html/rfc7468) sections for
/// [General Considerations](https://tools.ietf.org/html/rfc7468#section-2)
/// and
/// [Textual Encoding of Subject Public Key Info](https://tools.ietf.org/html/rfc7468#section-13).
core.String? pem;
WrappingPublicKey({
this.pem,
});
WrappingPublicKey.fromJson(core.Map json_)
: this(
pem: json_.containsKey('pem') ? json_['pem'] as core.String : null,
);
core.Map<core.String, core.dynamic> toJson() => {
if (pem != null) 'pem': pem!,
};
}